1. 13 9月, 2014 1 次提交
    • A
      GFS2: fix d_splice_alias() misuses · cfb2f9d5
      Al Viro 提交于
      Callers of d_splice_alias(dentry, inode) don't need iput(), neither
      on success nor on failure.  Either the reference to inode is stored
      in a previously negative dentry, or it's dropped.  In either case
      inode reference the caller used to hold is consumed.
      
      __gfs2_lookup() does iput() in case when d_splice_alias() has failed.
      Double iput() if we ever hit that.  And gfs2_create_inode() ends up
      not only with double iput(), but with link count dropped to zero - on
      an inode it has just found in directory.
      
      Cc: stable@vger.kernel.org # v3.14+
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NSteven Whitehouse <swhiteho@redhat.com>
      cfb2f9d5
  2. 11 9月, 2014 2 次提交
  3. 21 8月, 2014 8 次提交
  4. 20 8月, 2014 5 次提交
  5. 19 8月, 2014 14 次提交
    • L
      Merge tag 'md/3.17-fixes' of git://neil.brown.name/md · 63d871cb
      Linus Torvalds 提交于
      Pull md bugfixes from Neil Brown:
       "Here are the bug-fixes I promised :-)
      
        Funny how you start looking for one and other start appearing.
      
         - raid6 data corruption during recovery
         - raid6 livelock
         - raid10 memory leaks"
      
      * tag 'md/3.17-fixes' of git://neil.brown.name/md:
        md/raid10: always initialise ->state on newly allocated r10_bio
        md/raid10: avoid memory leak on error path during reshape.
        md/raid10: Fix memory leak when raid10 reshape completes.
        md/raid10: fix memory leak when reshaping a RAID10.
        md/raid6: avoid data corruption during recovery of double-degraded RAID6
        md/raid5: avoid livelock caused by non-aligned writes.
      63d871cb
    • L
      Merge tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · f17a6f78
      Linus Torvalds 提交于
      Pull PCI changes from Bjorn Helgaas:
       "Marvell MVEBU
          - Remove ARCH_KIRKWOOD dependency (Andrew Lunn)
      
        NVIDIA Tegra
          - Add debugfs support (Thierry Reding)
      
        Synopsys DesignWare
          - Look for configuration space in 'reg', not 'ranges' (Kishon Vijay Abraham I)
          - Program ATU with untranslated address (Kishon Vijay Abraham I)
          - Add config access-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
          - Add MSI-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
      
        TI DRA7xx
          - Add TI DR7xx PCIe driver (Kishon Vijay Abraham I)"
      
      * tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: designware: Add MSI-related pcie_host_ops for v3.65 hardware
        PCI: designware: Add config access-related pcie_host_ops for v3.65 hardware
        PCI: dra7xx: Add TI DRA7xx PCIe driver
        PCI: designware: Program ATU with untranslated address
        PCI: designware: Look for configuration space in 'reg', not 'ranges'
        PCI: tegra: Add debugfs support
        PCI: mvebu: Remove ARCH_KIRKWOOD dependency
      f17a6f78
    • L
      Merge tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux · 7ac0bbf9
      Linus Torvalds 提交于
      Pull devicetree fixes from Grant Likely:
       "Three more commits needed for v3.17: A bug fix for reserved regions
        based at address zero, a clarification on how to interpret existence
        of both interrupts and interrupts-extended properties, and a fix to
        allow device tree testcases to run on any platform"
      
      * tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux:
        of/irq: Fix lookup to use 'interrupts-extended' property first
        Enabling OF selftest to run without machine's devicetree
        of: Allow mem_reserve of memory with a base address of zero
      7ac0bbf9
    • D
      frv: Define cpu_relax_lowlatency() · f325f164
      Davidlohr Bueso 提交于
      3a6bfbc9 "(arch,locking: Ciao arch_mutex_cpu_relax()") broke
      building the frv arch.  Fixes errors such as:
      
        kernel/locking/mcs_spinlock.h:87:2: error: implicit declaration of function 'cpu_relax_lowlatency'
      Signed-off-by: NDavidlohr Bueso <davidlohr@hp.com>
      Compile-tested-by: NGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f325f164
    • C
      virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it · 30d1e0e8
      Chen Gang 提交于
      As a generic function, deassign_guest_irq() assumes it can be called
      even if assign_guest_irq() is not be called successfully (which can be
      triggered by ioctl from user mode, indirectly).
      
      So for assign_guest_irq() failure process, need set 'dev->irq_source_id'
      to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free
      it again.
      Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      30d1e0e8
    • P
      Revert "KVM: x86: Increase the number of fixed MTRR regs to 10" · 0d234daf
      Paolo Bonzini 提交于
      This reverts commit 682367c4,
      which causes 32-bit SMP Windows 7 guests to panic.
      
      SeaBIOS has a limit on the number of MTRRs that it can handle,
      and this patch exceeded the limit.  Better revert it.
      Thanks to Nadav Amit for debugging the cause.
      
      Cc: stable@nongnu.org
      Reported-by: NWanpeng Li <wanpeng.li@linux.intel.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      0d234daf
    • P
      KVM: x86: do not check CS.DPL against RPL during task switch · 9a4cfb27
      Paolo Bonzini 提交于
      This reverts the check added by commit 5045b468 (KVM: x86: check CS.DPL
      against RPL during task switch, 2014-05-15).  Although the CS.DPL=CS.RPL
      check is mentioned in table 7-1 of the SDM as causing a #TSS exception,
      it is not mentioned in table 6-6 that lists "invalid TSS conditions"
      which cause #TSS exceptions. In fact it causes some tests to fail, which
      pass on bare-metal.
      
      Keep the rest of the commit, since we will find new uses for it in 3.18.
      Reported-by: NNadav Amit <namit@cs.technion.ac.il>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      9a4cfb27
    • N
      KVM: x86: Avoid emulating instructions on #UD mistakenly · 3a6095a0
      Nadav Amit 提交于
      Commit d40a6898 mistakenly caused instructions which are not marked as
      EmulateOnUD to be emulated upon #UD exception. The commit caused the check of
      whether the instruction flags include EmulateOnUD to never be evaluated. As a
      result instructions whose emulation is broken may be emulated.  This fix moves
      the evaluation of EmulateOnUD so it would be evaluated.
      Signed-off-by: NNadav Amit <namit@cs.technion.ac.il>
      [Tweak operand order in &&, remove EmulateOnUD where it's now superfluous.
       - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      3a6095a0
    • A
      PC, KVM, CMA: Fix regression caused by wrong get_order() use · c04fa583
      Alexey Kardashevskiy 提交于
      fc95ca72 claims that there is no
      functional change but this is not true as it calls get_order() (which
      takes bytes) where it should have called order_base_2() and the kernel
      stops on VM_BUG_ON().
      
      This replaces get_order() with order_base_2() (round-up version of ilog2).
      Suggested-by: NPaul Mackerras <paulus@samba.org>
      Cc: Alexander Graf <agraf@suse.de>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Reviewed-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      c04fa583
    • M
      kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) · 350b8bdd
      Michael S. Tsirkin 提交于
      The third parameter of kvm_iommu_put_pages is wrong,
      It should be 'gfn - slot->base_gfn'.
      
      By making gfn very large, malicious guest or userspace can cause kvm to
      go to this error path, and subsequently to pass a huge value as size.
      Alternatively if gfn is small, then pages would be pinned but never
      unpinned, causing host memory leak and local DOS.
      
      Passing a reasonable but large value could be the most dangerous case,
      because it would unpin a page that should have stayed pinned, and thus
      allow the device to DMA into arbitrary memory.  However, this cannot
      happen because of the condition that can trigger the error:
      
      - out of memory (where you can't allocate even a single page)
        should not be possible for the attacker to trigger
      
      - when exceeding the iommu's address space, guest pages after gfn
        will also exceed the iommu's address space, and inside
        kvm_iommu_put_pages() the iommu_iova_to_phys() will fail.  The
        page thus would not be unpinned at all.
      Reported-by: NJack Morgenstein <jackm@mellanox.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      350b8bdd
    • N
      md/raid10: always initialise ->state on newly allocated r10_bio · cb8b12b5
      NeilBrown 提交于
      Most places which allocate an r10_bio zero the ->state, some don't.
      As the r10_bio comes from a mempool, and the allocation function uses
      kzalloc it is often zero anyway.  But sometimes it isn't and it is
      best to be safe.
      
      I only noticed this because of the bug fixed by an earlier patch
      where the r10_bios allocated for a reshape were left around to
      be used by a subsequent resync.  In that case the R10BIO_IsReshape
      flag caused problems.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      cb8b12b5
    • N
      md/raid10: avoid memory leak on error path during reshape. · e337aead
      NeilBrown 提交于
      If raid10 reshape fails to find somewhere to read a block
      from, it returns without freeing memory...
      Signed-off-by: NNeilBrown <neilb@suse.de>
      e337aead
    • N
      md/raid10: Fix memory leak when raid10 reshape completes. · b3968552
      NeilBrown 提交于
      When a raid10 commences a resync/recovery/reshape it allocates
      some buffer space.
      When a resync/recovery completes the buffer space is freed.  But not
      when the reshape completes.
      This can result in a small memory leak.
      
      There is a subtle side-effect of this bug.  When a RAID10 is reshaped
      to a larger array (more devices), the reshape is immediately followed
      by a "resync" of the new space.  This "resync" will use the buffer
      space which was allocated for "reshape".  This can cause problems
      including a "BUG" in the SCSI layer.  So this is suitable for -stable.
      
      Cc: stable@vger.kernel.org (v3.5+)
      Fixes: 3ea7daa5Signed-off-by: NNeilBrown <neilb@suse.de>
      b3968552
    • N
      md/raid10: fix memory leak when reshaping a RAID10. · ce0b0a46
      NeilBrown 提交于
      raid10 reshape clears unwanted bits from a bio->bi_flags using
      a method which, while clumsy, worked until 3.10 when BIO_OWNS_VEC
      was added.
      Since then it clears that bit but shouldn't.  This results in a
      memory leak.
      
      So change to used the approved method of clearing unwanted bits.
      
      As this causes a memory leak which can consume all of memory
      the fix is suitable for -stable.
      
      Fixes: a38352e0
      Cc: stable@vger.kernel.org (v3.10+)
      Reported-by: mdraid.pkoch@dfgh.net (Peter Koch)
      Signed-off-by: NNeilBrown <neilb@suse.de>
      ce0b0a46
  6. 18 8月, 2014 5 次提交
  7. 17 8月, 2014 4 次提交
  8. 16 8月, 2014 1 次提交
    • L
      Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86 · 605f884d
      Linus Torvalds 提交于
      Pull x86 platform driver updates from Matthew Garrett:
       "A moderate number of changes, but nothing awfully significant.
      
        A lot of const cleanups, some reworking and additions to the rfkill
        quirks in the asus driver, a new driver for generating falling laptop
        events on Toshibas and some misc fixes.
      
        Maybe vendors have stopped inventing things"
      
      * 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86: (41 commits)
        platform/x86: Enable build support for toshiba_haps
        Documentation: Add file about toshiba_haps module
        platform/x86: Toshiba HDD Active Protection Sensor
        asus-nb-wmi: Add wapf4 quirk for the U32U
        alienware-wmi: make hdmi_mux enabled on case-by-case basis
        ideapad-laptop: Constify DMI table and other r/o variables
        asus-nb-wmi.c: Rename x401u quirk to wapf4
        compal-laptop: correct invalid hwmon name
        toshiba_acpi: Add Qosmio X75-A to the alt keymap dmi list
        toshiba_acpi: Add extra check to backlight code
        Fix log message about future removal of interface
        ideapad-laptop: Disable touchpad interface on Yoga models
        asus-nb-wmi: Add wapf4 quirk for the X550CC
        intel_ips: Make ips_mcp_limits variables static
        thinkpad_acpi: Mark volume_alsa_control_{vol,mute} as __initdata
        fujitsu-laptop: Mark fujitsu_dmi_table[] DMI table as __initconst
        hp-wmi: Add missing __init annotations to initialization code
        hp_accel: Constify ACPI and DMI tables
        fujitsu-tablet: Mark DMI callbacks as __init code
        dell-laptop: Mark dell_quirks[] DMI table as __initconst
        ...
      605f884d