1. 25 Jan, 2012 26 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs · aaad641e
      Linus Torvalds authored
      Quoth Ben Myers:
       "Please pull in the following bugfix for xfs.  We forgot to drop a lock on
        error in xfs_readlink.  It hasn't been through -next yet, but there is no
        -next tree tomorrow.  The fix is clear so I'm sending this request today."
      
      * 'for-linus' of git://oss.sgi.com/xfs/xfs:
        xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink()
      aaad641e
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 74a7f6a0
      Linus Torvalds authored
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/ttm: fix two regressions since move_notify changes
        drm/radeon: avoid deadlock if GPU lockup is detected in ib_pool_get
        drm/radeon: silence out possible lock dependency warning
        drm: Fix authentication kernel crash
        gma500: Fix shmem mapping
        drm/radeon/kms: refine TMDS dual link checks
        drm/radeon/kms: use drm_detect_hdmi_monitor for picking encoder mode
        drm/radeon/kms: rework modeset sequence for DCE41 and DCE5
        drm/radeon/kms: move panel mode setup into encoder mode set
        drm/radeon/kms: move disp eng pll setup to init path
        drm/radeon: finish getting bios earlier
        drm/radeon: fix invalid memory access in radeon_atrm_get_bios()
        drm/radeon/kms: add some missing semaphore init
        drm/radeon/kms: Add an MSI quirk for Dell RS690
        gpu, drm, sis: Don't return uninitialized variable from sis_driver_load()
      74a7f6a0
    • Linus Torvalds's avatar
      Merge branch 'fix/asoc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 486bc794
      Linus Torvalds authored
      * 'fix/asoc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ASoC: wm2000: Fix use-after-free - don't release_firmware() twice on error
        ASoC: wm8958: Use correct format string in dev_err() call
        ASoC: wm8996: Call _POST_PMU callback for CPVDD
        ASoC: mxs: Fix mxs-saif timeout
        ASoC: Disable register synchronisation for low frequency WM8996 SYSCLK
        ASoC: Don't go through cache when applying WM5100 rev A updates
        ASoC: Mark WM5100 register map cache only when going into BIAS_OFF
        ASoC: tlv320aic32x4: always enable analouge block
        ASoC: tlv320aic32x4: always enable dividers
        ASoC: sgtl5000: Fix wrong register name in restore
      486bc794
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap · 7ca4e8c4
      Linus Torvalds authored
      A fairly simple bugfix for a WARN_ON() which was triggered in the cache
      reset support as a result of some subsequent work.  There's only one
      mainline user for the code path that's updated right now (wm8994) so
      should be low risk.
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
        regmap: Reset cache status when reinitialsing the cache
      7ca4e8c4
    • Li Wang's avatar
      eCryptfs: move misleading function comments · 1589cb1a
      Li Wang authored
       The data encryption was moved from ecryptfs_write_end into
      ecryptfs_writepage, this patch moves the corresponding function
      comments to be consistent with the modification.
      Signed-off-by: default avatarLi Wang <liwang@nudt.edu.cn>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1589cb1a
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs · 3074c035
      Linus Torvalds authored
      Says Tyler:
       "Tim's logging message update will be really helpful to users when
        they're trying to locate a problematic file in the lower filesystem
        with filename encryption enabled.
      
        You'll recognize the fix from Li, as you commented on that.
      
        You should also be familiar with my setattr/truncate improvements,
        since you were the one that pointed them out to us (thanks again!).
        Andrew noted the /dev/ecryptfs write count sanitization needed to be
        improved, so I've got a fix in there for that along with some other
        less important cleanups of the /dev/ecryptfs read/write code."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
        eCryptfs: Fix oops when printing debug info in extent crypto functions
        eCryptfs: Remove unused ecryptfs_read()
        eCryptfs: Check inode changes in setattr
        eCryptfs: Make truncate path killable
        eCryptfs: Infinite loop due to overflow in ecryptfs_write()
        eCryptfs: Replace miscdev read/write magic numbers
        eCryptfs: Report errors in writes to /dev/ecryptfs
        eCryptfs: Sanitize write counts of /dev/ecryptfs
        ecryptfs: Remove unnecessary variable initialization
        ecryptfs: Improve metadata read failure logging
        MAINTAINERS: Update eCryptfs maintainer address
      3074c035
    • Tyler Hicks's avatar
      eCryptfs: Fix oops when printing debug info in extent crypto functions · 58ded24f
      Tyler Hicks authored
      If pages passed to the eCryptfs extent-based crypto functions are not
      mapped and the module parameter ecryptfs_verbosity=1 was specified at
      loading time, a NULL pointer dereference will occur.
      
      Note that this wouldn't happen on a production system, as you wouldn't
      pass ecryptfs_verbosity=1 on a production system. It leaks private
      information to the system logs and is for debugging only.
      
      The debugging info printed in these messages is no longer very useful
      and rather than doing a kmap() in these debugging paths, it will be
      better to simply remove the debugging paths completely.
      
      https://launchpad.net/bugs/913651Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Reported-by: Daniel DeFreez
      Cc: <stable@vger.kernel.org>
      58ded24f
    • Tyler Hicks's avatar
      eCryptfs: Remove unused ecryptfs_read() · f2cb9335
      Tyler Hicks authored
      ecryptfs_read() has been ifdef'ed out for years now and it was
      apparently unused before then. It is time to get rid of it for good.
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      f2cb9335
    • Tyler Hicks's avatar
      eCryptfs: Check inode changes in setattr · a261a039
      Tyler Hicks authored
      Most filesystems call inode_change_ok() very early in ->setattr(), but
      eCryptfs didn't call it at all. It allowed the lower filesystem to make
      the call in its ->setattr() function. Then, eCryptfs would copy the
      appropriate inode attributes from the lower inode to the eCryptfs inode.
      
      This patch changes that and actually calls inode_change_ok() on the
      eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call
      would happen earlier in ecryptfs_setattr(), but there are some possible
      inode initialization steps that must happen first.
      
      Since the call was already being made on the lower inode, the change in
      functionality should be minimal, except for the case of a file extending
      truncate call. In that case, inode_newsize_ok() was never being
      called on the eCryptfs inode. Rather than inode_newsize_ok() catching
      maximum file size errors early on, eCryptfs would encrypt zeroed pages
      and write them to the lower filesystem until the lower filesystem's
      write path caught the error in generic_write_checks(). This patch
      introduces a new function, called ecryptfs_inode_newsize_ok(), which
      checks if the new lower file size is within the appropriate limits when
      the truncate operation will be growing the lower file.
      
      In summary this change prevents eCryptfs truncate operations (and the
      resulting page encryptions), which would exceed the lower filesystem
      limits or FSIZE rlimits, from ever starting.
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Reviewed-by: default avatarLi Wang <liwang@nudt.edu.cn>
      Cc: <stable@vger.kernel.org>
      a261a039
    • Tyler Hicks's avatar
      eCryptfs: Make truncate path killable · 5e6f0d76
      Tyler Hicks authored
      ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a
      page, zeroes out the appropriate portions, and then encrypts the page
      before writing it to the lower filesystem. It was unkillable and due to
      the lack of sparse file support could result in tying up a large portion
      of system resources, while encrypting pages of zeros, with no way for
      the truncate operation to be stopped from userspace.
      
      This patch adds the ability for ecryptfs_write() to detect a pending
      fatal signal and return as gracefully as possible. The intent is to
      leave the lower file in a useable state, while still allowing a user to
      break out of the encryption loop. If a pending fatal signal is detected,
      the eCryptfs inode size is updated to reflect the modified inode size
      and then -EINTR is returned.
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Cc: <stable@vger.kernel.org>
      5e6f0d76
    • Li Wang's avatar
      eCryptfs: Infinite loop due to overflow in ecryptfs_write() · 684a3ff7
      Li Wang authored
      ecryptfs_write() can enter an infinite loop when truncating a file to a
      size larger than 4G. This only happens on architectures where size_t is
      represented by 32 bits.
      
      This was caused by a size_t overflow due to it incorrectly being used to
      store the result of a calculation which uses potentially large values of
      type loff_t.
      
      [tyhicks@canonical.com: rewrite subject and commit message]
      Signed-off-by: default avatarLi Wang <liwang@nudt.edu.cn>
      Signed-off-by: default avatarYunchuan Wen <wenyunchuan@kylinos.com.cn>
      Reviewed-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      684a3ff7
    • Tyler Hicks's avatar
      eCryptfs: Replace miscdev read/write magic numbers · 48399c0b
      Tyler Hicks authored
      ecryptfs_miscdev_read() and ecryptfs_miscdev_write() contained many
      magic numbers for specifying packet header field sizes and offsets. This
      patch defines those values and replaces the magic values.
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      48399c0b
    • Tyler Hicks's avatar
      eCryptfs: Report errors in writes to /dev/ecryptfs · 7f133504
      Tyler Hicks authored
      Errors in writes to /dev/ecryptfs were being incorrectly reported by
      returning 0 or the value of the original write count.
      
      This patch clears up the return code assignment in error paths.
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      7f133504
    • Tyler Hicks's avatar
      eCryptfs: Sanitize write counts of /dev/ecryptfs · db10e556
      Tyler Hicks authored
      A malicious count value specified when writing to /dev/ecryptfs may
      result in a a very large kernel memory allocation.
      
      This patch peeks at the specified packet payload size, adds that to the
      size of the packet headers and compares the result with the write count
      value. The resulting maximum memory allocation size is approximately 532
      bytes.
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Reported-by: default avatarSasha Levin <levinsasha928@gmail.com>
      Cc: <stable@vger.kernel.org>
      db10e556
    • Tim Gardner's avatar
      ecryptfs: Remove unnecessary variable initialization · bb450361
      Tim Gardner authored
      Removes unneeded variable initialization in ecryptfs_read_metadata(). Also adds
      a small comment to help explain metadata reading logic.
      
      [tyhicks@canonical.com: Pulled out of for-stable patch and wrote commit msg]
      Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      bb450361
    • Tim Gardner's avatar
      ecryptfs: Improve metadata read failure logging · 30373dc0
      Tim Gardner authored
      Print inode on metadata read failure. The only real
      way of dealing with metadata read failures is to delete
      the underlying file system file. Having the inode
      allows one to 'find . -inum INODE`.
      
      [tyhicks@canonical.com: Removed some minor not-for-stable parts]
      Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      30373dc0
    • Dustin Kirkland's avatar
      MAINTAINERS: Update eCryptfs maintainer address · 14094198
      Dustin Kirkland authored
      Update my email address in MAINTAINERS.
      Signed-off-by: default avatarDustin Kirkland <dustin.kirkland@gazzang.com>
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      14094198
    • Ben Skeggs's avatar
      drm/ttm: fix two regressions since move_notify changes · 9f1feed2
      Ben Skeggs authored
      Both changes in dc97b340 cause serious
      regressions in the nouveau driver.
      
      move_notify() was originally able to presume that bo->mem is the old node,
      and new_mem is the new node.  The above commit moves the call to
      move_notify() to after move() has been done, which means that now, sometimes,
      new_mem isn't the new node at all, bo->mem is, and new_mem points at a
      stale, possibly-just-been-killed-by-move node.
      
      This is clearly not a good situation.  This patch reverts this change, and
      replaces it with a cleanup in the move() failure path instead.
      
      The second issue is that the call to move_notify() from cleanup_memtype_use()
      causes the TTM ghost objects to get passed into the driver.  This is clearly
      bad as the driver knows nothing about these "fake" TTM BOs, and ends up
      accessing uninitialised memory.
      
      I worked around this in nouveau's move_notify() hook by ensuring the BO
      destructor was nouveau's.  I don't particularly like this solution, and
      would rather TTM never pass the driver these objects.  However, I don't
      clearly understand the reason why we're calling move_notify() here anyway
      and am happy to work around the problem in nouveau instead of breaking the
      behaviour expected by other drivers.
      Signed-off-by: default avatarBen Skeggs <bskeggs@redhat.com>
      Reviewed-by: default avatarThomas Hellstrom <thellstrom@vmware.com>
      Cc: Jerome Glisse <j.glisse@gmail.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      9f1feed2
    • Jan Kara's avatar
      xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() · 9b025eb3
      Jan Kara authored
      Commit b52a360b forgot to call xfs_iunlock() when it detected corrupted
      symplink and bailed out. Fix it by jumping to 'out' instead of doing return.
      
      CC: stable@kernel.org
      CC: Carlos Maiolino <cmaiolino@redhat.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarAlex Elder <elder@kernel.org>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: Ben Myers <bpm@sgi.com> 
      9b025eb3
    • Jerome Glisse's avatar
      drm/radeon: avoid deadlock if GPU lockup is detected in ib_pool_get · 9fc04b50
      Jerome Glisse authored
      If GPU lockup is detected in ib_pool get we are holding the ib_pool
      mutex that will be needed by the GPU reset code. As ib_pool code is
      safe to be reentrant from GPU reset code we should not block if we
      are trying to get the ib pool lock on the behalf of the same userspace
      caller, thus use the radeon_mutex_lock helper.
      Signed-off-by: default avatarJerome Glisse <jglisse@redhat.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      9fc04b50
    • Jerome Glisse's avatar
      drm/radeon: silence out possible lock dependency warning · d54fbd49
      Jerome Glisse authored
      Silence out the lock dependency warning by moving bo allocation out
      of ib mutex protected section. Might lead to useless temporary
      allocation but it's not harmful as such things only happen at
      initialization.
      Signed-off-by: default avatarJerome Glisse <jglisse@redhat.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      d54fbd49
    • Thomas Hellstrom's avatar
      drm: Fix authentication kernel crash · 598781d7
      Thomas Hellstrom authored
      If the master tries to authenticate a client using drm_authmagic and
      that client has already closed its drm file descriptor,
      either wilfully or because it was terminated, the
      call to drm_authmagic will dereference a stale pointer into kmalloc'ed memory
      and corrupt it.
      
      Typically this results in a hard system hang.
      
      This patch fixes that problem by removing any authentication tokens
      (struct drm_magic_entry) open for a file descriptor when that file
      descriptor is closed.
      Signed-off-by: default avatarThomas Hellstrom <thellstrom@vmware.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      598781d7
    • Linus Torvalds's avatar
      Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux · f8275f96
      Linus Torvalds authored
      Quoth Len:
       "This fixes a merge-window regression due to a conflict
        between error injection and preparation to remove atomicio.c
        Here we fix that regression and complete the removal
        of atomicio.c.
      
        This also re-orders some idle initialization code to
        complete the merge window series that allows cpuidle
        to cope with bringing processors on-line after boot."
      
      * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
        Use acpi_os_map_memory() instead of ioremap() in einj driver
        ACPI, APEI, EINJ, cleanup 0 vs NULL confusion
        ACPI, APEI, EINJ Allow empty Trigger Error Action Table
        thermal: Rename generate_netlink_event
        ACPI / PM: Add Sony Vaio VPCCW29FX to nonvs blacklist.
        ACPI: Remove ./drivers/acpi/atomicio.[ch]
        ACPI, APEI: Add RAM mapping support to ACPI
        ACPI, APEI: Add 64-bit read/write support for APEI on i386
        ACPI processor hotplug: Delay acpi_processor_start() call for hotplugged cores
        ACPI processor hotplug: Split up acpi_processor_add
      f8275f96
    • Linus Torvalds's avatar
      Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc · a86b4ad6
      Linus Torvalds authored
      * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
        powerpc: Fix build on some non-freescale platforms
        powerpc/powernv: Fix PCI resource handling
        powerpc/crash: Fix build error without SMP
        powerpc/cpuidle: Make it a bool, not a tristate
        powerpc/85xx: Add dr_mode property in USB nodes
        powerpc/85xx: Enable USB2 controller node for P1020RDB
        powerpc/85xx: Fix cmd12 bug and add the chip compatible for eSDHC
        arch/powerpc/sysdev/fsl_pci.c: add missing iounmap
        powerpc: fix compile error with 85xx/p1022_ds.c
      a86b4ad6
    • Benjamin Herrenschmidt's avatar
      powerpc: Fix build on some non-freescale platforms · 3493c853
      Benjamin Herrenschmidt authored
      Commit 9deaa53a broke build
      on platforms that use legacy_serial.c without also having
      CONFIG_SERIAL_8250_FSL enabled due to an unconditional code
      to a routine in that module.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      3493c853
    • Benjamin Herrenschmidt's avatar
      powerpc/powernv: Fix PCI resource handling · f7ea82be
      Benjamin Herrenschmidt authored
      Recent changes to the handling of PCI resources for host bridges
      are breaking the PowerNV code for assigning resources on IODA.
      
      The root of the problem is that the pci_bus attached to a host
      bridge no longer has its "legacy" resource pointers populated
      but only uses the newer list instead.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      f7ea82be
  2. 24 Jan, 2012 14 commits