Aaron Lu [Thu, 10 Nov 2016 09:16:33 +0000 (17:16 +0800)]
mremap: fix race between mremap() and page cleanning
Prior to 3.15, there was a race between zap_pte_range() and
page_mkclean() where writes to a page could be lost. Dave Hansen
discovered by inspection that there is a similar race between
move_ptes() and page_mkclean().
We've been able to reproduce the issue by enlarging the race window with
a msleep(), but have not been able to hit it without modifying the code.
So, we think it's a real issue, but is difficult or impossible to hit in
practice.
The zap_pte_range() issue is fixed by commit
1cf35d47712d("mm: split
'tlb_flush_mmu()' into tlb flushing and memory freeing parts"). And
this patch is to fix the race between page_mkclean() and mremap().
Here is one possible way to hit the race: suppose a process mmapped a
file with READ | WRITE and SHARED, it has two threads and they are bound
to 2 different CPUs, e.g. CPU1 and CPU2. mmap returned X, then thread
1 did a write to addr X so that CPU1 now has a writable TLB for addr X
on it. Thread 2 starts mremaping from addr X to Y while thread 1
cleaned the page and then did another write to the old addr X again.
The 2nd write from thread 1 could succeed but the value will get lost.
thread 1 thread 2
(bound to CPU1) (bound to CPU2)
1: write 1 to addr X to get a
writeable TLB on this CPU
2: mremap starts
3: move_ptes emptied PTE for addr X
and setup new PTE for addr Y and
then dropped PTL for X and Y
4: page laundering for N by doing
fadvise FADV_DONTNEED. When done,
pageframe N is deemed clean.
5: *write 2 to addr X
6: tlb flush for addr X
7: munmap (Y, pagesize) to make the
page unmapped
8: fadvise with FADV_DONTNEED again
to kick the page off the pagecache
9: pread the page from file to verify
the value. If 1 is there, it means
we have lost the written 2.
*the write may or may not cause segmentation fault, it depends on
if the TLB is still on the CPU.
Please note that this is only one specific way of how the race could
occur, it didn't mean that the race could only occur in exact the above
config, e.g. more than 2 threads could be involved and fadvise() could
be done in another thread, etc.
For anonymous pages, they could race between mremap() and page reclaim:
THP: a huge PMD is moved by mremap to a new huge PMD, then the new huge
PMD gets unmapped/splitted/pagedout before the flush tlb happened for
the old huge PMD in move_page_tables() and we could still write data to
it. The normal anonymous page has similar situation.
To fix this, check for any dirty PTE in move_ptes()/move_huge_pmd() and
if any, did the flush before dropping the PTL. If we did the flush for
every move_ptes()/move_huge_pmd() call then we do not need to do the
flush in move_pages_tables() for the whole range. But if we didn't, we
still need to do the whole range flush.
Alternatively, we can track which part of the range is flushed in
move_ptes()/move_huge_pmd() and which didn't to avoid flushing the whole
range in move_page_tables(). But that would require multiple tlb
flushes for the different sub-ranges and should be less efficient than
the single whole range flush.
KBuild test on my Sandybridge desktop doesn't show any noticeable change.
v4.9-rc4:
real 5m14.048s
user 32m19.800s
sys 4m50.320s
With this commit:
real 5m13.888s
user 32m19.330s
sys 4m51.200s
Reported-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 17 Nov 2016 01:24:21 +0000 (17:24 -0800)]
Merge tag 'drm-fixes-for-v4.9-rc6' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes fr9om Dave Airlie:
"Fixes for amdgpu, and a bunch of arm drivers.
There seems to be an uptick in the ARM drivers sending things for
fixes which is good, so I've decided to dequeue a bit early, more
stuff may arrive before the weekend.
This contains mediatek, arcpgu, sunxi, fsl-dcu display controller
fixes along with 3 amdgpu fixes, one for a fencing issue with
secondary GPUs"
* tag 'drm-fixes-for-v4.9-rc6' of git://people.freedesktop.org/~airlied/linux:
drm/amdgpu:fix vpost_needed routine
drm/amdgpu/powerplay: drop a redundant NULL check
drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
drm/arcpgu: Accommodate adv7511 switch to DRM bridge
drm/fsl-dcu: disable planes before disabling CRTC
drm/fsl-dcu: update all registers on flush
drm/fsl-dcu: do not update when modifying irq registers
drm/sun4i: Propagate error to the caller
drm/sun4i: Fix error handling
drm/mediatek: modify the factor to make the pll_rate set in the 1G-2G range
drm/mediatek: enhance the HDMI driving current
drm/mediatek: do mtk_hdmi_send_infoframe after HDMI clock enable
drm/mediatek: clear IRQ status before enable OVL interrupt
drm/mediatek: set vblank_disable_allowed to true
drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE
drm/sun4i: rgb: Remove the bridge enable/disable functions
drm/sun4i: rgb: Enable panel after controller
Linus Torvalds [Thu, 17 Nov 2016 00:39:01 +0000 (16:39 -0800)]
Merge tag 'xtensa-
20161116' of git://github.com/jcmvbkbc/linux-xtensa
Pull Xtensa fixes from Max Filippov:
- fix register dumps, stack dumps and stack traces that got torn due to
recent printk changes
- wire up pkey_{mprotect,alloc,free} syscalls
* tag 'xtensa-
20161116' of git://github.com/jcmvbkbc/linux-xtensa:
xtensa: wire up new pkey_{mprotect,alloc,free} syscalls
xtensa: clean up printk usage for boot/crash logging
Dave Airlie [Wed, 16 Nov 2016 23:45:27 +0000 (09:45 +1000)]
Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Just a few bug fixes for 4.9. The big one is Mario's prime fencing fix.
* 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux:
drm/amdgpu:fix vpost_needed routine
drm/amdgpu/powerplay: drop a redundant NULL check
drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
Dave Airlie [Wed, 16 Nov 2016 23:44:52 +0000 (09:44 +1000)]
Merge branch 'mediatek-drm-fixes-2016-11-11' of https://github.com/ckhu-mediatek/linux.git-tags into drm-fixes
This branch include one patch to fix a typo, two patches to disable
vblank interrupt, and three patches to support HDMI 4K resolution.
* 'mediatek-drm-fixes-2016-11-11' of https://github.com/ckhu-mediatek/linux.git-tags:
drm/mediatek: modify the factor to make the pll_rate set in the 1G-2G range
drm/mediatek: enhance the HDMI driving current
drm/mediatek: do mtk_hdmi_send_infoframe after HDMI clock enable
drm/mediatek: clear IRQ status before enable OVL interrupt
drm/mediatek: set vblank_disable_allowed to true
drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE
Linus Torvalds [Wed, 16 Nov 2016 17:20:10 +0000 (09:20 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mszeredi/fuse
Pull fuse fixes from Miklos Szeredi:
"A regression fix and bug fix bound for stable"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: fix fuse_write_end() if zero bytes were copied
fuse: fix root dentry initialization
Linus Torvalds [Wed, 16 Nov 2016 17:09:00 +0000 (09:09 -0800)]
Merge tag 'mfd-fixes-4.9' of git://git./linux/kernel/git/lee/mfd
Pull MFD fixes from Lee Jones:
- Fix PCI properties in intel-lpss-pci
- Fix Resetting issue during suspend in intel-lpss-pci
- Seperate IRQs for USBC device and CHRG in intel_soc_pmic_bxtwc
- Add timeout to fix Resetting issue in stmpe
- Ensure we 'put' reference to device when done in mfd-core
* tag 'mfd-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
mfd: core: Fix device reference leak in mfd_clone_cell
mfd: stmpe: Fix RESET regression on STMPE2401
mfd: intel_soc_pmic_bxtwc: Fix usbc interrupt
mfd: intel-lpss: Do not put device in reset state on suspend
mfd: lpss: Fix Intel Kaby Lake PCH-H properties
Johan Hovold [Tue, 1 Nov 2016 10:38:18 +0000 (11:38 +0100)]
mfd: core: Fix device reference leak in mfd_clone_cell
Make sure to drop the reference taken by bus_find_device_by_name()
before returning from mfd_clone_cell().
Fixes:
a9bbba996302 ("mfd: add platform_device sharing support for mfd")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Linus Walleij [Tue, 1 Nov 2016 09:22:53 +0000 (10:22 +0100)]
mfd: stmpe: Fix RESET regression on STMPE2401
Since commit
c4dd1ba355aae2bc3d1213da6c66c53e3c31e028
("mfd: stmpe: Add reset support for all STMPE variant")
we're resetting the STMPE expanders before use.
This caused a regression on the STMP2401 on the Nomadik
NHK8815:
stmpe-i2c 0-0043: stmpe2401 detected, chip id: 0x101
nmk-i2c
101f8000.i2c0: write to slave 0x43 timed out
nmk-i2c
101f8000.i2c0: no ack received after address transmission
stmpe-i2c 0-0044: stmpe2401 detected, chip id: 0x101
nmk-i2c
101f8000.i2c0: write to slave 0x44 timed out
nmk-i2c
101f8000.i2c0: no ack received after address transmission
It turns out that we start to poll for the reset bit to
go low again too quickly: the STMPE2401 is not yet online and
ready to be asked for the status of the RESET bit.
By introducing a 10ms delay before starting to hammer
the register for information, we get back to normal:
stmpe-i2c 0-0043: stmpe2401 detected, chip id: 0x101
stmpe-i2c 0-0044: stmpe2401 detected, chip id: 0x101
Cc: stable@vger.kernel.org
Cc: Amelie Delaunay <amelie.delaunay@st.com>
Fixes:
c4dd1ba355aa ("mfd: stmpe: Add reset support for all STMPE variant")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Heikki Krogerus [Mon, 17 Oct 2016 07:32:13 +0000 (10:32 +0300)]
mfd: intel_soc_pmic_bxtwc: Fix usbc interrupt
The wcove USB Type-C driver is currently being flooded with
interrupts that are not targeted to it. The reason for that
is because all CHRG first level interrupts are mapped to it.
This fixes the issue by introducing separate irq for the
usbc device, and mapping only USB Type-C PHY interrupts to
it.
Fixes:
9c6235c86332 ("mfd: intel_soc_pmic_bxtwc: Add bxt_wcove_usbc device")
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Azhar Shaikh [Wed, 12 Oct 2016 17:12:20 +0000 (10:12 -0700)]
mfd: intel-lpss: Do not put device in reset state on suspend
Commit
41a3da2b8e163 ("mfd: intel-lpss: Save register context on
suspend") saved the register context while going to suspend and
also put the device in reset state.
Due to the resetting of device, system cannot enter S3/S0ix
states when no_console_suspend flag is enabled. The system
and serial console both hang. The resetting of device is not
needed while going to suspend. Hence remove this code.
Cc: stable@vger.kernel.org
Fixes:
41a3da2b8e163 ("mfd: intel-lpss: Save register context on suspend")
Signed-off-by: Azhar Shaikh <azhar.shaikh@intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Jarkko Nikula [Thu, 29 Sep 2016 09:59:39 +0000 (12:59 +0300)]
mfd: lpss: Fix Intel Kaby Lake PCH-H properties
There are a few issues on Intel Kaby Lake PCH-H properties added by
commit
a6a576b78e09 ("mfd: lpss: Add Intel Kaby Lake PCH-H PCI IDs"):
- Input clock of I2C controller on Intel Kaby Lake PCH-H is 120 MHz not
133 MHz. This was probably copy-paste error from Intel Broxton I2C
properties.
- There is no default I2C SDA hold time specified which is used when
ACPI doesn't provide it. I got information from Windows driver team
that Kaby Lake PCH-H can use the same configuration than Intel
Sunrisepoint PCH.
- Common HS-UART properties are not used.
Fix these by reusing the Sunrisepoint properties on Kaby Lake PCH-H.
Fixes:
a6a576b78e09 ("mfd: lpss: Add Intel Kaby Lake PCH-H PCI IDs")
Reported-by: Xiang A Wang <xiang.a.wang@intel.com>
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Dave Airlie [Tue, 15 Nov 2016 23:41:08 +0000 (09:41 +1000)]
Merge tag 'sunxi-drm-fixes-for-4.9' of https://git./linux/kernel/git/mripard/linux into drm-fixes
sun4i-drm fixes for 4.9
A few patches to fix our error handling and our panel / bridge calls.
* tag 'sunxi-drm-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux:
drm/sun4i: Propagate error to the caller
drm/sun4i: Fix error handling
drm/sun4i: rgb: Remove the bridge enable/disable functions
drm/sun4i: rgb: Enable panel after controller
Monk Liu [Fri, 11 Nov 2016 03:24:29 +0000 (11:24 +0800)]
drm/amdgpu:fix vpost_needed routine
1,cleanup description/comments
2,for FIJI & passthrough, force post when smc fw version below 22.15
3,for other cases, follow regular rules
Signed-off-by: Monk Liu <Monk.Liu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Alex Deucher [Tue, 15 Nov 2016 16:39:08 +0000 (11:39 -0500)]
drm/amdgpu/powerplay: drop a redundant NULL check
Left over from an earlier rev of the patch.
Acked-by: Colin Ian King <colin.king@canonical.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Colin King <colin.king@canonical.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Linus Torvalds [Tue, 15 Nov 2016 16:49:13 +0000 (08:49 -0800)]
Merge tag 'trace-v4.9-rc5' of git://git./linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"Alexei discovered a race condition in modules failing to load that can
cause a ftrace check to trigger and disable ftrace.
This is because of the way modules are registered to ftrace. Their
functions are loaded in the ftrace function tables but set to
"disabled" since they are still in the process of being loaded by the
module. After the module is finished, it calls back into the ftrace
infrastructure to enable it.
Looking deeper into the locations that access all the functions in the
table, I found more locations that should ignore the disabled ones"
* tag 'trace-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records
ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records
Linus Torvalds [Tue, 15 Nov 2016 16:28:59 +0000 (08:28 -0800)]
Merge tag 'fbdev-fixes-4.9' of git://git./linux/kernel/git/tomba/linux
Pull fbdev fix from Tomi Valkeinen:
"Fix CLCD regression on Vexpress"
* tag 'fbdev-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
video: ARM CLCD: fix Vexpress regression
Miklos Szeredi [Thu, 18 Aug 2016 07:10:44 +0000 (09:10 +0200)]
fuse: fix fuse_write_end() if zero bytes were copied
If pos is at the beginning of a page and copied is zero then page is not
zeroed but is marked uptodate.
Fix by skipping everything except unlock/put of page if zero bytes were
copied.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Fixes:
6b12c1b37e55 ("fuse: Implement write_begin/write_end callbacks")
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Linus Torvalds [Mon, 14 Nov 2016 22:15:53 +0000 (14:15 -0800)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix off by one wrt. indexing when dumping /proc/net/route entries,
from Alexander Duyck.
2) Fix lockdep splats in iwlwifi, from Johannes Berg.
3) Cure panic when inserting certain netfilter rules when NFT_SET_HASH
is disabled, from Liping Zhang.
4) Memory leak when nft_expr_clone() fails, also from Liping Zhang.
5) Disable UFO when path will apply IPSEC tranformations, from Jakub
Sitnicki.
6) Don't bogusly double cwnd in dctcp module, from Florian Westphal.
7) skb_checksum_help() should never actually use the value "0" for the
resulting checksum, that has a special meaning, use CSUM_MANGLED_0
instead. From Eric Dumazet.
8) Per-tx/rx queue statistic strings are wrong in qed driver, fix from
Yuval MIntz.
9) Fix SCTP reference counting of associations and transports in
sctp_diag. From Xin Long.
10) When we hit ip6tunnel_xmit() we could have come from an ipv4 path in
a previous layer or similar, so explicitly clear the ipv6 control
block in the skb. From Eli Cooper.
11) Fix bogus sleeping inside of inet_wait_for_connect(), from WANG
Cong.
12) Correct deivce ID of T6 adapter in cxgb4 driver, from Hariprasad
Shenai.
13) Fix potential access past the end of the skb page frag array in
tcp_sendmsg(). From Eric Dumazet.
14) 'skb' can legitimately be NULL in inet{,6}_exact_dif_match(). Fix
from David Ahern.
15) Don't return an error in tcp_sendmsg() if we wronte any bytes
successfully, from Eric Dumazet.
16) Extraneous unlocks in netlink_diag_dump(), we removed the locking
but forgot to purge these unlock calls. From Eric Dumazet.
17) Fix memory leak in error path of __genl_register_family(). We leak
the attrbuf, from WANG Cong.
18) cgroupstats netlink policy table is mis-sized, from WANG Cong.
19) Several XDP bug fixes in mlx5, from Saeed Mahameed.
20) Fix several device refcount leaks in network drivers, from Johan
Hovold.
21) icmp6_send() should use skb dst device not skb->dev to determine L3
routing domain. From David Ahern.
22) ip_vs_genl_family sets maxattr incorrectly, from WANG Cong.
23) We leak new macvlan port in some cases of maclan_common_netlink()
errors. Fix from Gao Feng.
24) Similar to the icmp6_send() fix, icmp_route_lookup() should
determine L3 routing domain using skb_dst(skb)->dev not skb->dev.
Also from David Ahern.
25) Several fixes for route offloading and FIB notification handling in
mlxsw driver, from Jiri Pirko.
26) Properly cap __skb_flow_dissect()'s return value, from Eric Dumazet.
27) Fix long standing regression in ipv4 redirect handling, wrt.
validating the new neighbour's reachability. From Stephen Suryaputra
Lin.
28) If sk_filter() trims the packet excessively, handle it reasonably in
tcp input instead of exploding. From Eric Dumazet.
29) Fix handling of napi hash state when copying channels in sfc driver,
from Bert Kenward.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (121 commits)
mlxsw: spectrum_router: Flush FIB tables during fini
net: stmmac: Fix lack of link transition for fixed PHYs
sctp: change sk state only when it has assocs in sctp_shutdown
bnx2: Wait for in-flight DMA to complete at probe stage
Revert "bnx2: Reset device during driver initialization"
ps3_gelic: fix spelling mistake in debug message
net: ethernet: ixp4xx_eth: fix spelling mistake in debug message
ibmvnic: Fix size of debugfs name buffer
ibmvnic: Unmap ibmvnic_statistics structure
sfc: clear napi_hash state when copying channels
mlxsw: spectrum_router: Correctly dump neighbour activity
mlxsw: spectrum: Fix refcount bug on span entries
bnxt_en: Fix VF virtual link state.
bnxt_en: Fix ring arithmetic in bnxt_setup_tc().
Revert "include/uapi/linux/atm_zatm.h: include linux/time.h"
tcp: take care of truncations done by sk_filter()
ipv4: use new_gw for redirect neigh lookup
r8152: Fix error path in open function
net: bpqether.h: remove if_ether.h guard
net: __skb_flow_dissect() must cap its return value
...
Linus Torvalds [Mon, 14 Nov 2016 22:07:13 +0000 (14:07 -0800)]
Merge branch 'stable' of git://git./linux/kernel/git/cmetcalf/linux-tile
Pull arch/tile bugfix from Chris Metcalf:
"This just fixes an incompatibility with tile __ro_after_init"
* 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
tile: handle __ro_after_init like parisc does
Linus Torvalds [Mon, 14 Nov 2016 22:00:29 +0000 (14:00 -0800)]
Merge tag 'rtc-4.9-2' of git://git./linux/kernel/git/abelloni/linux
Pull RTC fixes from Alexandre Belloni:
"Here are a few driver fixes for 4.9. It has been calm for a while so I
don't expect more for this cycle.
Drivers:
- asm9260: fix module autoload
- cmos: fix crashes
- omap: fix clock handling"
* tag 'rtc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux:
rtc: omap: prevent disabling of clock/module during suspend
rtc: omap: Fix selecting external osc
rtc: cmos: Don't enable interrupts in the middle of the interrupt handler
rtc: cmos: remove all __exit_p annotations
rtc: asm9260: fix module autoload
Chris Metcalf [Mon, 7 Nov 2016 19:32:02 +0000 (14:32 -0500)]
tile: handle __ro_after_init like parisc does
The tile architecture already marks RO_DATA as read-only in
the kernel, so grouping RO_AFTER_INIT_DATA with RO_DATA, as is
done by default, means the kernel faults in init when it tries
to write to RO_AFTER_INIT_DATA. For now, just arrange that
__ro_after_init is handled like __write_once, i.e. __read_mostly.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Chris Metcalf <cmetcalf@mellanox.com>
Ido Schimmel [Mon, 14 Nov 2016 10:26:32 +0000 (11:26 +0100)]
mlxsw: spectrum_router: Flush FIB tables during fini
Since commit
b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications
instead of switchdev calls") we reflect to the device the entire FIB
table and not only FIBs that point to netdevs created by the driver.
During module removal, FIBs of the second type are removed following
NETDEV_UNREGISTER events sent. The other FIBs are still present in both
the driver's cache and the device's table.
Fix this by iterating over all the FIB tables in the device and flush
them. There's no need to take locks, as we're the only writer.
Fixes:
b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Florian Fainelli [Mon, 14 Nov 2016 01:50:35 +0000 (17:50 -0800)]
net: stmmac: Fix lack of link transition for fixed PHYs
Commit
52f95bbfcf72 ("stmmac: fix adjust link call in case of a switch
is attached") added some logic to avoid polling the fixed PHY and
therefore invoking the adjust_link callback more than once, since this
is a fixed PHY and link events won't be generated.
This works fine the first time, because we start with phydev->irq =
PHY_POLL, so we call adjust_link, then we set phydev->irq =
PHY_IGNORE_INTERRUPT and we stop polling the PHY.
Now, if we called ndo_close(), which calls both phy_stop() and does an
explicit netif_carrier_off(), we end up with a link down. Upon calling
ndo_open() again, despite starting the PHY state machine, we have
PHY_IGNORE_INTERRUPT set, and we generate no link event at all, so the
link is permanently down.
Fixes:
52f95bbfcf72 ("stmmac: fix adjust link call in case of a switch is attached")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steven Rostedt (Red Hat) [Mon, 14 Nov 2016 21:31:49 +0000 (16:31 -0500)]
ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records
When a module is first loaded and its function ip records are added to the
ftrace list of functions to modify, they are set to DISABLED, as their text
is still in a read only state. When the module is fully loaded, and can be
updated, the flag is cleared, and if their's any functions that should be
tracing them, it is updated at that moment.
But there's several locations that do record accounting and should ignore
records that are marked as disabled, or they can cause issues.
Alexei already fixed one location, but others need to be addressed.
Cc: stable@vger.kernel.org
Fixes:
b7ffffbb46f2 "ftrace: Add infrastructure for delayed enabling of module functions"
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Alexei Starovoitov [Mon, 7 Nov 2016 23:14:20 +0000 (15:14 -0800)]
ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records
ftrace_shutdown() checks for sanity of ftrace records
and if dyn_ftrace->flags is not zero, it will warn.
It can happen that 'flags' are set to FTRACE_FL_DISABLED at this point,
since some module was loaded, but before ftrace_module_enable()
cleared the flags for this module.
In other words the module.c is doing:
ftrace_module_init(mod); // calls ftrace_update_code() that sets flags=FTRACE_FL_DISABLED
... // here ftrace_shutdown() is called that warns, since
err = prepare_coming_module(mod); // didn't have a chance to clear FTRACE_FL_DISABLED
Fix it by ignoring disabled records.
It's similar to what __ftrace_hash_rec_update() is already doing.
Link: http://lkml.kernel.org/r/1478560460-3818619-1-git-send-email-ast@fb.com
Cc: stable@vger.kernel.org
Fixes:
b7ffffbb46f2 "ftrace: Add infrastructure for delayed enabling of module functions"
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Xin Long [Sun, 13 Nov 2016 13:44:37 +0000 (21:44 +0800)]
sctp: change sk state only when it has assocs in sctp_shutdown
Now when users shutdown a sock with SEND_SHUTDOWN in sctp, even if
this sock has no connection (assoc), sk state would be changed to
SCTP_SS_CLOSING, which is not as we expect.
Besides, after that if users try to listen on this sock, kernel
could even panic when it dereference sctp_sk(sk)->bind_hash in
sctp_inet_listen, as bind_hash is null when sock has no assoc.
This patch is to move sk state change after checking sk assocs
is not empty, and also merge these two if() conditions and reduce
indent level.
Fixes:
d46e416c11c8 ("sctp: sctp should change socket state when shutdown is received")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 14 Nov 2016 21:20:54 +0000 (16:20 -0500)]
Merge branch 'bnx2-kdump-fix'
Baoquan He says:
====================
bnx2: Wait for in-flight DMA to complete at probe stage
This is v2 post.
In commit
3e1be7a ("bnx2: Reset device during driver initialization"),
firmware requesting code was moved from open stage to probe stage.
The reason is in kdump kernel hardware iommu need device be reset in
driver probe stage, otherwise those in-flight DMA from 1st kernel
will continue going and look up into the newly created io-page tables.
However bnx2 chip resetting involves firmware requesting issue, that
need be done in open stage.
Michale Chan suggested we can just wait for the old in-flight DMA to
complete at probe stage, then though without device resetting, we
don't need to worry the old in-flight DMA could continue looking up
the newly created io-page tables.
v1->v2:
Michael suggested to wait for the in-flight DMA to complete at probe
stage. So give up the old method of trying to reset chip at probe
stage, take the new way accordingly.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Baoquan He [Sun, 13 Nov 2016 05:01:33 +0000 (13:01 +0800)]
bnx2: Wait for in-flight DMA to complete at probe stage
In-flight DMA from 1st kernel could continue going in kdump kernel.
New io-page table has been created before bnx2 does reset at open stage.
We have to wait for the in-flight DMA to complete to avoid it look up
into the newly created io-page table at probe stage.
Suggested-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Baoquan He [Sun, 13 Nov 2016 05:01:32 +0000 (13:01 +0800)]
Revert "bnx2: Reset device during driver initialization"
This reverts commit
3e1be7ad2d38c6bd6aeef96df9bd0a7822f4e51c.
When people build bnx2 driver into kernel, it will fail to detect
and load firmware because firmware is contained in initramfs and
initramfs has not been uncompressed yet during do_initcalls. So
revert commit
3e1be7a and work out a new way in the later patch.
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Max Filippov [Mon, 14 Nov 2016 20:31:49 +0000 (12:31 -0800)]
xtensa: wire up new pkey_{mprotect,alloc,free} syscalls
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Colin Ian King [Sat, 12 Nov 2016 17:20:30 +0000 (17:20 +0000)]
ps3_gelic: fix spelling mistake in debug message
Trivial fix to spelling mistake "unmached" to "unmatched" in
debug message.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Mon, 14 Nov 2016 17:46:08 +0000 (09:46 -0800)]
ASoC: lpass-platform: fix uninitialized variable
In commit
022d00ee0b55 ("ASoC: lpass-platform: Fix broken pcm data
usage") the stream specific information initialization was broken, with
the dma channel information not being initialized if there was no
alloc_dma_channel() helper function.
Before that, the DMA channel number was implicitly initialized to zero
because the backing store was allocated with devm_kzalloc(). When the
init code was rewritten, that implicit initialization was lost, and gcc
rightfully complains about an uninitialized variable being used.
Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Cc: Mark Brown <broonie@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 14 Nov 2016 17:31:52 +0000 (09:31 -0800)]
Revert "printk: make reading the kernel log flush pending lines"
This reverts commit
bfd8d3f23b51018388be0411ccbc2d56277fe294.
It turns out that this flushes things much too aggressiverly, and causes
lines to break up when the system logger races with new continuation
lines being printed.
There's a pending patch to make printk() flushing much more
straightforward, but it's too invasive for 4.9, so in the meantime let's
just not make the system message logging flush continuation lines.
They'll be flushed by the final newline anyway.
Suggested-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mauro Carvalho Chehab [Mon, 14 Nov 2016 13:14:37 +0000 (11:14 -0200)]
gp8psk-fe: add missing MODULE_foo() macros
This file was converted to a separate module at commit
7a0786c19d65
("gp8psk: Fix DVB frontend attach"), because the DVB attach routines
require it to work. However, I forgot to copy the MODULE_foo() macros
from the original module, causing this warning:
WARNING: modpost: missing MODULE_LICENSE() in drivers/media/dvb-frontends/gp8psk-fe.o
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Fixes:
7a0786c19d65 ("gp8psk: Fix DVB frontend attach")
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 14 Nov 2016 16:39:56 +0000 (08:39 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
"Misc fixes:
- fix an Intel/MID boot crash/hang bug
- fix a cache topology mis-parsing bug on certain AMD CPUs
- fix a virtualization firmware bug by adding a check+quirk
workaround on the kernel side"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/cpu: Deal with broken firmware (VMWare/XEN)
x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
x86/platform/intel-mid: Retrofit pci_platform_pm_ops ->get_state hook
Linus Torvalds [Mon, 14 Nov 2016 16:34:56 +0000 (08:34 -0800)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull irq fix from Ingo Molnar:
"This fixes a genirq regression that resulted in the Intel/Broxton
pinctrl/GPIO driver (and possibly others) spewing warnings"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
genirq: Use irq type from irqdata instead of irqdesc
Linus Torvalds [Mon, 14 Nov 2016 16:30:06 +0000 (08:30 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
"An uncore PMU driver hardware enablement change for Intel SkyLake
uncore PMUs (Skylake Y, U, H and S platforms), plus a number of
tooling fixes for the histogram handling/displaying code"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/intel/uncore: Add more Intel uncore IMC PCI IDs for SkyLake
perf hists: Fix column length on --hierarchy
perf hists browser: Fix column indentation on --hierarchy
perf hists browser: Show folded sign properly on --hierarchy
perf hists browser: Fix indentation of folded sign on --hierarchy
perf hist browser: Fix hierarchy column counts
Linus Torvalds [Mon, 14 Nov 2016 16:26:24 +0000 (08:26 -0800)]
Merge branch 'efi-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull EFI fixes from Ingo Molnar:
"A boot crash fix and a build warning fix"
* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK=y
x86/efi: Fix EFI memmap pointer size warning
Linus Torvalds [Mon, 14 Nov 2016 16:14:49 +0000 (08:14 -0800)]
Merge tag 'ntb-4.9' of git://github.com/jonmason/ntb
Pull NTB fixes from Jon Mason:
"NTB bug fixes for ntb_hw_intel, ntb_perf, and ntb_pingpong.
Also, a fixup to use jiffies in schedule_timeout_* call instead of a
constant"
* tag 'ntb-4.9' of git://github.com/jonmason/ntb:
ntb_perf: potential info leak in debugfs
ntb: ntb_hw_intel: init peer_addr in struct intel_ntb_dev
ntb: make DMA_OUT_RESOURCE_TO HZ independent
ntb_transport: make DMA_OUT_RESOURCE_TO HZ independent
NTB: ntb_hw_intel: Fix typo in module parameter descriptions
ntb_pingpong: Fix db_init parameter description
Dan Carpenter [Fri, 14 Oct 2016 07:34:18 +0000 (10:34 +0300)]
ntb_perf: potential info leak in debugfs
This is a static checker warning, not something I'm desperately
concerned about. But snprintf() returns the number of bytes that
would have been copied if there were space. We really care about the
number of bytes that actually were copied so we should use scnprintf()
instead.
It probably won't overrun, and in that case we may as well just use
sprintf() but these sorts of things make static checkers and code
reviewers happier.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Dave Jiang [Thu, 27 Oct 2016 18:06:44 +0000 (11:06 -0700)]
ntb: ntb_hw_intel: init peer_addr in struct intel_ntb_dev
The peer_addr member of intel_ntb_dev is not set, therefore when
acquiring ntb_peer_db and ntb_peer_spad we only get the offset rather
than the actual physical address. Adding fix to correct that.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Acked-by: Allen Hubbe <Allen.Hubbe@emc.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Nicholas Mc Guire [Mon, 22 Aug 2016 16:51:36 +0000 (18:51 +0200)]
ntb: make DMA_OUT_RESOURCE_TO HZ independent
schedule_timeout_* takes a timeout in jiffies but the code currently is
passing in a constant which makes this timeout HZ dependent, so pass it
through msecs_to_jiffies() to fix this up.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Acked-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Nicholas Mc Guire [Mon, 22 Aug 2016 16:51:35 +0000 (18:51 +0200)]
ntb_transport: make DMA_OUT_RESOURCE_TO HZ independent
schedule_timeout_* takes a timeout in jiffies but the code currently is
passing in a constant which makes this timeout HZ dependent, so pass it
through msecs_to_jiffies() to fix this up.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Wei Yongjun [Mon, 8 Aug 2016 09:48:42 +0000 (09:48 +0000)]
NTB: ntb_hw_intel: Fix typo in module parameter descriptions
Fix typo in module parameter descriptions.
Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com>
Acked-by: Allen Hubbe <Allen.Hubbe@emc.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Wei Yongjun [Mon, 8 Aug 2016 09:48:00 +0000 (09:48 +0000)]
ntb_pingpong: Fix db_init parameter description
Fix 'db_init' parameter description.
Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com>
Acked-by: Allen Hubbe <Allen.Hubbe@emc.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Colin Ian King [Sat, 12 Nov 2016 17:44:06 +0000 (17:44 +0000)]
net: ethernet: ixp4xx_eth: fix spelling mistake in debug message
Trivial fix to spelling mistake "successed" to "succeeded"
in debug message. Also unwrap multi-line literal string.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Fri, 11 Nov 2016 17:00:46 +0000 (11:00 -0600)]
ibmvnic: Fix size of debugfs name buffer
This mistake was causing debugfs directory creation
failures when multiple ibmvnic devices were probed.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Fri, 11 Nov 2016 17:00:45 +0000 (11:00 -0600)]
ibmvnic: Unmap ibmvnic_statistics structure
This structure was mapped but never subsequently unmapped.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bert Kenward [Fri, 11 Nov 2016 15:56:51 +0000 (15:56 +0000)]
sfc: clear napi_hash state when copying channels
efx_copy_channel() doesn't correctly clear the napi_hash related state.
This means that when napi_hash_add is called for that channel nothing is
done, and we are left with a copy of the napi_hash_node from the old
channel. When we later call napi_hash_del() on this channel we have a
stale napi_hash_node.
Corruption is only seen when there are multiple entries in one of the
napi_hash lists. This is made more likely by having a very large number
of channels. Testing was carried out with 512 channels - 32 channels on
each of 16 ports.
This failure typically appears as protection faults within napi_by_id()
or napi_hash_add(). efx_copy_channel() is only used when tx or rx ring
sizes are changed (ethtool -G).
Fixes:
36763266bbe8 ("sfc: Add support for busy polling")
Signed-off-by: Bert Kenward <bkenward@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 13 Nov 2016 18:32:32 +0000 (10:32 -0800)]
Linux 4.9-rc5
Linus Torvalds [Sun, 13 Nov 2016 18:28:53 +0000 (10:28 -0800)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"ARM fixes. There are a couple pending x86 patches but they'll have to
wait for next week"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: arm/arm64: vgic: Kick VCPUs when queueing already pending IRQs
KVM: arm/arm64: vgic: Prevent access to invalid SPIs
arm/arm64: KVM: Perform local TLB invalidation when multiplexing vcpus on a single CPU
Linus Torvalds [Sun, 13 Nov 2016 18:26:05 +0000 (10:26 -0800)]
Merge branch 'media-fixes' (patches from Mauro)
Merge media fixes from Mauro Carvalho Chehab:
"This contains two patches fixing problems with my patch series meant
to make USB drivers to work again after the DMA on stack changes.
The last patch on this series is actually not related to DMA on stack.
It solves a longstanding bug affecting module unload, causing
module_put() to be called twice. It was reported by the user who
reported and tested the issues with the gp8psk driver with the DMA
fixup patches. As we're late at -rc cycle, maybe you prefer to not
apply it right now. If this is the case, I'll add to the pile of
patches for 4.10.
Exceptionally this time, I'm sending the patches via e-mail, because
I'm on another trip, and won't be able to use the usual procedure
until Monday. Also, it is only three patches, and you followed already
the discussions about the first one"
* emailed patches from Mauro Carvalho Chehab <mchehab@osg.samsung.com>:
gp8psk: Fix DVB frontend attach
gp8psk: fix gp8psk_usb_in_op() logic
dvb-usb: move data_mutex to struct dvb_usb_device
Linus Torvalds [Sun, 13 Nov 2016 18:24:08 +0000 (10:24 -0800)]
Merge tag 'char-misc-4.9-rc5' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc fixes from Greg KH:
"Here are three small driver fixes for some reported issues for
4.9-rc5.
One for the hyper-v subsystem, fixing up a naming issue that showed up
in 4.9-rc1, one mei driver fix, and one fix for parallel ports,
resolving a reported regression.
All have been in linux-next with no reported issues"
* tag 'char-misc-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
ppdev: fix double-free of pp->pdev->name
vmbus: make sysfs names consistent with PCI
mei: bus: fix received data size check in NFC fixup
Linus Torvalds [Sun, 13 Nov 2016 18:22:07 +0000 (10:22 -0800)]
Merge tag 'driver-core-4.9-rc5' of git://git./linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are two driver core fixes for 4.9-rc5.
The first resolves an issue with some drivers not liking to be unbound
and bound again (if CONFIG_DEBUG_TEST_DRIVER_REMOVE is enabled), which
solves some reported problems with graphics and storage drivers. The
other resolves a smatch error with the 4.9-rc1 driver core changes
around this feature.
Both have been in linux-next with no reported issues"
* tag 'driver-core-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
driver core: fix smatch warning on dev->bus check
driver core: skip removal test for non-removable drivers
Linus Torvalds [Sun, 13 Nov 2016 18:13:33 +0000 (10:13 -0800)]
Merge tag 'staging-4.9-rc5' of git://git./linux/kernel/git/gregkh/staging
Pull staging/IIO fixes from Grek KH:
"Here are a few small staging and iio driver fixes for reported issues.
The last one was cherry-picked from my -next branch to resolve a build
warning that Arnd fixed, in his quest to be able to turn
-Wmaybe-uninitialized back on again. That patch, and all of the
others, have been in linux-next for a while with no reported issues"
* tag 'staging-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
iio: maxim_thermocouple: detect invalid storage size in read()
staging: nvec: remove managed resource from PS2 driver
Revert "staging: nvec: ps2: change serio type to passthrough"
drivers: staging: nvec: remove bogus reset command for PS/2 interface
staging: greybus: arche-platform: fix device reference leak
staging: comedi: ni_tio: fix buggy ni_tio_clock_period_ps() return value
staging: sm750fb: Fix bugs introduced by early commits
iio: hid-sensors: Increase the precision of scale to fix wrong reading interpretation.
iio: orientation: hid-sensor-rotation: Add PM function (fix non working driver)
iio: st_sensors: fix scale configuration for h3lis331dl
staging: iio: ad5933: avoid uninitialized variable in error case
Linus Torvalds [Sun, 13 Nov 2016 18:10:46 +0000 (10:10 -0800)]
Merge tag 'usb-4.9-rc5' of git://git./linux/kernel/git/gregkh/usb
Pull USB / PHY fixes from Greg KH:
"Here are a number of small USB and PHY driver fixes for 4.9-rc5
Nothing major, just small fixes for reported issues, all of these have
been in linux-next for a while with no reported issues"
* tag 'usb-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: cdc-acm: fix TIOCMIWAIT
cdc-acm: fix uninitialized variable
drivers/usb: Skip auto handoff for TI and RENESAS usb controllers
usb: musb: remove duplicated actions
usb: musb: da8xx: Don't print phy error on -EPROBE_DEFER
phy: sun4i: check PMU presence when poking unknown bit of pmu
phy-rockchip-pcie: remove deassert of phy_rst from exit callback
phy: da8xx-usb: rename the ohci device to ohci-da8xx
phy: Add reset callback for not generic phy
uwb: fix device reference leaks
usb: gadget: u_ether: remove interrupt throttling
usb: dwc3: st: add missing <linux/pinctrl/consumer.h> include
usb: dwc3: Fix error handling for core init
Linus Torvalds [Sun, 13 Nov 2016 18:09:04 +0000 (10:09 -0800)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull more block fixes from Jens Axboe:
"Since I mistakenly left out the lightnvm regression fix yesterday and
the aoeblk seems adequately tested at this point, might as well send
out another pull to make -rc5"
* 'for-linus' of git://git.kernel.dk/linux-block:
aoe: fix crash in page count manipulation
lightnvm: invalid offset calculation for lba_shift
Linus Torvalds [Sun, 13 Nov 2016 18:07:08 +0000 (10:07 -0800)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"The megaraid_sas patch in here fixes a major regression in the last
fix set that made all megaraid_sas cards unusable. It turns out no-one
had actually tested such an "obvious" fix, sigh. The fix for the fix
has been tested ...
The next most serious is the vmw_pvscsi abort problem which basically
means that aborts don't work on the vmware paravirt devices and error
handling always escalates to reset.
The rest are an assortment of missed reference counting in certain
paths and corner case bugs that show up on some architectures"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
scsi: qla2xxx: fix invalid DMA access after command aborts in PCI device remove
scsi: qla2xxx: do not queue commands when unloading
scsi: libcxgbi: fix incorrect DDP resource cleanup
scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
scsi: scsi_dh_alua: Fix a reference counting bug
scsi: vmw_pvscsi: return SUCCESS for successful command aborts
scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk
scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work()
Linus Torvalds [Sun, 13 Nov 2016 18:04:55 +0000 (10:04 -0800)]
Merge tag 'clk-fixes-for-linus' of git://git./linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"The typical collection of minor bug fixes in clk drivers. We don't
have anything in the core framework here, just driver fixes.
There's a boot fix for Samsung devices and a safety measure for qoriq
to prevent CPUs from running too fast. There's also a fix for i.MX6Q
to properly handle audio clock rates. We also have some "that's
obviously wrong" fixes like bad NULL pointer checks in the MPP driver
and a poor usage of __pa in the xgene clk driver that are fixed here"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: mmp: pxa910: fix return value check in pxa910_clk_init()
clk: mmp: pxa168: fix return value check in pxa168_clk_init()
clk: mmp: mmp2: fix return value check in mmp2_clk_init()
clk: qoriq: Don't allow CPU clocks higher than starting value
clk: imx: fix integer overflow in AV PLL round rate
clk: xgene: Don't call __pa on ioremaped address
clk/samsung: Use CLK_OF_DECLARE_DRIVER initialization method for CLKOUT
clk: rockchip: don't return NULL when failing to register ddrclk branch
Mauro Carvalho Chehab [Sat, 12 Nov 2016 14:46:28 +0000 (12:46 -0200)]
gp8psk: Fix DVB frontend attach
The DVB binding schema at the DVB core assumes that the frontend is a
separate driver. Faling to do that causes OOPS when the module is
removed, as it tries to do a symbol_put_addr on an internal symbol,
causing craches like:
WARNING: CPU: 1 PID: 28102 at kernel/module.c:1108 module_put+0x57/0x70
Modules linked in: dvb_usb_gp8psk(-) dvb_usb dvb_core nvidia_drm(PO) nvidia_modeset(PO) snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd soundcore nvidia(PO) [last unloaded: rc_core]
CPU: 1 PID: 28102 Comm: rmmod Tainted: P WC O 4.8.4-build.1 #1
Hardware name: MSI MS-7309/MS-7309, BIOS V1.12 02/23/2009
Call Trace:
dump_stack+0x44/0x64
__warn+0xfa/0x120
module_put+0x57/0x70
module_put+0x57/0x70
warn_slowpath_null+0x23/0x30
module_put+0x57/0x70
gp8psk_fe_set_frontend+0x460/0x460 [dvb_usb_gp8psk]
symbol_put_addr+0x27/0x50
dvb_usb_adapter_frontend_exit+0x3a/0x70 [dvb_usb]
From Derek's tests:
"Attach bug is fixed, tuning works, module unloads without
crashing. Everything seems ok!"
Reported-by: Derek <user.vdr@gmail.com>
Tested-by: Derek <user.vdr@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mauro Carvalho Chehab [Sat, 12 Nov 2016 14:46:27 +0000 (12:46 -0200)]
gp8psk: fix gp8psk_usb_in_op() logic
Commit
bc29131ecb10 ("[media] gp8psk: don't do DMA on stack") fixed the
usage of DMA on stack, but the memcpy was wrong for gp8psk_usb_in_op().
Fix it.
From Derek's email:
"Fix confirmed using 2 different Skywalker models with
HD mpeg4, SD mpeg2."
Suggested-by: Johannes Stezenbach <js@linuxtv.org>
Fixes:
bc29131ecb10 ("[media] gp8psk: don't do DMA on stack")
Tested-by: Derek <user.vdr@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mauro Carvalho Chehab [Sat, 12 Nov 2016 14:46:26 +0000 (12:46 -0200)]
dvb-usb: move data_mutex to struct dvb_usb_device
The data_mutex is initialized too late, as it is needed for
each device driver's power control, causing an OOPS:
dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<
ffffffff846617af>] __mutex_lock_slowpath+0x6f/0x100 PGD 0
Oops: 0002 [#1] SMP
Modules linked in: dvb_usb_cinergyT2(+) dvb_usb
CPU: 0 PID: 2029 Comm: modprobe Not tainted 4.9.0-rc4-dvbmod #24
Hardware name: FUJITSU LIFEBOOK A544/FJNBB35 , BIOS Version 1.17 05/09/2014
task:
ffff88020e943840 task.stack:
ffff8801f36ec000
RIP: 0010:[<
ffffffff846617af>] [<
ffffffff846617af>] __mutex_lock_slowpath+0x6f/0x100
RSP: 0018:
ffff8801f36efb10 EFLAGS:
00010282
RAX:
0000000000000000 RBX:
ffff88021509bdc8 RCX:
00000000c0000100
RDX:
0000000000000001 RSI:
0000000000000000 RDI:
ffff88021509bdcc
RBP:
ffff8801f36efb58 R08:
ffff88021f216320 R09:
0000000000100000
R10:
ffff88021f216320 R11:
00000023fee6c5a1 R12:
ffff88020e943840
R13:
ffff88021509bdcc R14:
00000000ffffffff R15:
ffff88021509bdd0
FS:
00007f21adb86740(0000) GS:
ffff88021f200000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000000000 CR3:
0000000215bce000 CR4:
00000000001406f0
Call Trace:
mutex_lock+0x16/0x25
cinergyt2_power_ctrl+0x1f/0x60 [dvb_usb_cinergyT2]
dvb_usb_device_init+0x21e/0x5d0 [dvb_usb]
cinergyt2_usb_probe+0x21/0x50 [dvb_usb_cinergyT2]
usb_probe_interface+0xf3/0x2a0
driver_probe_device+0x208/0x2b0
__driver_attach+0x87/0x90
driver_probe_device+0x2b0/0x2b0
bus_for_each_dev+0x52/0x80
bus_add_driver+0x1a3/0x220
driver_register+0x56/0xd0
usb_register_driver+0x77/0x130
do_one_initcall+0x46/0x180
free_vmap_area_noflush+0x38/0x70
kmem_cache_alloc+0x84/0xc0
do_init_module+0x50/0x1be
load_module+0x1d8b/0x2100
find_symbol_in_section+0xa0/0xa0
SyS_finit_module+0x89/0x90
entry_SYSCALL_64_fastpath+0x13/0x94
Code: e8 a7 1d 00 00 8b 03 83 f8 01 0f 84 97 00 00 00 48 8b 43 10 4c 8d 7b 08 48 89 63 10 4c 89 3c 24 41 be ff ff ff ff 48 89 44 24 08 <48> 89 20 4c 89 64 24 10 eb 1a 49 c7 44 24 08 02 00 00 00 c6 43 RIP [<
ffffffff846617af>] __mutex_lock_slowpath+0x6f/0x100 RSP <
ffff8801f36efb10>
CR2:
0000000000000000
So, move it to the struct dvb_usb_device and initialize it
before calling the driver's callbacks.
Reported-by: Jörg Otte <jrg.otte@gmail.com>
Tested-by: Jörg Otte <jrg.otte@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David S. Miller [Sun, 13 Nov 2016 17:51:01 +0000 (12:51 -0500)]
Merge branch 'mlxsw-fixes'
Jiri Pirko says:
====================
mlxsw: Couple of fixes
Please, queue-up both for stable. Thanks!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Arkadi Sharshevsky [Fri, 11 Nov 2016 15:34:26 +0000 (16:34 +0100)]
mlxsw: spectrum_router: Correctly dump neighbour activity
The device's neighbour table is periodically dumped in order to update
the kernel about active neighbours. A single dump session may span
multiple queries, until the response carries less records than requested
or when a record (can contain up to four neighbour entries) is not full.
Current code stops the session when the number of returned records is
zero, which can result in infinite loop in case of high packet rate.
Fix this by stopping the session according to the above logic.
Fixes:
c723c735fa6b ("mlxsw: spectrum_router: Periodically update the kernel's neigh table")
Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yotam Gigi [Fri, 11 Nov 2016 15:34:25 +0000 (16:34 +0100)]
mlxsw: spectrum: Fix refcount bug on span entries
When binding port to a newly created span entry, its refcount is
initialized to zero even though it has a bound port. That leads
to unexpected behaviour when the user tries to delete that port
from the span entry.
Fix this by initializing the reference count to 1.
Also add a warning to put function.
Fixes:
763b4b70afcd ("mlxsw: spectrum: Add support in matchall mirror TC offloading")
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 13 Nov 2016 17:37:32 +0000 (12:37 -0500)]
Merge branch 'bnxt_en-fixes'
Michael Chan says:
====================
bnxt_en: 2 bug fixes.
Bug fixes in bnxt_setup_tc() and VF vitual link state.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Fri, 11 Nov 2016 05:11:43 +0000 (00:11 -0500)]
bnxt_en: Fix VF virtual link state.
If the physical link is down and the VF virtual link is set to "enable",
the current code does not always work. If the link is down but the
cable is attached, the firmware returns LINK_SIGNAL instead of
NO_LINK. The current code is treating LINK_SIGNAL as link up.
The fix is to treat link as down when the link_status != LINK.
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Fri, 11 Nov 2016 05:11:42 +0000 (00:11 -0500)]
bnxt_en: Fix ring arithmetic in bnxt_setup_tc().
The logic is missing the check on whether the tx and rx rings are sharing
completion rings or not.
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mike Frysinger [Fri, 11 Nov 2016 00:08:39 +0000 (19:08 -0500)]
Revert "include/uapi/linux/atm_zatm.h: include linux/time.h"
This reverts commit
cf00713a655d ("include/uapi/linux/atm_zatm.h: include
linux/time.h").
This attempted to fix userspace breakage that no longer existed when
the patch was merged. Almost one year earlier, commit
70ba07b675b5
("atm: remove 'struct zatm_t_hist'") deleted the struct in question.
After this patch was merged, we now have to deal with people being
unable to include this header in conjunction with standard C library
headers like stdlib.h (which linux-atm does). Example breakage:
x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I./../q2931 -I./../saal \
-I. -DCPPFLAGS_TEST -I../../src/include -O2 -march=native -pipe -g \
-frecord-gcc-switches -freport-bug -Wimplicit-function-declaration \
-Wnonnull -Wstrict-aliasing -Wparentheses -Warray-bounds \
-Wfree-nonheap-object -Wreturn-local-addr -fno-strict-aliasing -Wall \
-Wshadow -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -c zntune.c
In file included from /usr/include/linux/atm_zatm.h:17:0,
from zntune.c:17:
/usr/include/linux/time.h:9:8: error: redefinition of ‘struct timespec’
struct timespec {
^
In file included from /usr/include/sys/select.h:43:0,
from /usr/include/sys/types.h:219,
from /usr/include/stdlib.h:314,
from zntune.c:9:
/usr/include/time.h:120:8: note: originally defined here
struct timespec
^
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Acked-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 10 Nov 2016 21:12:35 +0000 (13:12 -0800)]
tcp: take care of truncations done by sk_filter()
With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()
Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.
We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq
Many thanks to syzkaller team and Marco for giving us a reproducer.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Suryaputra Lin [Thu, 10 Nov 2016 16:16:15 +0000 (11:16 -0500)]
ipv4: use new_gw for redirect neigh lookup
In v2.6, ip_rt_redirect() calls arp_bind_neighbour() which returns 0
and then the state of the neigh for the new_gw is checked. If the state
isn't valid then the redirected route is deleted. This behavior is
maintained up to v3.5.7 by check_peer_redirect() because rt->rt_gateway
is assigned to peer->redirect_learned.a4 before calling
ipv4_neigh_lookup().
After commit
5943634fc559 ("ipv4: Maintain redirect and PMTU info in
struct rtable again."), ipv4_neigh_lookup() is performed without the
rt_gateway assigned to the new_gw. In the case when rt_gateway (old_gw)
isn't zero, the function uses it as the key. The neigh is most likely
valid since the old_gw is the one that sends the ICMP redirect message.
Then the new_gw is assigned to fib_nh_exception. The problem is: the
new_gw ARP may never gets resolved and the traffic is blackholed.
So, use the new_gw for neigh lookup.
Changes from v1:
- use __ipv4_neigh_lookup instead (per Eric Dumazet).
Fixes:
5943634fc559 ("ipv4: Maintain redirect and PMTU info in struct rtable again.")
Signed-off-by: Stephen Suryaputra Lin <ssurya@ieee.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Guenter Roeck [Thu, 10 Nov 2016 03:51:25 +0000 (19:51 -0800)]
r8152: Fix error path in open function
If usb_submit_urb() called from the open function fails, the following
crash may be observed.
r8152 8-1:1.0 eth0: intr_urb submit failed: -19
...
r8152 8-1:1.0 eth0: v1.08.3
Unable to handle kernel paging request at virtual address
6b6b6b6b6b6b6b7b
pgd =
ffffffc0e7305000
[
6b6b6b6b6b6b6b7b] *pgd=
0000000000000000, *pud=
0000000000000000
Internal error: Oops:
96000004 [#1] PREEMPT SMP
...
PC is at notifier_chain_register+0x2c/0x58
LR is at blocking_notifier_chain_register+0x54/0x70
...
Call trace:
[<
ffffffc0002407f8>] notifier_chain_register+0x2c/0x58
[<
ffffffc000240bdc>] blocking_notifier_chain_register+0x54/0x70
[<
ffffffc00026991c>] register_pm_notifier+0x24/0x2c
[<
ffffffbffc183200>] rtl8152_open+0x3dc/0x3f8 [r8152]
[<
ffffffc000808000>] __dev_open+0xac/0x104
[<
ffffffc0008082f8>] __dev_change_flags+0xb0/0x148
[<
ffffffc0008083c4>] dev_change_flags+0x34/0x70
[<
ffffffc000818344>] do_setlink+0x2c8/0x888
[<
ffffffc0008199d4>] rtnl_newlink+0x328/0x644
[<
ffffffc000819e98>] rtnetlink_rcv_msg+0x1a8/0x1d4
[<
ffffffc0008373c8>] netlink_rcv_skb+0x68/0xd0
[<
ffffffc000817990>] rtnetlink_rcv+0x2c/0x3c
[<
ffffffc000836d1c>] netlink_unicast+0x16c/0x234
[<
ffffffc00083720c>] netlink_sendmsg+0x340/0x364
[<
ffffffc0007e85d0>] sock_sendmsg+0x48/0x60
[<
ffffffc0007e9c30>] SyS_sendto+0xe0/0x120
[<
ffffffc0007e9cb0>] SyS_send+0x40/0x4c
[<
ffffffc000203e34>] el0_svc_naked+0x24/0x28
Clean up error handling to avoid registering the notifier if the open
function is going to fail.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Arnd Bergmann [Tue, 25 Oct 2016 15:55:04 +0000 (17:55 +0200)]
iio: maxim_thermocouple: detect invalid storage size in read()
As found by gcc -Wmaybe-uninitialized, having a storage_bytes value other
than 2 or 4 will result in undefined behavior:
drivers/iio/temperature/maxim_thermocouple.c: In function 'maxim_thermocouple_read':
drivers/iio/temperature/maxim_thermocouple.c:141:5: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]
This probably cannot happen, but returning -EINVAL here is appropriate
and makes gcc happy and the code more robust.
Fixes:
231147ee77f3 ("iio: maxim_thermocouple: Align 16 bit big endian value of raw reads")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
(cherry picked from commit
32cb7d27e65df9daa7cee8f1fdf7b259f214bee2)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Matt Fleming [Sat, 12 Nov 2016 21:04:24 +0000 (21:04 +0000)]
x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK=y
Booting an EFI mixed mode kernel has been crashing since commit:
e37e43a497d5 ("x86/mm/64: Enable vmapped stacks (CONFIG_HAVE_ARCH_VMAP_STACK=y)")
The user-visible effect in my test setup was the kernel being unable
to find the root file system ramdisk. This was likely caused by silent
memory or page table corruption.
Enabling CONFIG_DEBUG_VIRTUAL=y immediately flagged the thunking code as
abusing virt_to_phys() because it was passing addresses that were not
part of the kernel direct mapping.
Use the slow version instead, which correctly handles all memory
regions by performing a page table walk.
Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20161112210424.5157-3-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Borislav Petkov [Sat, 12 Nov 2016 21:04:23 +0000 (21:04 +0000)]
x86/efi: Fix EFI memmap pointer size warning
Fix this when building on 32-bit:
arch/x86/platform/efi/efi.c: In function ‘__efi_enter_virtual_mode’:
arch/x86/platform/efi/efi.c:911:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
(efi_memory_desc_t *)pa);
^
arch/x86/platform/efi/efi.c:918:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
(efi_memory_desc_t *)pa);
^
The @pa local variable is declared as phys_addr_t and that is a u64 when
CONFIG_PHYS_ADDR_T_64BIT=y. (The last is enabled on 32-bit on a PAE
build.)
However, its value comes from __pa() which is basically doing pointer
arithmetic and checking, and returns unsigned long as it is the native
pointer width.
So let's use an unsigned long too. It should be fine to do so because
the later users cast it to a pointer too.
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20161112210424.5157-2-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Baruch Siach [Thu, 10 Nov 2016 11:21:42 +0000 (13:21 +0200)]
net: bpqether.h: remove if_ether.h guard
__LINUX_IF_ETHER_H is not defined anywhere, and if_ether.h can keep itself from
double inclusion, though it uses a single underscore prefix.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 10 Nov 2016 00:04:46 +0000 (16:04 -0800)]
net: __skb_flow_dissect() must cap its return value
After Tom patch, thoff field could point past the end of the buffer,
this could fool some callers.
If an skb was provided, skb->len should be the upper limit.
If not, hlen is supposed to be the upper limit.
Fixes:
a6e544b0a88b ("flow_dissector: Jump to exit code in __skb_flow_dissect")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Yibin Yang <yibyang@cisco.com
Acked-by: Alexander Duyck <alexander.h.duyck@intel.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 13 Nov 2016 04:38:08 +0000 (23:38 -0500)]
Merge branch 'fix-bpf_redirect'
Martin KaFai Lau says:
====================
bpf: Fix bpf_redirect to an ipip/ip6tnl dev
This patch set fixes a bug in bpf_redirect(dev, flags) when dev is an
ipip/ip6tnl. The current problem is IP-EthHdr-IP is sent out instead of
IP-IP.
Patch 1 adds a dev->type test similar to dev_is_mac_header_xmit()
in act_mirred.c which is only available in net-next. We can consider to
refactor it once this patch is pulled into net-next from net.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Martin KaFai Lau [Wed, 9 Nov 2016 23:36:34 +0000 (15:36 -0800)]
bpf: Add test for bpf_redirect to ipip/ip6tnl
The test creates two netns, ns1 and ns2. The host (the default netns)
has an ipip or ip6tnl dev configured for tunneling traffic to the ns2.
ping VIPS from ns1 <----> host <--tunnel--> ns2 (VIPs at loopback)
The test is to have ns1 pinging VIPs configured at the loopback
interface in ns2.
The VIPs are 10.10.1.102 and 2401:face::66 (which are configured
at lo@ns2). [Note: 0x66 => 102].
At ns1, the VIPs are routed _via_ the host.
At the host, bpf programs are installed at the veth to redirect packets
from a veth to the ipip/ip6tnl. The test is configured in a way so
that both ingress and egress can be tested.
At ns2, the ipip/ip6tnl dev is configured with the local and remote address
specified. The return path is routed to the dev ipip/ip6tnl.
During egress test, the host also locally tests pinging the VIPs to ensure
that bpf_redirect at egress also works for the direct egress (i.e. not
forwarding from dev ve1 to ve2).
Acked-by: Alexei Starovoitov <ast@fb.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Martin KaFai Lau [Wed, 9 Nov 2016 23:36:33 +0000 (15:36 -0800)]
bpf: Fix bpf_redirect to an ipip/ip6tnl dev
If the bpf program calls bpf_redirect(dev, 0) and dev is
an ipip/ip6tnl, it currently includes the mac header.
e.g. If dev is ipip, the end result is IP-EthHdr-IP instead
of IP-IP.
The fix is to pull the mac header. At ingress, skb_postpull_rcsum()
is not needed because the ethhdr should have been pulled once already
and then got pushed back just before calling the bpf_prog.
At egress, this patch calls skb_postpull_rcsum().
If bpf_redirect(dev, BPF_F_INGRESS) is called,
it also fails now because it calls dev_forward_skb() which
eventually calls eth_type_trans(skb, dev). The eth_type_trans()
will set skb->type = PACKET_OTHERHOST because the mac address
does not match the redirecting dev->dev_addr. The PACKET_OTHERHOST
will eventually cause the ip_rcv() errors out. To fix this,
____dev_forward_skb() is added.
Joint work with Daniel Borkmann.
Fixes:
cfc7381b3002 ("ip_tunnel: add collect_md mode to IPIP tunnel")
Fixes:
8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels")
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@fb.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jens Axboe [Sat, 12 Nov 2016 01:28:50 +0000 (18:28 -0700)]
aoe: fix crash in page count manipulation
aoeblk contains some mysterious code, that wants to elevate the bio
vec page counts while it's under IO. That is not needed, it's
fragile, and it's causing kernel oopses for some.
Reported-by: Tested-by: Don Koch <kochd@us.ibm.com>
Tested-by: Tested-by: Don Koch <kochd@us.ibm.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Ingo Molnar [Sat, 12 Nov 2016 10:47:30 +0000 (11:47 +0100)]
Merge tag 'perf-hists-hierarchy-fixes-for-mingo-
20161111' of git://git./linux/kernel/git/acme/linux into perf/urgent
Pull perf/urgent fixes for perf {top,report} --hierarchy, from Arnaldo Carvalho de Melo:
- These are fixes for the --hierarchy view of perf top and report, fixing
output oddities, mostly related to scrolling. (Namhyung Kim)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Matias Bjørling [Thu, 10 Nov 2016 11:26:57 +0000 (12:26 +0100)]
lightnvm: invalid offset calculation for lba_shift
The ns->lba_shift assumes its value to be the logarithmic of the
LA size. A previous patch duplicated the lba_shift calculation into
lightnvm. It prematurely also subtracted a 512byte shift, which commonly
is applied per-command. The 512byte shift being subtracted twice led to
data loss when restoring the logical to physical mapping table from
device and when issuing I/O commands using rrpc.
Fix offset by removing the 512byte shift subtraction when calculating
lba_shift.
Fixes:
b0b4e09c1ae7 "lightnvm: control life of nvm_dev in driver"
Reported-by: Javier González <javier@cnexlabs.com>
Signed-off-by: Matias Bjørling <m@bjorling.me>
Signed-off-by: Jens Axboe <axboe@fb.com>
Linus Torvalds [Sat, 12 Nov 2016 01:02:01 +0000 (17:02 -0800)]
Merge tag 'acpi-4.9-rc5' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Fix a recent regression in the 8250_dw serial driver introduced by
adding a quirk for the APM X-Gene SoC to it which uncovered an issue
related to the handling of built-in device properties in the core ACPI
device enumeration code (Heikki Krogerus)"
* tag 'acpi-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / platform: Add support for build-in properties
Linus Torvalds [Sat, 12 Nov 2016 00:54:23 +0000 (16:54 -0800)]
Merge tag 'pm-4.9-rc5' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix two bugs in error code paths in the PM core (system-wide
suspend of devices), a device reference leak in the boot-time suspend
test code and a cpupower utility regression from the 4.7 cycle.
Specifics:
- Prevent the PM core from attempting to suspend parent devices if
any of their children, whose suspend callbacks were invoked
asynchronously, have failed to suspend during the "late" and
"noirq" phases of system-wide suspend of devices (Brian Norris).
- Prevent the boot-time system suspend test code from leaking a
reference to the RTC device used by it (Johan Hovold).
- Fix cpupower to use the return value of one of its library
functions correctly and restore the correct behavior of it when
used for setting cpufreq tunables broken during the 4.7 development
cycle (Laura Abbott)"
* tag 'pm-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails
PM / sleep: fix device reference leak in test_suspend
cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set
Linus Torvalds [Sat, 12 Nov 2016 00:51:50 +0000 (16:51 -0800)]
Merge tag 'arc-4.9-rc5' of git://git./linux/kernel/git/vgupta/arc
Pull ARC fixes from Vineet Gupta:
- mmap handler for dma ops as generic handler no longer works for us
[Alexey]
- Fixes for EZChip platform [Noam]
- Fix RTC clocksource driver build issue
- ARC IRQ handling fixes [Yuriy]
- Revert a recent makefile change which doesn't go well with oldish
tools out in the wild
* tag 'arc-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARCv2: MCIP: Use IDU_M_DISTRI_DEST mode if there is only 1 destination core
ARC: IRQ: Do not use hwirq as virq and vice versa
ARC: [plat-eznps] set default baud for early console
ARC: [plat-eznps] remove IPI clear from SMP operations
Revert "ARC: build: retire old toggles"
ARC: timer: rtc: implement read loop in "C" vs. inline asm
ARC: change return value of userspace cmpxchg assist syscall
arc: Implement arch-specific dma_map_ops.mmap
ARC: [SMP] avoid overriding present cpumask
ARC: Enable PERF_EVENTS in nSIM driven platforms
Linus Torvalds [Sat, 12 Nov 2016 00:48:49 +0000 (16:48 -0800)]
Merge tag 'platform-drivers-x86-v4.9-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
Pull x86 platform driver fixes from Darren Hart:
"Minor doc fix, a DMI match for ideapad and a fix to toshiba-wmi to
avoid loading on non-toshiba systems.
Documentation/ABI:
- ibm_rtl: The "What:" fields are incomplete
toshiba-wmi:
- Fix loading the driver on non Toshiba laptops
ideapad-laptop:
- Add another DMI entry for Yoga 900"
* tag 'platform-drivers-x86-v4.9-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
Documentation/ABI: ibm_rtl: The "What:" fields are incomplete
toshiba-wmi: Fix loading the driver on non Toshiba laptops
ideapad-laptop: Add another DMI entry for Yoga 900
Linus Torvalds [Sat, 12 Nov 2016 00:42:03 +0000 (16:42 -0800)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"Two small (really, one liners both of them!) fixes that should go into
this series:
- Request allocation error handling fix for nbd, from Christophe,
fixing a regression in this series.
- An oops fix for drbd. Not a regression in this series, but stable
material. From Richard"
* 'for-linus' of git://git.kernel.dk/linux-block:
drbd: Fix kernel_sendmsg() usage - potential NULL deref
nbd: Fix error handling
Linus Torvalds [Sat, 12 Nov 2016 00:38:26 +0000 (16:38 -0800)]
Merge tag 'pci-v4.9-fixes-3' of git://git./linux/kernel/git/helgaas/pci
Pull PCI fixes from Bjorn Helgaas:
- Update MAINTAINERS for Intel VMD driver filename
- Update Rockchip rk3399 host bridge driver DTS and resets
- Fix ROM shadow problem that made some video device initialization
fail
* tag 'pci-v4.9-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: VMD: Update filename to reflect move
arm64: dts: rockchip: add three new resets for rk3399 PCIe controller
PCI: rockchip: Add three new resets as required properties
PCI: Don't attempt to claim shadow copies of ROM
Linus Torvalds [Sat, 12 Nov 2016 00:25:28 +0000 (16:25 -0800)]
Merge tag 'drm-fixes-for-v4.9-rc5' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"AMD, radeon, i915, imx, msm and udl fixes:
- amdgpu/radeon have a number of power management regressions and
fixes along with some better error checking
- imx has a single regression fix
- udl has a single kmalloc instead of stack for usb control msg fix
- msm has some fixes for modesetting bugs and regressions
- i915 has a one fix for a Sandybridge regression along with some
others for DP audio.
They all seem pretty okay at this stage, we've got one MST fix I know
going through process for i915, but I expect it'll be next week"
* tag 'drm-fixes-for-v4.9-rc5' of git://people.freedesktop.org/~airlied/linux: (30 commits)
drm/udl: make control msg static const. (v2)
drm/amd/powerplay: implement get_clock_by_type for iceland.
drm/amd/powerplay/smu7: fix checks in smu7_get_evv_voltages (v2)
drm/amd/powerplay: update phm_get_voltage_evv_on_sclk for iceland
drm/amd/powerplay: propagate errors in phm_get_voltage_evv_on_sclk
drm/imx: disable planes before DC
drm/amd/powerplay: return false instead of -EINVAL
drm/amdgpu/powerplay/smu7: fix unintialized data usage
drm/amdgpu: fix crash in acp_hw_fini
drm/i915: Limit Valleyview and earlier to only using mappable scanout
drm/i915: Round tile chunks up for constructing partial VMAs
drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms
drm/i915/dp: BDW cdclk fix for DP audio
drm/i915/vlv: Prevent enabling hpd polling in late suspend
drm/i915: Respect alternate_ddc_pin for all DDI ports
drm/msm: Fix error handling crashes seen when VRAM allocation fails
drm/msm/mdp5: 8x16 actually has 8 mixer stages
drm/msm/mdp5: no scaling support on RGBn pipes for 8x16
drm/msm/mdp5: handle non-fullscreen base plane case
drm/msm: Set CLK_IGNORE_UNUSED flag for PLL clocks
...
Linus Torvalds [Sat, 12 Nov 2016 00:23:14 +0000 (16:23 -0800)]
Merge tag 'mmc-v4.9-rc4' of git://git./linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
"MMC core:
- Fix mmc card initialization for hosts not supporting HW busy
detection
- Fix mmc_test for sending commands during non-blocking write
MMC host:
- mxs: Avoid using an uninitialized
- sdhci: Restore enhanced strobe setting during runtime resume
- sdhci: Fix a couple of reset related issues
- dw_mmc: Fix a reset controller issue"
* tag 'mmc-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: mxs: Initialize the spinlock prior to using it
mmc: mmc: Use 500ms as the default generic CMD6 timeout
mmc: mmc_test: Fix "Commands during non-blocking write" tests
mmc: sdhci: Fix missing enhanced strobe setting during runtime resume
mmc: sdhci: Reset cmd and data circuits after tuning failure
mmc: sdhci: Fix unexpected data interrupt handling
mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer
mmc: dw_mmc: add the "reset" as name of reset controller
Documentation: synopsys-dw-mshc: add binding for reset-names
Linus Torvalds [Sat, 12 Nov 2016 00:21:20 +0000 (16:21 -0800)]
Merge tag 'pinctrl-v4.9-3' of git://git./linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"All is about drivers, no core business going on.
- Fix a host of runtime problems with the Intel Cherryview driver:
suspend/resume needs to be marshalled properly, and strange effects
from BIOS interaction during suspend/resume need to be dealt with.
- A single bit was being set wrong in the Aspeed driver.
- Fix an iProc probe ordering fallout resulting from v4.9
refactorings for bus population.
- Do not specify a default trigger in the ST Micro cascaded GPIO IRQ
controller: the kernel will moan.
- Make IRQs optional altogether on the STM32 driver, it turns out not
all systems have them or want them.
- Fix a re-probe bug in the i.MX driver, it will eventually crash if
probed repeatedly, not good"
* tag 'pinctrl-v4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl-aspeed-g5: Never set SCU90[6]
pinctrl: cherryview: Prevent possible interrupt storm on resume
pinctrl: cherryview: Serialize register access in suspend/resume
pinctrl: imx: reset group index on probe
pinctrl: stm32: move gpio irqs binding to optional
pinctrl: stm32: remove dependency with interrupt controller
pinctrl: st: don't specify default interrupt trigger
pinctrl: iproc: Fix iProc and NSP GPIO support
Rafael J. Wysocki [Fri, 11 Nov 2016 22:24:58 +0000 (23:24 +0100)]
Merge branches 'pm-tools-fixes' and 'pm-sleep-fixes'
* pm-tools-fixes:
cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set
* pm-sleep-fixes:
PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails
PM / sleep: fix device reference leak in test_suspend
Rafael J. Wysocki [Fri, 11 Nov 2016 22:23:02 +0000 (23:23 +0100)]
Merge branch 'device-properties'
* device-properties:
ACPI / platform: Add support for build-in properties
Linus Torvalds [Fri, 11 Nov 2016 18:03:01 +0000 (10:03 -0800)]
Merge branch 'maybe-uninitialized' (patches from Arnd)
Merge fixes for -Wmaybe-uninitialized from Arnd Bergmann:
"It took a while for some patches to make it into mainline through
maintainer trees, but the 28-patch series is now reduced to 10, with
one tiny patch added at the end.
Aside from patches that are no longer required, I did these changes
compared to version 1:
- Dropped "iio: maxim_thermocouple: detect invalid storage size in
read()", which is currently in linux-next as commit
32cb7d27e65d.
This is the only remaining warning I see for a couple of corner
cases (kbuild bot reports it on blackfin, kernelci bot and arm-soc
bot both report it on arm64)
- Dropped "brcmfmac: avoid maybe-uninitialized warning in
brcmf_cfg80211_start_ap", which is currently in net/master merge
pending.
- Dropped two x86 patches, "x86: math-emu: possible uninitialized
variable use" and "x86: mark target address as output in 'insb'
asm" as they do not seem to trigger for a default build, and I got
no feedback on them. Both of these are ancient issues and seem
harmless, I will send them again to the x86 maintainers once the
rest is merged.
- Dropped "rbd: false-postive gcc-4.9 -Wmaybe-uninitialized" based on
feedback from Ilya Dryomov, who already has a different fix queued
up for v4.10. The kbuild bot reports this as a warning for xtensa.
- Replaced "crypto: aesni: avoid -Wmaybe-uninitialized warning" with
a simpler patch, this one always triggers but my first solution
would not be safe for linux-4.9 any more at this point. I'll follow
up with the larger patch as a cleanup for 4.10.
- Replaced "dib0700: fix nec repeat handling" with a better one,
contributed by Sean Young"
* -Wmaybe-uninitialized fixes:
Kbuild: enable -Wmaybe-uninitialized warnings by default
pcmcia: fix return value of soc_pcmcia_regulator_set
infiniband: shut up a maybe-uninitialized warning
crypto: aesni: shut up -Wmaybe-uninitialized warning
rc: print correct variable for z8f0811
dib0700: fix nec repeat handling
s390: pci: don't print uninitialized data for debugging
nios2: fix timer initcall return value
x86: apm: avoid uninitialized data
NFSv4.1: work around -Wmaybe-uninitialized warning
Kbuild: enable -Wmaybe-uninitialized warning for "make W=1"
Linus Torvalds [Fri, 11 Nov 2016 17:44:23 +0000 (09:44 -0800)]
Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
"15 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
lib/stackdepot: export save/fetch stack for drivers
mm: kmemleak: scan .data.ro_after_init
memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB
coredump: fix unfreezable coredumping task
mm/filemap: don't allow partially uptodate page for pipes
mm/hugetlb: fix huge page reservation leak in private mapping error paths
ocfs2: fix not enough credit panic
Revert "console: don't prefer first registered if DT specifies stdout-path"
mm: hwpoison: fix thp split handling in memory_failure()
swapfile: fix memory corruption via malformed swapfile
mm/cma.c: check the max limit for cma allocation
scripts/bloat-o-meter: fix SIGPIPE
shmem: fix pageflags after swapping DMA32 object
mm, frontswap: make sure allocated frontswap map is assigned
mm: remove extra newline from allocation stall warning
Linus Torvalds [Fri, 11 Nov 2016 17:19:01 +0000 (09:19 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull VFS fixes from Al Viro:
"Christoph's and Jan's aio fixes, fixup for generic_file_splice_read
(removal of pointless detritus that actually breaks it when used for
gfs2 ->splice_read()) and fixup for generic_file_read_iter()
interaction with ITER_PIPE destinations."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
splice: remove detritus from generic_file_splice_read()
mm/filemap: don't allow partially uptodate page for pipes
aio: fix freeze protection of aio writes
fs: remove aio_run_iocb
fs: remove the never implemented aio_fsync file operation
aio: hold an extra file reference over AIO read/write operations
Linus Torvalds [Fri, 11 Nov 2016 17:17:10 +0000 (09:17 -0800)]
Merge tag 'ceph-for-4.9-rc5' of git://github.com/ceph/ceph-client
Pull Ceph fixes from Ilya Dryomov:
"Ceph's ->read_iter() implementation is incompatible with the new
generic_file_splice_read() code that went into -rc1. Switch to the
less efficient default_file_splice_read() for now; the proper fix is
being held for 4.10.
We also have a fix for a 4.8 regression and a trival libceph fixup"
* tag 'ceph-for-4.9-rc5' of git://github.com/ceph/ceph-client:
libceph: initialize last_linger_id with a large integer
libceph: fix legacy layout decode with pool 0
ceph: use default file splice read callback
Linus Torvalds [Fri, 11 Nov 2016 17:15:30 +0000 (09:15 -0800)]
Merge tag 'nfs-for-4.9-3' of git://git.linux-nfs.org/projects/anna/linux-nfs
Pull NFS client bugfixes from Anna Schumaker:
"Most of these fix regressions in 4.9, and none are going to stable
this time around.
Bugfixes:
- Trim extra slashes in v4 nfs_paths to fix tools that use this
- Fix a -Wmaybe-uninitialized warnings
- Fix suspicious RCU usages
- Fix Oops when mounting multiple servers at once
- Suppress a false-positive pNFS error
- Fix a DMAR failure in NFS over RDMA"
* tag 'nfs-for-4.9-3' of git://git.linux-nfs.org/projects/anna/linux-nfs:
xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect
fs/nfs: Fix used uninitialized warn in nfs4_slot_seqid_in_use()
NFS: Don't print a pNFS error if we aren't using pNFS
NFS: Ignore connections that have cl_rpcclient uninitialized
SUNRPC: Fix suspicious RCU usage
NFSv4.1: work around -Wmaybe-uninitialized warning
NFS: Trim extra slash in v4 nfs_path