From: Greg Kroah-Hartman Date: Mon, 6 Jan 2014 19:21:26 +0000 (-0800) Subject: 3.12-stable patches X-Git-Tag: v3.4.76~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=deb8f675eaf33a954487d3c27759db69fc7eb221;p=thirdparty%2Fkernel%2Fstable-queue.git 3.12-stable patches added patches: acpi-pci-hotplug-avoid-warning-when-_adr-not-present.patch cifs-set-file_created.patch cifs-we-do-not-drop-reference-to-tlink-in-cifscheckmfsymlink.patch ext2-fix-oops-in-ext2_get_block-called-from-ext2_quota_write.patch intel_pstate-fail-initialization-if-p-state-information-is-missing.patch mm-clear-pmd_numa-before-invalidating.patch mm-numa-avoid-unnecessary-work-on-the-failure-path.patch mm-numa-ensure-anon_vma-is-locked-to-prevent-parallel-thp-splits.patch radiotap-fix-bitmap-end-finding-buffer-overrun.patch revert-of-address-handle-address-cells-2-specially.patch rtlwifi-pci-fix-oops-on-driver-unload.patch --- diff --git a/queue-3.12/acpi-pci-hotplug-avoid-warning-when-_adr-not-present.patch b/queue-3.12/acpi-pci-hotplug-avoid-warning-when-_adr-not-present.patch new file mode 100644 index 00000000000..2d95226f5ec --- /dev/null +++ b/queue-3.12/acpi-pci-hotplug-avoid-warning-when-_adr-not-present.patch @@ -0,0 +1,40 @@ +From f26ca1d699e8b54a50d9faf82327d3c2072aaedd Mon Sep 17 00:00:00 2001 +From: Toshi Kani +Date: Wed, 27 Nov 2013 13:33:09 -0700 +Subject: ACPI / PCI / hotplug: Avoid warning when _ADR not present + +From: Toshi Kani + +commit f26ca1d699e8b54a50d9faf82327d3c2072aaedd upstream. + +acpiphp_enumerate_slots() walks ACPI namenamespace under +a PCI host bridge with callback register_slot(). +register_slot() evaluates _ADR for all the device objects +and emits a warning message for any error. Some platforms +have _HID device objects (such as HPET and IPMI), which +trigger unnecessary warning messages. + +This patch avoids emitting a warning message when a target +device object does not have _ADR. + +Signed-off-by: Toshi Kani +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/hotplug/acpiphp_glue.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/pci/hotplug/acpiphp_glue.c ++++ b/drivers/pci/hotplug/acpiphp_glue.c +@@ -279,7 +279,9 @@ static acpi_status register_slot(acpi_ha + + status = acpi_evaluate_integer(handle, "_ADR", NULL, &adr); + if (ACPI_FAILURE(status)) { +- acpi_handle_warn(handle, "can't evaluate _ADR (%#x)\n", status); ++ if (status != AE_NOT_FOUND) ++ acpi_handle_warn(handle, ++ "can't evaluate _ADR (%#x)\n", status); + return AE_OK; + } + diff --git a/queue-3.12/cifs-set-file_created.patch b/queue-3.12/cifs-set-file_created.patch new file mode 100644 index 00000000000..e0dea3cedeb --- /dev/null +++ b/queue-3.12/cifs-set-file_created.patch @@ -0,0 +1,78 @@ +From f1e3268126a35b9d3cb8bf67487fcc6cd13991d8 Mon Sep 17 00:00:00 2001 +From: Shirish Pargaonkar +Date: Wed, 11 Dec 2013 16:29:53 -0600 +Subject: cifs: set FILE_CREATED + +From: Shirish Pargaonkar + +commit f1e3268126a35b9d3cb8bf67487fcc6cd13991d8 upstream. + +Set FILE_CREATED on O_CREAT|O_EXCL. + +cifs code didn't change during commit 116cc0225381415b96551f725455d067f63a76a0 + +Kernel bugzilla 66251 + +Signed-off-by: Shirish Pargaonkar +Acked-by: Jeff Layton +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/dir.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/fs/cifs/dir.c ++++ b/fs/cifs/dir.c +@@ -193,7 +193,7 @@ check_name(struct dentry *direntry) + static int + cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned int xid, + struct tcon_link *tlink, unsigned oflags, umode_t mode, +- __u32 *oplock, struct cifs_fid *fid, int *created) ++ __u32 *oplock, struct cifs_fid *fid) + { + int rc = -ENOENT; + int create_options = CREATE_NOT_DIR; +@@ -349,7 +349,6 @@ cifs_do_create(struct inode *inode, stru + .device = 0, + }; + +- *created |= FILE_CREATED; + if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { + args.uid = current_fsuid(); + if (inode->i_mode & S_ISGID) +@@ -480,13 +479,16 @@ cifs_atomic_open(struct inode *inode, st + cifs_add_pending_open(&fid, tlink, &open); + + rc = cifs_do_create(inode, direntry, xid, tlink, oflags, mode, +- &oplock, &fid, opened); ++ &oplock, &fid); + + if (rc) { + cifs_del_pending_open(&open); + goto out; + } + ++ if ((oflags & (O_CREAT | O_EXCL)) == (O_CREAT | O_EXCL)) ++ *opened |= FILE_CREATED; ++ + rc = finish_open(file, direntry, generic_file_open, opened); + if (rc) { + if (server->ops->close) +@@ -529,7 +531,6 @@ int cifs_create(struct inode *inode, str + struct TCP_Server_Info *server; + struct cifs_fid fid; + __u32 oplock; +- int created = FILE_CREATED; + + cifs_dbg(FYI, "cifs_create parent inode = 0x%p name is: %s and dentry = 0x%p\n", + inode, direntry->d_name.name, direntry); +@@ -546,7 +547,7 @@ int cifs_create(struct inode *inode, str + server->ops->new_lease_key(&fid); + + rc = cifs_do_create(inode, direntry, xid, tlink, oflags, mode, +- &oplock, &fid, &created); ++ &oplock, &fid); + if (!rc && server->ops->close) + server->ops->close(xid, tcon, &fid); + diff --git a/queue-3.12/cifs-we-do-not-drop-reference-to-tlink-in-cifscheckmfsymlink.patch b/queue-3.12/cifs-we-do-not-drop-reference-to-tlink-in-cifscheckmfsymlink.patch new file mode 100644 index 00000000000..7f47a971d8c --- /dev/null +++ b/queue-3.12/cifs-we-do-not-drop-reference-to-tlink-in-cifscheckmfsymlink.patch @@ -0,0 +1,119 @@ +From 750b8de6c4277d7034061e1da50663aa1b0479e4 Mon Sep 17 00:00:00 2001 +From: Sachin Prabhu +Date: Mon, 25 Nov 2013 17:09:48 +0000 +Subject: cifs: We do not drop reference to tlink in CIFSCheckMFSymlink() + +From: Sachin Prabhu + +commit 750b8de6c4277d7034061e1da50663aa1b0479e4 upstream. + +When we obtain tcon from cifs_sb, we use cifs_sb_tlink() to first obtain +tlink which also grabs a reference to it. We do not drop this reference +to tlink once we are done with the call. + +The patch fixes this issue by instead passing tcon as a parameter and +avoids having to obtain a reference to the tlink. A lookup for the tcon +is already made in the calling functions and this way we avoid having to +re-run the lookup. This is also consistent with the argument list for +other similar calls for M-F symlinks. + +We should also return an ENOSYS when we do not find a protocol specific +function to lookup the MF Symlink data. + +Signed-off-by: Sachin Prabhu +Reviewed-by: Jeff Layton +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifsproto.h | 7 ++++--- + fs/cifs/inode.c | 6 ++++-- + fs/cifs/link.c | 26 +++++++++++--------------- + 3 files changed, 19 insertions(+), 20 deletions(-) + +--- a/fs/cifs/cifsproto.h ++++ b/fs/cifs/cifsproto.h +@@ -475,9 +475,10 @@ extern int CIFSGetExtAttr(const unsigned + const int netfid, __u64 *pExtAttrBits, __u64 *pMask); + extern void cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb); + extern bool CIFSCouldBeMFSymlink(const struct cifs_fattr *fattr); +-extern int CIFSCheckMFSymlink(struct cifs_fattr *fattr, +- const unsigned char *path, +- struct cifs_sb_info *cifs_sb, unsigned int xid); ++extern int CIFSCheckMFSymlink(unsigned int xid, struct cifs_tcon *tcon, ++ struct cifs_sb_info *cifs_sb, ++ struct cifs_fattr *fattr, ++ const unsigned char *path); + extern int mdfour(unsigned char *, unsigned char *, int); + extern int E_md4hash(const unsigned char *passwd, unsigned char *p16, + const struct nls_table *codepage); +--- a/fs/cifs/inode.c ++++ b/fs/cifs/inode.c +@@ -383,7 +383,8 @@ int cifs_get_inode_info_unix(struct inod + + /* check for Minshall+French symlinks */ + if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MF_SYMLINKS) { +- int tmprc = CIFSCheckMFSymlink(&fattr, full_path, cifs_sb, xid); ++ int tmprc = CIFSCheckMFSymlink(xid, tcon, cifs_sb, &fattr, ++ full_path); + if (tmprc) + cifs_dbg(FYI, "CIFSCheckMFSymlink: %d\n", tmprc); + } +@@ -799,7 +800,8 @@ cifs_get_inode_info(struct inode **inode + + /* check for Minshall+French symlinks */ + if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MF_SYMLINKS) { +- tmprc = CIFSCheckMFSymlink(&fattr, full_path, cifs_sb, xid); ++ tmprc = CIFSCheckMFSymlink(xid, tcon, cifs_sb, &fattr, ++ full_path); + if (tmprc) + cifs_dbg(FYI, "CIFSCheckMFSymlink: %d\n", tmprc); + } +--- a/fs/cifs/link.c ++++ b/fs/cifs/link.c +@@ -354,34 +354,30 @@ open_query_close_cifs_symlink(const unsi + + + int +-CIFSCheckMFSymlink(struct cifs_fattr *fattr, +- const unsigned char *path, +- struct cifs_sb_info *cifs_sb, unsigned int xid) ++CIFSCheckMFSymlink(unsigned int xid, struct cifs_tcon *tcon, ++ struct cifs_sb_info *cifs_sb, struct cifs_fattr *fattr, ++ const unsigned char *path) + { +- int rc = 0; ++ int rc; + u8 *buf = NULL; + unsigned int link_len = 0; + unsigned int bytes_read = 0; +- struct cifs_tcon *ptcon; + + if (!CIFSCouldBeMFSymlink(fattr)) + /* it's not a symlink */ + return 0; + + buf = kmalloc(CIFS_MF_SYMLINK_FILE_SIZE, GFP_KERNEL); +- if (!buf) { +- rc = -ENOMEM; +- goto out; +- } ++ if (!buf) ++ return -ENOMEM; + +- ptcon = tlink_tcon(cifs_sb_tlink(cifs_sb)); +- if ((ptcon->ses) && (ptcon->ses->server->ops->query_mf_symlink)) +- rc = ptcon->ses->server->ops->query_mf_symlink(path, buf, +- &bytes_read, cifs_sb, xid); ++ if (tcon->ses->server->ops->query_mf_symlink) ++ rc = tcon->ses->server->ops->query_mf_symlink(path, buf, ++ &bytes_read, cifs_sb, xid); + else +- goto out; ++ rc = -ENOSYS; + +- if (rc != 0) ++ if (rc) + goto out; + + if (bytes_read == 0) /* not a symlink */ diff --git a/queue-3.12/ext2-fix-oops-in-ext2_get_block-called-from-ext2_quota_write.patch b/queue-3.12/ext2-fix-oops-in-ext2_get_block-called-from-ext2_quota_write.patch new file mode 100644 index 00000000000..7e909e7c96b --- /dev/null +++ b/queue-3.12/ext2-fix-oops-in-ext2_get_block-called-from-ext2_quota_write.patch @@ -0,0 +1,36 @@ +From df4e7ac0bb70abc97fbfd9ef09671fc084b3f9db Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Tue, 3 Dec 2013 11:20:06 +0100 +Subject: ext2: Fix oops in ext2_get_block() called from ext2_quota_write() + +From: Jan Kara + +commit df4e7ac0bb70abc97fbfd9ef09671fc084b3f9db upstream. + +ext2_quota_write() doesn't properly setup bh it passes to +ext2_get_block() and thus we hit assertion BUG_ON(maxblocks == 0) in +ext2_get_blocks() (or we could actually ask for mapping arbitrary number +of blocks depending on whatever value was on stack). + +Fix ext2_quota_write() to properly fill in number of blocks to map. + +Reviewed-by: "Theodore Ts'o" +Reviewed-by: Christoph Hellwig +Reported-by: Christoph Hellwig +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext2/super.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ext2/super.c ++++ b/fs/ext2/super.c +@@ -1493,6 +1493,7 @@ static ssize_t ext2_quota_write(struct s + sb->s_blocksize - offset : towrite; + + tmp_bh.b_state = 0; ++ tmp_bh.b_size = sb->s_blocksize; + err = ext2_get_block(inode, blk, &tmp_bh, 1); + if (err < 0) + goto out; diff --git a/queue-3.12/intel_pstate-fail-initialization-if-p-state-information-is-missing.patch b/queue-3.12/intel_pstate-fail-initialization-if-p-state-information-is-missing.patch new file mode 100644 index 00000000000..cca881e0c0f --- /dev/null +++ b/queue-3.12/intel_pstate-fail-initialization-if-p-state-information-is-missing.patch @@ -0,0 +1,96 @@ +From 98a947abdd54e5de909bebadfced1696ccad30cf Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Tue, 31 Dec 2013 13:37:46 +0100 +Subject: intel_pstate: Fail initialization if P-state information is missing + +From: "Rafael J. Wysocki" + +commit 98a947abdd54e5de909bebadfced1696ccad30cf upstream. + +If pstate.current_pstate is 0 after the initial +intel_pstate_get_cpu_pstates(), this means that we were unable to +obtain any useful P-state information and there is no reason to +continue, so free memory and return an error in that case. + +This fixes the following divide error occuring in a nested KVM +guest: + +Intel P-state driver initializing. +Intel pstate controlling: cpu 0 +cpufreq: __cpufreq_add_dev: ->get() failed +divide error: 0000 [#1] SMP +Modules linked in: +CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.13.0-0.rc4.git5.1.fc21.x86_64 #1 +Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 +task: ffff88001ea20000 ti: ffff88001e9bc000 task.ti: ffff88001e9bc000 +RIP: 0010:[] [] intel_pstate_timer_func+0x11d/0x2b0 +RSP: 0000:ffff88001ee03e18 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: ffff88001a454348 RCX: 0000000000006100 +RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 +RBP: ffff88001ee03e38 R08: 0000000000000000 R09: 0000000000000000 +R10: ffff88001ea20000 R11: 0000000000000000 R12: 00000c0a1ea20000 +R13: 1ea200001ea20000 R14: ffffffff815c5400 R15: ffff88001a454348 +FS: 0000000000000000(0000) GS:ffff88001ee00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +CR2: 0000000000000000 CR3: 0000000001c0c000 CR4: 00000000000006f0 +Stack: + fffffffb1a454390 ffffffff821a4500 ffff88001a454390 0000000000000100 + ffff88001ee03ea8 ffffffff81083e9a ffffffff81083e15 ffffffff82d5ed40 + ffffffff8258cc60 0000000000000000 ffffffff81ac39de 0000000000000000 +Call Trace: + + [] call_timer_fn+0x8a/0x310 + [] ? call_timer_fn+0x5/0x310 + [] ? pid_param_set+0x130/0x130 + [] run_timer_softirq+0x234/0x380 + [] __do_softirq+0x104/0x430 + [] irq_exit+0xcd/0xe0 + [] smp_apic_timer_interrupt+0x45/0x60 + [] apic_timer_interrupt+0x72/0x80 + + [] ? vprintk_emit+0x1dd/0x5e0 + [] printk+0x67/0x69 + [] __cpufreq_add_dev.isra.13+0x883/0x8d0 + [] cpufreq_add_dev+0x10/0x20 + [] subsys_interface_register+0xb1/0xf0 + [] cpufreq_register_driver+0x9f/0x210 + [] intel_pstate_init+0x27d/0x3be + [] ? mutex_unlock+0xe/0x10 + [] ? cpufreq_gov_dbs_init+0x12/0x12 + [] do_one_initcall+0xfa/0x1b0 + [] ? parse_args+0x225/0x3f0 + [] kernel_init_freeable+0x1fc/0x287 + [] ? do_early_param+0x88/0x88 + [] ? rest_init+0x150/0x150 + [] kernel_init+0xe/0x130 + [] ret_from_fork+0x7c/0xb0 + [] ? rest_init+0x150/0x150 +Code: c1 e0 05 48 63 bc 03 10 01 00 00 48 63 83 d0 00 00 00 48 63 d6 48 c1 e2 08 c1 e1 08 4c 63 c2 48 c1 e0 08 48 98 48 c1 e0 08 48 99 <49> f7 f8 48 98 48 0f af f8 48 c1 ff 08 29 f9 89 ca c1 fa 1f 89 +RIP [] intel_pstate_timer_func+0x11d/0x2b0 + RSP +---[ end trace f166110ed22cc37a ]--- +Kernel panic - not syncing: Fatal exception in interrupt + +Reported-and-tested-by: Kashyap Chamarthy +Cc: Josh Boyer +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/cpufreq/intel_pstate.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/cpufreq/intel_pstate.c ++++ b/drivers/cpufreq/intel_pstate.c +@@ -550,6 +550,11 @@ static int intel_pstate_init_cpu(unsigne + cpu = all_cpu_data[cpunum]; + + intel_pstate_get_cpu_pstates(cpu); ++ if (!cpu->pstate.current_pstate) { ++ all_cpu_data[cpunum] = NULL; ++ kfree(cpu); ++ return -ENODATA; ++ } + + cpu->cpu = cpunum; + cpu->pstate_policy = diff --git a/queue-3.12/mm-clear-pmd_numa-before-invalidating.patch b/queue-3.12/mm-clear-pmd_numa-before-invalidating.patch new file mode 100644 index 00000000000..0b6bd84ec1d --- /dev/null +++ b/queue-3.12/mm-clear-pmd_numa-before-invalidating.patch @@ -0,0 +1,46 @@ +From 67f87463d3a3362424efcbe8b40e4772fd34fc61 Mon Sep 17 00:00:00 2001 +From: Mel Gorman +Date: Wed, 18 Dec 2013 17:08:34 -0800 +Subject: mm: clear pmd_numa before invalidating + +From: Mel Gorman + +commit 67f87463d3a3362424efcbe8b40e4772fd34fc61 upstream. + +On x86, PMD entries are similar to _PAGE_PROTNONE protection and are +handled as NUMA hinting faults. The following two page table protection +bits are what defines them + + _PAGE_NUMA:set _PAGE_PRESENT:clear + +A PMD is considered present if any of the _PAGE_PRESENT, _PAGE_PROTNONE, +_PAGE_PSE or _PAGE_NUMA bits are set. If pmdp_invalidate encounters a +pmd_numa, it clears the present bit leaving _PAGE_NUMA which will be +considered not present by the CPU but present by pmd_present. The +existing caller of pmdp_invalidate should handle it but it's an +inconsistent state for a PMD. This patch keeps the state consistent +when calling pmdp_invalidate. + +Signed-off-by: Mel Gorman +Reviewed-by: Rik van Riel +Cc: Alex Thorlton +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/pgtable-generic.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/mm/pgtable-generic.c ++++ b/mm/pgtable-generic.c +@@ -191,6 +191,9 @@ pgtable_t pgtable_trans_huge_withdraw(st + void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, + pmd_t *pmdp) + { ++ pmd_t entry = *pmdp; ++ if (pmd_numa(entry)) ++ entry = pmd_mknonnuma(entry); + set_pmd_at(vma->vm_mm, address, pmdp, pmd_mknotpresent(*pmdp)); + flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); + } diff --git a/queue-3.12/mm-numa-avoid-unnecessary-work-on-the-failure-path.patch b/queue-3.12/mm-numa-avoid-unnecessary-work-on-the-failure-path.patch new file mode 100644 index 00000000000..b6822eb0e25 --- /dev/null +++ b/queue-3.12/mm-numa-avoid-unnecessary-work-on-the-failure-path.patch @@ -0,0 +1,43 @@ +From eb4489f69f224356193364dc2762aa009738ca7f Mon Sep 17 00:00:00 2001 +From: Mel Gorman +Date: Wed, 18 Dec 2013 17:08:39 -0800 +Subject: mm: numa: avoid unnecessary work on the failure path + +From: Mel Gorman + +commit eb4489f69f224356193364dc2762aa009738ca7f upstream. + +If a PMD changes during a THP migration then migration aborts but the +failure path is doing more work than is necessary. + +Signed-off-by: Mel Gorman +Reviewed-by: Rik van Riel +Cc: Alex Thorlton +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/migrate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/mm/migrate.c ++++ b/mm/migrate.c +@@ -1720,7 +1720,8 @@ int migrate_misplaced_transhuge_page(str + putback_lru_page(page); + mod_zone_page_state(page_zone(page), + NR_ISOLATED_ANON + page_lru, -HPAGE_PMD_NR); +- goto out_fail; ++ ++ goto out_unlock; + } + + /* +@@ -1770,6 +1771,7 @@ out_dropref: + set_pmd_at(mm, haddr, pmd, entry); + update_mmu_cache_pmd(vma, address, &entry); + ++out_unlock: + unlock_page(page); + put_page(page); + return 0; diff --git a/queue-3.12/mm-numa-ensure-anon_vma-is-locked-to-prevent-parallel-thp-splits.patch b/queue-3.12/mm-numa-ensure-anon_vma-is-locked-to-prevent-parallel-thp-splits.patch new file mode 100644 index 00000000000..01646045060 --- /dev/null +++ b/queue-3.12/mm-numa-ensure-anon_vma-is-locked-to-prevent-parallel-thp-splits.patch @@ -0,0 +1,41 @@ +From c3a489cac38d43ea6dc4ac240473b44b46deecf7 Mon Sep 17 00:00:00 2001 +From: Mel Gorman +Date: Wed, 18 Dec 2013 17:08:38 -0800 +Subject: mm: numa: ensure anon_vma is locked to prevent parallel THP splits + +From: Mel Gorman + +commit c3a489cac38d43ea6dc4ac240473b44b46deecf7 upstream. + +The anon_vma lock prevents parallel THP splits and any associated +complexity that arises when handling splits during THP migration. This +patch checks if the lock was successfully acquired and bails from THP +migration if it failed for any reason. + +Signed-off-by: Mel Gorman +Reviewed-by: Rik van Riel +Cc: Alex Thorlton +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/huge_memory.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -1334,6 +1334,13 @@ int do_huge_pmd_numa_page(struct mm_stru + goto out_unlock; + } + ++ /* Bail if we fail to protect against THP splits for any reason */ ++ if (unlikely(!anon_vma)) { ++ put_page(page); ++ page_nid = -1; ++ goto clear_pmdnuma; ++ } ++ + /* + * Migrate the THP to the requested node, returns with page unlocked + * and pmd_numa cleared. diff --git a/queue-3.12/radiotap-fix-bitmap-end-finding-buffer-overrun.patch b/queue-3.12/radiotap-fix-bitmap-end-finding-buffer-overrun.patch new file mode 100644 index 00000000000..8ed9752d7f0 --- /dev/null +++ b/queue-3.12/radiotap-fix-bitmap-end-finding-buffer-overrun.patch @@ -0,0 +1,35 @@ +From bd02cd2549cfcdfc57cb5ce57ffc3feb94f70575 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Mon, 16 Dec 2013 12:04:36 +0100 +Subject: radiotap: fix bitmap-end-finding buffer overrun + +From: Johannes Berg + +commit bd02cd2549cfcdfc57cb5ce57ffc3feb94f70575 upstream. + +Evan Huus found (by fuzzing in wireshark) that the radiotap +iterator code can access beyond the length of the buffer if +the first bitmap claims an extension but then there's no +data at all. Fix this. + +Reported-by: Evan Huus +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/radiotap.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/wireless/radiotap.c ++++ b/net/wireless/radiotap.c +@@ -124,6 +124,10 @@ int ieee80211_radiotap_iterator_init( + /* find payload start allowing for extended bitmap(s) */ + + if (iterator->_bitmap_shifter & (1<_arg - ++ (unsigned long)iterator->_rtheader + sizeof(uint32_t) > ++ (unsigned long)iterator->_max_length) ++ return -EINVAL; + while (get_unaligned_le32(iterator->_arg) & + (1 << IEEE80211_RADIOTAP_EXT)) { + iterator->_arg += sizeof(uint32_t); diff --git a/queue-3.12/revert-of-address-handle-address-cells-2-specially.patch b/queue-3.12/revert-of-address-handle-address-cells-2-specially.patch new file mode 100644 index 00000000000..ad16f744e66 --- /dev/null +++ b/queue-3.12/revert-of-address-handle-address-cells-2-specially.patch @@ -0,0 +1,118 @@ +From 13fcca8f25f4e9ce7f55da9cd353bb743236e212 Mon Sep 17 00:00:00 2001 +From: Rob Herring +Date: Sun, 29 Dec 2013 19:37:43 -0600 +Subject: Revert "of/address: Handle #address-cells > 2 specially" + +From: Rob Herring + +commit 13fcca8f25f4e9ce7f55da9cd353bb743236e212 upstream. + +This reverts commit e38c0a1fbc5803cbacdaac0557c70ac8ca5152e7. + +Nikita Yushchenko reports: +While trying to make freescale p2020ds and mpc8572ds boards working +with mainline kernel, I faced that commit e38c0a1f (Handle + +Both these boards have uli1575 chip. +Corresponding part in device tree is something like + + uli1575@0 { + reg = <0x0 0x0 0x0 0x0 0x0>; + #size-cells = <2>; + #address-cells = <3>; + ranges = <0x2000000 0x0 0x80000000 + 0x2000000 0x0 0x80000000 + 0x0 0x20000000 + + 0x1000000 0x0 0x0 + 0x1000000 0x0 0x0 + 0x0 0x10000>; + isa@1e { +... + +I.e. it has #address-cells = <3> + +With commit e38c0a1f reverted, devices under uli1575 are registered +correctly, e.g. for rtc + +OF: ** translation for device /pcie@ffe09000/pcie@0/uli1575@0/isa@1e/rtc@70 ** +OF: bus is isa (na=2, ns=1) on /pcie@ffe09000/pcie@0/uli1575@0/isa@1e +OF: translating address: 00000001 00000070 +OF: parent bus is default (na=3, ns=2) on /pcie@ffe09000/pcie@0/uli1575@0 +OF: walking ranges... +OF: ISA map, cp=0, s=1000, da=70 +OF: parent translation for: 01000000 00000000 00000000 +OF: with offset: 70 +OF: one level translation: 00000000 00000000 00000070 +OF: parent bus is pci (na=3, ns=2) on /pcie@ffe09000/pcie@0 +OF: walking ranges... +OF: default map, cp=a0000000, s=20000000, da=70 +OF: default map, cp=0, s=10000, da=70 +OF: parent translation for: 01000000 00000000 00000000 +OF: with offset: 70 +OF: one level translation: 01000000 00000000 00000070 +OF: parent bus is pci (na=3, ns=2) on /pcie@ffe09000 +OF: walking ranges... +OF: PCI map, cp=0, s=10000, da=70 +OF: parent translation for: 01000000 00000000 00000000 +OF: with offset: 70 +OF: one level translation: 01000000 00000000 00000070 +OF: parent bus is default (na=2, ns=2) on / +OF: walking ranges... +OF: PCI map, cp=0, s=10000, da=70 +OF: parent translation for: 00000000 ffc10000 +OF: with offset: 70 +OF: one level translation: 00000000 ffc10070 +OF: reached root node + +With commit e38c0a1f in place, address translation fails: + +OF: ** translation for device /pcie@ffe09000/pcie@0/uli1575@0/isa@1e/rtc@70 ** +OF: bus is isa (na=2, ns=1) on /pcie@ffe09000/pcie@0/uli1575@0/isa@1e +OF: translating address: 00000001 00000070 +OF: parent bus is default (na=3, ns=2) on /pcie@ffe09000/pcie@0/uli1575@0 +OF: walking ranges... +OF: ISA map, cp=0, s=1000, da=70 +OF: parent translation for: 01000000 00000000 00000000 +OF: with offset: 70 +OF: one level translation: 00000000 00000000 00000070 +OF: parent bus is pci (na=3, ns=2) on /pcie@ffe09000/pcie@0 +OF: walking ranges... +OF: default map, cp=a0000000, s=20000000, da=70 +OF: default map, cp=0, s=10000, da=70 +OF: not found ! + +Thierry Reding confirmed this commit was not needed after all: +"We ended up merging a different address representation for Tegra PCIe +and I've confirmed that reverting this commit doesn't cause any obvious +regressions. I think all other drivers in drivers/pci/host ended up +copying what we did on Tegra, so I wouldn't expect any other breakage +either." + +There doesn't appear to be a simple way to support both behaviours, so +reverting this as nothing should be depending on the new behaviour. + +Signed-off-by: Rob Herring +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/of/address.c | 8 -------- + 1 file changed, 8 deletions(-) + +--- a/drivers/of/address.c ++++ b/drivers/of/address.c +@@ -69,14 +69,6 @@ static u64 of_bus_default_map(__be32 *ad + (unsigned long long)cp, (unsigned long long)s, + (unsigned long long)da); + +- /* +- * If the number of address cells is larger than 2 we assume the +- * mapping doesn't specify a physical address. Rather, the address +- * specifies an identifier that must match exactly. +- */ +- if (na > 2 && memcmp(range, addr, na * 4) != 0) +- return OF_BAD_ADDR; +- + if (da < cp || da >= (cp + s)) + return OF_BAD_ADDR; + return da - cp; diff --git a/queue-3.12/rtlwifi-pci-fix-oops-on-driver-unload.patch b/queue-3.12/rtlwifi-pci-fix-oops-on-driver-unload.patch new file mode 100644 index 00000000000..c0ab5682e1a --- /dev/null +++ b/queue-3.12/rtlwifi-pci-fix-oops-on-driver-unload.patch @@ -0,0 +1,47 @@ +From 9278db6279e28d4d433bc8a848e10b4ece8793ed Mon Sep 17 00:00:00 2001 +From: Larry Finger +Date: Wed, 11 Dec 2013 17:13:10 -0600 +Subject: rtlwifi: pci: Fix oops on driver unload + +From: Larry Finger + +commit 9278db6279e28d4d433bc8a848e10b4ece8793ed upstream. + +On Fedora systems, unloading rtl8192ce causes an oops. This patch fixes the +problem reported at https://bugzilla.redhat.com/show_bug.cgi?id=852761. + +Signed-off-by: Larry Finger +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtlwifi/pci.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/rtlwifi/pci.c ++++ b/drivers/net/wireless/rtlwifi/pci.c +@@ -741,6 +741,8 @@ static void _rtl_pci_rx_interrupt(struct + }; + int index = rtlpci->rx_ring[rx_queue_idx].idx; + ++ if (rtlpci->driver_is_goingto_unload) ++ return; + /*RX NORMAL PKT */ + while (count--) { + /*rx descriptor */ +@@ -1637,6 +1639,7 @@ static void rtl_pci_stop(struct ieee8021 + */ + set_hal_stop(rtlhal); + ++ rtlpci->driver_is_goingto_unload = true; + rtlpriv->cfg->ops->disable_interrupt(hw); + cancel_work_sync(&rtlpriv->works.lps_change_work); + +@@ -1654,7 +1657,6 @@ static void rtl_pci_stop(struct ieee8021 + ppsc->rfchange_inprogress = true; + spin_unlock_irqrestore(&rtlpriv->locks.rf_ps_lock, flags); + +- rtlpci->driver_is_goingto_unload = true; + rtlpriv->cfg->ops->hw_disable(hw); + /* some things are not needed if firmware not available */ + if (!rtlpriv->max_fw_size) diff --git a/queue-3.12/series b/queue-3.12/series index bd33f08134c..71b8e3e8b13 100644 --- a/queue-3.12/series +++ b/queue-3.12/series @@ -99,3 +99,14 @@ libata-add-ata_horkage_broken_fpdma_aa-quirk-for-seagate-momentus-spinpoint-m8.p libata-disable-a-disk-via-libata.force-params.patch libata-implement-ata_horkage_no_ncq_trim-and-apply-it-to-micro-m500-ssds.patch libata-freezer-avoid-block-device-removal-while-system-is-frozen.patch +cifs-we-do-not-drop-reference-to-tlink-in-cifscheckmfsymlink.patch +cifs-set-file_created.patch +radiotap-fix-bitmap-end-finding-buffer-overrun.patch +rtlwifi-pci-fix-oops-on-driver-unload.patch +ext2-fix-oops-in-ext2_get_block-called-from-ext2_quota_write.patch +acpi-pci-hotplug-avoid-warning-when-_adr-not-present.patch +intel_pstate-fail-initialization-if-p-state-information-is-missing.patch +revert-of-address-handle-address-cells-2-specially.patch +mm-clear-pmd_numa-before-invalidating.patch +mm-numa-ensure-anon_vma-is-locked-to-prevent-parallel-thp-splits.patch +mm-numa-avoid-unnecessary-work-on-the-failure-path.patch