1. 14 Apr, 2014 13 commits
  2. 03 Apr, 2014 7 commits
  3. 31 Mar, 2014 14 commits
  4. 24 Mar, 2014 6 commits
    • Greg Kroah-Hartman's avatar
      Linux 3.4.84 · b1cee752
      Greg Kroah-Hartman authored
      b1cee752
    • Paul E. McKenney's avatar
      jiffies: Avoid undefined behavior from signed overflow · 7c0a02e9
      Paul E. McKenney authored
      commit 5a581b36 upstream.
      
      According to the C standard 3.4.3p3, overflow of a signed integer results
      in undefined behavior.  This commit therefore changes the definitions
      of time_after(), time_after_eq(), time_after64(), and time_after_eq64()
      to avoid this undefined behavior.  The trick is that the subtraction
      is done using unsigned arithmetic, which according to 6.2.5p9 cannot
      overflow because it is defined as modulo arithmetic.  This has the added
      (though admittedly quite small) benefit of shortening four lines of code
      by four characters each.
      
      Note that the C standard considers the cast from unsigned to
      signed to be implementation-defined, see 6.3.1.3p3.  However, on a
      two's-complement system, an implementation that defines anything other
      than a reinterpretation of the bits is free to come to me, and I will be
      happy to act as a witness for its being committed to an insane asylum.
      (Although I have nothing against saturating arithmetic or signals in some
      cases, these things really should not be the default when compiling an
      operating-system kernel.)
      Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: Kevin Easton <kevin@guarana.org>
      [ paulmck: Included time_after64() and time_after_eq64(), as suggested
        by Eric Dumazet, also fixed commit message.]
      Reviewed-by: default avatarJosh Triplett <josh@joshtriplett.org>
      Ruchi Kandoi <kandoiruchi@google.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7c0a02e9
    • Roman Volkov's avatar
      ALSA: oxygen: modify adjust_dg_dac_routing function · 212b4654
      Roman Volkov authored
      commit 1f91ecc1 upstream.
      
      When selecting the audio output destinations (headphones,
      FP headphones, multichannel output), the channel routing
      should be changed depending on what destination selected.
      Also unnecessary I2S channels are digitally muted. This
      function called when the user selects the destination
      in the ALSA mixer.
      Signed-off-by: default avatarRoman Volkov <v1ron@mail.ru>
      Signed-off-by: default avatarClemens Ladisch <clemens@ladisch.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      212b4654
    • Filipe David Borba Manana's avatar
      Btrfs: fix data corruption when reading/updating compressed extents · dba79490
      Filipe David Borba Manana authored
      commit a2aa75e1 upstream.
      
      When using a mix of compressed file extents and prealloc extents, it
      is possible to fill a page of a file with random, garbage data from
      some unrelated previous use of the page, instead of a sequence of zeroes.
      
      A simple sequence of steps to get into such case, taken from the test
      case I made for xfstests, is:
      
         _scratch_mkfs
         _scratch_mount "-o compress-force=lzo"
         $XFS_IO_PROG -f -c "pwrite -S 0x06 -b 18670 266978 18670" $SCRATCH_MNT/foobar
         $XFS_IO_PROG -c "falloc 26450 665194" $SCRATCH_MNT/foobar
         $XFS_IO_PROG -c "truncate 542872" $SCRATCH_MNT/foobar
         $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foobar
      
      This results in the following file items in the fs tree:
      
         item 4 key (257 INODE_ITEM 0) itemoff 15879 itemsize 160
             inode generation 6 transid 6 size 542872 block group 0 mode 100600
         item 5 key (257 INODE_REF 256) itemoff 15863 itemsize 16
             inode ref index 2 namelen 6 name: foobar
         item 6 key (257 EXTENT_DATA 0) itemoff 15810 itemsize 53
             extent data disk byte 0 nr 0 gen 6
             extent data offset 0 nr 24576 ram 266240
             extent compression 0
         item 7 key (257 EXTENT_DATA 24576) itemoff 15757 itemsize 53
             prealloc data disk byte 12849152 nr 241664 gen 6
             prealloc data offset 0 nr 241664
         item 8 key (257 EXTENT_DATA 266240) itemoff 15704 itemsize 53
             extent data disk byte 12845056 nr 4096 gen 6
             extent data offset 0 nr 20480 ram 20480
             extent compression 2
         item 9 key (257 EXTENT_DATA 286720) itemoff 15651 itemsize 53
             prealloc data disk byte 13090816 nr 405504 gen 6
             prealloc data offset 0 nr 258048
      
      The on disk extent at offset 266240 (which corresponds to 1 single disk block),
      contains 5 compressed chunks of file data. Each of the first 4 compress 4096
      bytes of file data, while the last one only compresses 3024 bytes of file data.
      Therefore a read into the file region [285648 ; 286720[ (length = 4096 - 3024 =
      1072 bytes) should always return zeroes (our next extent is a prealloc one).
      
      The solution here is the compression code path to zero the remaining (untouched)
      bytes of the last page it uncompressed data into, as the information about how
      much space the file data consumes in the last page is not known in the upper layer
      fs/btrfs/extent_io.c:__do_readpage(). In __do_readpage we were correctly zeroing
      the remainder of the page but only if it corresponds to the last page of the inode
      and if the inode's size is not a multiple of the page size.
      
      This would cause not only returning random data on reads, but also permanently
      storing random data when updating parts of the region that should be zeroed.
      For the example above, it means updating a single byte in the region [285648 ; 286720[
      would store that byte correctly but also store random data on disk.
      
      A test case for xfstests follows soon.
      Signed-off-by: default avatarFilipe David Borba Manana <fdmanana@gmail.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dba79490
    • Ales Novak's avatar
      SCSI: storvsc: NULL pointer dereference fix · 7c1de350
      Ales Novak authored
      commit b12bb60d upstream.
      
      If the initialization of storvsc fails, the storvsc_device_destroy()
      causes NULL pointer dereference.
      
      storvsc_bus_scan()
        scsi_scan_target()
          __scsi_scan_target()
            scsi_probe_and_add_lun(hostdata=NULL)
              scsi_alloc_sdev(hostdata=NULL)
      
      	  sdev->hostdata = hostdata
      
      	  now the host allocation fails
      
                __scsi_remove_device(sdev)
      
      	  calls sdev->host->hostt->slave_destroy() ==
      	  storvsc_device_destroy(sdev)
      	    access of sdev->hostdata->request_mempool
      Signed-off-by: default avatarAles Novak <alnovak@suse.cz>
      Signed-off-by: default avatarThomas Abraham <tabraham@suse.com>
      Reviewed-by: default avatarJiri Kosina <jkosina@suse.cz>
      Acked-by: default avatarK. Y. Srinivasan <kys@microsoft.com>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7c1de350
    • Giridhar Malavali's avatar