LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 3.10 00/53] 3.10.71-stable review
@ 2015-03-04  6:06 Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 01/53] Bluetooth: ath3k: workaround the compatibility issue with xHCI controller Greg Kroah-Hartman
                   ` (51 more replies)
  0 siblings, 52 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, satoru.takeuchi,
	shuah.kh, stable

This is the start of the stable review cycle for the 3.10.71 release.
There are 53 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Fri Mar  6 05:45:30 UTC 2015.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.10.71-rc1.gz
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 3.10.71-rc1

Hector Marco-Gisbert <hecmargi@upv.es>
    x86, mm/ASLR: Fix stack randomization on 64-bit systems

Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
    blk-throttle: check stats_cpu before reading it from sysfs

Chen Jie <chenjie6@huawei.com>
    jffs2: fix handling of corrupted summary length

Tomáš Hodek <tomas.hodek@volny.cz>
    md/raid1: fix read balance when a drive is write-mostly.

NeilBrown <neilb@suse.de>
    md/raid5: Fix livelock when array is both resyncing and degraded.

James Hogan <james.hogan@imgtec.com>
    metag: Fix KSTK_EIP() and KSTK_ESP() macros

Nicolas Saenz Julienne <nicolassaenzj@gmail.com>
    gpio: tps65912: fix wrong container_of arguments

Catalin Marinas <catalin.marinas@arm.com>
    arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big endian

Martin Vajnar <martin.vajnar@gmail.com>
    hx4700: regulator: declare full constraints

Marcelo Tosatti <mtosatti@redhat.com>
    KVM: x86: update masterclock values on TSC writes

James Hogan <james.hogan@imgtec.com>
    KVM: MIPS: Don't leak FPU/DSP to guest

David Hildenbrand <dahi@linux.vnet.ibm.com>
    KVM: s390: floating irqs: fix user triggerable endless loop

Alexey Brodkin <abrodkin@synopsys.com>
    ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE

John Stultz <john.stultz@linaro.org>
    ntp: Fixup adjtimex freq validation on 32-bit systems

Jay Lan <jlan@sgi.com>
    kdb: fix incorrect counts in KDB summary command output

Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    ARM: pxa: add regulator_has_full_constraints to poodle board file

Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    ARM: pxa: add regulator_has_full_constraints to corgi board file

Nicolas Pitre <nicolas.pitre@linaro.org>
    vt: provide notifications on selection changes

Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN

Alan Stern <stern@rowland.harvard.edu>
    USB: fix use-after-free bug in usb_hcd_unlink_urb()

Lennart Sorensen <lsorense@csclub.uwaterloo.ca>
    USB: cp210x: add ID for RUGGEDCOM USB Serial Console

Peter Hurley <peter@hurleysoftware.com>
    tty: Prevent untrappable signals from malicious program

Matthew Wilcox <matthew.r.wilcox@intel.com>
    axonram: Fix bug in direct_access

Jeff Moyer <jmoyer@redhat.com>
    cfq-iosched: fix incorrect filing of rt async cfqq

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    cfq-iosched: handle failure of cfq group allocation

Nicholas Bellinger <nab@linux-iscsi.org>
    iscsi-target: Drop problematic active_ts_list usage

Trond Myklebust <trond.myklebust@primarydata.com>
    NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args

honclo <honclo@imap.linux.ibm.com>
    Added Little Endian support to vtpm module

Christophe Ricard <christophe.ricard@gmail.com>
    tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send

Hon Ching (Vicky) Lo <honclo@linux.vnet.ibm.com>
    tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma

Scot Doyle <lkml14@scotdoyle.com>
    tpm_tis: verify interrupt during init

Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    ARM: 8284/1: sa1100: clear RCSR_SMR on resume

Vikram Mulukutla <markivx@codeaurora.org>
    tracing: Fix unmapping loop in tracing_mark_write

James Hogan <james.hogan@imgtec.com>
    MIPS: KVM: Deliver guest interrupts after local_irq_disable()

Jeff Layton <jlayton@primarydata.com>
    nfs: don't call blocking operations while !TASK_RUNNING

Jisheng Zhang <jszhang@marvell.com>
    mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles

Krzysztof Kozlowski <k.kozlowski@samsung.com>
    power_supply: 88pm860x: Fix leaked power supply on probe fail

Adrian Knoth <adi@drcomp.erfurt.thur.de>
    ALSA: hdspm - Constrain periods to 2 on older cards

Dan Carpenter <dan.carpenter@oracle.com>
    ALSA: off by one bug in snd_riptide_joystick_probe()

Malcolm Priestley <tvboxspy@gmail.com>
    lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in interrupt urb

Mikulas Patocka <mpatocka@redhat.com>
    cpufreq: speedstep-smi: enable interrupts when waiting

Michel Dänzer <michel.daenzer@amd.com>
    PCI: Fix infinite loop with ROM image of size 0

Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
    PCI: Generate uppercase hex for modalias var in uevent

Seth Forshee <seth.forshee@canonical.com>
    HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events

Luciano Coelho <luciano.coelho@intel.com>
    iwlwifi: mvm: always use mac color zero

Luciano Coelho <luciano.coelho@intel.com>
    iwlwifi: mvm: fix failure path when power_update fails in add_interface

Eyal Shapira <eyal@wizery.com>
    iwlwifi: mvm: validate tid and sta_id in ba_notif

Emmanuel Grumbach <emmanuel.grumbach@intel.com>
    iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN

Jan Kara <jack@suse.cz>
    fsnotify: fix handling of renames in audit

Dave Chinner <dchinner@redhat.com>
    xfs: set superblock buffer type correctly

Dave Chinner <dchinner@redhat.com>
    xfs: inode unlink does not set AGI buffer type

Dave Chinner <dchinner@redhat.com>
    xfs: ensure buffer types are set correctly

Adam Lee <adam.lee@canonical.com>
    Bluetooth: ath3k: workaround the compatibility issue with xHCI controller


-------------

Diffstat:

 Makefile                                    |  4 +-
 arch/arc/include/asm/pgtable.h              |  3 +-
 arch/arm/mach-pxa/corgi.c                   |  3 ++
 arch/arm/mach-pxa/hx4700.c                  |  2 +
 arch/arm/mach-pxa/poodle.c                  |  2 +
 arch/arm/mach-sa1100/pm.c                   |  1 +
 arch/arm64/kernel/signal32.c                |  5 +-
 arch/metag/include/asm/processor.h          |  4 +-
 arch/mips/kvm/kvm_locore.S                  |  2 +-
 arch/mips/kvm/kvm_mips.c                    |  8 +--
 arch/powerpc/sysdev/axonram.c               |  2 +-
 arch/s390/kvm/interrupt.c                   |  2 +
 arch/x86/kvm/x86.c                          | 19 ++++----
 arch/x86/mm/mmap.c                          |  6 +--
 block/blk-throttle.c                        |  3 ++
 block/cfq-iosched.c                         | 16 ++++--
 drivers/bluetooth/ath3k.c                   |  8 +++
 drivers/char/tpm/tpm_i2c_stm_st33.c         |  2 +-
 drivers/char/tpm/tpm_ibmvtpm.c              | 28 ++++++++---
 drivers/char/tpm/tpm_tis.c                  | 76 +++++++++++++++++++++++------
 drivers/cpufreq/speedstep-lib.c             |  3 ++
 drivers/cpufreq/speedstep-smi.c             | 12 +++++
 drivers/gpio/gpio-tps65912.c                | 14 ++++--
 drivers/hid/i2c-hid/i2c-hid.c               |  5 +-
 drivers/md/raid1.c                          |  5 +-
 drivers/md/raid5.c                          |  3 +-
 drivers/media/usb/dvb-usb-v2/lmedm04.c      |  7 +++
 drivers/mmc/host/sdhci-pxav3.c              |  4 +-
 drivers/net/wireless/iwlwifi/mvm/mac80211.c |  5 +-
 drivers/net/wireless/iwlwifi/mvm/tx.c       |  5 ++
 drivers/net/wireless/iwlwifi/pcie/tx.c      |  7 ++-
 drivers/pci/pci-driver.c                    |  2 +-
 drivers/pci/rom.c                           |  7 +--
 drivers/power/88pm860x_charger.c            |  1 +
 drivers/target/iscsi/iscsi_target_tq.c      | 28 ++---------
 drivers/tty/pty.c                           |  3 ++
 drivers/tty/vt/vt.c                         |  4 +-
 drivers/usb/core/buffer.c                   | 26 ++++++----
 drivers/usb/core/hcd.c                      | 16 +++---
 drivers/usb/core/usb.c                      |  1 +
 drivers/usb/serial/cp210x.c                 |  1 +
 fs/binfmt_elf.c                             |  5 +-
 fs/jffs2/scan.c                             |  5 ++
 fs/nfs/callback.c                           |  8 +--
 fs/nfs/callback_xdr.c                       |  4 +-
 fs/xfs/xfs_buf_item.c                       |  4 ++
 fs/xfs/xfs_inode.c                          |  2 +
 fs/xfs/xfs_trans.c                          |  1 +
 include/linux/fsnotify.h                    |  6 ++-
 include/linux/usb/hcd.h                     |  1 +
 kernel/debug/kdb/kdb_main.c                 |  2 +-
 kernel/time/ntp.c                           | 10 ++--
 kernel/trace/trace.c                        |  2 +-
 sound/pci/riptide/riptide.c                 | 27 +++++++---
 sound/pci/rme9652/hdspm.c                   |  6 +++
 55 files changed, 305 insertions(+), 133 deletions(-)



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 01/53] Bluetooth: ath3k: workaround the compatibility issue with xHCI controller
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 02/53] xfs: ensure buffer types are set correctly Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adam Lee, Marcel Holtmann

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adam Lee <adam.lee@canonical.com>

commit c561a5753dd631920c4459a067d22679b3d110d6 upstream.

BugLink: https://bugs.launchpad.net/bugs/1400215

ath3k devices fail to load firmwares on xHCI buses, but work well on
EHCI, this might be a compatibility issue between xHCI and ath3k chips.
As my testing result, those chips will work on xHCI buses again with
this patch.

This workaround is from Qualcomm, they also did some workarounds in
Windows driver.

Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/bluetooth/ath3k.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -151,6 +151,8 @@ static struct usb_device_id ath3k_blist_
 #define USB_REQ_DFU_DNLOAD	1
 #define BULK_SIZE		4096
 #define FW_HDR_SIZE		20
+#define TIMEGAP_USEC_MIN	50
+#define TIMEGAP_USEC_MAX	100
 
 static int ath3k_load_firmware(struct usb_device *udev,
 				const struct firmware *firmware)
@@ -181,6 +183,9 @@ static int ath3k_load_firmware(struct us
 	count -= 20;
 
 	while (count) {
+		/* workaround the compatibility issue with xHCI controller*/
+		usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX);
+
 		size = min_t(uint, count, BULK_SIZE);
 		pipe = usb_sndbulkpipe(udev, 0x02);
 		memcpy(send_buf, firmware->data + sent, size);
@@ -277,6 +282,9 @@ static int ath3k_load_fwfile(struct usb_
 	count -= size;
 
 	while (count) {
+		/* workaround the compatibility issue with xHCI controller*/
+		usleep_range(TIMEGAP_USEC_MIN, TIMEGAP_USEC_MAX);
+
 		size = min_t(uint, count, BULK_SIZE);
 		pipe = usb_sndbulkpipe(udev, 0x02);
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 02/53] xfs: ensure buffer types are set correctly
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 01/53] Bluetooth: ath3k: workaround the compatibility issue with xHCI controller Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 03/53] xfs: inode unlink does not set AGI buffer type Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Kara, Dave Chinner, Brian Foster,
	Dave Chinner

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dave Chinner <dchinner@redhat.com>

commit 0d612fb570b71ea2e49554a770cff4c489018b2c upstream.

Jan Kara reported that log recovery was finding buffers with invalid
types in them. This should not happen, and indicates a bug in the
logging of buffers. To catch this, add asserts to the buffer
formatting code to ensure that the buffer type is in range when the
transaction is committed.

We don't set a type on buffers being marked stale - they are not
going to get replayed, the format item exists only for recovery to
be able to prevent replay of the buffer, so the type does not
matter. Hence that needs special casing here.

Reported-by: Jan Kara <jack@suse.cz>
Tested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/xfs/xfs_buf_item.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/fs/xfs/xfs_buf_item.c
+++ b/fs/xfs/xfs_buf_item.c
@@ -296,6 +296,10 @@ xfs_buf_item_format(
 	ASSERT(atomic_read(&bip->bli_refcount) > 0);
 	ASSERT((bip->bli_flags & XFS_BLI_LOGGED) ||
 	       (bip->bli_flags & XFS_BLI_STALE));
+	ASSERT((bip->bli_flags & XFS_BLI_STALE) ||
+	       (xfs_blft_from_flags(&bip->__bli_format) > XFS_BLFT_UNKNOWN_BUF
+	        && xfs_blft_from_flags(&bip->__bli_format) < XFS_BLFT_MAX_BUF));
+
 
 	/*
 	 * If it is an inode buffer, transfer the in-memory state to the



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 03/53] xfs: inode unlink does not set AGI buffer type
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 01/53] Bluetooth: ath3k: workaround the compatibility issue with xHCI controller Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 02/53] xfs: ensure buffer types are set correctly Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 04/53] xfs: set superblock buffer type correctly Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Kara, Dave Chinner, Brian Foster,
	Dave Chinner

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dave Chinner <dchinner@redhat.com>

commit f19b872b086711bb4b22c3a0f52f16aa920bcc61 upstream.

This leads to log recovery throwing errors like:

XFS (md0): Mounting V5 Filesystem
XFS (md0): Starting recovery (logdev: internal)
XFS (md0): Unknown buffer type 0!
XFS (md0): _xfs_buf_ioapply: no ops on block 0xaea8802/0x1
ffff8800ffc53800: 58 41 47 49 .....

Which is the AGI buffer magic number.

Ensure that we set the type appropriately in both unlink list
addition and removal.

Tested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/xfs/xfs_inode.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -1655,6 +1655,7 @@ xfs_iunlink(
 	agi->agi_unlinked[bucket_index] = cpu_to_be32(agino);
 	offset = offsetof(xfs_agi_t, agi_unlinked) +
 		(sizeof(xfs_agino_t) * bucket_index);
+	xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
 	xfs_trans_log_buf(tp, agibp, offset,
 			  (offset + sizeof(xfs_agino_t) - 1));
 	return 0;
@@ -1746,6 +1747,7 @@ xfs_iunlink_remove(
 		agi->agi_unlinked[bucket_index] = cpu_to_be32(next_agino);
 		offset = offsetof(xfs_agi_t, agi_unlinked) +
 			(sizeof(xfs_agino_t) * bucket_index);
+		xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
 		xfs_trans_log_buf(tp, agibp, offset,
 				  (offset + sizeof(xfs_agino_t) - 1));
 	} else {



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 04/53] xfs: set superblock buffer type correctly
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 03/53] xfs: inode unlink does not set AGI buffer type Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 05/53] fsnotify: fix handling of renames in audit Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Kara, Dave Chinner, Brian Foster,
	Dave Chinner

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dave Chinner <dchinner@redhat.com>

commit 3443a3bca54588f43286b725d8648d33a38c86f1 upstream.

When the superblock is modified in a transaction, the commonly
modified fields are not actually copied to the superblock buffer to
avoid the buffer lock becoming a serialisation point. However, there
are some other operations that modify the superblock fields within
the transaction that don't directly log to the superblock but rely
on the changes to be applied during the transaction commit (to
minimise the buffer lock hold time).

When we do this, we fail to mark the buffer log item as being a
superblock buffer and that can lead to the buffer not being marked
with the corect type in the log and hence causing recovery issues.
Fix it by setting the type correctly, similar to xfs_mod_sb()...

Tested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/xfs/xfs_trans.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/xfs/xfs_trans.c
+++ b/fs/xfs/xfs_trans.c
@@ -1100,6 +1100,7 @@ xfs_trans_apply_sb_deltas(
 		whole = 1;
 	}
 
+	xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF);
 	if (whole)
 		/*
 		 * Log the whole thing, the fields are noncontiguous.



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 05/53] fsnotify: fix handling of renames in audit
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 04/53] xfs: set superblock buffer type correctly Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 06/53] iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Kara, Paul Moore, Eric Paris,
	Andrew Morton, Linus Torvalds

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Kara <jack@suse.cz>

commit 6ee8e25fc3e916193bce4ebb43d5439e1e2144ab upstream.

Commit e9fd702a58c4 ("audit: convert audit watches to use fsnotify
instead of inotify") broke handling of renames in audit.  Audit code
wants to update inode number of an inode corresponding to watched name
in a directory.  When something gets renamed into a directory to a
watched name, inotify previously passed moved inode to audit code
however new fsnotify code passes directory inode where the change
happened.  That confuses audit and it starts watching parent directory
instead of a file in a directory.

This can be observed for example by doing:

  cd /tmp
  touch foo bar
  auditctl -w /tmp/foo
  touch foo
  mv bar foo
  touch foo

In audit log we see events like:

  type=CONFIG_CHANGE msg=audit(1423563584.155:90): auid=1000 ses=2 op="updated rules" path="/tmp/foo" key=(null) list=4 res=1
  ...
  type=PATH msg=audit(1423563584.155:91): item=2 name="bar" inode=1046884 dev=08:0 2 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=DELETE
  type=PATH msg=audit(1423563584.155:91): item=3 name="foo" inode=1046842 dev=08:0 2 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=DELETE
  type=PATH msg=audit(1423563584.155:91): item=4 name="foo" inode=1046884 dev=08:0 2 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=CREATE
  ...

and that's it - we see event for the first touch after creating the
audit rule, we see events for rename but we don't see any event for the
last touch.  However we start seeing events for unrelated stuff
happening in /tmp.

Fix the problem by passing moved inode as data in the FS_MOVED_FROM and
FS_MOVED_TO events instead of the directory where the change happens.
This doesn't introduce any new problems because noone besides
audit_watch.c cares about the passed value:

  fs/notify/fanotify/fanotify.c cares only about FSNOTIFY_EVENT_PATH events.
  fs/notify/dnotify/dnotify.c doesn't care about passed 'data' value at all.
  fs/notify/inotify/inotify_fsnotify.c uses 'data' only for FSNOTIFY_EVENT_PATH.
  kernel/audit_tree.c doesn't care about passed 'data' at all.
  kernel/audit_watch.c expects moved inode as 'data'.

Fixes: e9fd702a58c49db ("audit: convert audit watches to use fsnotify instead of inotify")
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/fsnotify.h |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -101,8 +101,10 @@ static inline void fsnotify_move(struct
 		new_dir_mask |= FS_ISDIR;
 	}
 
-	fsnotify(old_dir, old_dir_mask, old_dir, FSNOTIFY_EVENT_INODE, old_name, fs_cookie);
-	fsnotify(new_dir, new_dir_mask, new_dir, FSNOTIFY_EVENT_INODE, new_name, fs_cookie);
+	fsnotify(old_dir, old_dir_mask, source, FSNOTIFY_EVENT_INODE, old_name,
+		 fs_cookie);
+	fsnotify(new_dir, new_dir_mask, source, FSNOTIFY_EVENT_INODE, new_name,
+		 fs_cookie);
 
 	if (target)
 		fsnotify_link_count(target);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 06/53] iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 05/53] fsnotify: fix handling of renames in audit Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 07/53] iwlwifi: mvm: validate tid and sta_id in ba_notif Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Emmanuel Grumbach

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>

commit cd8f438405032ac8ff88bd8f2eca5e0c0063b14b upstream.

The base address of the scheduler in the device's memory
(SRAM) comes from two different sources. The periphery
register and the alive notification from the firmware.
We have a check in iwl_pcie_tx_start that ensures that
they are the same.
When we resume from WoWLAN, the firmware may have crashed
for whatever reason. In that case, the whole device may be
reset which means that the periphery register will hold a
meaningless value. When we come to compare
trans_pcie->scd_base_addr (which really holds the value we
had when we loaded the WoWLAN firmware upon suspend) and
the current value of the register, we don't see a match
unsurprisingly.
Trick the check to avoid a loud yet harmless WARN.
Note that when the WoWLAN has crashed, we will see that
in iwl_trans_pcie_d3_resume which will let the op_mode
know. Once the op_mode is informed that the WowLAN firmware
has crashed, it can't do much besides resetting the whole
device.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/iwlwifi/pcie/tx.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/drivers/net/wireless/iwlwifi/pcie/tx.c
+++ b/drivers/net/wireless/iwlwifi/pcie/tx.c
@@ -720,7 +720,12 @@ void iwl_trans_pcie_tx_reset(struct iwl_
 	iwl_write_direct32(trans, FH_KW_MEM_ADDR_REG,
 			   trans_pcie->kw.dma >> 4);
 
-	iwl_pcie_tx_start(trans, trans_pcie->scd_base_addr);
+	/*
+	 * Send 0 as the scd_base_addr since the device may have be reset
+	 * while we were in WoWLAN in which case SCD_SRAM_BASE_ADDR will
+	 * contain garbage.
+	 */
+	iwl_pcie_tx_start(trans, 0);
 }
 
 /*



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 07/53] iwlwifi: mvm: validate tid and sta_id in ba_notif
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 06/53] iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 08/53] iwlwifi: mvm: fix failure path when power_update fails in add_interface Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eyal Shapira, Emmanuel Grumbach

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eyal Shapira <eyal@wizery.com>

commit 2cee4762c528a9bd2cdff793197bf591a2196c11 upstream.

These are coming from the FW and are used to access arrays.
Bad values can cause an out of bounds access so discard
such ba_notifs and warn.

Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/iwlwifi/mvm/tx.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/net/wireless/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/iwlwifi/mvm/tx.c
@@ -832,6 +832,11 @@ int iwl_mvm_rx_ba_notif(struct iwl_mvm *
 	sta_id = ba_notif->sta_id;
 	tid = ba_notif->tid;
 
+	if (WARN_ONCE(sta_id >= IWL_MVM_STATION_COUNT ||
+		      tid >= IWL_MAX_TID_COUNT,
+		      "sta_id %d tid %d", sta_id, tid))
+		return 0;
+
 	rcu_read_lock();
 
 	sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 08/53] iwlwifi: mvm: fix failure path when power_update fails in add_interface
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 07/53] iwlwifi: mvm: validate tid and sta_id in ba_notif Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 09/53] iwlwifi: mvm: always use mac color zero Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Luciano Coelho, Johannes Berg,
	Emmanuel Grumbach

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Luciano Coelho <luciano.coelho@intel.com>

commit fd66fc1cafd72ddf27dbec3a5e29e99839d1bc84 upstream.

When iwl_mvm_power_update_mac() is called, we have already added the
mac context, so if this call fails we should remove the mac.

Fixes: commit e5e7aa8e2561 ('iwlwifi: mvm: refactor power code')
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/iwlwifi/mvm/mac80211.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
@@ -544,7 +544,7 @@ static int iwl_mvm_mac_add_interface(str
 
 	ret = iwl_mvm_mac_ctxt_add(mvm, vif);
 	if (ret)
-		goto out_release;
+		goto out_remove_mac;
 
 	/*
 	 * Update power state on the new interface. Admittedly, based on



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 09/53] iwlwifi: mvm: always use mac color zero
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 08/53] iwlwifi: mvm: fix failure path when power_update fails in add_interface Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 10/53] HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Luciano Coelho, Johannes Berg,
	Emmanuel Grumbach

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Luciano Coelho <luciano.coelho@intel.com>

commit 5523d11cc46393a1e61b7ef4a0b2d4e7ed9521e4 upstream.

We don't really need to use different mac colors when adding mac
contexts, because they're not used anywhere.  In fact, the firmware
doesn't accept 255 as a valid color, so we get into a SYSASSERT 0x3401
when we reach that.

Remove the color increment to use always zero and avoid reaching 255.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/iwlwifi/mvm/mac80211.c |    3 ---
 1 file changed, 3 deletions(-)

--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
@@ -360,9 +360,6 @@ static void iwl_mvm_cleanup_iterator(voi
 	mvmvif->uploaded = false;
 	mvmvif->ap_sta_id = IWL_MVM_STATION_COUNT;
 
-	/* does this make sense at all? */
-	mvmvif->color++;
-
 	spin_lock_bh(&mvm->time_event_lock);
 	iwl_mvm_te_clear_data(mvm, &mvmvif->time_event_data);
 	spin_unlock_bh(&mvm->time_event_lock);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 10/53] HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 09/53] iwlwifi: mvm: always use mac color zero Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 11/53] PCI: Generate uppercase hex for modalias var in uevent Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Seth Forshee, Benjamin Tissoires,
	Jiri Kosina

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Seth Forshee <seth.forshee@canonical.com>

commit 6d00f37e49d95e640a3937a4a1ae07dbe92a10cb upstream.

d1c7e29e8d27 (HID: i2c-hid: prevent buffer overflow in early IRQ)
changed hid_get_input() to read ihid->bufsize bytes, which can be
more than wMaxInputLength. This is the case with the Dell XPS 13
9343, and it is causing events to be missed. In some cases the
missed events are releases, which can cause the cursor to jump or
freeze, among other problems. Limit the number of bytes read to
min(wMaxInputLength, ihid->bufsize) to prevent such problems.

Fixes: d1c7e29e8d27 "HID: i2c-hid: prevent buffer overflow in early IRQ"
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hid/i2c-hid/i2c-hid.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/drivers/hid/i2c-hid/i2c-hid.c
+++ b/drivers/hid/i2c-hid/i2c-hid.c
@@ -341,7 +341,10 @@ static int i2c_hid_hwreset(struct i2c_cl
 static void i2c_hid_get_input(struct i2c_hid *ihid)
 {
 	int ret, ret_size;
-	int size = ihid->bufsize;
+	int size = le16_to_cpu(ihid->hdesc.wMaxInputLength);
+
+	if (size > ihid->bufsize)
+		size = ihid->bufsize;
 
 	ret = i2c_master_recv(ihid->client, ihid->inbuf, size);
 	if (ret != size) {



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 11/53] PCI: Generate uppercase hex for modalias var in uevent
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 10/53] HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 14/53] [media] lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in interrupt urb Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ricardo Ribalda Delgado, Bjorn Helgaas

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>

commit 145b3fe579db66fbe999a2bc3fd5b63dffe9636d upstream.

Some implementations of modprobe fail to load the driver for a PCI device
automatically because the "interface" part of the modalias from the kernel
is lowercase, and the modalias from file2alias is uppercase.

The "interface" is the low-order byte of the Class Code, defined in PCI
r3.0, Appendix D.  Most interface types defined in the spec do not use
alpha characters, so they won't be affected.  For example, 00h, 01h, 10h,
20h, etc. are unaffected.

Print the "interface" byte of the Class Code in uppercase hex, as we
already do for the Vendor ID, Device ID, Class, etc.

Commit 89ec3dcf17fd ("PCI: Generate uppercase hex for modalias interface
class") fixed only half of the problem.  Some udev implementations rely on
the uevent file and not the modalias file.

Fixes: d1ded203adf1 ("PCI: add MODALIAS to hotplug event for pci devices")
Fixes: 89ec3dcf17fd ("PCI: Generate uppercase hex for modalias interface class")
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/pci-driver.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pci/pci-driver.c
+++ b/drivers/pci/pci-driver.c
@@ -1267,7 +1267,7 @@ static int pci_uevent(struct device *dev
 	if (add_uevent_var(env, "PCI_SLOT_NAME=%s", pci_name(pdev)))
 		return -ENOMEM;
 
-	if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x",
+	if (add_uevent_var(env, "MODALIAS=pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X",
 			   pdev->vendor, pdev->device,
 			   pdev->subsystem_vendor, pdev->subsystem_device,
 			   (u8)(pdev->class >> 16), (u8)(pdev->class >> 8),



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 14/53] [media] lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in interrupt urb
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 11/53] PCI: Generate uppercase hex for modalias var in uevent Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 15/53] ALSA: off by one bug in snd_riptide_joystick_probe() Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Malcolm Priestley, Mauro Carvalho Chehab

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Malcolm Priestley <tvboxspy@gmail.com>

commit 15e1ce33182d1d5dbd8efe8d382b9352dc857527 upstream.

A quirk of some older firmwares that report endpoint pipe type as PIPE_BULK
but the endpoint otheriwse functions as interrupt.

Check if usb_endpoint_type is USB_ENDPOINT_XFER_BULK and set as usb_rcvbulkpipe.

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/usb/dvb-usb-v2/lmedm04.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/drivers/media/usb/dvb-usb-v2/lmedm04.c
+++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c
@@ -350,6 +350,7 @@ static int lme2510_int_read(struct dvb_u
 {
 	struct dvb_usb_device *d = adap_to_d(adap);
 	struct lme2510_state *lme_int = adap_to_priv(adap);
+	struct usb_host_endpoint *ep;
 
 	lme_int->lme_urb = usb_alloc_urb(0, GFP_ATOMIC);
 
@@ -371,6 +372,12 @@ static int lme2510_int_read(struct dvb_u
 				adap,
 				8);
 
+	/* Quirk of pipe reporting PIPE_BULK but behaves as interrupt */
+	ep = usb_pipe_endpoint(d->udev, lme_int->lme_urb->pipe);
+
+	if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK)
+		lme_int->lme_urb->pipe = usb_rcvbulkpipe(d->udev, 0xa),
+
 	lme_int->lme_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
 
 	usb_submit_urb(lme_int->lme_urb, GFP_ATOMIC);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 15/53] ALSA: off by one bug in snd_riptide_joystick_probe()
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 14/53] [media] lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in interrupt urb Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 16/53] ALSA: hdspm - Constrain periods to 2 on older cards Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Takashi Iwai

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

commit e4940626defdf6c92da1052ad3f12741c1a28c90 upstream.

The problem here is that we check:

	if (dev >= SNDRV_CARDS)

Then we increment "dev".

       if (!joystick_port[dev++])

Then we use it as an offset into a array with SNDRV_CARDS elements.

	if (!request_region(joystick_port[dev], 8, "Riptide gameport")) {

This has 3 effects:
1) If you use the module option to specify the joystick port then it has
   to be shifted one space over.
2) The wrong error message will be printed on failure if you have over
   32 cards.
3) Static checkers will correctly complain that are off by one.

Fixes: db1005ec6ff8 ('ALSA: riptide - Fix joystick resource handling')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/pci/riptide/riptide.c |   27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

--- a/sound/pci/riptide/riptide.c
+++ b/sound/pci/riptide/riptide.c
@@ -2032,32 +2032,43 @@ snd_riptide_joystick_probe(struct pci_de
 {
 	static int dev;
 	struct gameport *gameport;
+	int ret;
 
 	if (dev >= SNDRV_CARDS)
 		return -ENODEV;
+
 	if (!enable[dev]) {
-		dev++;
-		return -ENOENT;
+		ret = -ENOENT;
+		goto inc_dev;
 	}
 
-	if (!joystick_port[dev++])
-		return 0;
+	if (!joystick_port[dev]) {
+		ret = 0;
+		goto inc_dev;
+	}
 
 	gameport = gameport_allocate_port();
-	if (!gameport)
-		return -ENOMEM;
+	if (!gameport) {
+		ret = -ENOMEM;
+		goto inc_dev;
+	}
 	if (!request_region(joystick_port[dev], 8, "Riptide gameport")) {
 		snd_printk(KERN_WARNING
 			   "Riptide: cannot grab gameport 0x%x\n",
 			   joystick_port[dev]);
 		gameport_free_port(gameport);
-		return -EBUSY;
+		ret = -EBUSY;
+		goto inc_dev;
 	}
 
 	gameport->io = joystick_port[dev];
 	gameport_register_port(gameport);
 	pci_set_drvdata(pci, gameport);
-	return 0;
+
+	ret = 0;
+inc_dev:
+	dev++;
+	return ret;
 }
 
 static void snd_riptide_joystick_remove(struct pci_dev *pci)



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 16/53] ALSA: hdspm - Constrain periods to 2 on older cards
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 15/53] ALSA: off by one bug in snd_riptide_joystick_probe() Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04 10:03   ` Adrian Knoth
  2015-03-04  6:06 ` [PATCH 3.10 17/53] power_supply: 88pm860x: Fix leaked power supply on probe fail Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  51 siblings, 1 reply; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adrian Knoth, Takashi Iwai

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adrian Knoth <adi@drcomp.erfurt.thur.de>

commit f0153c3d948c1764f6c920a0675d86fc1d75813e upstream.

RME RayDAT and AIO use a fixed buffer size of 16384 samples. With period
sizes of 32-4096, this translates to 4-512 periods.

The older RME cards have a variable buffer size but require exactly two
periods.

This patch enforces nperiods=2 on those cards.

Signed-off-by: Adrian Knoth <adi@drcomp.erfurt.thur.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/pci/rme9652/hdspm.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/sound/pci/rme9652/hdspm.c
+++ b/sound/pci/rme9652/hdspm.c
@@ -5863,6 +5863,12 @@ static int snd_hdspm_capture_open(struct
 		snd_pcm_hw_constraint_minmax(runtime,
 					     SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
 					     64, 8192);
+		snd_pcm_hw_constraint_minmax(runtime,
+					     SNDRV_PCM_HW_PARAM_PERIODS,
+					     2, 2);
+		snd_pcm_hw_constraint_minmax(runtime,
+					     SNDRV_PCM_HW_PARAM_PERIODS,
+					     2, 2);
 		break;
 	}
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 17/53] power_supply: 88pm860x: Fix leaked power supply on probe fail
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 16/53] ALSA: hdspm - Constrain periods to 2 on older cards Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 18/53] mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sebastian Reichel

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Krzysztof Kozlowski <k.kozlowski@samsung.com>

commit 24727b45b484e8937dcde53fa8d1aa70ac30ec0c upstream.

Driver forgot to unregister power supply if request_threaded_irq()
failed in probe(). In such case the memory associated with power supply
leaked.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: a830d28b48bf ("power_supply: Enable battery-charger for 88pm860x")
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/power/88pm860x_charger.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/power/88pm860x_charger.c
+++ b/drivers/power/88pm860x_charger.c
@@ -711,6 +711,7 @@ static int pm860x_charger_probe(struct p
 	return 0;
 
 out_irq:
+	power_supply_unregister(&info->usb);
 	while (--i >= 0)
 		free_irq(info->irq[i], info);
 out:



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 18/53] mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 17/53] power_supply: 88pm860x: Fix leaked power supply on probe fail Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 19/53] nfs: dont call blocking operations while !TASK_RUNNING Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jisheng Zhang, Ulf Hansson

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jisheng Zhang <jszhang@marvell.com>

commit 14460dbaf7a5a0488963fdb8232ad5c8a8cca7b7 upstream.

Current code checks "clk_delay_cycles > 0" to know whether the optional
"mrvl,clk_delay_cycles" is set or not. But of_property_read_u32() doesn't
touch clk_delay_cycles if the property is not set. And type of
clk_delay_cycles is u32, so we may always set pdata->clk_delay_cycles as a
random value.

This patch fix this problem by check the return value of of_property_read_u32()
to know whether the optional clk-delay-cycles is set or not.

Signed-off-by: Jisheng Zhang <jszhang@marvell.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/host/sdhci-pxav3.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/mmc/host/sdhci-pxav3.c
+++ b/drivers/mmc/host/sdhci-pxav3.c
@@ -201,8 +201,8 @@ static struct sdhci_pxa_platdata *pxav3_
 	if (!pdata)
 		return NULL;
 
-	of_property_read_u32(np, "mrvl,clk-delay-cycles", &clk_delay_cycles);
-	if (clk_delay_cycles > 0)
+	if (!of_property_read_u32(np, "mrvl,clk-delay-cycles",
+				  &clk_delay_cycles))
 		pdata->clk_delay_cycles = clk_delay_cycles;
 
 	return pdata;



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 19/53] nfs: dont call blocking operations while !TASK_RUNNING
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 18/53] mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 20/53] MIPS: KVM: Deliver guest interrupts after local_irq_disable() Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, J. Bruce Fields, Jeff Layton,
	Trond Myklebust

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jeff Layton <jlayton@primarydata.com>

commit 6ffa30d3f734d4f6b478081dfc09592021028f90 upstream.

Bruce reported seeing this warning pop when mounting using v4.1:

     ------------[ cut here ]------------
     WARNING: CPU: 1 PID: 1121 at kernel/sched/core.c:7300 __might_sleep+0xbd/0xd0()
    do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff810ff58f>] prepare_to_wait+0x2f/0x90
    Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace sunrpc fscache ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep snd_pcm snd_timer ppdev joydev snd virtio_console virtio_balloon pcspkr serio_raw parport_pc parport pvpanic floppy soundcore i2c_piix4 virtio_blk virtio_net qxl drm_kms_helper ttm drm virtio_pci virtio_ring ata_generic virtio pata_acpi
    CPU: 1 PID: 1121 Comm: nfsv4.1-svc Not tainted 3.19.0-rc4+ #25
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140709_153950- 04/01/2014
     0000000000000000 000000004e5e3f73 ffff8800b998fb48 ffffffff8186ac78
     0000000000000000 ffff8800b998fba0 ffff8800b998fb88 ffffffff810ac9da
     ffff8800b998fb68 ffffffff81c923e7 00000000000004d9 0000000000000000
    Call Trace:
     [<ffffffff8186ac78>] dump_stack+0x4c/0x65
     [<ffffffff810ac9da>] warn_slowpath_common+0x8a/0xc0
     [<ffffffff810aca65>] warn_slowpath_fmt+0x55/0x70
     [<ffffffff810ff58f>] ? prepare_to_wait+0x2f/0x90
     [<ffffffff810ff58f>] ? prepare_to_wait+0x2f/0x90
     [<ffffffff810dd2ad>] __might_sleep+0xbd/0xd0
     [<ffffffff8124c973>] kmem_cache_alloc_trace+0x243/0x430
     [<ffffffff810d941e>] ? groups_alloc+0x3e/0x130
     [<ffffffff810d941e>] groups_alloc+0x3e/0x130
     [<ffffffffa0301b1e>] svcauth_unix_accept+0x16e/0x290 [sunrpc]
     [<ffffffffa0300571>] svc_authenticate+0xe1/0xf0 [sunrpc]
     [<ffffffffa02fc564>] svc_process_common+0x244/0x6a0 [sunrpc]
     [<ffffffffa02fd044>] bc_svc_process+0x1c4/0x260 [sunrpc]
     [<ffffffffa03d5478>] nfs41_callback_svc+0x128/0x1f0 [nfsv4]
     [<ffffffff810ff970>] ? wait_woken+0xc0/0xc0
     [<ffffffffa03d5350>] ? nfs4_callback_svc+0x60/0x60 [nfsv4]
     [<ffffffff810d45bf>] kthread+0x11f/0x140
     [<ffffffff810ea815>] ? local_clock+0x15/0x30
     [<ffffffff810d44a0>] ? kthread_create_on_node+0x250/0x250
     [<ffffffff81874bfc>] ret_from_fork+0x7c/0xb0
     [<ffffffff810d44a0>] ? kthread_create_on_node+0x250/0x250
    ---[ end trace 675220a11e30f4f2 ]---

nfs41_callback_svc does most of its work while in TASK_INTERRUPTIBLE,
which is just wrong. Fix that by finishing the wait immediately if we've
found that the list has something on it.

Also, we don't expect this kthread to accept signals, so we should be
using a TASK_UNINTERRUPTIBLE sleep instead. That however, opens us up
hung task warnings from the watchdog, so have the schedule_timeout
wake up every 60s if there's no callback activity.

Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/callback.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/fs/nfs/callback.c
+++ b/fs/nfs/callback.c
@@ -128,22 +128,24 @@ nfs41_callback_svc(void *vrqstp)
 		if (try_to_freeze())
 			continue;
 
-		prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
+		prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_UNINTERRUPTIBLE);
 		spin_lock_bh(&serv->sv_cb_lock);
 		if (!list_empty(&serv->sv_cb_list)) {
 			req = list_first_entry(&serv->sv_cb_list,
 					struct rpc_rqst, rq_bc_list);
 			list_del(&req->rq_bc_list);
 			spin_unlock_bh(&serv->sv_cb_lock);
+			finish_wait(&serv->sv_cb_waitq, &wq);
 			dprintk("Invoking bc_svc_process()\n");
 			error = bc_svc_process(serv, req, rqstp);
 			dprintk("bc_svc_process() returned w/ error code= %d\n",
 				error);
 		} else {
 			spin_unlock_bh(&serv->sv_cb_lock);
-			schedule();
+			/* schedule_timeout to game the hung task watchdog */
+			schedule_timeout(60 * HZ);
+			finish_wait(&serv->sv_cb_waitq, &wq);
 		}
-		finish_wait(&serv->sv_cb_waitq, &wq);
 	}
 	return 0;
 }



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 20/53] MIPS: KVM: Deliver guest interrupts after local_irq_disable()
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 19/53] nfs: dont call blocking operations while !TASK_RUNNING Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 21/53] tracing: Fix unmapping loop in tracing_mark_write Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Hogan, Paolo Bonzini,
	Gleb Natapov, kvm, Ralf Baechle, linux-mips, Sanjay Lal

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Hogan <james.hogan@imgtec.com>

commit 044f0f03eca0110e1835b2ea038a484b93950328 upstream.

When about to run the guest, deliver guest interrupts after disabling
host interrupts. This should prevent an hrtimer interrupt from being
handled after delivering guest interrupts, and therefore not delivering
the guest timer interrupt until after the next guest exit.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gleb Natapov <gleb@kernel.org>
Cc: kvm@vger.kernel.org
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: Sanjay Lal <sanjayl@kymasys.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/kvm/kvm_mips.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/mips/kvm/kvm_mips.c
+++ b/arch/mips/kvm/kvm_mips.c
@@ -413,11 +413,11 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_v
 		vcpu->mmio_needed = 0;
 	}
 
+	local_irq_disable();
 	/* Check if we have any exceptions/interrupts pending */
 	kvm_mips_deliver_interrupts(vcpu,
 				    kvm_read_c0_guest_cause(vcpu->arch.cop0));
 
-	local_irq_disable();
 	kvm_guest_enter();
 
 	r = __kvm_mips_vcpu_run(run, vcpu);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 21/53] tracing: Fix unmapping loop in tracing_mark_write
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 20/53] MIPS: KVM: Deliver guest interrupts after local_irq_disable() Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 22/53] ARM: 8284/1: sa1100: clear RCSR_SMR on resume Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stephen Boyd, Lime Yang,
	Vikram Mulukutla, Steven Rostedt

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vikram Mulukutla <markivx@codeaurora.org>

commit 7215853e985a4bef1a6c14e00e89dfec84f1e457 upstream.

Commit 6edb2a8a385f0cdef51dae37ff23e74d76d8a6ce introduced
an array map_pages that contains the addresses returned by
kmap_atomic. However, when unmapping those pages, map_pages[0]
is unmapped before map_pages[1], breaking the nesting requirement
as specified in the documentation for kmap_atomic/kunmap_atomic.

This was caught by the highmem debug code present in kunmap_atomic.
Fix the loop to do the unmapping properly.

Link: http://lkml.kernel.org/r/1418871056-6614-1-git-send-email-markivx@codeaurora.org

Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Reported-by: Lime Yang <limey@codeaurora.org>
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/trace/trace.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -4588,7 +4588,7 @@ tracing_mark_write(struct file *filp, co
 	*fpos += written;
 
  out_unlock:
-	for (i = 0; i < nr_pages; i++){
+	for (i = nr_pages - 1; i >= 0; i--) {
 		kunmap_atomic(map_page[i]);
 		put_page(pages[i]);
 	}



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 22/53] ARM: 8284/1: sa1100: clear RCSR_SMR on resume
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 21/53] tracing: Fix unmapping loop in tracing_mark_write Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 23/53] tpm_tis: verify interrupt during init Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Eremin-Solenikov, Russell King

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit e461894dc2ce7778ccde1c3483c9b15a85a7fc5f upstream.

StrongARM core uses RCSR SMR bit to tell to bootloader that it was reset
by entering the sleep mode. After we have resumed, there is little point
in having that bit enabled. Moreover, if this bit is set before reboot,
the bootloader can become confused. Thus clear the SMR bit on resume
just before clearing the scratchpad (resume address) register.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mach-sa1100/pm.c |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm/mach-sa1100/pm.c
+++ b/arch/arm/mach-sa1100/pm.c
@@ -81,6 +81,7 @@ static int sa11x0_pm_enter(suspend_state
 	/*
 	 * Ensure not to come back here if it wasn't intended
 	 */
+	RCSR = RCSR_SMR;
 	PSPR = 0;
 
 	/*



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 23/53] tpm_tis: verify interrupt during init
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 22/53] ARM: 8284/1: sa1100: clear RCSR_SMR on resume Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 24/53] tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Scot Doyle, Michael Mullin,
	Jason Gunthorpe, Peter Huewe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Scot Doyle <lkml14@scotdoyle.com>

commit 448e9c55c12d6bd4fa90a7e31d802e045666d7c8 upstream.

Some machines, such as the Acer C720 and Toshiba CB35, have TPMs that do
not send IRQs while also having an ACPI TPM entry indicating that they
will be sent. These machines freeze on resume while the tpm_tis module
waits for an IRQ, eventually timing out.

When in interrupt mode, the tpm_tis module should receive an IRQ during
module init. Fall back to polling mode if none is received when expected.

Signed-off-by: Scot Doyle <lkml14@scotdoyle.com>
Tested-by: Michael Mullin <masmullin@gmail.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[phuewe: minor checkpatch fixed]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/tpm/tpm_tis.c |   76 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 62 insertions(+), 14 deletions(-)

--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -75,6 +75,10 @@ enum tis_defaults {
 #define	TPM_DID_VID(l)			(0x0F00 | ((l) << 12))
 #define	TPM_RID(l)			(0x0F04 | ((l) << 12))
 
+struct priv_data {
+	bool irq_tested;
+};
+
 static LIST_HEAD(tis_chips);
 static DEFINE_MUTEX(tis_lock);
 
@@ -338,12 +342,27 @@ out_err:
 	return rc;
 }
 
+static void disable_interrupts(struct tpm_chip *chip)
+{
+	u32 intmask;
+
+	intmask =
+	    ioread32(chip->vendor.iobase +
+		     TPM_INT_ENABLE(chip->vendor.locality));
+	intmask &= ~TPM_GLOBAL_INT_ENABLE;
+	iowrite32(intmask,
+		  chip->vendor.iobase +
+		  TPM_INT_ENABLE(chip->vendor.locality));
+	free_irq(chip->vendor.irq, chip);
+	chip->vendor.irq = 0;
+}
+
 /*
  * If interrupts are used (signaled by an irq set in the vendor structure)
  * tpm.c can skip polling for the data to be available as the interrupt is
  * waited for here
  */
-static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
+static int tpm_tis_send_main(struct tpm_chip *chip, u8 *buf, size_t len)
 {
 	int rc;
 	u32 ordinal;
@@ -373,6 +392,30 @@ out_err:
 	return rc;
 }
 
+static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
+{
+	int rc, irq;
+	struct priv_data *priv = chip->vendor.priv;
+
+	if (!chip->vendor.irq || priv->irq_tested)
+		return tpm_tis_send_main(chip, buf, len);
+
+	/* Verify receipt of the expected IRQ */
+	irq = chip->vendor.irq;
+	chip->vendor.irq = 0;
+	rc = tpm_tis_send_main(chip, buf, len);
+	chip->vendor.irq = irq;
+	if (!priv->irq_tested)
+		msleep(1);
+	if (!priv->irq_tested) {
+		disable_interrupts(chip);
+		dev_err(chip->dev,
+			FW_BUG "TPM interrupt not working, polling instead\n");
+	}
+	priv->irq_tested = true;
+	return rc;
+}
+
 struct tis_vendor_timeout_override {
 	u32 did_vid;
 	unsigned long timeout_us[4];
@@ -546,6 +589,7 @@ static irqreturn_t tis_int_handler(int d
 	if (interrupt == 0)
 		return IRQ_NONE;
 
+	((struct priv_data *)chip->vendor.priv)->irq_tested = true;
 	if (interrupt & TPM_INTF_DATA_AVAIL_INT)
 		wake_up_interruptible(&chip->vendor.read_queue);
 	if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
@@ -575,9 +619,14 @@ static int tpm_tis_init(struct device *d
 	u32 vendor, intfcaps, intmask;
 	int rc, i, irq_s, irq_e, probe;
 	struct tpm_chip *chip;
+	struct priv_data *priv;
 
+	priv = devm_kzalloc(dev, sizeof(struct priv_data), GFP_KERNEL);
+	if (priv == NULL)
+		return -ENOMEM;
 	if (!(chip = tpm_register_hardware(dev, &tpm_tis)))
 		return -ENODEV;
+	chip->vendor.priv = priv;
 
 	chip->vendor.iobase = ioremap(start, len);
 	if (!chip->vendor.iobase) {
@@ -646,19 +695,6 @@ static int tpm_tis_init(struct device *d
 	if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
 		dev_dbg(dev, "\tData Avail Int Support\n");
 
-	/* get the timeouts before testing for irqs */
-	if (tpm_get_timeouts(chip)) {
-		dev_err(dev, "Could not get TPM timeouts and durations\n");
-		rc = -ENODEV;
-		goto out_err;
-	}
-
-	if (tpm_do_selftest(chip)) {
-		dev_err(dev, "TPM self test failed\n");
-		rc = -ENODEV;
-		goto out_err;
-	}
-
 	/* INTERRUPT Setup */
 	init_waitqueue_head(&chip->vendor.read_queue);
 	init_waitqueue_head(&chip->vendor.int_queue);
@@ -760,6 +796,18 @@ static int tpm_tis_init(struct device *d
 		}
 	}
 
+	if (tpm_get_timeouts(chip)) {
+		dev_err(dev, "Could not get TPM timeouts and durations\n");
+		rc = -ENODEV;
+		goto out_err;
+	}
+
+	if (tpm_do_selftest(chip)) {
+		dev_err(dev, "TPM self test failed\n");
+		rc = -ENODEV;
+		goto out_err;
+	}
+
 	INIT_LIST_HEAD(&chip->vendor.list);
 	mutex_lock(&tis_lock);
 	list_add(&chip->vendor.list, &tis_chips);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 24/53] tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 23/53] tpm_tis: verify interrupt during init Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 25/53] tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hon Ching (Vicky) Lo, Peter Huewe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: "Hon Ching (Vicky) Lo" <honclo@linux.vnet.ibm.com>

commit 84eb186bc37c0900b53077ca21cf6dd15823a232 upstream.

There was an oops in tpm_ibmvtpm_get_desired_dma, which caused
kernel panic during boot when vTPM is enabled in Power partition
configured in AMS mode.

vio_bus_probe calls vio_cmo_bus_probe which calls
tpm_ibmvtpm_get_desired_dma to get the size needed for DMA allocation.
The problem is, vio_cmo_bus_probe is called before calling probe, which
for vtpm is tpm_ibmvtpm_probe and it's this function that initializes
and sets up vtpm's CRQ and gets required data values.  Therefore,
since this has not yet been done, NULL is returned in attempt to get
the size for DMA allocation.

We added a NULL check.  In addition, a default buffer size will
be set when NULL is returned.

Signed-off-by: Hon Ching (Vicky) Lo <honclo@linux.vnet.ibm.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/tpm/tpm_ibmvtpm.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/drivers/char/tpm/tpm_ibmvtpm.c
@@ -307,6 +307,14 @@ static int tpm_ibmvtpm_remove(struct vio
 static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev)
 {
 	struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(&vdev->dev);
+
+	/* ibmvtpm initializes at probe time, so the data we are
+	* asking for may not be set yet. Estimate that 4K required
+	* for TCE-mapped buffer in addition to CRQ.
+	*/
+	if (!ibmvtpm)
+		return CRQ_RES_BUF_SIZE + PAGE_SIZE;
+
 	return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size;
 }
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 25/53] tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 24/53] tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 26/53] Added Little Endian support to vtpm module Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jason Gunthorpe, Christophe Ricard,
	Peter Huewe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christophe Ricard <christophe.ricard@gmail.com>

commit 1ba3b0b6f218072afe8372d12f1b6bf26a26008e upstream.

When sending data in tpm_stm_i2c_send, each loop iteration send buf.
Send buf + i instead as the goal of this for loop is to send a number
of byte from buf that fit in burstcnt. Once those byte are sent, we are
supposed to send the next ones.

The driver was working because the burstcount value returns always the maximum size for a TPM
command or response. (0x800 for a command and 0x400 for a response).

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/tpm/tpm_i2c_stm_st33.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/char/tpm/tpm_i2c_stm_st33.c
+++ b/drivers/char/tpm/tpm_i2c_stm_st33.c
@@ -488,7 +488,7 @@ static int tpm_stm_i2c_send(struct tpm_c
 		if (burstcnt < 0)
 			return burstcnt;
 		size = min_t(int, len - i - 1, burstcnt);
-		ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf, size);
+		ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf + i, size);
 		if (ret < 0)
 			goto out_err;
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 26/53] Added Little Endian support to vtpm module
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 25/53] tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 27/53] NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hon Ching(Vicky) Lo, Joy Latten,
	Ashley Lai, Peter Huewe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: honclo <honclo@imap.linux.ibm.com>

commit eb71f8a5e33fa1066fb92f0111ab366a341e1f6c upstream.

The tpm_ibmvtpm module is affected by an unaligned access problem.
ibmvtpm_crq_get_version failed with rc=-4 during boot when vTPM is
enabled in Power partition, which supports both little endian and
big endian modes.

We added little endian support to fix this problem:
1) added cpu_to_be64 calls to ensure BE data is sent from an LE OS.
2) added be16_to_cpu and be32_to_cpu calls to make sure data received
   is in LE format on a LE OS.

Signed-off-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com>
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
[phuewe: manually applied the patch :( ]
Reviewed-by: Ashley Lai <ashley@ahsleylai.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/tpm/tpm_ibmvtpm.c |   20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/drivers/char/tpm/tpm_ibmvtpm.c
@@ -148,7 +148,8 @@ static int tpm_ibmvtpm_send(struct tpm_c
 	crq.len = (u16)count;
 	crq.data = ibmvtpm->rtce_dma_handle;
 
-	rc = ibmvtpm_send_crq(ibmvtpm->vdev, word[0], word[1]);
+	rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(word[0]),
+			      cpu_to_be64(word[1]));
 	if (rc != H_SUCCESS) {
 		dev_err(ibmvtpm->dev, "tpm_ibmvtpm_send failed rc=%d\n", rc);
 		rc = 0;
@@ -186,7 +187,8 @@ static int ibmvtpm_crq_get_rtce_size(str
 	crq.valid = (u8)IBMVTPM_VALID_CMD;
 	crq.msg = (u8)VTPM_GET_RTCE_BUFFER_SIZE;
 
-	rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
+	rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
+			      cpu_to_be64(buf[1]));
 	if (rc != H_SUCCESS)
 		dev_err(ibmvtpm->dev,
 			"ibmvtpm_crq_get_rtce_size failed rc=%d\n", rc);
@@ -212,7 +214,8 @@ static int ibmvtpm_crq_get_version(struc
 	crq.valid = (u8)IBMVTPM_VALID_CMD;
 	crq.msg = (u8)VTPM_GET_VERSION;
 
-	rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
+	rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
+			      cpu_to_be64(buf[1]));
 	if (rc != H_SUCCESS)
 		dev_err(ibmvtpm->dev,
 			"ibmvtpm_crq_get_version failed rc=%d\n", rc);
@@ -335,7 +338,8 @@ static int tpm_ibmvtpm_suspend(struct de
 	crq.valid = (u8)IBMVTPM_VALID_CMD;
 	crq.msg = (u8)VTPM_PREPARE_TO_SUSPEND;
 
-	rc = ibmvtpm_send_crq(ibmvtpm->vdev, buf[0], buf[1]);
+	rc = ibmvtpm_send_crq(ibmvtpm->vdev, cpu_to_be64(buf[0]),
+			      cpu_to_be64(buf[1]));
 	if (rc != H_SUCCESS)
 		dev_err(ibmvtpm->dev,
 			"tpm_ibmvtpm_suspend failed rc=%d\n", rc);
@@ -519,11 +523,11 @@ static void ibmvtpm_crq_process(struct i
 	case IBMVTPM_VALID_CMD:
 		switch (crq->msg) {
 		case VTPM_GET_RTCE_BUFFER_SIZE_RES:
-			if (crq->len <= 0) {
+			if (be16_to_cpu(crq->len) <= 0) {
 				dev_err(ibmvtpm->dev, "Invalid rtce size\n");
 				return;
 			}
-			ibmvtpm->rtce_size = crq->len;
+			ibmvtpm->rtce_size = be16_to_cpu(crq->len);
 			ibmvtpm->rtce_buf = kmalloc(ibmvtpm->rtce_size,
 						    GFP_KERNEL);
 			if (!ibmvtpm->rtce_buf) {
@@ -544,11 +548,11 @@ static void ibmvtpm_crq_process(struct i
 
 			return;
 		case VTPM_GET_VERSION_RES:
-			ibmvtpm->vtpm_version = crq->data;
+			ibmvtpm->vtpm_version = be32_to_cpu(crq->data);
 			return;
 		case VTPM_TPM_COMMAND_RES:
 			/* len of the data in rtce buffer */
-			ibmvtpm->res_len = crq->len;
+			ibmvtpm->res_len = be16_to_cpu(crq->len);
 			wake_up_interruptible(&ibmvtpm->wq);
 			return;
 		default:



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 27/53] NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 26/53] Added Little Endian support to vtpm module Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 28/53] iscsi-target: Drop problematic active_ts_list usage Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Ramos, Trond Myklebust

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.myklebust@primarydata.com>

commit d8ba1f971497c19cf80da1ea5391a46a5f9fbd41 upstream.

If the call to decode_rc_list() fails due to a memory allocation error,
then we need to truncate the array size to ensure that we only call
kfree() on those pointer that were allocated.

Reported-by: David Ramos <daramos@stanford.edu>
Fixes: 4aece6a19cf7f ("nfs41: cb_sequence xdr implementation")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/callback_xdr.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -464,8 +464,10 @@ static __be32 decode_cb_sequence_args(st
 
 		for (i = 0; i < args->csa_nrclists; i++) {
 			status = decode_rc_list(xdr, &args->csa_rclists[i]);
-			if (status)
+			if (status) {
+				args->csa_nrclists = i;
 				goto out_free;
+			}
 		}
 	}
 	status = 0;



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 28/53] iscsi-target: Drop problematic active_ts_list usage
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 27/53] NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 29/53] cfq-iosched: handle failure of cfq group allocation Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gavin Guo, Moussa Ba, Nicholas Bellinger

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nicholas Bellinger <nab@linux-iscsi.org>

commit 3fd7b60f2c7418239d586e359e0c6d8503e10646 upstream.

This patch drops legacy active_ts_list usage within iscsi_target_tq.c
code.  It was originally used to track the active thread sets during
iscsi-target shutdown, and is no longer used by modern upstream code.

Two people have reported list corruption using traditional iscsi-target
and iser-target with the following backtrace, that appears to be related
to iscsi_thread_set->ts_list being used across both active_ts_list and
inactive_ts_list.

[   60.782534] ------------[ cut here ]------------
[   60.782543] WARNING: CPU: 0 PID: 9430 at lib/list_debug.c:53 __list_del_entry+0x63/0xd0()
[   60.782545] list_del corruption, ffff88045b00d180->next is LIST_POISON1 (dead000000100100)
[   60.782546] Modules linked in: ib_srpt tcm_qla2xxx qla2xxx tcm_loop
tcm_fc libfc scsi_transport_fc scsi_tgt ib_isert rdma_cm iw_cm ib_addr
iscsi_target_mod target_core_pscsi target_core_file target_core_iblock
target_core_mod configfs ebtable_nat ebtables ipt_MASQUERADE iptable_nat
nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 ipt_REJECT
xt_CHECKSUM iptable_mangle iptable_filter ip_tables bridge stp llc
autofs4 sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state
nf_conntrack ip6table_filter ip6_tables ipv6 ib_ipoib ib_cm ib_uverbs
ib_umad mlx4_en mlx4_ib ib_sa ib_mad ib_core mlx4_core dm_mirror
dm_region_hash dm_log dm_mod vhost_net macvtap macvlan vhost tun
kvm_intel kvm uinput iTCO_wdt iTCO_vendor_support microcode serio_raw
pcspkr sb_edac edac_core sg i2c_i801 lpc_ich mfd_core mtip32xx igb
i2c_algo_bit i2c_core ptp pps_core ioatdma dca wmi ext3(F) jbd(F)
mbcache(F) sd_mod(F) crc_t10dif(F) crct10dif_common(F) ahci(F)
libahci(F) isci(F) libsas(F) scsi_transport_sas(F) [last unloaded:
speedstep_lib]
[   60.782597] CPU: 0 PID: 9430 Comm: iscsi_ttx Tainted: GF 3.12.19+ #2
[   60.782598] Hardware name: Supermicro X9DRX+-F/X9DRX+-F, BIOS 3.00 07/09/2013
[   60.782599]  0000000000000035 ffff88044de31d08 ffffffff81553ae7 0000000000000035
[   60.782602]  ffff88044de31d58 ffff88044de31d48 ffffffff8104d1cc 0000000000000002
[   60.782605]  ffff88045b00d180 ffff88045b00d0c0 ffff88045b00d0c0 ffff88044de31e58
[   60.782607] Call Trace:
[   60.782611]  [<ffffffff81553ae7>] dump_stack+0x49/0x62
[   60.782615]  [<ffffffff8104d1cc>] warn_slowpath_common+0x8c/0xc0
[   60.782618]  [<ffffffff8104d2b6>] warn_slowpath_fmt+0x46/0x50
[   60.782620]  [<ffffffff81280933>] __list_del_entry+0x63/0xd0
[   60.782622]  [<ffffffff812809b1>] list_del+0x11/0x40
[   60.782630]  [<ffffffffa06e7cf9>] iscsi_del_ts_from_active_list+0x29/0x50 [iscsi_target_mod]
[   60.782635]  [<ffffffffa06e87b1>] iscsi_tx_thread_pre_handler+0xa1/0x180 [iscsi_target_mod]
[   60.782642]  [<ffffffffa06fb9ae>] iscsi_target_tx_thread+0x4e/0x220 [iscsi_target_mod]
[   60.782647]  [<ffffffffa06fb960>] ? iscsit_handle_snack+0x190/0x190 [iscsi_target_mod]
[   60.782652]  [<ffffffffa06fb960>] ? iscsit_handle_snack+0x190/0x190 [iscsi_target_mod]
[   60.782655]  [<ffffffff8106f99e>] kthread+0xce/0xe0
[   60.782657]  [<ffffffff8106f8d0>] ? kthread_freezable_should_stop+0x70/0x70
[   60.782660]  [<ffffffff8156026c>] ret_from_fork+0x7c/0xb0
[   60.782662]  [<ffffffff8106f8d0>] ? kthread_freezable_should_stop+0x70/0x70
[   60.782663] ---[ end trace 9662f4a661d33965 ]---

Since this code is no longer used, go ahead and drop the problematic usage
all-together.

Reported-by: Gavin Guo <gavin.guo@canonical.com>
Reported-by: Moussa Ba <moussaba@micron.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/target/iscsi/iscsi_target_tq.c |   28 +++++-----------------------
 1 file changed, 5 insertions(+), 23 deletions(-)

--- a/drivers/target/iscsi/iscsi_target_tq.c
+++ b/drivers/target/iscsi/iscsi_target_tq.c
@@ -26,36 +26,22 @@
 #include "iscsi_target_tq.h"
 #include "iscsi_target.h"
 
-static LIST_HEAD(active_ts_list);
 static LIST_HEAD(inactive_ts_list);
-static DEFINE_SPINLOCK(active_ts_lock);
 static DEFINE_SPINLOCK(inactive_ts_lock);
 static DEFINE_SPINLOCK(ts_bitmap_lock);
 
-static void iscsi_add_ts_to_active_list(struct iscsi_thread_set *ts)
-{
-	spin_lock(&active_ts_lock);
-	list_add_tail(&ts->ts_list, &active_ts_list);
-	iscsit_global->active_ts++;
-	spin_unlock(&active_ts_lock);
-}
-
 static void iscsi_add_ts_to_inactive_list(struct iscsi_thread_set *ts)
 {
+	if (!list_empty(&ts->ts_list)) {
+		WARN_ON(1);
+		return;
+	}
 	spin_lock(&inactive_ts_lock);
 	list_add_tail(&ts->ts_list, &inactive_ts_list);
 	iscsit_global->inactive_ts++;
 	spin_unlock(&inactive_ts_lock);
 }
 
-static void iscsi_del_ts_from_active_list(struct iscsi_thread_set *ts)
-{
-	spin_lock(&active_ts_lock);
-	list_del(&ts->ts_list);
-	iscsit_global->active_ts--;
-	spin_unlock(&active_ts_lock);
-}
-
 static struct iscsi_thread_set *iscsi_get_ts_from_inactive_list(void)
 {
 	struct iscsi_thread_set *ts;
@@ -68,7 +54,7 @@ static struct iscsi_thread_set *iscsi_ge
 
 	ts = list_first_entry(&inactive_ts_list, struct iscsi_thread_set, ts_list);
 
-	list_del(&ts->ts_list);
+	list_del_init(&ts->ts_list);
 	iscsit_global->inactive_ts--;
 	spin_unlock(&inactive_ts_lock);
 
@@ -219,8 +205,6 @@ static void iscsi_deallocate_extra_threa
 
 void iscsi_activate_thread_set(struct iscsi_conn *conn, struct iscsi_thread_set *ts)
 {
-	iscsi_add_ts_to_active_list(ts);
-
 	spin_lock_bh(&ts->ts_state_lock);
 	conn->thread_set = ts;
 	ts->conn = conn;
@@ -423,7 +407,6 @@ struct iscsi_conn *iscsi_rx_thread_pre_h
 
 	if (ts->delay_inactive && (--ts->thread_count == 0)) {
 		spin_unlock_bh(&ts->ts_state_lock);
-		iscsi_del_ts_from_active_list(ts);
 
 		if (!iscsit_global->in_shutdown)
 			iscsi_deallocate_extra_thread_sets();
@@ -476,7 +459,6 @@ struct iscsi_conn *iscsi_tx_thread_pre_h
 
 	if (ts->delay_inactive && (--ts->thread_count == 0)) {
 		spin_unlock_bh(&ts->ts_state_lock);
-		iscsi_del_ts_from_active_list(ts);
 
 		if (!iscsit_global->in_shutdown)
 			iscsi_deallocate_extra_thread_sets();



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 29/53] cfq-iosched: handle failure of cfq group allocation
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 28/53] iscsi-target: Drop problematic active_ts_list usage Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 30/53] cfq-iosched: fix incorrect filing of rt async cfqq Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov, Tejun Heo,
	Vivek Goyal, Jens Axboe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>

commit 69abaffec7d47a083739b79e3066cb3730eba72e upstream.

Cfq_lookup_create_cfqg() allocates struct blkcg_gq using GFP_ATOMIC.
In cfq_find_alloc_queue() possible allocation failure is not handled.
As a result kernel oopses on NULL pointer dereference when
cfq_link_cfqq_cfqg() calls cfqg_get() for NULL pointer.

Bug was introduced in v3.5 in commit cd1604fab4f9 ("blkcg: factor
out blkio_group creation"). Prior to that commit cfq group lookup
had returned pointer to root group as fallback.

This patch handles this error using existing fallback oom_cfqq.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Fixes: cd1604fab4f9 ("blkcg: factor out blkio_group creation")
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 block/cfq-iosched.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -3575,6 +3575,11 @@ retry:
 
 	blkcg = bio_blkcg(bio);
 	cfqg = cfq_lookup_create_cfqg(cfqd, blkcg);
+	if (!cfqg) {
+		cfqq = &cfqd->oom_cfqq;
+		goto out;
+	}
+
 	cfqq = cic_to_cfqq(cic, is_sync);
 
 	/*
@@ -3611,7 +3616,7 @@ retry:
 		} else
 			cfqq = &cfqd->oom_cfqq;
 	}
-
+out:
 	if (new_cfqq)
 		kmem_cache_free(cfq_pool, new_cfqq);
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 30/53] cfq-iosched: fix incorrect filing of rt async cfqq
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 29/53] cfq-iosched: handle failure of cfq group allocation Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 31/53] axonram: Fix bug in direct_access Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jeff Moyer, Hidehiro Kawai, Jens Axboe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jeff Moyer <jmoyer@redhat.com>

commit c6ce194325cef342313e3d27620411ce90a89c50 upstream.

Hi,

If you can manage to submit an async write as the first async I/O from
the context of a process with realtime scheduling priority, then a
cfq_queue is allocated, but filed into the wrong async_cfqq bucket.  It
ends up in the best effort array, but actually has realtime I/O
scheduling priority set in cfqq->ioprio.

The reason is that cfq_get_queue assumes the default scheduling class and
priority when there is no information present (i.e. when the async cfqq
is created):

static struct cfq_queue *
cfq_get_queue(struct cfq_data *cfqd, bool is_sync, struct cfq_io_cq *cic,
	      struct bio *bio, gfp_t gfp_mask)
{
	const int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
	const int ioprio = IOPRIO_PRIO_DATA(cic->ioprio);

cic->ioprio starts out as 0, which is "invalid".  So, class of 0
(IOPRIO_CLASS_NONE) is passed to cfq_async_queue_prio like so:

		async_cfqq = cfq_async_queue_prio(cfqd, ioprio_class, ioprio);

static struct cfq_queue **
cfq_async_queue_prio(struct cfq_data *cfqd, int ioprio_class, int ioprio)
{
        switch (ioprio_class) {
        case IOPRIO_CLASS_RT:
                return &cfqd->async_cfqq[0][ioprio];
        case IOPRIO_CLASS_NONE:
                ioprio = IOPRIO_NORM;
                /* fall through */
        case IOPRIO_CLASS_BE:
                return &cfqd->async_cfqq[1][ioprio];
        case IOPRIO_CLASS_IDLE:
                return &cfqd->async_idle_cfqq;
        default:
                BUG();
        }
}

Here, instead of returning a class mapped from the process' scheduling
priority, we get back the bucket associated with IOPRIO_CLASS_BE.

Now, there is no queue allocated there yet, so we create it:

		cfqq = cfq_find_alloc_queue(cfqd, is_sync, cic, bio, gfp_mask);

That function ends up doing this:

			cfq_init_cfqq(cfqd, cfqq, current->pid, is_sync);
			cfq_init_prio_data(cfqq, cic);

cfq_init_cfqq marks the priority as having changed.  Then, cfq_init_prio
data does this:

	ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
	switch (ioprio_class) {
	default:
		printk(KERN_ERR "cfq: bad prio %x\n", ioprio_class);
	case IOPRIO_CLASS_NONE:
		/*
		 * no prio set, inherit CPU scheduling settings
		 */
		cfqq->ioprio = task_nice_ioprio(tsk);
		cfqq->ioprio_class = task_nice_ioclass(tsk);
		break;

So we basically have two code paths that treat IOPRIO_CLASS_NONE
differently, which results in an RT async cfqq filed into a best effort
bucket.

Attached is a patch which fixes the problem.  I'm not sure how to make
it cleaner.  Suggestions would be welcome.

Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Tested-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 block/cfq-iosched.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -3646,12 +3646,17 @@ static struct cfq_queue *
 cfq_get_queue(struct cfq_data *cfqd, bool is_sync, struct cfq_io_cq *cic,
 	      struct bio *bio, gfp_t gfp_mask)
 {
-	const int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
-	const int ioprio = IOPRIO_PRIO_DATA(cic->ioprio);
+	int ioprio_class = IOPRIO_PRIO_CLASS(cic->ioprio);
+	int ioprio = IOPRIO_PRIO_DATA(cic->ioprio);
 	struct cfq_queue **async_cfqq = NULL;
 	struct cfq_queue *cfqq = NULL;
 
 	if (!is_sync) {
+		if (!ioprio_valid(cic->ioprio)) {
+			struct task_struct *tsk = current;
+			ioprio = task_nice_ioprio(tsk);
+			ioprio_class = task_nice_ioclass(tsk);
+		}
 		async_cfqq = cfq_async_queue_prio(cfqd, ioprio_class, ioprio);
 		cfqq = *async_cfqq;
 	}



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 31/53] axonram: Fix bug in direct_access
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 30/53] cfq-iosched: fix incorrect filing of rt async cfqq Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 32/53] tty: Prevent untrappable signals from malicious program Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matthew Wilcox, Jan Kara,
	Mathieu Desnoyers, Jens Axboe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matthew Wilcox <matthew.r.wilcox@intel.com>

commit 91117a20245b59f70b563523edbf998a62fc6383 upstream.

The 'pfn' returned by axonram was completely bogus, and has been since
2008.

Signed-off-by: Matthew Wilcox <matthew.r.wilcox@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/sysdev/axonram.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/sysdev/axonram.c
+++ b/arch/powerpc/sysdev/axonram.c
@@ -155,7 +155,7 @@ axon_ram_direct_access(struct block_devi
 	}
 
 	*kaddr = (void *)(bank->ph_addr + offset);
-	*pfn = virt_to_phys(kaddr) >> PAGE_SHIFT;
+	*pfn = virt_to_phys(*kaddr) >> PAGE_SHIFT;
 
 	return 0;
 }



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 32/53] tty: Prevent untrappable signals from malicious program
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 31/53] axonram: Fix bug in direct_access Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 33/53] USB: cp210x: add ID for RUGGEDCOM USB Serial Console Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Theodore Tso, Howard Chu,
	One Thousand Gnomes, Jiri Slaby, Peter Hurley

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Peter Hurley <peter@hurleysoftware.com>

commit 37480a05685ed5b8e1b9bf5e5c53b5810258b149 upstream.

Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
allows a process which has opened a pty master to send _any_ signal
to the process group of the pty slave. Although potentially
exploitable by a malicious program running a setuid program on
a pty slave, it's unknown if this exploit currently exists.

Limit to signals actually used.

Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Howard Chu <hyc@symas.com>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/pty.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -215,6 +215,9 @@ static int pty_signal(struct tty_struct
 	unsigned long flags;
 	struct pid *pgrp;
 
+	if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
+		return -EINVAL;
+
 	if (tty->link) {
 		spin_lock_irqsave(&tty->link->ctrl_lock, flags);
 		pgrp = get_pid(tty->link->pgrp);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 33/53] USB: cp210x: add ID for RUGGEDCOM USB Serial Console
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 32/53] tty: Prevent untrappable signals from malicious program Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 34/53] USB: fix use-after-free bug in usb_hcd_unlink_urb() Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Len Sorensen, Johan Hovold

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lennart Sorensen <lsorense@csclub.uwaterloo.ca>

commit a6f0331236fa75afba14bbcf6668d42cebb55c43 upstream.

Added the USB serial console device ID for Siemens Ruggedcom devices
which have a USB port for their serial console.

Signed-off-by: Len Sorensen <lsorense@csclub.uwaterloo.ca>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/cp210x.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -56,6 +56,7 @@ static const struct usb_device_id id_tab
 	{ USB_DEVICE(0x0846, 0x1100) }, /* NetGear Managed Switch M4100 series, M5300 series, M7100 series */
 	{ USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */
 	{ USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */
+	{ USB_DEVICE(0x0908, 0x01FF) }, /* Siemens RUGGEDCOM USB Serial Console */
 	{ USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */
 	{ USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */
 	{ USB_DEVICE(0x0FCF, 0x1003) }, /* Dynastream ANT development board */



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 34/53] USB: fix use-after-free bug in usb_hcd_unlink_urb()
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 33/53] USB: cp210x: add ID for RUGGEDCOM USB Serial Console Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 35/53] usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alan Stern, Joe Lawrence, Greg Kroah-Hartman

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alan Stern <stern@rowland.harvard.edu>

commit c99197902da284b4b723451c1471c45b18537cde upstream.

The usb_hcd_unlink_urb() routine in hcd.c contains two possible
use-after-free errors.  The dev_dbg() statement at the end of the
routine dereferences urb and urb->dev even though both structures may
have been deallocated.

This patch fixes the problem by storing urb->dev in a local variable
(avoiding the dereference of urb) and moving the dev_dbg() up before
the usb_put_dev() call.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Joe Lawrence <joe.lawrence@stratus.com>
Tested-by: Joe Lawrence <joe.lawrence@stratus.com>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/core/hcd.c |   16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1593,6 +1593,7 @@ static int unlink1(struct usb_hcd *hcd,
 int usb_hcd_unlink_urb (struct urb *urb, int status)
 {
 	struct usb_hcd		*hcd;
+	struct usb_device	*udev = urb->dev;
 	int			retval = -EIDRM;
 	unsigned long		flags;
 
@@ -1604,20 +1605,19 @@ int usb_hcd_unlink_urb (struct urb *urb,
 	spin_lock_irqsave(&hcd_urb_unlink_lock, flags);
 	if (atomic_read(&urb->use_count) > 0) {
 		retval = 0;
-		usb_get_dev(urb->dev);
+		usb_get_dev(udev);
 	}
 	spin_unlock_irqrestore(&hcd_urb_unlink_lock, flags);
 	if (retval == 0) {
 		hcd = bus_to_hcd(urb->dev->bus);
 		retval = unlink1(hcd, urb, status);
-		usb_put_dev(urb->dev);
+		if (retval == 0)
+			retval = -EINPROGRESS;
+		else if (retval != -EIDRM && retval != -EBUSY)
+			dev_dbg(&udev->dev, "hcd_unlink_urb %p fail %d\n",
+					urb, retval);
+		usb_put_dev(udev);
 	}
-
-	if (retval == 0)
-		retval = -EINPROGRESS;
-	else if (retval != -EIDRM && retval != -EBUSY)
-		dev_dbg(&urb->dev->dev, "hcd_unlink_urb %p fail %d\n",
-				urb, retval);
 	return retval;
 }
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 35/53] usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 34/53] USB: fix use-after-free bug in usb_hcd_unlink_urb() Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 36/53] vt: provide notifications on selection changes Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior, Alan Stern

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

commit 5efd2ea8c9f4f12916ffc8ba636792ce052f6911 upstream.

the following error pops up during "testusb -a -t 10"
| musb-hdrc musb-hdrc.1.auto: dma_pool_free buffer-128,	f134e000/be842000 (bad dma)
hcd_buffer_create() creates a few buffers, the smallest has 32 bytes of
size. ARCH_KMALLOC_MINALIGN is set to 64 bytes. This combo results in
hcd_buffer_alloc() returning memory which is 32 bytes aligned and it
might by identified by buffer_offset() as another buffer. This means the
buffer which is on a 32 byte boundary will not get freed, instead it
tries to free another buffer with the error message.

This patch fixes the issue by creating the smallest DMA buffer with the
size of ARCH_KMALLOC_MINALIGN (or 32 in case ARCH_KMALLOC_MINALIGN is
smaller). This might be 32, 64 or even 128 bytes. The next three pools
will have the size 128, 512 and 2048.
In case the smallest pool is 128 bytes then we have only three pools
instead of four (and zero the first entry in the array).
The last pool size is always 2048 bytes which is the assumed PAGE_SIZE /
2 of 4096. I doubt it makes sense to continue using PAGE_SIZE / 2 where
we would end up with 8KiB buffer in case we have 16KiB pages.
Instead I think it makes sense to have a common size(s) and extend them
if there is need to.
There is a BUILD_BUG_ON() now in case someone has a minalign of more than
128 bytes.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/core/buffer.c |   26 +++++++++++++++++---------
 drivers/usb/core/usb.c    |    1 +
 include/linux/usb/hcd.h   |    1 +
 3 files changed, 19 insertions(+), 9 deletions(-)

--- a/drivers/usb/core/buffer.c
+++ b/drivers/usb/core/buffer.c
@@ -22,17 +22,25 @@
  */
 
 /* FIXME tune these based on pool statistics ... */
-static const size_t	pool_max[HCD_BUFFER_POOLS] = {
-	/* platforms without dma-friendly caches might need to
-	 * prevent cacheline sharing...
-	 */
-	32,
-	128,
-	512,
-	PAGE_SIZE / 2
-	/* bigger --> allocate pages */
+static size_t pool_max[HCD_BUFFER_POOLS] = {
+	32, 128, 512, 2048,
 };
 
+void __init usb_init_pool_max(void)
+{
+	/*
+	 * The pool_max values must never be smaller than
+	 * ARCH_KMALLOC_MINALIGN.
+	 */
+	if (ARCH_KMALLOC_MINALIGN <= 32)
+		;			/* Original value is okay */
+	else if (ARCH_KMALLOC_MINALIGN <= 64)
+		pool_max[0] = 64;
+	else if (ARCH_KMALLOC_MINALIGN <= 128)
+		pool_max[0] = 0;	/* Don't use this pool */
+	else
+		BUILD_BUG();		/* We don't allow this */
+}
 
 /* SETUP primitives */
 
--- a/drivers/usb/core/usb.c
+++ b/drivers/usb/core/usb.c
@@ -1003,6 +1003,7 @@ static int __init usb_init(void)
 		pr_info("%s: USB support disabled\n", usbcore_name);
 		return 0;
 	}
+	usb_init_pool_max();
 
 	retval = usb_debugfs_init();
 	if (retval)
--- a/include/linux/usb/hcd.h
+++ b/include/linux/usb/hcd.h
@@ -416,6 +416,7 @@ extern const struct dev_pm_ops usb_hcd_p
 #endif /* CONFIG_PCI */
 
 /* pci-ish (pdev null is ok) buffer alloc/mapping support */
+void usb_init_pool_max(void);
 int hcd_buffer_create(struct usb_hcd *hcd);
 void hcd_buffer_destroy(struct usb_hcd *hcd);
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 36/53] vt: provide notifications on selection changes
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 35/53] usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 37/53] ARM: pxa: add regulator_has_full_constraints to corgi board file Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nicolas Pitre, Dave Mielke

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nicolas Pitre <nicolas.pitre@linaro.org>

commit 19e3ae6b4f07a87822c1c9e7ed99d31860e701af upstream.

The vcs device's poll/fasync support relies on the vt notifier to signal
changes to the screen content.  Notifier invocations were missing for
changes that comes through the selection interface though.  Fix that.

Tested with BRLTTY 5.2.

Signed-off-by: Nicolas Pitre <nico@linaro.org>
Cc: Dave Mielke <dave@mielke.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/vt/vt.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -498,6 +498,7 @@ void invert_screen(struct vc_data *vc, i
 #endif
 	if (DO_UPDATE(vc))
 		do_update_region(vc, (unsigned long) p, count);
+	notify_update(vc);
 }
 
 /* used by selection: complement pointer position */
@@ -514,6 +515,7 @@ void complement_pos(struct vc_data *vc,
 		scr_writew(old, screenpos(vc, old_offset, 1));
 		if (DO_UPDATE(vc))
 			vc->vc_sw->con_putc(vc, old, oldy, oldx);
+		notify_update(vc);
 	}
 
 	old_offset = offset;
@@ -531,8 +533,8 @@ void complement_pos(struct vc_data *vc,
 			oldy = (offset >> 1) / vc->vc_cols;
 			vc->vc_sw->con_putc(vc, new, oldy, oldx);
 		}
+		notify_update(vc);
 	}
-
 }
 
 static void insert_char(struct vc_data *vc, unsigned int nr)



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 37/53] ARM: pxa: add regulator_has_full_constraints to corgi board file
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 36/53] vt: provide notifications on selection changes Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 38/53] ARM: pxa: add regulator_has_full_constraints to poodle " Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Eremin-Solenikov, Mark Brown,
	Robert Jarzmik

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit 271e80176aae4e5b481f4bb92df9768c6075bbca upstream.

Add regulator_has_full_constraints() call to corgi board file to let
regulator core know that we do not have any additional regulators left.
This lets it substitute unprovided regulators with dummy ones.

This fixes the following warnings that can be seen on corgi if
regulators are enabled:

ads7846 spi1.0: unable to get regulator: -517
spi spi1.0: Driver ads7846 requests probe deferral
wm8731 0-001b: Failed to get supply 'AVDD': -517
wm8731 0-001b: Failed to request supplies: -517
wm8731 0-001b: ASoC: failed to probe component -517
corgi-audio corgi-audio: ASoC: failed to instantiate card -517

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Acked-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mach-pxa/corgi.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/arch/arm/mach-pxa/corgi.c
+++ b/arch/arm/mach-pxa/corgi.c
@@ -26,6 +26,7 @@
 #include <linux/i2c.h>
 #include <linux/i2c/pxa-i2c.h>
 #include <linux/io.h>
+#include <linux/regulator/machine.h>
 #include <linux/spi/spi.h>
 #include <linux/spi/ads7846.h>
 #include <linux/spi/corgi_lcd.h>
@@ -711,6 +712,8 @@ static void __init corgi_init(void)
 		sharpsl_nand_partitions[1].size = 53 * 1024 * 1024;
 
 	platform_add_devices(devices, ARRAY_SIZE(devices));
+
+	regulator_has_full_constraints();
 }
 
 static void __init fixup_corgi(struct tag *tags, char **cmdline,



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 38/53] ARM: pxa: add regulator_has_full_constraints to poodle board file
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 37/53] ARM: pxa: add regulator_has_full_constraints to corgi board file Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 39/53] kdb: fix incorrect counts in KDB summary command output Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Eremin-Solenikov, Mark Brown,
	Robert Jarzmik

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit 9bc78f32c2e430aebf6def965b316aa95e37a20c upstream.

Add regulator_has_full_constraints() call to poodle board file to let
regulator core know that we do not have any additional regulators left.
This lets it substitute unprovided regulators with dummy ones.

This fixes the following warnings that can be seen on poodle if
regulators are enabled:

ads7846 spi1.0: unable to get regulator: -517
spi spi1.0: Driver ads7846 requests probe deferral
wm8731 0-001b: Failed to get supply 'AVDD': -517
wm8731 0-001b: Failed to request supplies: -517
wm8731 0-001b: ASoC: failed to probe component -517

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Acked-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mach-pxa/poodle.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/arm/mach-pxa/poodle.c
+++ b/arch/arm/mach-pxa/poodle.c
@@ -25,6 +25,7 @@
 #include <linux/gpio.h>
 #include <linux/i2c.h>
 #include <linux/i2c/pxa-i2c.h>
+#include <linux/regulator/machine.h>
 #include <linux/spi/spi.h>
 #include <linux/spi/ads7846.h>
 #include <linux/spi/pxa2xx_spi.h>
@@ -452,6 +453,7 @@ static void __init poodle_init(void)
 	pxa_set_i2c_info(NULL);
 	i2c_register_board_info(0, ARRAY_AND_SIZE(poodle_i2c_devices));
 	poodle_init_spi();
+	regulator_has_full_constraints();
 }
 
 static void __init fixup_poodle(struct tag *tags, char **cmdline,



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 39/53] kdb: fix incorrect counts in KDB summary command output
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 38/53] ARM: pxa: add regulator_has_full_constraints to poodle " Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 40/53] ntp: Fixup adjtimex freq validation on 32-bit systems Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jay Lan, Jason Wessel

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jay Lan <jlan@sgi.com>

commit 146755923262037fc4c54abc28c04b1103f3cc51 upstream.

The output of KDB 'summary' command should report MemTotal, MemFree
and Buffers output in kB. Current codes report in unit of pages.

A define of K(x) as
is defined in the code, but not used.

This patch would apply the define to convert the values to kB.
Please include me on Cc on replies. I do not subscribe to linux-kernel.

Signed-off-by: Jay Lan <jlan@sgi.com>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/debug/kdb/kdb_main.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -2532,7 +2532,7 @@ static int kdb_summary(int argc, const c
 #define K(x) ((x) << (PAGE_SHIFT - 10))
 	kdb_printf("\nMemTotal:       %8lu kB\nMemFree:        %8lu kB\n"
 		   "Buffers:        %8lu kB\n",
-		   val.totalram, val.freeram, val.bufferram);
+		   K(val.totalram), K(val.freeram), K(val.bufferram));
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 40/53] ntp: Fixup adjtimex freq validation on 32-bit systems
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 39/53] kdb: fix incorrect counts in KDB summary command output Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 41/53] ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Josh Boyer, George Joseph,
	John Stultz, Peter Zijlstra (Intel),
	Linus Torvalds, Sasha Levin, Ingo Molnar

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: John Stultz <john.stultz@linaro.org>

commit 29183a70b0b828500816bd794b3fe192fce89f73 upstream.

Additional validation of adjtimex freq values to avoid
potential multiplication overflows were added in commit
5e5aeb4367b (time: adjtimex: Validate the ADJ_FREQUENCY values)

Unfortunately the patch used LONG_MAX/MIN instead of
LLONG_MAX/MIN, which was fine on 64-bit systems, but being
much smaller on 32-bit systems caused false positives
resulting in most direct frequency adjustments to fail w/
EINVAL.

ntpd only does direct frequency adjustments at startup, so
the issue was not as easily observed there, but other time
sync applications like ptpd and chrony were more effected by
the bug.

See bugs:

  https://bugzilla.kernel.org/show_bug.cgi?id=92481
  https://bugzilla.redhat.com/show_bug.cgi?id=1188074

This patch changes the checks to use LLONG_MAX for
clarity, and additionally the checks are disabled
on 32-bit systems since LLONG_MAX/PPM_SCALE is always
larger then the 32-bit long freq value, so multiplication
overflows aren't possible there.

Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
Reported-by: George Joseph <george.joseph@fairview5.com>
Tested-by: George Joseph <george.joseph@fairview5.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Link: http://lkml.kernel.org/r/1423553436-29747-1-git-send-email-john.stultz@linaro.org
[ Prettified the changelog and the comments a bit. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/time/ntp.c |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -631,10 +631,14 @@ int ntp_validate_timex(struct timex *txc
 	if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
 		return -EPERM;
 
-	if (txc->modes & ADJ_FREQUENCY) {
-		if (LONG_MIN / PPM_SCALE > txc->freq)
+	/*
+	 * Check for potential multiplication overflows that can
+	 * only happen on 64-bit systems:
+	 */
+	if ((txc->modes & ADJ_FREQUENCY) && (BITS_PER_LONG == 64)) {
+		if (LLONG_MIN / PPM_SCALE > txc->freq)
 			return -EINVAL;
-		if (LONG_MAX / PPM_SCALE < txc->freq)
+		if (LLONG_MAX / PPM_SCALE < txc->freq)
 			return -EINVAL;
 	}
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 41/53] ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 40/53] ntp: Fixup adjtimex freq validation on 32-bit systems Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 42/53] KVM: s390: floating irqs: fix user triggerable endless loop Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexey Brodkin, Vineet Gupta

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alexey Brodkin <abrodkin@synopsys.com>

commit 06f34e1c28f3608b0ce5b310e41102d3fe7b65a1 upstream.

We used to calculate page address differently in 2 cases:

1. In virt_to_page(x) we do
 --->8---
 mem_map + (x - CONFIG_LINUX_LINK_BASE) >> PAGE_SHIFT
 --->8---

2. In in pte_page(x) we do
 --->8---
 mem_map + (pte_val(x) - PAGE_OFFSET) >> PAGE_SHIFT
 --->8---

That leads to problems in case PAGE_OFFSET != CONFIG_LINUX_LINK_BASE -
different pages will be selected depending on where and how we calculate
page address.

In particular in the STAR 9000853582 when gdb attempted to read memory
of another process it got improper page in get_user_pages() because this
is exactly one of the places where we search for a page by pte_page().

The fix is trivial - we need to calculate page address similarly in both
cases.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arc/include/asm/pgtable.h |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/arch/arc/include/asm/pgtable.h
+++ b/arch/arc/include/asm/pgtable.h
@@ -270,7 +270,8 @@ static inline void pmd_set(pmd_t *pmdp,
 #define pmd_clear(xp)			do { pmd_val(*(xp)) = 0; } while (0)
 
 #define pte_page(x) (mem_map + \
-		(unsigned long)(((pte_val(x) - PAGE_OFFSET) >> PAGE_SHIFT)))
+		(unsigned long)(((pte_val(x) - CONFIG_LINUX_LINK_BASE) >> \
+				PAGE_SHIFT)))
 
 #define mk_pte(page, pgprot)						\
 ({									\



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 42/53] KVM: s390: floating irqs: fix user triggerable endless loop
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 41/53] ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 43/53] KVM: MIPS: Dont leak FPU/DSP to guest Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dominik Dingel, Cornelia Huck,
	David Hildenbrand, Christian Borntraeger

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Hildenbrand <dahi@linux.vnet.ibm.com>

commit 8e2207cdd087ebb031e9118d1fd0902c6533a5e5 upstream.

If a vm with no VCPUs is created, the injection of a floating irq
leads to an endless loop in the kernel.

Let's skip the search for a destination VCPU for a floating irq if no
VCPUs were created.

Reviewed-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/s390/kvm/interrupt.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -736,6 +736,8 @@ int kvm_s390_inject_vm(struct kvm *kvm,
 		list_add_tail(&inti->list, &iter->list);
 	}
 	atomic_set(&fi->active, 1);
+	if (atomic_read(&kvm->online_vcpus) == 0)
+		goto unlock_fi;
 	sigcpu = find_first_bit(fi->idle_mask, KVM_MAX_VCPUS);
 	if (sigcpu == KVM_MAX_VCPUS) {
 		do {



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 43/53] KVM: MIPS: Dont leak FPU/DSP to guest
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 42/53] KVM: s390: floating irqs: fix user triggerable endless loop Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 44/53] KVM: x86: update masterclock values on TSC writes Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Hogan, Paolo Bonzini,
	Ralf Baechle, Sanjay Lal, Gleb Natapov, kvm, linux-mips

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Hogan <james.hogan@imgtec.com>

commit f798217dfd038af981a18bbe4bc57027a08bb182 upstream.

The FPU and DSP are enabled via the CP0 Status CU1 and MX bits by
kvm_mips_set_c0_status() on a guest exit, presumably in case there is
active state that needs saving if pre-emption occurs. However neither of
these bits are cleared again when returning to the guest.

This effectively gives the guest access to the FPU/DSP hardware after
the first guest exit even though it is not aware of its presence,
allowing FP instructions in guest user code to intermittently actually
execute instead of trapping into the guest OS for emulation. It will
then read & manipulate the hardware FP registers which technically
belong to the user process (e.g. QEMU), or are stale from another user
process. It can also crash the guest OS by causing an FP exception, for
which a guest exception handler won't have been registered.

First lets save and disable the FPU (and MSA) state with lose_fpu(1)
before entering the guest. This simplifies the problem, especially for
when guest FPU/MSA support is added in the future, and prevents FR=1 FPU
state being live when the FR bit gets cleared for the guest, which
according to the architecture causes the contents of the FPU and vector
registers to become UNPREDICTABLE.

We can then safely remove the enabling of the FPU in
kvm_mips_set_c0_status(), since there should never be any active FPU or
MSA state to save at pre-emption, which should plug the FPU leak.

DSP state is always live rather than being lazily restored, so for that
it is simpler to just clear the MX bit again when re-entering the guest.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Sanjay Lal <sanjayl@kymasys.com>
Cc: Gleb Natapov <gleb@kernel.org>
Cc: kvm@vger.kernel.org
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # v3.10+: 044f0f03eca0: MIPS: KVM: Deliver guest interrupts
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/kvm/kvm_locore.S |    2 +-
 arch/mips/kvm/kvm_mips.c   |    6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

--- a/arch/mips/kvm/kvm_locore.S
+++ b/arch/mips/kvm/kvm_locore.S
@@ -431,7 +431,7 @@ __kvm_mips_return_to_guest:
     /* Setup status register for running guest in UM */
     .set at
     or     v1, v1, (ST0_EXL | KSU_USER | ST0_IE)
-    and     v1, v1, ~ST0_CU0
+    and     v1, v1, ~(ST0_CU0 | ST0_MX)
     .set noat
     mtc0    v1, CP0_STATUS
     ehb
--- a/arch/mips/kvm/kvm_mips.c
+++ b/arch/mips/kvm/kvm_mips.c
@@ -15,6 +15,7 @@
 #include <linux/vmalloc.h>
 #include <linux/fs.h>
 #include <linux/bootmem.h>
+#include <asm/fpu.h>
 #include <asm/page.h>
 #include <asm/cacheflush.h>
 #include <asm/mmu_context.h>
@@ -413,6 +414,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_v
 		vcpu->mmio_needed = 0;
 	}
 
+	lose_fpu(1);
+
 	local_irq_disable();
 	/* Check if we have any exceptions/interrupts pending */
 	kvm_mips_deliver_interrupts(vcpu,
@@ -1017,9 +1020,6 @@ void kvm_mips_set_c0_status(void)
 {
 	uint32_t status = read_c0_status();
 
-	if (cpu_has_fpu)
-		status |= (ST0_CU1);
-
 	if (cpu_has_dsp)
 		status |= (ST0_MX);
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 44/53] KVM: x86: update masterclock values on TSC writes
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 43/53] KVM: MIPS: Dont leak FPU/DSP to guest Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 45/53] hx4700: regulator: declare full constraints Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marcelo Tosatti, Paolo Bonzini

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marcelo Tosatti <mtosatti@redhat.com>

commit 7f187922ddf6b67f2999a76dcb71663097b75497 upstream.

When the guest writes to the TSC, the masterclock TSC copy must be
updated as well along with the TSC_OFFSET update, otherwise a negative
tsc_timestamp is calculated at kvm_guest_time_update.

Once "if (!vcpus_matched && ka->use_master_clock)" is simplified to
"if (ka->use_master_clock)", the corresponding "if (!ka->use_master_clock)"
becomes redundant, so remove the do_request boolean and collapse
everything into a single condition.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/x86.c |   19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1182,21 +1182,22 @@ void kvm_track_tsc_matching(struct kvm_v
 {
 #ifdef CONFIG_X86_64
 	bool vcpus_matched;
-	bool do_request = false;
 	struct kvm_arch *ka = &vcpu->kvm->arch;
 	struct pvclock_gtod_data *gtod = &pvclock_gtod_data;
 
 	vcpus_matched = (ka->nr_vcpus_matched_tsc + 1 ==
 			 atomic_read(&vcpu->kvm->online_vcpus));
 
-	if (vcpus_matched && gtod->clock.vclock_mode == VCLOCK_TSC)
-		if (!ka->use_master_clock)
-			do_request = 1;
-
-	if (!vcpus_matched && ka->use_master_clock)
-			do_request = 1;
-
-	if (do_request)
+	/*
+	 * Once the masterclock is enabled, always perform request in
+	 * order to update it.
+	 *
+	 * In order to enable masterclock, the host clocksource must be TSC
+	 * and the vcpus need to have matched TSCs.  When that happens,
+	 * perform request to enable masterclock.
+	 */
+	if (ka->use_master_clock ||
+	    (gtod->clock.vclock_mode == VCLOCK_TSC && vcpus_matched))
 		kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu);
 
 	trace_kvm_track_tsc(vcpu->vcpu_id, ka->nr_vcpus_matched_tsc,



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 45/53] hx4700: regulator: declare full constraints
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 44/53] KVM: x86: update masterclock values on TSC writes Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 46/53] arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big endian Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Martin Vajnar, Robert Jarzmik

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Martin Vajnar <martin.vajnar@gmail.com>

commit a52d209336f8fc7483a8c7f4a8a7d2a8e1692a6c upstream.

Since the removal of CONFIG_REGULATOR_DUMMY option, the touchscreen stopped
working. This patch enables the "replacement" for REGULATOR_DUMMY and
allows the touchscreen to work even though there is no regulator for "vcc".

Signed-off-by: Martin Vajnar <martin.vajnar@gmail.com>
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mach-pxa/hx4700.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/arm/mach-pxa/hx4700.c
+++ b/arch/arm/mach-pxa/hx4700.c
@@ -891,6 +891,8 @@ static void __init hx4700_init(void)
 	mdelay(10);
 	gpio_set_value(GPIO71_HX4700_ASIC3_nRESET, 1);
 	mdelay(10);
+
+	regulator_has_full_constraints();
 }
 
 MACHINE_START(H4700, "HP iPAQ HX4700")



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 46/53] arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big endian
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 45/53] hx4700: regulator: declare full constraints Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 47/53] gpio: tps65912: fix wrong container_of arguments Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Bamvor Jian Zhang, Catalin Marinas

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Catalin Marinas <catalin.marinas@arm.com>

commit 9d42d48a342aee208c1154696196497fdc556bbf upstream.

The native (64-bit) sigval_t union contains sival_int (32-bit) and
sival_ptr (64-bit). When a compat application invokes a syscall that
takes a sigval_t value (as part of a larger structure, e.g.
compat_sys_mq_notify, compat_sys_timer_create), the compat_sigval_t
union is converted to the native sigval_t with sival_int overlapping
with either the least or the most significant half of sival_ptr,
depending on endianness. When the corresponding signal is delivered to a
compat application, on big endian the current (compat_uptr_t)sival_ptr
cast always returns 0 since sival_int corresponds to the top part of
sival_ptr. This patch fixes copy_siginfo_to_user32() so that sival_int
is copied to the compat_siginfo_t structure.

Reported-by: Bamvor Jian Zhang <bamvor.zhangjian@huawei.com>
Tested-by: Bamvor Jian Zhang <bamvor.zhangjian@huawei.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/signal32.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- a/arch/arm64/kernel/signal32.c
+++ b/arch/arm64/kernel/signal32.c
@@ -179,8 +179,7 @@ int copy_siginfo_to_user32(compat_siginf
 	case __SI_TIMER:
 		 err |= __put_user(from->si_tid, &to->si_tid);
 		 err |= __put_user(from->si_overrun, &to->si_overrun);
-		 err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr,
-				   &to->si_ptr);
+		 err |= __put_user(from->si_int, &to->si_int);
 		break;
 	case __SI_POLL:
 		err |= __put_user(from->si_band, &to->si_band);
@@ -209,7 +208,7 @@ int copy_siginfo_to_user32(compat_siginf
 	case __SI_MESGQ: /* But this is */
 		err |= __put_user(from->si_pid, &to->si_pid);
 		err |= __put_user(from->si_uid, &to->si_uid);
-		err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, &to->si_ptr);
+		err |= __put_user(from->si_int, &to->si_int);
 		break;
 	default: /* this is just in case for now ... */
 		err |= __put_user(from->si_pid, &to->si_pid);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 47/53] gpio: tps65912: fix wrong container_of arguments
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 46/53] arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big endian Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 48/53] metag: Fix KSTK_EIP() and KSTK_ESP() macros Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicolas Saenz Julienne, Linus Walleij

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nicolas Saenz Julienne <nicolassaenzj@gmail.com>

commit 2f97c20e5f7c3582c7310f65a04465bfb0fd0e85 upstream.

The gpio_chip operations receive a pointer the gpio_chip struct which is
contained in the driver's private struct, yet the container_of call in those
functions point to the mfd struct defined in include/linux/mfd/tps65912.h.

Signed-off-by: Nicolas Saenz Julienne <nicolassaenzj@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpio/gpio-tps65912.c |   14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

--- a/drivers/gpio/gpio-tps65912.c
+++ b/drivers/gpio/gpio-tps65912.c
@@ -26,9 +26,12 @@ struct tps65912_gpio_data {
 	struct gpio_chip gpio_chip;
 };
 
+#define to_tgd(gc) container_of(gc, struct tps65912_gpio_data, gpio_chip)
+
 static int tps65912_gpio_get(struct gpio_chip *gc, unsigned offset)
 {
-	struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
+	struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
+	struct tps65912 *tps65912 = tps65912_gpio->tps65912;
 	int val;
 
 	val = tps65912_reg_read(tps65912, TPS65912_GPIO1 + offset);
@@ -42,7 +45,8 @@ static int tps65912_gpio_get(struct gpio
 static void tps65912_gpio_set(struct gpio_chip *gc, unsigned offset,
 			      int value)
 {
-	struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
+	struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
+	struct tps65912 *tps65912 = tps65912_gpio->tps65912;
 
 	if (value)
 		tps65912_set_bits(tps65912, TPS65912_GPIO1 + offset,
@@ -55,7 +59,8 @@ static void tps65912_gpio_set(struct gpi
 static int tps65912_gpio_output(struct gpio_chip *gc, unsigned offset,
 				int value)
 {
-	struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
+	struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
+	struct tps65912 *tps65912 = tps65912_gpio->tps65912;
 
 	/* Set the initial value */
 	tps65912_gpio_set(gc, offset, value);
@@ -66,7 +71,8 @@ static int tps65912_gpio_output(struct g
 
 static int tps65912_gpio_input(struct gpio_chip *gc, unsigned offset)
 {
-	struct tps65912 *tps65912 = container_of(gc, struct tps65912, gpio);
+	struct tps65912_gpio_data *tps65912_gpio = to_tgd(gc);
+	struct tps65912 *tps65912 = tps65912_gpio->tps65912;
 
 	return tps65912_clear_bits(tps65912, TPS65912_GPIO1 + offset,
 								GPIO_CFG_MASK);



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 48/53] metag: Fix KSTK_EIP() and KSTK_ESP() macros
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 47/53] gpio: tps65912: fix wrong container_of arguments Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 49/53] md/raid5: Fix livelock when array is both resyncing and degraded Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexey Brodkin, Vineet Gupta,
	James Hogan, linux-metag

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Hogan <james.hogan@imgtec.com>

commit c2996cb29bfb73927a79dc96e598a718e843f01a upstream.

The KSTK_EIP() and KSTK_ESP() macros should return the user program
counter (PC) and stack pointer (A0StP) of the given task. These are used
to determine which VMA corresponds to the user stack in
/proc/<pid>/maps, and for the user PC & A0StP in /proc/<pid>/stat.

However for Meta the PC & A0StP from the task's kernel context are used,
resulting in broken output. For example in following /proc/<pid>/maps
output, the 3afff000-3b021000 VMA should be described as the stack:

  # cat /proc/self/maps
  ...
  100b0000-100b1000 rwxp 00000000 00:00 0          [heap]
  3afff000-3b021000 rwxp 00000000 00:00 0

And in the following /proc/<pid>/stat output, the PC is in kernel code
(1074234964 = 0x40078654) and the A0StP is in the kernel heap
(1335981392 = 0x4fa17550):

  # cat /proc/self/stat
  51 (cat) R ... 1335981392 1074234964 ...

Fix the definitions of KSTK_EIP() and KSTK_ESP() to use
task_pt_regs(tsk)->ctx rather than (tsk)->thread.kernel_context. This
gets the registers from the user context stored after the thread info at
the base of the kernel stack, which is from the last entry into the
kernel from userland, regardless of where in the kernel the task may
have been interrupted, which results in the following more correct
/proc/<pid>/maps output:

  # cat /proc/self/maps
  ...
  0800b000-08070000 r-xp 00000000 00:02 207        /lib/libuClibc-0.9.34-git.so
  ...
  100b0000-100b1000 rwxp 00000000 00:00 0          [heap]
  3afff000-3b021000 rwxp 00000000 00:00 0          [stack]

And /proc/<pid>/stat now correctly reports the PC in libuClibc
(134320308 = 0x80190b4) and the A0StP in the [stack] region (989864576 =
0x3b002280):

  # cat /proc/self/stat
  51 (cat) R ... 989864576 134320308 ...

Reported-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Reported-by: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/metag/include/asm/processor.h |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/metag/include/asm/processor.h
+++ b/arch/metag/include/asm/processor.h
@@ -149,8 +149,8 @@ extern void exit_thread(void);
 
 unsigned long get_wchan(struct task_struct *p);
 
-#define	KSTK_EIP(tsk)	((tsk)->thread.kernel_context->CurrPC)
-#define	KSTK_ESP(tsk)	((tsk)->thread.kernel_context->AX[0].U0)
+#define	KSTK_EIP(tsk)	(task_pt_regs(tsk)->ctx.CurrPC)
+#define	KSTK_ESP(tsk)	(task_pt_regs(tsk)->ctx.AX[0].U0)
 
 #define user_stack_pointer(regs)        ((regs)->ctx.AX[0].U0)
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 49/53] md/raid5: Fix livelock when array is both resyncing and degraded.
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 48/53] metag: Fix KSTK_EIP() and KSTK_ESP() macros Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04 14:09   ` Jes Sorensen
  2015-03-04  6:06 ` [PATCH 3.10 51/53] jffs2: fix handling of corrupted summary length Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  51 siblings, 1 reply; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Manibalan P, Jes Sorensen, NeilBrown

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: NeilBrown <neilb@suse.de>

commit 26ac107378c4742978216be1005b7291b799c7b2 upstream.

Commit a7854487cd7128a30a7f4f5259de9f67d5efb95f:
  md: When RAID5 is dirty, force reconstruct-write instead of read-modify-write.

Causes an RCW cycle to be forced even when the array is degraded.
A degraded array cannot support RCW as that requires reading all data
blocks, and one may be missing.

Forcing an RCW when it is not possible causes a live-lock and the code
spins, repeatedly deciding to do something that cannot succeed.

So change the condition to only force RCW on non-degraded arrays.

Reported-by: Manibalan P <pmanibalan@amiindia.co.in>
Bisected-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Tested-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Fixes: a7854487cd7128a30a7f4f5259de9f67d5efb95f
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/raid5.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2853,7 +2853,8 @@ static void handle_stripe_dirtying(struc
 	 * generate correct data from the parity.
 	 */
 	if (conf->max_degraded == 2 ||
-	    (recovery_cp < MaxSector && sh->sector >= recovery_cp)) {
+	    (recovery_cp < MaxSector && sh->sector >= recovery_cp &&
+	     s->failed == 0)) {
 		/* Calculate the real rcw later - for now make it
 		 * look like rcw is cheaper
 		 */



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 51/53] jffs2: fix handling of corrupted summary length
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 49/53] md/raid5: Fix livelock when array is both resyncing and degraded Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 52/53] blk-throttle: check stats_cpu before reading it from sysfs Greg Kroah-Hartman
                   ` (3 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chen Jie, Andrew Morton, David Woodhouse

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chen Jie <chenjie6@huawei.com>

commit 164c24063a3eadee11b46575c5482b2f1417be49 upstream.

sm->offset maybe wrong but magic maybe right, the offset do not have CRC.

Badness at c00c7580 [verbose debug info unavailable]
NIP: c00c7580 LR: c00c718c CTR: 00000014
REGS: df07bb40 TRAP: 0700   Not tainted  (2.6.34.13-WR4.3.0.0_standard)
MSR: 00029000 <EE,ME,CE>  CR: 22084f84  XER: 00000000
TASK = df84d6e0[908] 'mount' THREAD: df07a000
GPR00: 00000001 df07bbf0 df84d6e0 00000000 00000001 00000000 df07bb58 00000041
GPR08: 00000041 c0638860 00000000 00000010 22084f88 100636c8 df814ff8 00000000
GPR16: df84d6e0 dfa558cc c05adb90 00000048 c0452d30 00000000 000240d0 000040d0
GPR24: 00000014 c05ae734 c05be2e0 00000000 00000001 00000000 00000000 c05ae730
NIP [c00c7580] __alloc_pages_nodemask+0x4d0/0x638
LR [c00c718c] __alloc_pages_nodemask+0xdc/0x638
Call Trace:
[df07bbf0] [c00c718c] __alloc_pages_nodemask+0xdc/0x638 (unreliable)
[df07bc90] [c00c7708] __get_free_pages+0x20/0x48
[df07bca0] [c00f4a40] __kmalloc+0x15c/0x1ec
[df07bcd0] [c01fc880] jffs2_scan_medium+0xa58/0x14d0
[df07bd70] [c01ff38c] jffs2_do_mount_fs+0x1f4/0x6b4
[df07bdb0] [c020144c] jffs2_do_fill_super+0xa8/0x260
[df07bdd0] [c020230c] jffs2_fill_super+0x104/0x184
[df07be00] [c0335814] get_sb_mtd_aux+0x9c/0xec
[df07be20] [c033596c] get_sb_mtd+0x84/0x1e8
[df07be60] [c0201ed0] jffs2_get_sb+0x1c/0x2c
[df07be70] [c0103898] vfs_kern_mount+0x78/0x1e8
[df07bea0] [c0103a58] do_kern_mount+0x40/0x100
[df07bec0] [c011fe90] do_mount+0x240/0x890
[df07bf10] [c0120570] sys_mount+0x90/0xd8
[df07bf40] [c00110d8] ret_from_syscall+0x0/0x4

=== Exception: c01 at 0xff61a34
    LR = 0x100135f0
Instruction dump:
38800005 38600000 48010f41 4bfffe1c 4bfc2d15 4bfffe8c 72e90200 4082fc28
3d20c064 39298860 8809000d 68000001 <0f000000> 2f800000 419efc0c 38000001
mount: mounting /dev/mtdblock3 on /common failed: Input/output error

Signed-off-by: Chen Jie <chenjie6@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/jffs2/scan.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -510,6 +510,10 @@ static int jffs2_scan_eraseblock (struct
 				sumlen = c->sector_size - je32_to_cpu(sm->offset);
 				sumptr = buf + buf_size - sumlen;
 
+				/* sm->offset maybe wrong but MAGIC maybe right */
+				if (sumlen > c->sector_size)
+					goto full_scan;
+
 				/* Now, make sure the summary itself is available */
 				if (sumlen > buf_size) {
 					/* Need to kmalloc for this. */
@@ -544,6 +548,7 @@ static int jffs2_scan_eraseblock (struct
 		}
 	}
 
+full_scan:
 	buf_ofs = jeb->offset;
 
 	if (!buf_size) {



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 52/53] blk-throttle: check stats_cpu before reading it from sysfs
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 51/53] jffs2: fix handling of corrupted summary length Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04  6:06 ` [PATCH 3.10 53/53] x86, mm/ASLR: Fix stack randomization on 64-bit systems Greg Kroah-Hartman
                   ` (2 subsequent siblings)
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ricardo Marin Matinata,
	Thadeu Lima de Souza Cascardo, Jens Axboe

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>

commit 045c47ca306acf30c740c285a77a4b4bda6be7c5 upstream.

When reading blkio.throttle.io_serviced in a recently created blkio
cgroup, it's possible to race against the creation of a throttle policy,
which delays the allocation of stats_cpu.

Like other functions in the throttle code, just checking for a NULL
stats_cpu prevents the following oops caused by that race.

[ 1117.285199] Unable to handle kernel paging request for data at address 0x7fb4d0020
[ 1117.285252] Faulting instruction address: 0xc0000000003efa2c
[ 1137.733921] Oops: Kernel access of bad area, sig: 11 [#1]
[ 1137.733945] SMP NR_CPUS=2048 NUMA PowerNV
[ 1137.734025] Modules linked in: bridge stp llc kvm_hv kvm binfmt_misc autofs4
[ 1137.734102] CPU: 3 PID: 5302 Comm: blkcgroup Not tainted 3.19.0 #5
[ 1137.734132] task: c000000f1d188b00 ti: c000000f1d210000 task.ti: c000000f1d210000
[ 1137.734167] NIP: c0000000003efa2c LR: c0000000003ef9f0 CTR: c0000000003ef980
[ 1137.734202] REGS: c000000f1d213500 TRAP: 0300   Not tainted  (3.19.0)
[ 1137.734230] MSR: 9000000000009032 <SF,HV,EE,ME,IR,DR,RI>  CR: 42008884  XER: 20000000
[ 1137.734325] CFAR: 0000000000008458 DAR: 00000007fb4d0020 DSISR: 40000000 SOFTE: 0
GPR00: c0000000003ed3a0 c000000f1d213780 c000000000c59538 0000000000000000
GPR04: 0000000000000800 0000000000000000 0000000000000000 0000000000000000
GPR08: ffffffffffffffff 00000007fb4d0020 00000007fb4d0000 c000000000780808
GPR12: 0000000022000888 c00000000fdc0d80 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: 000001003e120200 c000000f1d5b0cc0 0000000000000200 0000000000000000
GPR24: 0000000000000001 c000000000c269e0 0000000000000020 c000000f1d5b0c80
GPR28: c000000000ca3a08 c000000000ca3dec c000000f1c667e00 c000000f1d213850
[ 1137.734886] NIP [c0000000003efa2c] .tg_prfill_cpu_rwstat+0xac/0x180
[ 1137.734915] LR [c0000000003ef9f0] .tg_prfill_cpu_rwstat+0x70/0x180
[ 1137.734943] Call Trace:
[ 1137.734952] [c000000f1d213780] [d000000005560520] 0xd000000005560520 (unreliable)
[ 1137.734996] [c000000f1d2138a0] [c0000000003ed3a0] .blkcg_print_blkgs+0xe0/0x1a0
[ 1137.735039] [c000000f1d213960] [c0000000003efb50] .tg_print_cpu_rwstat+0x50/0x70
[ 1137.735082] [c000000f1d2139e0] [c000000000104b48] .cgroup_seqfile_show+0x58/0x150
[ 1137.735125] [c000000f1d213a70] [c0000000002749dc] .kernfs_seq_show+0x3c/0x50
[ 1137.735161] [c000000f1d213ae0] [c000000000218630] .seq_read+0xe0/0x510
[ 1137.735197] [c000000f1d213bd0] [c000000000275b04] .kernfs_fop_read+0x164/0x200
[ 1137.735240] [c000000f1d213c80] [c0000000001eb8e0] .__vfs_read+0x30/0x80
[ 1137.735276] [c000000f1d213cf0] [c0000000001eb9c4] .vfs_read+0x94/0x1b0
[ 1137.735312] [c000000f1d213d90] [c0000000001ebb38] .SyS_read+0x58/0x100
[ 1137.735349] [c000000f1d213e30] [c000000000009218] syscall_exit+0x0/0x98
[ 1137.735383] Instruction dump:
[ 1137.735405] 7c6307b4 7f891800 409d00b8 60000000 60420000 3d420004 392a63b0 786a1f24
[ 1137.735471] 7d49502a e93e01c8 7d495214 7d2ad214 <7cead02a> e9090008 e9490010 e9290018

And here is one code that allows to easily reproduce this, although this
has first been found by running docker.

void run(pid_t pid)
{
	int n;
	int status;
	int fd;
	char *buffer;
	buffer = memalign(BUFFER_ALIGN, BUFFER_SIZE);
	n = snprintf(buffer, BUFFER_SIZE, "%d\n", pid);
	fd = open(CGPATH "/test/tasks", O_WRONLY);
	write(fd, buffer, n);
	close(fd);
	if (fork() > 0) {
		fd = open("/dev/sda", O_RDONLY | O_DIRECT);
		read(fd, buffer, 512);
		close(fd);
		wait(&status);
	} else {
		fd = open(CGPATH "/test/blkio.throttle.io_serviced", O_RDONLY);
		n = read(fd, buffer, BUFFER_SIZE);
		close(fd);
	}
	free(buffer);
	exit(0);
}

void test(void)
{
	int status;
	mkdir(CGPATH "/test", 0666);
	if (fork() > 0)
		wait(&status);
	else
		run(getpid());
	rmdir(CGPATH "/test");
}

int main(int argc, char **argv)
{
	int i;
	for (i = 0; i < NR_TESTS; i++)
		test();
	return 0;
}

Reported-by: Ricardo Marin Matinata <rmm@br.ibm.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 block/blk-throttle.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -942,6 +942,9 @@ static u64 tg_prfill_cpu_rwstat(struct s
 	struct blkg_rwstat rwstat = { }, tmp;
 	int i, cpu;
 
+	if (tg->stats_cpu == NULL)
+		return 0;
+
 	for_each_possible_cpu(cpu) {
 		struct tg_stats_cpu *sc = per_cpu_ptr(tg->stats_cpu, cpu);
 



^ permalink raw reply	[flat|nested] 58+ messages in thread

* [PATCH 3.10 53/53] x86, mm/ASLR: Fix stack randomization on 64-bit systems
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 52/53] blk-throttle: check stats_cpu before reading it from sysfs Greg Kroah-Hartman
@ 2015-03-04  6:06 ` Greg Kroah-Hartman
  2015-03-04 14:08 ` [PATCH 3.10 00/53] 3.10.71-stable review Guenter Roeck
  2015-03-04 23:40 ` Shuah Khan
  51 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04  6:06 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hector Marco-Gisbert, Ismael Ripoll,
	Kees Cook, Linus Torvalds, Andrew Morton, Al Viro,
	Borislav Petkov

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hector Marco-Gisbert <hecmargi@upv.es>

commit 4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 upstream.

The issue is that the stack for processes is not properly randomized on
64 bit architectures due to an integer overflow.

The affected function is randomize_stack_top() in file
"fs/binfmt_elf.c":

  static unsigned long randomize_stack_top(unsigned long stack_top)
  {
           unsigned int random_variable = 0;

           if ((current->flags & PF_RANDOMIZE) &&
                   !(current->personality & ADDR_NO_RANDOMIZE)) {
                   random_variable = get_random_int() & STACK_RND_MASK;
                   random_variable <<= PAGE_SHIFT;
           }
           return PAGE_ALIGN(stack_top) + random_variable;
           return PAGE_ALIGN(stack_top) - random_variable;
  }

Note that, it declares the "random_variable" variable as "unsigned int".
Since the result of the shifting operation between STACK_RND_MASK (which
is 0x3fffff on x86_64, 22 bits) and PAGE_SHIFT (which is 12 on x86_64):

	  random_variable <<= PAGE_SHIFT;

then the two leftmost bits are dropped when storing the result in the
"random_variable". This variable shall be at least 34 bits long to hold
the (22+12) result.

These two dropped bits have an impact on the entropy of process stack.
Concretely, the total stack entropy is reduced by four: from 2^28 to
2^30 (One fourth of expected entropy).

This patch restores back the entropy by correcting the types involved
in the operations in the functions randomize_stack_top() and
stack_maxrandom_size().

The successful fix can be tested with:

  $ for i in `seq 1 10`; do cat /proc/self/maps | grep stack; done
  7ffeda566000-7ffeda587000 rw-p 00000000 00:00 0                          [stack]
  7fff5a332000-7fff5a353000 rw-p 00000000 00:00 0                          [stack]
  7ffcdb7a1000-7ffcdb7c2000 rw-p 00000000 00:00 0                          [stack]
  7ffd5e2c4000-7ffd5e2e5000 rw-p 00000000 00:00 0                          [stack]
  ...

Once corrected, the leading bytes should be between 7ffc and 7fff,
rather than always being 7fff.

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll <iripoll@upv.es>
[ Rebased, fixed 80 char bugs, cleaned up commit message, added test example and CVE ]
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Fixes: CVE-2015-1593
Link: http://lkml.kernel.org/r/20150214173350.GA18393@www.outflux.net
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/mm/mmap.c |    6 +++---
 fs/binfmt_elf.c    |    5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)

--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -35,12 +35,12 @@ struct __read_mostly va_alignment va_ali
 	.flags = -1,
 };
 
-static unsigned int stack_maxrandom_size(void)
+static unsigned long stack_maxrandom_size(void)
 {
-	unsigned int max = 0;
+	unsigned long max = 0;
 	if ((current->flags & PF_RANDOMIZE) &&
 		!(current->personality & ADDR_NO_RANDOMIZE)) {
-		max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
+		max = ((-1UL) & STACK_RND_MASK) << PAGE_SHIFT;
 	}
 
 	return max;
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -552,11 +552,12 @@ out:
 
 static unsigned long randomize_stack_top(unsigned long stack_top)
 {
-	unsigned int random_variable = 0;
+	unsigned long random_variable = 0;
 
 	if ((current->flags & PF_RANDOMIZE) &&
 		!(current->personality & ADDR_NO_RANDOMIZE)) {
-		random_variable = get_random_int() & STACK_RND_MASK;
+		random_variable = (unsigned long) get_random_int();
+		random_variable &= STACK_RND_MASK;
 		random_variable <<= PAGE_SHIFT;
 	}
 #ifdef CONFIG_STACK_GROWSUP



^ permalink raw reply	[flat|nested] 58+ messages in thread

* Re: [PATCH 3.10 16/53] ALSA: hdspm - Constrain periods to 2 on older cards
  2015-03-04  6:06 ` [PATCH 3.10 16/53] ALSA: hdspm - Constrain periods to 2 on older cards Greg Kroah-Hartman
@ 2015-03-04 10:03   ` Adrian Knoth
  2015-03-04 18:19     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 58+ messages in thread
From: Adrian Knoth @ 2015-03-04 10:03 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel; +Cc: stable, Takashi Iwai

On 03/04/15 07:06, Greg Kroah-Hartman wrote:

Hi!

> 3.10-stable review patch.  If anyone has any objections, please let me know.

Right here! ;) Since this is my first interaction with the stable
branch, chances are I'm doing it wrong. Just tell me if you need the
patch in a different format (read: clone the stable repo)

For some reasons, the 3.10.x version of the patch isn't correct:


> ------------------
>
> From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
>
> commit f0153c3d948c1764f6c920a0675d86fc1d75813e upstream.
>
> RME RayDAT and AIO use a fixed buffer size of 16384 samples. With period
> sizes of 32-4096, this translates to 4-512 periods.
>
> The older RME cards have a variable buffer size but require exactly two
> periods.
>
> This patch enforces nperiods=2 on those cards.
>
> Signed-off-by: Adrian Knoth <adi@drcomp.erfurt.thur.de>
> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
>   sound/pci/rme9652/hdspm.c |    6 ++++++
>   1 file changed, 6 insertions(+)
>
> --- a/sound/pci/rme9652/hdspm.c
> +++ b/sound/pci/rme9652/hdspm.c
> @@ -5863,6 +5863,12 @@ static int snd_hdspm_capture_open(struct
>   		snd_pcm_hw_constraint_minmax(runtime,
>   					     SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
>   					     64, 8192);
> +		snd_pcm_hw_constraint_minmax(runtime,
> +					     SNDRV_PCM_HW_PARAM_PERIODS,
> +					     2, 2);
> +		snd_pcm_hw_constraint_minmax(runtime,
> +					     SNDRV_PCM_HW_PARAM_PERIODS,
> +					     2, 2);
>   		break;
>   	}

Obviously, it doesn't make sense to do the same thing twice.

Here's how it should look: one of the constraints goes into
snd_hdspm_capture_open(), the other into snd_hdspm_capture_open().


--- 3.10.y/hdspm.c	2015-03-04 10:54:05.120849082 +0100
+++ 3.10.y-new/hdspm.c	2015-03-04 10:56:10.146020714 +0100
@@ -5789,6 +5789,9 @@ static int snd_hdspm_playback_open(struc
  		snd_pcm_hw_constraint_minmax(runtime,
  					     SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
  					     64, 8192);
+		snd_pcm_hw_constraint_minmax(runtime,
+				SNDRV_PCM_HW_PARAM_PERIODS,
+				2, 2);
  		break;
  	}

@@ -5863,6 +5866,9 @@ static int snd_hdspm_capture_open(struct
  		snd_pcm_hw_constraint_minmax(runtime,
  					     SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
  					     64, 8192);
+		snd_pcm_hw_constraint_minmax(runtime,
+				SNDRV_PCM_HW_PARAM_PERIODS,
+				2, 2);
  		break;
  	}


Cheers

^ permalink raw reply	[flat|nested] 58+ messages in thread

* Re: [PATCH 3.10 00/53] 3.10.71-stable review
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2015-03-04  6:06 ` [PATCH 3.10 53/53] x86, mm/ASLR: Fix stack randomization on 64-bit systems Greg Kroah-Hartman
@ 2015-03-04 14:08 ` Guenter Roeck
  2015-03-04 14:20   ` Luis Henriques
  2015-03-04 23:40 ` Shuah Khan
  51 siblings, 1 reply; 58+ messages in thread
From: Guenter Roeck @ 2015-03-04 14:08 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, satoru.takeuchi, shuah.kh, stable

On 03/03/2015 10:06 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.10.71 release.
> There are 53 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri Mar  6 05:45:30 UTC 2015.
> Anything received after that time might be too late.
>

Build results:
	total: 123 pass: 122 fail: 1
Failed builds:
	s390:defconfig

Qemu tests:
	total: 27 pass: 27 fail: 0

Build failure is:

arch/s390/kvm/interrupt.c: In function 'kvm_s390_inject_vm':
arch/s390/kvm/interrupt.c:740:3: error: label 'unlock_fi' used but not defined
make[2]: *** [arch/s390/kvm/interrupt.o] Error 1
make[1]: *** [arch/s390/kvm] Error 2

Caused by 'KVM: s390: floating irqs: fix user triggerable endless loop'
which appears to depend on another commit.

Details are available at http://server.roeck-us.net:8010/builders.

Guenter


^ permalink raw reply	[flat|nested] 58+ messages in thread

* Re: [PATCH 3.10 49/53] md/raid5: Fix livelock when array is both resyncing and degraded.
  2015-03-04  6:06 ` [PATCH 3.10 49/53] md/raid5: Fix livelock when array is both resyncing and degraded Greg Kroah-Hartman
@ 2015-03-04 14:09   ` Jes Sorensen
  0 siblings, 0 replies; 58+ messages in thread
From: Jes Sorensen @ 2015-03-04 14:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Manibalan P, NeilBrown

Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> 3.10-stable review patch.  If anyone has any objections, please let me know.
>
> ------------------

For all 4 stable branches:

Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com>

>
> From: NeilBrown <neilb@suse.de>
>
> commit 26ac107378c4742978216be1005b7291b799c7b2 upstream.
>
> Commit a7854487cd7128a30a7f4f5259de9f67d5efb95f:
>   md: When RAID5 is dirty, force reconstruct-write instead of read-modify-write.
>
> Causes an RCW cycle to be forced even when the array is degraded.
> A degraded array cannot support RCW as that requires reading all data
> blocks, and one may be missing.
>
> Forcing an RCW when it is not possible causes a live-lock and the code
> spins, repeatedly deciding to do something that cannot succeed.
>
> So change the condition to only force RCW on non-degraded arrays.
>
> Reported-by: Manibalan P <pmanibalan@amiindia.co.in>
> Bisected-by: Jes Sorensen <Jes.Sorensen@redhat.com>
> Tested-by: Jes Sorensen <Jes.Sorensen@redhat.com>
> Signed-off-by: NeilBrown <neilb@suse.de>
> Fixes: a7854487cd7128a30a7f4f5259de9f67d5efb95f
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
>  drivers/md/raid5.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> --- a/drivers/md/raid5.c
> +++ b/drivers/md/raid5.c
> @@ -2853,7 +2853,8 @@ static void handle_stripe_dirtying(struc
>  	 * generate correct data from the parity.
>  	 */
>  	if (conf->max_degraded == 2 ||
> -	    (recovery_cp < MaxSector && sh->sector >= recovery_cp)) {
> +	    (recovery_cp < MaxSector && sh->sector >= recovery_cp &&
> +	     s->failed == 0)) {
>  		/* Calculate the real rcw later - for now make it
>  		 * look like rcw is cheaper
>  		 */

^ permalink raw reply	[flat|nested] 58+ messages in thread

* Re: [PATCH 3.10 00/53] 3.10.71-stable review
  2015-03-04 14:08 ` [PATCH 3.10 00/53] 3.10.71-stable review Guenter Roeck
@ 2015-03-04 14:20   ` Luis Henriques
  2015-03-04 18:16     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 58+ messages in thread
From: Luis Henriques @ 2015-03-04 14:20 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: Greg Kroah-Hartman, linux-kernel, torvalds, akpm,
	satoru.takeuchi, shuah.kh, stable

On Wed, Mar 04, 2015 at 06:08:31AM -0800, Guenter Roeck wrote:
> On 03/03/2015 10:06 PM, Greg Kroah-Hartman wrote:
> >This is the start of the stable review cycle for the 3.10.71 release.
> >There are 53 patches in this series, all will be posted as a response
> >to this one.  If anyone has any issues with these being applied, please
> >let me know.
> >
> >Responses should be made by Fri Mar  6 05:45:30 UTC 2015.
> >Anything received after that time might be too late.
> >
> 
> Build results:
> 	total: 123 pass: 122 fail: 1
> Failed builds:
> 	s390:defconfig
> 
> Qemu tests:
> 	total: 27 pass: 27 fail: 0
> 
> Build failure is:
> 
> arch/s390/kvm/interrupt.c: In function 'kvm_s390_inject_vm':
> arch/s390/kvm/interrupt.c:740:3: error: label 'unlock_fi' used but not defined
> make[2]: *** [arch/s390/kvm/interrupt.o] Error 1
> make[1]: *** [arch/s390/kvm] Error 2
> 
> Caused by 'KVM: s390: floating irqs: fix user triggerable endless loop'
> which appears to depend on another commit.

Actually, this commit is tagged for stable v3.15+ so it should
probably be dropped from 3.10 and 3.14.

Cheers,
--
Luís

> 
> Details are available at http://server.roeck-us.net:8010/builders.
> 
> Guenter
> 
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 58+ messages in thread

* Re: [PATCH 3.10 00/53] 3.10.71-stable review
  2015-03-04 14:20   ` Luis Henriques
@ 2015-03-04 18:16     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04 18:16 UTC (permalink / raw)
  To: Luis Henriques
  Cc: Guenter Roeck, linux-kernel, torvalds, akpm, satoru.takeuchi,
	shuah.kh, stable

On Wed, Mar 04, 2015 at 02:20:11PM +0000, Luis Henriques wrote:
> On Wed, Mar 04, 2015 at 06:08:31AM -0800, Guenter Roeck wrote:
> > On 03/03/2015 10:06 PM, Greg Kroah-Hartman wrote:
> > >This is the start of the stable review cycle for the 3.10.71 release.
> > >There are 53 patches in this series, all will be posted as a response
> > >to this one.  If anyone has any issues with these being applied, please
> > >let me know.
> > >
> > >Responses should be made by Fri Mar  6 05:45:30 UTC 2015.
> > >Anything received after that time might be too late.
> > >
> > 
> > Build results:
> > 	total: 123 pass: 122 fail: 1
> > Failed builds:
> > 	s390:defconfig
> > 
> > Qemu tests:
> > 	total: 27 pass: 27 fail: 0
> > 
> > Build failure is:
> > 
> > arch/s390/kvm/interrupt.c: In function 'kvm_s390_inject_vm':
> > arch/s390/kvm/interrupt.c:740:3: error: label 'unlock_fi' used but not defined
> > make[2]: *** [arch/s390/kvm/interrupt.o] Error 1
> > make[1]: *** [arch/s390/kvm] Error 2
> > 
> > Caused by 'KVM: s390: floating irqs: fix user triggerable endless loop'
> > which appears to depend on another commit.
> 
> Actually, this commit is tagged for stable v3.15+ so it should
> probably be dropped from 3.10 and 3.14.

Thanks, now dropped for both trees.

greg k-h

^ permalink raw reply	[flat|nested] 58+ messages in thread

* Re: [PATCH 3.10 16/53] ALSA: hdspm - Constrain periods to 2 on older cards
  2015-03-04 10:03   ` Adrian Knoth
@ 2015-03-04 18:19     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 58+ messages in thread
From: Greg Kroah-Hartman @ 2015-03-04 18:19 UTC (permalink / raw)
  To: Adrian Knoth; +Cc: linux-kernel, stable, Takashi Iwai

On Wed, Mar 04, 2015 at 11:03:32AM +0100, Adrian Knoth wrote:
> On 03/04/15 07:06, Greg Kroah-Hartman wrote:
> 
> Hi!
> 
> >3.10-stable review patch.  If anyone has any objections, please let me know.
> 
> Right here! ;) Since this is my first interaction with the stable
> branch, chances are I'm doing it wrong. Just tell me if you need the
> patch in a different format (read: clone the stable repo)
> 
> For some reasons, the 3.10.x version of the patch isn't correct:
> 
> 
> >------------------
> >
> >From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
> >
> >commit f0153c3d948c1764f6c920a0675d86fc1d75813e upstream.
> >
> >RME RayDAT and AIO use a fixed buffer size of 16384 samples. With period
> >sizes of 32-4096, this translates to 4-512 periods.
> >
> >The older RME cards have a variable buffer size but require exactly two
> >periods.
> >
> >This patch enforces nperiods=2 on those cards.
> >
> >Signed-off-by: Adrian Knoth <adi@drcomp.erfurt.thur.de>
> >Signed-off-by: Takashi Iwai <tiwai@suse.de>
> >Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> >---
> >  sound/pci/rme9652/hdspm.c |    6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> >--- a/sound/pci/rme9652/hdspm.c
> >+++ b/sound/pci/rme9652/hdspm.c
> >@@ -5863,6 +5863,12 @@ static int snd_hdspm_capture_open(struct
> >  		snd_pcm_hw_constraint_minmax(runtime,
> >  					     SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
> >  					     64, 8192);
> >+		snd_pcm_hw_constraint_minmax(runtime,
> >+					     SNDRV_PCM_HW_PARAM_PERIODS,
> >+					     2, 2);
> >+		snd_pcm_hw_constraint_minmax(runtime,
> >+					     SNDRV_PCM_HW_PARAM_PERIODS,
> >+					     2, 2);
> >  		break;
> >  	}
> 
> Obviously, it doesn't make sense to do the same thing twice.
> 
> Here's how it should look: one of the constraints goes into
> snd_hdspm_capture_open(), the other into snd_hdspm_capture_open().
> 
> 
> --- 3.10.y/hdspm.c	2015-03-04 10:54:05.120849082 +0100
> +++ 3.10.y-new/hdspm.c	2015-03-04 10:56:10.146020714 +0100
> @@ -5789,6 +5789,9 @@ static int snd_hdspm_playback_open(struc
>  		snd_pcm_hw_constraint_minmax(runtime,
>  					     SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
>  					     64, 8192);
> +		snd_pcm_hw_constraint_minmax(runtime,
> +				SNDRV_PCM_HW_PARAM_PERIODS,
> +				2, 2);
>  		break;
>  	}
> 
> @@ -5863,6 +5866,9 @@ static int snd_hdspm_capture_open(struct
>  		snd_pcm_hw_constraint_minmax(runtime,
>  					     SNDRV_PCM_HW_PARAM_PERIOD_SIZE,
>  					     64, 8192);
> +		snd_pcm_hw_constraint_minmax(runtime,
> +				SNDRV_PCM_HW_PARAM_PERIODS,
> +				2, 2);
>  		break;
>  	}

Very odd, and very good catch, thanks for this.  I've fixed it up now
and pushed out an updated queue.

greg k-h

^ permalink raw reply	[flat|nested] 58+ messages in thread

* Re: [PATCH 3.10 00/53] 3.10.71-stable review
  2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2015-03-04 14:08 ` [PATCH 3.10 00/53] 3.10.71-stable review Guenter Roeck
@ 2015-03-04 23:40 ` Shuah Khan
  51 siblings, 0 replies; 58+ messages in thread
From: Shuah Khan @ 2015-03-04 23:40 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, satoru.takeuchi, shuah.kh, stable

On 03/03/2015 11:06 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.10.71 release.
> There are 53 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri Mar  6 05:45:30 UTC 2015.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.10.71-rc1.gz
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah

-- 
Shuah Khan
Sr. Linux Kernel Developer
Open Source Innovation Group
Samsung Research America (Silicon Valley)
shuahkh@osg.samsung.com | (970) 217-8978

^ permalink raw reply	[flat|nested] 58+ messages in thread

end of thread, other threads:[~2015-03-04 23:40 UTC | newest]

Thread overview: 58+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-04  6:06 [PATCH 3.10 00/53] 3.10.71-stable review Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 01/53] Bluetooth: ath3k: workaround the compatibility issue with xHCI controller Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 02/53] xfs: ensure buffer types are set correctly Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 03/53] xfs: inode unlink does not set AGI buffer type Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 04/53] xfs: set superblock buffer type correctly Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 05/53] fsnotify: fix handling of renames in audit Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 06/53] iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 07/53] iwlwifi: mvm: validate tid and sta_id in ba_notif Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 08/53] iwlwifi: mvm: fix failure path when power_update fails in add_interface Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 09/53] iwlwifi: mvm: always use mac color zero Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 10/53] HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 11/53] PCI: Generate uppercase hex for modalias var in uevent Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 14/53] [media] lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in interrupt urb Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 15/53] ALSA: off by one bug in snd_riptide_joystick_probe() Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 16/53] ALSA: hdspm - Constrain periods to 2 on older cards Greg Kroah-Hartman
2015-03-04 10:03   ` Adrian Knoth
2015-03-04 18:19     ` Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 17/53] power_supply: 88pm860x: Fix leaked power supply on probe fail Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 18/53] mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 19/53] nfs: dont call blocking operations while !TASK_RUNNING Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 20/53] MIPS: KVM: Deliver guest interrupts after local_irq_disable() Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 21/53] tracing: Fix unmapping loop in tracing_mark_write Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 22/53] ARM: 8284/1: sa1100: clear RCSR_SMR on resume Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 23/53] tpm_tis: verify interrupt during init Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 24/53] tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 25/53] tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 26/53] Added Little Endian support to vtpm module Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 27/53] NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 28/53] iscsi-target: Drop problematic active_ts_list usage Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 29/53] cfq-iosched: handle failure of cfq group allocation Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 30/53] cfq-iosched: fix incorrect filing of rt async cfqq Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 31/53] axonram: Fix bug in direct_access Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 32/53] tty: Prevent untrappable signals from malicious program Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 33/53] USB: cp210x: add ID for RUGGEDCOM USB Serial Console Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 34/53] USB: fix use-after-free bug in usb_hcd_unlink_urb() Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 35/53] usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 36/53] vt: provide notifications on selection changes Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 37/53] ARM: pxa: add regulator_has_full_constraints to corgi board file Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 38/53] ARM: pxa: add regulator_has_full_constraints to poodle " Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 39/53] kdb: fix incorrect counts in KDB summary command output Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 40/53] ntp: Fixup adjtimex freq validation on 32-bit systems Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 41/53] ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 42/53] KVM: s390: floating irqs: fix user triggerable endless loop Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 43/53] KVM: MIPS: Dont leak FPU/DSP to guest Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 44/53] KVM: x86: update masterclock values on TSC writes Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 45/53] hx4700: regulator: declare full constraints Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 46/53] arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big endian Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 47/53] gpio: tps65912: fix wrong container_of arguments Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 48/53] metag: Fix KSTK_EIP() and KSTK_ESP() macros Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 49/53] md/raid5: Fix livelock when array is both resyncing and degraded Greg Kroah-Hartman
2015-03-04 14:09   ` Jes Sorensen
2015-03-04  6:06 ` [PATCH 3.10 51/53] jffs2: fix handling of corrupted summary length Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 52/53] blk-throttle: check stats_cpu before reading it from sysfs Greg Kroah-Hartman
2015-03-04  6:06 ` [PATCH 3.10 53/53] x86, mm/ASLR: Fix stack randomization on 64-bit systems Greg Kroah-Hartman
2015-03-04 14:08 ` [PATCH 3.10 00/53] 3.10.71-stable review Guenter Roeck
2015-03-04 14:20   ` Luis Henriques
2015-03-04 18:16     ` Greg Kroah-Hartman
2015-03-04 23:40 ` Shuah Khan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).