1. 13 6月, 2013 10 次提交
    • S
      cciss: fix broken mutex usage in ioctl · 03f47e88
      Stephen M. Cameron 提交于
      If a new logical drive is added and the CCISS_REGNEWD ioctl is invoked
      (as is normal with the Array Configuration Utility) the process will
      hang as below.  It attempts to acquire the same mutex twice, once in
      do_ioctl() and once in cciss_unlocked_open().  The BKL was recursive,
      the mutex isn't.
      
        Linux version 3.10.0-rc2 (scameron@localhost.localdomain) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Fri May 24 14:32:12 CDT 2013
        [...]
        acu             D 0000000000000001     0  3246   3191 0x00000080
        Call Trace:
          schedule+0x29/0x70
          schedule_preempt_disabled+0xe/0x10
          __mutex_lock_slowpath+0x17b/0x220
          mutex_lock+0x2b/0x50
          cciss_unlocked_open+0x2f/0x110 [cciss]
          __blkdev_get+0xd3/0x470
          blkdev_get+0x5c/0x1e0
          register_disk+0x182/0x1a0
          add_disk+0x17c/0x310
          cciss_add_disk+0x13a/0x170 [cciss]
          cciss_update_drive_info+0x39b/0x480 [cciss]
          rebuild_lun_table+0x258/0x370 [cciss]
          cciss_ioctl+0x34f/0x470 [cciss]
          do_ioctl+0x49/0x70 [cciss]
          __blkdev_driver_ioctl+0x28/0x30
          blkdev_ioctl+0x200/0x7b0
          block_ioctl+0x3c/0x40
          do_vfs_ioctl+0x89/0x350
          SyS_ioctl+0xa1/0xb0
          system_call_fastpath+0x16/0x1b
      
      This mutex usage was added into the ioctl path when the big kernel lock
      was removed.  As it turns out, these paths are all thread safe anyway
      (or can easily be made so) and we don't want ioctl() to be single
      threaded in any case.
      Signed-off-by: NStephen M. Cameron <scameron@beardog.cce.hp.com>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: Mike Miller <mike.miller@hp.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      03f47e88
    • O
      audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE · f000cfdd
      Oleg Nesterov 提交于
      audit_log_start() does wait_for_auditd() in a loop until
      audit_backlog_wait_time passes or audit_skb_queue has a room.
      
      If signal_pending() is true this becomes a busy-wait loop, schedule() in
      TASK_INTERRUPTIBLE won't block.
      
      Thanks to Guy for fully investigating and explaining the problem.
      
      (akpm: that'll cause the system to lock up on a non-preemptible
      uniprocessor kernel)
      
      (Guy: "Our customer was in fact running a uniprocessor machine, and they
      reported a system hang.")
      Signed-off-by: NOleg Nesterov <oleg@redhat.com>
      Reported-by: NGuy Streeter <streeter@redhat.com>
      Cc: Eric Paris <eparis@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f000cfdd
    • D
      drivers/rtc/rtc-cmos.c: fix accidentally enabling rtc channel · ebf8d6c8
      Derek Basehore 提交于
      During resume, we call hpet_rtc_timer_init after masking an irq bit in
      hpet.  This will cause the call to hpet_disable_rtc_channel to be undone
      if RTC_AIE is the only bit not masked.
      
      Allowing the cmos interrupt handler to run before resuming caused some
      issues where the timer for the alarm was not removed.  This would cause
      other, later timers to not be cleared, so utilities such as hwclock
      would time out when waiting for the update interrupt.
      
      [akpm@linux-foundation.org: coding-style tweak]
      Signed-off-by: NDerek Basehore <dbasehore@chromium.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      ebf8d6c8
    • D
      drivers/rtc/rtc-tps6586x.c: device wakeup flags correction · 5a280844
      Dmitry Osipenko 提交于
      Use device_init_wakeup() instead of device_set_wakeup_capable() and move
      it before rtc dev registering.  This fixes alarmtimer not registered
      when tps6586x rtc is the only wakeup compatible rtc in the system.
      Signed-off-by: NDmitry Osipenko <digetx@gmail.com>
      Cc: Laxman Dewangan <ldewangan@nvidia.com>
      Cc: Jingoo Han <jg1.han@samsung.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      5a280844
    • A
      memcg: don't initialize kmem-cache destroying work for root caches · f101a946
      Andrey Vagin 提交于
      struct memcg_cache_params has a union.  Different parts of this union
      are used for root and non-root caches.  A part with destroying work is
      used only for non-root caches.
      
        BUG: unable to handle kernel paging request at 0000000fffffffe0
        IP: kmem_cache_alloc+0x41/0x1f0
        Modules linked in: netlink_diag af_packet_diag udp_diag tcp_diag inet_diag unix_diag ip6table_filter ip6_tables i2c_piix4 virtio_net virtio_balloon microcode i2c_core pcspkr floppy
        CPU: 0 PID: 1929 Comm: lt-vzctl Tainted: G      D      3.10.0-rc1+ #2
        Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
        RIP: kmem_cache_alloc+0x41/0x1f0
        Call Trace:
         getname_flags.part.34+0x30/0x140
         getname+0x38/0x60
         do_sys_open+0xc5/0x1e0
         SyS_open+0x22/0x30
         system_call_fastpath+0x16/0x1b
        Code: f4 53 48 83 ec 18 8b 05 8e 53 b7 00 4c 8b 4d 08 21 f0 a8 10 74 0d 4c 89 4d c0 e8 1b 76 4a 00 4c 8b 4d c0 e9 92 00 00 00 4d 89 f5 <4d> 8b 45 00 65 4c 03 04 25 48 cd 00 00 49 8b 50 08 4d 8b 38 49
        RIP  [<ffffffff8116b641>] kmem_cache_alloc+0x41/0x1f0
      Signed-off-by: NAndrey Vagin <avagin@openvz.org>
      Cc: Konstantin Khlebnikov <khlebnikov@openvz.org>
      Cc: Glauber Costa <glommer@parallels.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Balbir Singh <bsingharora@gmail.com>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Reviewed-by: NMichal Hocko <mhocko@suse.cz>
      Cc: Li Zefan <lizefan@huawei.com>
      Cc: <stable@vger.kernel.org>	[3.9.x]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f101a946
    • X
      ocfs2: ocfs2_prep_new_orphaned_file() should return ret · 7869e590
      Xiaowei.Hu 提交于
      If an error occurs, for example an EIO in __ocfs2_prepare_orphan_dir,
      ocfs2_prep_new_orphaned_file will release the inode_ac, then when the
      caller of ocfs2_prep_new_orphaned_file gets a 0 return, it will refer to
      a NULL ocfs2_alloc_context struct in the following functions.  A kernel
      panic happens.
      Signed-off-by: N"Xiaowei.Hu" <xiaowei.hu@oracle.com>
      Reviewed-by: Nshencanquan <shencanquan@huawei.com>
      Acked-by: NSunil Mushran <sunil.mushran@gmail.com>
      Cc: Joe Jin <joe.jin@oracle.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      7869e590
    • C
      lib/mpi/mpicoder.c: looping issue, need stop when equal to zero, found by 'EXTRA_FLAGS=-W'. · 5402b804
      Chen Gang 提交于
      For 'while' looping, need stop when 'nbytes == 0', or will cause issue.
      ('nbytes' is size_t which is always bigger or equal than zero).
      
      The related warning: (with EXTRA_CFLAGS=-W)
      
        lib/mpi/mpicoder.c:40:2: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
      Signed-off-by: NChen Gang <gang.chen@asianux.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: David Howells <dhowells@redhat.com>
      Cc: James Morris <james.l.morris@oracle.com>
      Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
      Acked-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      5402b804
    • K
      kmsg: honor dmesg_restrict sysctl on /dev/kmsg · 637241a9
      Kees Cook 提交于
      The dmesg_restrict sysctl currently covers the syslog method for access
      dmesg, however /dev/kmsg isn't covered by the same protections.  Most
      people haven't noticed because util-linux dmesg(1) defaults to using the
      syslog method for access in older versions.  With util-linux dmesg(1)
      defaults to reading directly from /dev/kmsg.
      
      To fix /dev/kmsg, let's compare the existing interfaces and what they
      allow:
      
       - /proc/kmsg allows:
        - open (SYSLOG_ACTION_OPEN) if CAP_SYSLOG since it uses a destructive
          single-reader interface (SYSLOG_ACTION_READ).
        - everything, after an open.
      
       - syslog syscall allows:
        - anything, if CAP_SYSLOG.
        - SYSLOG_ACTION_READ_ALL and SYSLOG_ACTION_SIZE_BUFFER, if
          dmesg_restrict==0.
        - nothing else (EPERM).
      
      The use-cases were:
       - dmesg(1) needs to do non-destructive SYSLOG_ACTION_READ_ALLs.
       - sysklog(1) needs to open /proc/kmsg, drop privs, and still issue the
         destructive SYSLOG_ACTION_READs.
      
      AIUI, dmesg(1) is moving to /dev/kmsg, and systemd-journald doesn't
      clear the ring buffer.
      
      Based on the comments in devkmsg_llseek, it sounds like actions besides
      reading aren't going to be supported by /dev/kmsg (i.e.
      SYSLOG_ACTION_CLEAR), so we have a strict subset of the non-destructive
      syslog syscall actions.
      
      To this end, move the check as Josh had done, but also rename the
      constants to reflect their new uses (SYSLOG_FROM_CALL becomes
      SYSLOG_FROM_READER, and SYSLOG_FROM_FILE becomes SYSLOG_FROM_PROC).
      SYSLOG_FROM_READER allows non-destructive actions, and SYSLOG_FROM_PROC
      allows destructive actions after a capabilities-constrained
      SYSLOG_ACTION_OPEN check.
      
       - /dev/kmsg allows:
        - open if CAP_SYSLOG or dmesg_restrict==0
        - reading/polling, after open
      
      Addresses https://bugzilla.redhat.com/show_bug.cgi?id=903192
      
      [akpm@linux-foundation.org: use pr_warn_once()]
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Reported-by: NChristian Kujau <lists@nerdbynature.de>
      Tested-by: NJosh Boyer <jwboyer@redhat.com>
      Cc: Kay Sievers <kay@vrfy.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      637241a9
    • R
      reboot: rigrate shutdown/reboot to boot cpu · cf7df378
      Robin Holt 提交于
      We recently noticed that reboot of a 1024 cpu machine takes approx 16
      minutes of just stopping the cpus.  The slowdown was tracked to commit
      f96972f2 ("kernel/sys.c: call disable_nonboot_cpus() in
      kernel_restart()").
      
      The current implementation does all the work of hot removing the cpus
      before halting the system.  We are switching to just migrating to the
      boot cpu and then continuing with shutdown/reboot.
      
      This also has the effect of not breaking x86's command line parameter
      for specifying the reboot cpu.  Note, this code was shamelessly copied
      from arch/x86/kernel/reboot.c with bits removed pertaining to the
      reboot_cpu command line parameter.
      Signed-off-by: NRobin Holt <holt@sgi.com>
      Tested-by: NShawn Guo <shawn.guo@linaro.org>
      Cc: "Srivatsa S. Bhat" <srivatsa.bhat@linux.vnet.ibm.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Russ Anderson <rja@sgi.com>
      Cc: Robin Holt <holt@sgi.com>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      cf7df378
    • S
      CPU hotplug: provide a generic helper to disable/enable CPU hotplug · 16e53dbf
      Srivatsa S. Bhat 提交于
      There are instances in the kernel where we would like to disable CPU
      hotplug (from sysfs) during some important operation.  Today the freezer
      code depends on this and the code to do it was kinda tailor-made for
      that.
      
      Restructure the code and make it generic enough to be useful for other
      usecases too.
      Signed-off-by: NSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: NRobin Holt <holt@sgi.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Russ Anderson <rja@sgi.com>
      Cc: Robin Holt <holt@sgi.com>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      16e53dbf
  2. 12 6月, 2013 2 次提交
    • L
      Merge branch 'fixes-3.10' of git://git.infradead.org/users/willy/linux-nvme · 77293e21
      Linus Torvalds 提交于
      Pull NVMe fixes from Matthew Wilcox.
      
      * 'fixes-3.10' of git://git.infradead.org/users/willy/linux-nvme:
        NVMe: Add MSI support
        NVMe: Use dma_set_mask() correctly
        Return the result from user admin command IOCTL even in case of failure
        NVMe: Do not cancel command multiple times
        NVMe: fix error return code in nvme_submit_bio_queue()
        NVMe: check for integer overflow in nvme_map_user_pages()
        MAINTAINERS: update NVM EXPRESS DRIVER file list
        NVMe: Fix a signedness bug in nvme_trans_modesel_get_mp
        NVMe: Remove redundant version.h header include
      77293e21
    • L
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm · af180b81
      Linus Torvalds 提交于
      Pull kvm bugfixes from Gleb Natapov:
       "There is one more fix for MIPS KVM ABI here, MIPS and PPC build
        breakage fixes and a couple of PPC bug fixes"
      
      * 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm/ppc/booke64: Fix lazy ee handling in kvmppc_handle_exit()
        kvm/ppc/booke: Hold srcu lock when calling gfn functions
        kvm/ppc/booke64: Disable e6500 support
        kvm/ppc/booke64: Fix AltiVec interrupt numbers and build breakage
        mips/kvm: Use KVM_REG_MIPS and proper size indicators for *_ONE_REG
        kvm: Add definition of KVM_REG_MIPS
        KVM: add kvm_para_available to asm-generic/kvm_para.h
      af180b81
  3. 11 6月, 2013 12 次提交
  4. 10 6月, 2013 12 次提交
  5. 09 6月, 2013 4 次提交
    • L
      Linux 3.10-rc5 · 317ddd25
      Linus Torvalds 提交于
      317ddd25
    • M
      hpfs: fix warnings when the filesystem fills up · bbd465df
      Mikulas Patocka 提交于
      This patch fixes warnings due to missing lock on write error path.
      
        WARNING: at fs/hpfs/hpfs_fn.h:353 hpfs_truncate+0x75/0x80 [hpfs]()
        Hardware name: empty
        Pid: 26563, comm: dd Tainted: P           O 3.9.4 #12
        Call Trace:
          hpfs_truncate+0x75/0x80 [hpfs]
          hpfs_write_begin+0x84/0x90 [hpfs]
          _hpfs_bmap+0x10/0x10 [hpfs]
          generic_file_buffered_write+0x121/0x2c0
          __generic_file_aio_write+0x1c7/0x3f0
          generic_file_aio_write+0x7c/0x100
          do_sync_write+0x98/0xd0
          hpfs_file_write+0xd/0x50 [hpfs]
          vfs_write+0xa2/0x160
          sys_write+0x51/0xa0
          page_fault+0x22/0x30
          system_call_fastpath+0x1a/0x1f
      Signed-off-by: NMikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
      Cc: stable@kernel.org  # 2.6.39+
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      bbd465df
    • L
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 81db4dbf
      Linus Torvalds 提交于
      Pull timer fixes from Thomas Gleixner:
      
       - Trivial: unused variable removal
      
       - Posix-timers: Add the clock ID to the new proc interface to make it
         useful.  The interface is new and should be functional when we reach
         the final 3.10 release.
      
       - Cure a false positive warning in the tick code introduced by the
         overhaul in 3.10
      
       - Fix for a persistent clock detection regression introduced in this
         cycle
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        timekeeping: Correct run-time detection of persistent_clock.
        ntp: Remove unused variable flags in __hardpps
        posix-timers: Show clock ID in proc file
        tick: Cure broadcast false positive pending bit warning
      81db4dbf
    • L
      Merge tag 'irqdomain-for-linus' of git://git.secretlab.ca/git/linux · c3e58a79
      Linus Torvalds 提交于
      Pull irqdomain bug fixes from Grant Likely:
       "This branch contains a set of straight forward bug fixes to the
        irqdomain code and to a couple of drivers that make use of it."
      
      * tag 'irqdomain-for-linus' of git://git.secretlab.ca/git/linux:
        irqchip: Return -EPERM for reserved IRQs
        irqdomain: document the simple domain first_irq
        kernel/irq/irqdomain.c: before use 'irq_data', need check it whether valid.
        irqdomain: export irq_domain_add_simple
      c3e58a79