--- /dev/null
+From da331ba8e9c5de72a27e50f71105395bba6eebe0 Mon Sep 17 00:00:00 2001
+From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Date: Wed, 3 Jul 2013 15:00:43 -0700
+Subject: drivers/dma/pl330.c: fix locking in pl330_free_chan_resources()
+
+From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+
+commit da331ba8e9c5de72a27e50f71105395bba6eebe0 upstream.
+
+tasklet_kill() may sleep so call it before taking pch->lock.
+
+Fixes following lockup:
+
+ BUG: scheduling while atomic: cat/2383/0x00000002
+ Modules linked in:
+ unwind_backtrace+0x0/0xfc
+ __schedule_bug+0x4c/0x58
+ __schedule+0x690/0x6e0
+ sys_sched_yield+0x70/0x78
+ tasklet_kill+0x34/0x8c
+ pl330_free_chan_resources+0x24/0x88
+ dma_chan_put+0x4c/0x50
+ [...]
+ BUG: spinlock lockup suspected on CPU#0, swapper/0/0
+ lock: 0xe52aa04c, .magic: dead4ead, .owner: cat/2383, .owner_cpu: 1
+ unwind_backtrace+0x0/0xfc
+ do_raw_spin_lock+0x194/0x204
+ _raw_spin_lock_irqsave+0x20/0x28
+ pl330_tasklet+0x2c/0x5a8
+ tasklet_action+0xfc/0x114
+ __do_softirq+0xe4/0x19c
+ irq_exit+0x98/0x9c
+ handle_IPI+0x124/0x16c
+ gic_handle_irq+0x64/0x68
+ __irq_svc+0x40/0x70
+ cpuidle_wrap_enter+0x4c/0xa0
+ cpuidle_enter_state+0x18/0x68
+ cpuidle_idle_call+0xac/0xe0
+ cpu_idle+0xac/0xf0
+
+Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
+Acked-by: Jassi Brar <jassisinghbrar@gmail.com>
+Cc: Vinod Koul <vinod.koul@linux.intel.com>
+Cc: Tomasz Figa <t.figa@samsung.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/dma/pl330.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/dma/pl330.c
++++ b/drivers/dma/pl330.c
+@@ -2485,10 +2485,10 @@ static void pl330_free_chan_resources(st
+ struct dma_pl330_chan *pch = to_pchan(chan);
+ unsigned long flags;
+
+- spin_lock_irqsave(&pch->lock, flags);
+-
+ tasklet_kill(&pch->task);
+
++ spin_lock_irqsave(&pch->lock, flags);
++
+ pl330_release_channel(pch->pl330_chid);
+ pch->pl330_chid = NULL;
+
--- /dev/null
+From fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 Mon Sep 17 00:00:00 2001
+From: Steve French <smfrench@us.ibm.com>
+Date: Tue, 25 Jun 2013 14:03:16 -0500
+Subject: Handle big endianness in NTLM (ntlmv2) authentication
+
+From: Steve French <smfrench@us.ibm.com>
+
+commit fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 upstream.
+
+This is RH bug 970891
+Uppercasing of username during calculation of ntlmv2 hash fails
+because UniStrupr function does not handle big endian wchars.
+
+Also fix a comment in the same code to reflect its correct usage.
+
+[To make it easier for stable (rather than require 2nd patch) fixed
+this patch of Shirish's to remove endian warning generated
+by sparse -- steve f.]
+
+Reported-by: steve <sanpatr1@in.ibm.com>
+Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
+Reviewed-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/cifs_unicode.h | 8 ++++----
+ fs/cifs/cifsencrypt.c | 6 +++---
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+--- a/fs/cifs/cifs_unicode.h
++++ b/fs/cifs/cifs_unicode.h
+@@ -327,14 +327,14 @@ UniToupper(register wchar_t uc)
+ /*
+ * UniStrupr: Upper case a unicode string
+ */
+-static inline wchar_t *
+-UniStrupr(register wchar_t *upin)
++static inline __le16 *
++UniStrupr(register __le16 *upin)
+ {
+- register wchar_t *up;
++ register __le16 *up;
+
+ up = upin;
+ while (*up) { /* For all characters */
+- *up = UniToupper(*up);
++ *up = cpu_to_le16(UniToupper(le16_to_cpu(*up)));
+ up++;
+ }
+ return upin; /* Return input pointer */
+--- a/fs/cifs/cifsencrypt.c
++++ b/fs/cifs/cifsencrypt.c
+@@ -415,7 +415,7 @@ static int calc_ntlmv2_hash(struct cifs_
+ int rc = 0;
+ int len;
+ char nt_hash[CIFS_NTHASH_SIZE];
+- wchar_t *user;
++ __le16 *user;
+ wchar_t *domain;
+ wchar_t *server;
+
+@@ -440,7 +440,7 @@ static int calc_ntlmv2_hash(struct cifs_
+ return rc;
+ }
+
+- /* convert ses->user_name to unicode and uppercase */
++ /* convert ses->user_name to unicode */
+ len = ses->user_name ? strlen(ses->user_name) : 0;
+ user = kmalloc(2 + (len * 2), GFP_KERNEL);
+ if (user == NULL) {
+@@ -450,7 +450,7 @@ static int calc_ntlmv2_hash(struct cifs_
+ }
+
+ if (len) {
+- len = cifs_strtoUTF16((__le16 *)user, ses->user_name, len, nls_cp);
++ len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp);
+ UniStrupr(user);
+ } else {
+ memset(user, '\0', 2);
--- /dev/null
+From f37a96914d1aea10fed8d9af10251f0b9caea31b Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.cz>
+Date: Mon, 8 Jul 2013 16:00:29 -0700
+Subject: memcg, kmem: fix reference count handling on the error path
+
+From: Michal Hocko <mhocko@suse.cz>
+
+commit f37a96914d1aea10fed8d9af10251f0b9caea31b upstream.
+
+mem_cgroup_css_online calls mem_cgroup_put if memcg_init_kmem fails.
+This is not correct because only memcg_propagate_kmem takes an
+additional reference while mem_cgroup_sockets_init is allowed to fail as
+well (although no current implementation fails) but it doesn't take any
+reference. This all suggests that it should be memcg_propagate_kmem
+that should clean up after itself so this patch moves mem_cgroup_put
+over there.
+
+Unfortunately this is not that easy (as pointed out by Li Zefan) because
+memcg_kmem_mark_dead marks the group dead (KMEM_ACCOUNTED_DEAD) if it is
+marked active (KMEM_ACCOUNTED_ACTIVE) which is the case even if
+memcg_propagate_kmem fails so the additional reference is dropped in
+that case in kmem_cgroup_destroy which means that the reference would be
+dropped two times.
+
+The easiest way then would be to simply remove mem_cgrroup_put from
+mem_cgroup_css_online and rely on kmem_cgroup_destroy doing the right
+thing.
+
+Signed-off-by: Michal Hocko <mhocko@suse.cz>
+Signed-off-by: Li Zefan <lizefan@huawei.com>
+Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: Tejun Heo <tj@kernel.org>
+Cc: Glauber Costa <glommer@openvz.org>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/memcontrol.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+--- a/mm/memcontrol.c
++++ b/mm/memcontrol.c
+@@ -6179,14 +6179,6 @@ mem_cgroup_css_online(struct cgroup *con
+
+ error = memcg_init_kmem(memcg, &mem_cgroup_subsys);
+ mutex_unlock(&memcg_create_mutex);
+- if (error) {
+- /*
+- * We call put now because our (and parent's) refcnts
+- * are already in place. mem_cgroup_put() will internally
+- * call __mem_cgroup_free, so return directly
+- */
+- mem_cgroup_put(memcg);
+- }
+ return error;
+ }
+
--- /dev/null
+From cea27eb2a202959783f81254c48c250ddd80e129 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <liwanp@linux.vnet.ibm.com>
+Date: Wed, 3 Jul 2013 15:02:40 -0700
+Subject: mm/memory-hotplug: fix lowmem count overflow when offline pages
+
+From: Wanpeng Li <liwanp@linux.vnet.ibm.com>
+
+commit cea27eb2a202959783f81254c48c250ddd80e129 upstream.
+
+The logic for the memory-remove code fails to correctly account the
+Total High Memory when a memory block which contains High Memory is
+offlined as shown in the example below. The following patch fixes it.
+
+Before logic memory remove:
+
+MemTotal: 7603740 kB
+MemFree: 6329612 kB
+Buffers: 94352 kB
+Cached: 872008 kB
+SwapCached: 0 kB
+Active: 626932 kB
+Inactive: 519216 kB
+Active(anon): 180776 kB
+Inactive(anon): 222944 kB
+Active(file): 446156 kB
+Inactive(file): 296272 kB
+Unevictable: 0 kB
+Mlocked: 0 kB
+HighTotal: 7294672 kB
+HighFree: 5704696 kB
+LowTotal: 309068 kB
+LowFree: 624916 kB
+
+After logic memory remove:
+
+MemTotal: 7079452 kB
+MemFree: 5805976 kB
+Buffers: 94372 kB
+Cached: 872000 kB
+SwapCached: 0 kB
+Active: 626936 kB
+Inactive: 519236 kB
+Active(anon): 180780 kB
+Inactive(anon): 222944 kB
+Active(file): 446156 kB
+Inactive(file): 296292 kB
+Unevictable: 0 kB
+Mlocked: 0 kB
+HighTotal: 7294672 kB
+HighFree: 5181024 kB
+LowTotal: 4294752076 kB
+LowFree: 624952 kB
+
+[mhocko@suse.cz: fix CONFIG_HIGHMEM=n build]
+Signed-off-by: Wanpeng Li <liwanp@linux.vnet.ibm.com>
+Reviewed-by: Michal Hocko <mhocko@suse.cz>
+Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+Cc: David Rientjes <rientjes@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/page_alloc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -6078,6 +6078,10 @@ __offline_isolated_pages(unsigned long s
+ list_del(&page->lru);
+ rmv_page_order(page);
+ zone->free_area[order].nr_free--;
++#ifdef CONFIG_HIGHMEM
++ if (PageHighMem(page))
++ totalhigh_pages -= 1 << order;
++#endif
+ for (i = 0; i < (1 << order); i++)
+ SetPageReserved((page+i));
+ pfn += (1 << order);
ext4-fix-data-offset-overflow-in-ext4_xattr_fiemap-on-32-bit-archs.patch
ext4-fix-overflow-when-counting-used-blocks-on-32-bit-architectures.patch
ext4-don-t-allow-ext4_free_blocks-to-fail-due-to-enomem.patch
+drivers-dma-pl330.c-fix-locking-in-pl330_free_chan_resources.patch
+memcg-kmem-fix-reference-count-handling-on-the-error-path.patch
+mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch
+handle-big-endianness-in-ntlm-ntlmv2-authentication.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
