1. 13 May, 2014 17 commits
    • Marek Vasut's avatar
      gpio: mxs: Allow for recursive enable_irq_wake() call · 0e0dc735
      Marek Vasut authored
      commit a585f87c upstream.
      
      The scenario here is that someone calls enable_irq_wake() from somewhere
      in the code. This will result in the lockdep producing a backtrace as can
      be seen below. In my case, this problem is triggered when using the wl1271
      (TI WlCore) driver found in drivers/net/wireless/ti/ .
      
      The problem cause is rather obvious from the backtrace, but let's outline
      the dependency. enable_irq_wake() grabs the IRQ buslock in irq_set_irq_wake(),
      which in turns calls mxs_gpio_set_wake_irq() . But mxs_gpio_set_wake_irq()
      calls enable_irq_wake() again on the one-level-higher IRQ , thus it tries to
      grab the IRQ buslock again in irq_set_irq_wake() . Because the spinlock in
      irq_set_irq_wake()->irq_get_desc_buslock()->__irq_get_desc_lock() is not
      marked as recursive, lockdep will spew the stuff below.
      
      We know we can safely re-enter the lock, so use IRQ_GC_INIT_NESTED_LOCK to
      fix the spew.
      
       =============================================
       [ INFO: possible recursive locking detected ]
       3.10.33-00012-gf06b763-dirty #61 Not tainted
       ---------------------------------------------
       kworker/0:1/18 is trying to acquire lock:
        (&irq_desc_lock_class){-.-...}, at: [<c00685f0>] __irq_get_desc_lock+0x48/0x88
      
       but task is already holding lock:
        (&irq_desc_lock_class){-.-...}, at: [<c00685f0>] __irq_get_desc_lock+0x48/0x88
      
       other info that might help us debug this:
        Possible unsafe locking scenario:
      
              CPU0
              ----
         lock(&irq_desc_lock_class);
         lock(&irq_desc_lock_class);
      
        *** DEADLOCK ***
      
        May be due to missing lock nesting notation
      
       3 locks held by kworker/0:1/18:
        #0:  (events){.+.+.+}, at: [<c0036308>] process_one_work+0x134/0x4a4
        #1:  ((&fw_work->work)){+.+.+.}, at: [<c0036308>] process_one_work+0x134/0x4a4
        #2:  (&irq_desc_lock_class){-.-...}, at: [<c00685f0>] __irq_get_desc_lock+0x48/0x88
      
       stack backtrace:
       CPU: 0 PID: 18 Comm: kworker/0:1 Not tainted 3.10.33-00012-gf06b763-dirty #61
       Workqueue: events request_firmware_work_func
       [<c0013eb4>] (unwind_backtrace+0x0/0xf0) from [<c0011c74>] (show_stack+0x10/0x14)
       [<c0011c74>] (show_stack+0x10/0x14) from [<c005bb08>] (__lock_acquire+0x140c/0x1a64)
       [<c005bb08>] (__lock_acquire+0x140c/0x1a64) from [<c005c6a8>] (lock_acquire+0x9c/0x104)
       [<c005c6a8>] (lock_acquire+0x9c/0x104) from [<c051d5a4>] (_raw_spin_lock_irqsave+0x44/0x58)
       [<c051d5a4>] (_raw_spin_lock_irqsave+0x44/0x58) from [<c00685f0>] (__irq_get_desc_lock+0x48/0x88)
       [<c00685f0>] (__irq_get_desc_lock+0x48/0x88) from [<c0068e78>] (irq_set_irq_wake+0x20/0xf4)
       [<c0068e78>] (irq_set_irq_wake+0x20/0xf4) from [<c027260c>] (mxs_gpio_set_wake_irq+0x1c/0x24)
       [<c027260c>] (mxs_gpio_set_wake_irq+0x1c/0x24) from [<c0068cf4>] (set_irq_wake_real+0x30/0x44)
       [<c0068cf4>] (set_irq_wake_real+0x30/0x44) from [<c0068ee4>] (irq_set_irq_wake+0x8c/0xf4)
       [<c0068ee4>] (irq_set_irq_wake+0x8c/0xf4) from [<c0310748>] (wlcore_nvs_cb+0x10c/0x97c)
       [<c0310748>] (wlcore_nvs_cb+0x10c/0x97c) from [<c02be5e8>] (request_firmware_work_func+0x38/0x58)
       [<c02be5e8>] (request_firmware_work_func+0x38/0x58) from [<c0036394>] (process_one_work+0x1c0/0x4a4)
       [<c0036394>] (process_one_work+0x1c0/0x4a4) from [<c0036a4c>] (worker_thread+0x138/0x394)
       [<c0036a4c>] (worker_thread+0x138/0x394) from [<c003cb74>] (kthread+0xa4/0xb0)
       [<c003cb74>] (kthread+0xa4/0xb0) from [<c000ee00>] (ret_from_fork+0x14/0x34)
       wlcore: loaded
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Acked-by: default avatarShawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0e0dc735
    • Larry Finger's avatar
      rtlwifi: rtl8192se: Fix too long disable of IRQs · f8f3dc1a
      Larry Finger authored
      commit 2610decd upstream.
      
      In commit f78bccd7 entitled "rtlwifi:
      rtl8192ce: Fix too long disable of IRQs", Olivier Langlois
      <olivier@trillion01.com> fixed a problem caused by an extra long disabling
      of interrupts. This patch makes the same fix for rtl8192se.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f8f3dc1a
    • Larry Finger's avatar
      rtlwifi: rtl8192cu: Fix too long disable of IRQs · 04dbe2b4
      Larry Finger authored
      commit a53268be upstream.
      
      In commit f78bccd7 entitled "rtlwifi:
      rtl8192ce: Fix too long disable of IRQs", Olivier Langlois
      <olivier@trillion01.com> fixed a problem caused by an extra long disabling
      of interrupts. This patch makes the same fix for rtl8192cu.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      04dbe2b4
    • Jeff Layton's avatar
      locks: allow __break_lease to sleep even when break_time is 0 · 08f36d9d
      Jeff Layton authored
      commit 4991a628 upstream.
      
      A fl->fl_break_time of 0 has a special meaning to the lease break code
      that basically means "never break the lease". knfsd uses this to ensure
      that leases don't disappear out from under it.
      
      Unfortunately, the code in __break_lease can end up passing this value
      to wait_event_interruptible as a timeout, which prevents it from going
      to sleep at all. This causes __break_lease to spin in a tight loop and
      causes soft lockups.
      
      Fix this by ensuring that we pass a minimum value of 1 as a timeout
      instead.
      
      Cc: J. Bruce Fields <bfields@fieldses.org>
      Reported-by: default avatarTerry Barnaby <terry1@beam.ltd.uk>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      08f36d9d
    • Dan Williams's avatar
      libata/ahci: accommodate tag ordered controllers · e45d91ae
      Dan Williams authored
      commit 8a4aeec8 upstream.
      
      The AHCI spec allows implementations to issue commands in tag order
      rather than FIFO order:
      
      	5.3.2.12 P:SelectCmd
      	HBA sets pSlotLoc = (pSlotLoc + 1) mod (CAP.NCS + 1)
      	or HBA selects the command to issue that has had the
      	PxCI bit set to '1' longer than any other command
      	pending to be issued.
      
      The result is that commands posted sequentially (time-wise) may play out
      of sequence when issued by hardware.
      
      This behavior has likely been hidden by drives that arrange for commands
      to complete in issue order.  However, it appears recent drives (two from
      different vendors that we have found so far) inflict out-of-order
      completions as a matter of course.  So, we need to take care to maintain
      ordered submission, otherwise we risk triggering a drive to fall out of
      sequential-io automation and back to random-io processing, which incurs
      large latency and degrades throughput.
      
      This issue was found in simple benchmarks where QD=2 seq-write
      performance was 30-50% *greater* than QD=32 seq-write performance.
      
      Tagging for -stable and making the change globally since it has a low
      risk-to-reward ratio.  Also, word is that recent versions of an unnamed
      OS also does it this way now.  So, drives in the field are already
      experienced with this tag ordering scheme.
      
      Cc: Dave Jiang <dave.jiang@intel.com>
      Cc: Ed Ciechanowski <ed.ciechanowski@intel.com>
      Reviewed-by: default avatarMatthew Wilcox <matthew.r.wilcox@intel.com>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e45d91ae
    • Rafał Miłecki's avatar
      b43: Fix machine check error due to improper access of B43_MMIO_PSM_PHY_HDR · b9fbc576
      Rafał Miłecki authored
      commit 12cd43c6 upstream.
      
      Register B43_MMIO_PSM_PHY_HDR is 16 bit one, so accessing it with 32b
      functions isn't safe. On my machine it causes delayed (!) CPU exception:
      
      Disabling lock debugging due to kernel taint
      mce: [Hardware Error]: CPU 0: Machine Check Exception: 4 Bank 4: b200000000070f0f
      mce: [Hardware Error]: TSC 164083803dc
      mce: [Hardware Error]: PROCESSOR 2:20fc2 TIME 1396650505 SOCKET 0 APIC 0 microcode 0
      mce: [Hardware Error]: Run the above through 'mcelog --ascii'
      mce: [Hardware Error]: Machine check: Processor context corrupt
      Kernel panic - not syncing: Fatal machine check on current CPU
      Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
      Signed-off-by: default avatarRafał Miłecki <zajec5@gmail.com>
      Acked-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b9fbc576
    • Mikulas Patocka's avatar
      mach64: fix cursor when character width is not a multiple of 8 pixels · 34dc182b
      Mikulas Patocka authored
      commit 43751a1b upstream.
      
      This patch fixes the hardware cursor on mach64 when font width is not a
      multiple of 8 pixels.
      
      If you load such a font, the cursor is expanded to the next 8-byte
      boundary and a part of the next character after the cursor is not
      visible.
      For example, when you load a font with 12-pixel width, the cursor width
      is 16 pixels and when the cursor is displayed, 4 pixels of the next
      character are not visible.
      
      The reason is this: atyfb_cursor is called with proper parameters to
      load an image that is 12-pixel wide. However, the number is aligned on
      the next 8-pixel boundary on the line
      "unsigned int width = (cursor->image.width + 7) >> 3;" and the whole
      function acts as it is was loading a 16-pixel image.
      
      This patch fixes it so that the value written to the framebuffer is
      padded with 0xaaaa (the transparent pattern) when the image size it not
      a multiple of 8 pixels. The transparent pattern causes that the cursor
      will not interfere with the next character.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      34dc182b
    • Mikulas Patocka's avatar
      mach64: use unaligned access · caf6f524
      Mikulas Patocka authored
      commit c29dd869 upstream.
      
      This patch fixes mach64 to use unaligned access to the font bitmap.
      
      This fixes unaligned access warning on sparc64 when 14x8 font is loaded.
      
      On x86(64), unaligned access is handled in hardware, so both functions
      le32_to_cpup and get_unaligned_le32 perform the same operation.
      
      On RISC machines, unaligned access is not handled in hardware, so we
      better use get_unaligned_le32 to avoid the unaligned trap and warning.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      caf6f524
    • Mikulas Patocka's avatar
      matroxfb: restore the registers M_ACCESS and M_PITCH · 7ea30442
      Mikulas Patocka authored
      commit a772d473 upstream.
      
      When X11 is running and the user switches back to console, the card
      modifies the content of registers M_MACCESS and M_PITCH in periodic
      intervals.
      
      This patch fixes it by restoring the content of these registers before
      issuing any accelerator command.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7ea30442
    • Mikulas Patocka's avatar
      framebuffer: fix cfb_copyarea · 8b26a7a7
      Mikulas Patocka authored
      commit 00a9d699 upstream.
      
      The function cfb_copyarea is buggy when the copy operation is not aligned on
      long boundary (4 bytes on 32-bit machines, 8 bytes on 64-bit machines).
      
      How to reproduce:
      - use x86-64 machine
      - use a framebuffer driver without acceleration (for example uvesafb)
      - set the framebuffer to 8-bit depth
      	(for example fbset -a 1024x768-60 -depth 8)
      - load a font with character width that is not a multiple of 8 pixels
      	note: the console-tools package cannot load a font that has
      	width different from 8 pixels. You need to install the packages
      	"kbd" and "console-terminus" and use the program "setfont" to
      	set font width (for example: setfont Uni2-Terminus20x10)
      - move some text left and right on the bash command line and you get a
      	screen corruption
      
      To expose more bugs, put this line to the end of uvesafb_init_info:
      info->flags |= FBINFO_HWACCEL_COPYAREA | FBINFO_READS_FAST;
      - Now framebuffer console will use cfb_copyarea for console scrolling.
      You get a screen corruption when console is scrolled.
      
      This patch is a rewrite of cfb_copyarea. It fixes the bugs, with this
      patch, console scrolling in 8-bit depth with a font width that is not a
      multiple of 8 pixels works fine.
      
      The cfb_copyarea code was very buggy and it looks like it was written
      and never tried with non-8-pixel font.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8b26a7a7
    • Ard Biesheuvel's avatar
      crypto: ghash-clmulni-intel - use C implementation for setkey() · 89a3abc1
      Ard Biesheuvel authored
      commit 8ceee728 upstream.
      
      The GHASH setkey() function uses SSE registers but fails to call
      kernel_fpu_begin()/kernel_fpu_end(). Instead of adding these calls, and
      then having to deal with the restriction that they cannot be called from
      interrupt context, move the setkey() implementation to the C domain.
      
      Note that setkey() does not use any particular SSE features and is not
      expected to become a performance bottleneck.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: default avatarH. Peter Anvin <hpa@linux.intel.com>
      Fixes: 0e1227d3 (crypto: ghash - Add PCLMULQDQ accelerated implementation)
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      89a3abc1
    • Tyler Stachecki's avatar
      mpt2sas: Don't disable device twice at suspend. · a2295c42
      Tyler Stachecki authored
      commit af61e27c upstream.
      
      On suspend, _scsih_suspend calls mpt2sas_base_free_resources, which
      in turn calls pci_disable_device if the device is enabled prior to
      suspending. However, _scsih_suspend also calls pci_disable_device
      itself.
      
      Thus, in the event that the device is enabled prior to suspending,
      pci_disable_device will be called twice. This patch removes the
      duplicate call to pci_disable_device in _scsi_suspend as it is both
      unnecessary and results in a kernel oops.
      Signed-off-by: default avatarTyler Stachecki <tstache1@binghamton.edu>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a2295c42
    • Rusty Russell's avatar
      virtio_balloon: don't softlockup on huge balloon changes. · 983327a4
      Rusty Russell authored
      commit 1f74ef0f upstream.
      
      When adding or removing 100G from a balloon:
      
          BUG: soft lockup - CPU#0 stuck for 22s! [vballoon:367]
      
      We have a wait_event_interruptible(), but the condition is always true
      (more ballooning to do) so we don't ever sleep.  We also have a
      wait_event() for the host to ack, but that is also always true as QEMU
      is synchronous for balloon operations.
      Reported-by: default avatarGopesh Kumar Chaudhary <gopchaud@in.ibm.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      983327a4
    • Huacai Chen's avatar
      MIPS: Hibernate: Flush TLB entries in swsusp_arch_resume() · ef914678
      Huacai Chen authored
      commit c14af233 upstream.
      
      The original MIPS hibernate code flushes cache and TLB entries in
      swsusp_arch_resume(). But they are removed in Commit 44eeab67
      (MIPS: Hibernation: Remove SMP TLB and cacheflushing code.). A cross-
      CPU flush is surely unnecessary because all but the local CPU have
      already been disabled. But a local flush (at least the TLB flush) is
      needed. When we do hibernation on Loongson-3 with an E1000E NIC, it is
      very easy to produce a kernel panic (kernel page fault, or unaligned
      access). The root cause is E1000E driver use vzalloc_node() to allocate
      pages, the stale TLB entries of the booting kernel will be misused by
      the resumed target kernel.
      Signed-off-by: default avatarHuacai Chen <chenhc@lemote.com>
      Cc: John Crispin <john@phrozen.org>
      Cc: Steven J. Hill <Steven.Hill@imgtec.com>
      Cc: Aurelien Jarno <aurelien@aurel32.net>
      Cc: linux-mips@linux-mips.org
      Cc: Fuxin Zhang <zhangfx@lemote.com>
      Cc: Zhangjin Wu <wuzhangjin@gmail.com>
      Patchwork: https://patchwork.linux-mips.org/patch/6643/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ef914678
    • Matthew Daley's avatar
      floppy: don't write kernel-only members to FDRAWCMD ioctl output · bfa77977
      Matthew Daley authored
      commit 2145e15e upstream.
      
      Do not leak kernel-only floppy_raw_cmd structure members to userspace.
      This includes the linked-list pointer and the pointer to the allocated
      DMA space.
      Signed-off-by: default avatarMatthew Daley <mattd@bugfuzz.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      bfa77977
    • Matthew Daley's avatar
      floppy: ignore kernel-only members in FDRAWCMD ioctl input · a04d8ef9
      Matthew Daley authored
      commit ef87dbe7 upstream.
      
      Always clear out these floppy_raw_cmd struct members after copying the
      entire structure from userspace so that the in-kernel version is always
      valid and never left in an interdeterminate state.
      Signed-off-by: default avatarMatthew Daley <mattd@bugfuzz.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a04d8ef9
    • Tomoki Sekiyama's avatar
      drivers/tty/hvc: don't free hvc_console_setup after init · 5c5aeb0c
      Tomoki Sekiyama authored
      commit 501fed45 upstream.
      
      When 'console=hvc0' is specified to the kernel parameter in x86 KVM guest,
      hvc console is setup within a kthread. However, that will cause SEGV
      and the boot will fail when the driver is builtin to the kernel,
      because currently hvc_console_setup() is annotated with '__init'. This
      patch removes '__init' to boot the guest successfully with 'console=hvc0'.
      Signed-off-by: default avatarTomoki Sekiyama <tomoki.sekiyama@hds.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5c5aeb0c
  2. 06 May, 2014 23 commits