Nicolas Iooss [Fri, 17 Jul 2015 23:23:45 +0000 (16:23 -0700)]
configfs: fix kernel infoleak through user-controlled format string
Some modules call config_item_init_type_name() and config_group_init_type_name()
with parameter "name" directly controlled by userspace. These two
functions call config_item_set_name() with this name used as a format
string, which can be used to leak information such as content of the
stack to userspace.
For example, make_netconsole_target() in netconsole module calls
config_item_init_type_name() with the name of a newly-created directory.
This means that the following commands give some unexpected output, with
configfs mounted in /sys/kernel/config/ and on a system with a
configured eth0 ethernet interface:
# modprobe netconsole
# mkdir /sys/kernel/config/netconsole/target_%lx
# echo eth0 > /sys/kernel/config/netconsole/target_%lx/dev_name
# echo 1 > /sys/kernel/config/netconsole/target_%lx/enabled
# echo eth0 > /sys/kernel/config/netconsole/target_%lx/dev_name
# dmesg |tail -n1
[ 142.697668] netconsole: target (target_ffffffffc0ae8080) is
enabled, disable to update parameters
The directory name is correct but %lx has been interpreted in the
internal item name, displayed here in the error message used by
store_dev_name() in drivers/net/netconsole.c.
To fix this, update every caller of config_item_set_name to use "%s"
when operating on untrusted input.
This issue was found using -Wformat-security gcc flag, once a __printf
attribute has been added to config_item_set_name().
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Felipe Balbi <balbi@ti.com>
Acked-by: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nicolas Iooss [Fri, 17 Jul 2015 23:23:42 +0000 (16:23 -0700)]
include, lib: add __printf attributes to several function prototypes
Using __printf attributes helps to detect several format string issues
at compile time (even though -Wformat-security is currently disabled in
Makefile). For example it can detect when formatting a pointer as a
number, like the issue fixed in commit
a3fa71c40f18 ("wl18xx: show
rx_frames_per_rates as an array as it really is"), or when the arguments
do not match the format string, c.f. for example commit
5ce1aca81435
("reiserfs: fix __RASSERT format string").
To prevent similar bugs in the future, add a __printf attribute to every
function prototype which needs one in include/linux/ and lib/. These
functions were mostly found by using gcc's -Wsuggest-attribute=format
flag.
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Felipe Balbi <balbi@ti.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dominik Dingel [Fri, 17 Jul 2015 23:23:39 +0000 (16:23 -0700)]
s390/hugetlb: add hugepages_supported define
On s390 we only can enable hugepages if the underlying hardware/hypervisor
also does support this. Common code now would assume this to be
signaled by setting HPAGE_SHIFT to 0. But on s390, where we only
support one hugepage size, there is a link between HPAGE_SHIFT and
pageblock_order.
So instead of setting HPAGE_SHIFT to 0, we will implement the check for
the hardware capability.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dominik Dingel [Fri, 17 Jul 2015 23:23:37 +0000 (16:23 -0700)]
mm: hugetlb: allow hugepages_supported to be architecture specific
s390 has a constant hugepage size, by setting HPAGE_SHIFT we also change
e.g. the pageblock_order, which should be independent in respect to
hugepage support.
With this patch every architecture is free to define how to check
for hugepage support.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dominik Dingel [Fri, 17 Jul 2015 23:23:34 +0000 (16:23 -0700)]
revert "s390/mm: make hugepages_supported a boot time decision"
Heiko noticed that the current check for hugepage support on s390 is a
little bit too harsh as systems which do not support will crash.
The reason is that pageblock_order can now get negative when we set
HPAGE_SHIFT to 0. To avoid all this and to avoid opening another can of
worms with enabling HUGETLB_PAGE_SIZE_VARIABLE I think it would be best
to simply allow architectures to define their own hugepages_supported().
Revert
bea41197ead3 ("s390/mm: make hugepages_supported a boot time
decision") in preparation.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dominik Dingel [Fri, 17 Jul 2015 23:23:31 +0000 (16:23 -0700)]
revert "s390/mm: change HPAGE_SHIFT type to int"
Heiko noticed that the current check for hugepage support on s390 is a
little bit too harsh as systems which do not support will crash.
The reason is that pageblock_order can now get negative when we set
HPAGE_SHIFT to 0. To avoid all this and to avoid opening another can of
worms with enabling HUGETLB_PAGE_SIZE_VARIABLE I think it would be best
to simply allow architectures to define their own hugepages_supported().
This patch (of 4): revert commit
cf54e2fce51c ("s390/mm: change
HPAGE_SHIFT type to int") in preparation.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Fri, 17 Jul 2015 23:23:28 +0000 (16:23 -0700)]
openrisc: fix CONFIG_UID16 setting
openrisc-allnoconfig:
kernel/uid16.c: In function 'SYSC_setgroups16':
kernel/uid16.c:184:2: error: implicit declaration of function 'groups_alloc'
kernel/uid16.c:184:13: warning: assignment makes pointer from integer without a cast
openrisc shouldn't be setting CONFIG_UID16 when CONFIG_MULTIUSER=n.
Fixes:
2813893f8b197a1 ("kernel: conditionally support non-root users, groups and capabilities")
Reported-by: Fengguang Wu <fengguang.wu@gmail.com>
Cc: Iulia Manda <iulia.manda21@gmail.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michal Hocko [Fri, 17 Jul 2015 23:23:26 +0000 (16:23 -0700)]
MAINTAINERS: change mhocko's email address to
I am moving from mhocko@suse.cz to mhocko@kernel.org for kernel related
stuff.
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Iago López Galeiras [Fri, 17 Jul 2015 23:23:23 +0000 (16:23 -0700)]
fs, proc: add help for CONFIG_PROC_CHILDREN
The purpose of the option was documented in
Documentation/filesystems/proc.txt but the help text was missing.
Add small help text that also points to the documentation.
Signed-off-by: Iago López Galeiras <iago@endocode.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiri Slaby [Fri, 17 Jul 2015 23:23:20 +0000 (16:23 -0700)]
MAINTAINERS: switch to suse.com many-in-one (fwd)
Since suse.{de,cz} is deprecated to use (but will still work for some
time), switch to suse.com which is now to be used instead.
Signed-off-by: Jiri Slaby <jslaby@suse.com>
Acked-by: Alexander Graf <agraf@suse.de>
Acked-by: David Sterba <dsterba@suse.com>
Acked-by: Hannes Reinecke <hare@suse.com>
Acked-by: Jan Kara <jack@suse.com>
Acked-by: Jean Delvare <jdelvare@suse.com>
Acked-by: Jiri Kosina <jkosina@suse.com>
Acked-by: Michal Marek <mmarek@suse.com>
Acked-by: NeilBrown <neilb@suse.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Acked-by: Takashi Iwai <tiwai@suse.com>
Acked-by: Thomas Renninger <trenn@suse.de>
Acked-by: Tomas Cech <sleep_walker@suse.com>
Acked-by: Vojtech Pavlik <vojtech@suse.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fabio Estevam [Sat, 4 Jul 2015 18:27:34 +0000 (15:27 -0300)]
rtc: armada38x: Remove unused variable from armada38x_rtc_set_time()
Remove the 'flags' variable in order to fix the following warning:
drivers/rtc/rtc-armada38x.c:91:22: warning: unused variable 'flags' [-Wunused-variable]
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Wei-Ning Huang [Thu, 2 Jul 2015 08:36:56 +0000 (16:36 +0800)]
rtc: mt6397: enable wakeup before registering rtc device
rtc_sysfs_add_device checks if device can wakeup before creating the
wakealarm file in sysfs. Thus the driver must set wakeup capability
before registering the rtc device.
Signed-off-by: Wei-Ning Huang <wnhuang@google.com>
Acked-by: Eddie Huang <eddie.huang@mediatek.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Linus Torvalds [Fri, 17 Jul 2015 18:30:59 +0000 (11:30 -0700)]
Merge tag 'staging-4.2-rc3' of git://git./linux/kernel/git/gregkh/staging
Pull staging and IIO driver fixes from Greg KH:
"Here's some staging and IIO driver fixes for 4.2-rc3.
Nothing major, the majority are IIO issues that were reported, with a
few other minor staging driver fixes. All have been in linux-next for
a while with no reported issues"
* tag 'staging-4.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (25 commits)
staging: vt6656: check ieee80211_bss_conf bssid not NULL
staging: vt6655: check ieee80211_bss_conf bssid not NULL
staging:lustre: remove irq.h from socklnd.h
staging: make board support depend on OF_IRQ and CLKDEV_LOOKUP
iio: tmp006: Check channel info on write
iio: sx9500: Add missing init in sx9500_buffer_pre{en,dis}able()
iio:light:ltr501: fix regmap dependency
iio:light:ltr501: fix variable in ltr501_init
iio: sx9500: fix bug in compensation code
iio: sx9500: rework error handling of raw readings
iio: magnetometer: mmc35240: fix available sampling frequencies
iio:light:stk3310: Fix REGMAP_I2C dependency
iio: light: STK3310: un-invert proximity values
iio:adc:cc10001_adc: fix Kconfig dependency
iio: light: tcs3414: Fix bug preventing to set integration time
iio:accel:bmc150-accel: fix counting direction
iio:light:cm3323: clear bitmask before set
iio: adc: at91_adc: allow to use full range of startup time
iio: DAC: ad5624r_spi: fix bit shift of output data value
iio: proximity: sx9500: Fix proximity value
...
Linus Torvalds [Fri, 17 Jul 2015 18:24:31 +0000 (11:24 -0700)]
Merge tag 'usb-4.2-rc3' of git://git./linux/kernel/git/gregkh/usb
Pull USB driver fixes from Greg KH:
"Here's some USB driver fixes for 4.2-rc3.
The ususal number of gadget driver fixes are in here, along with some
new device ids and a build fix for the mn10300 arch which required
some symbols to be renamed in the mos7720 driver.
All have been in linux-next for a while with no reported issues"
* tag 'usb-4.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: serial: Destroy serial_minors IDR on module exit
usb: gadget: f_midi: fix error recovery path
usb: phy: mxs: suspend to RAM causes NULL pointer dereference
usb: gadget: udc: fix free_irq() after request_irq() failed
usb: gadget: composite: Fix NULL pointer dereference
usb: gadget: f_fs: do not set cancel function on synchronous {read,write}
usb: f_mass_storage: limit number of reported LUNs
usb: dwc3: core: avoid NULL pointer dereference
usb: dwc2: embed storage for reg backup in struct dwc2_hsotg
usb: dwc2: host: allocate qtd before atomic enqueue
usb: dwc2: host: allocate qh before atomic enqueue
usb: musb: host: rely on port_mode to call musb_start()
USB: cp210x: add ID for Aruba Networks controllers
USB: mos7720: rename registers
USB: option: add 2020:4000 ID
Steven Rostedt (Red Hat) [Fri, 17 Jul 2015 18:03:26 +0000 (14:03 -0400)]
tracing: Fix sample output of dynamic arrays
He Kuang noticed that the trace event samples for arrays was broken:
"The output result of trace_foo_bar event in traceevent samples is
wrong. This problem can be reproduced as following:
(Build kernel with SAMPLE_TRACE_EVENTS=m)
$ insmod trace-events-sample.ko
$ echo 1 > /sys/kernel/debug/tracing/events/sample-trace/foo_bar/enable
$ cat /sys/kernel/debug/tracing/trace
event-sample-980 [000] .... 43.649559: foo_bar: foo hello 21 0x15
BIT1|BIT3|0x10 {0x1,0x6f6f6e53,0xff007970,0xffffffff} Snoopy
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The array length is not right, should be {0x1}.
(
ffffffff,
ffffffff)
event-sample-980 [000] .... 44.653827: foo_bar: foo hello 22 0x16
BIT2|BIT3|0x10
{0x1,0x2,0x646e6147,0x666c61,0xffffffff,0xffffffff,0x750aeffe,0x7}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The array length is not right, should be {0x1,0x2}.
Gandalf (
ffffffff,
ffffffff)"
This was caused by an update to have __print_array()'s second parameter
be the count of items in the array and not the size of the array.
As there is already users of __print_array(), it can not change. But
the sample code can and we can also improve on the documentation about
__print_array() and __get_dynamic_array_len().
Link: http://lkml.kernel.org/r/1436839171-31527-2-git-send-email-hekuang@huawei.com
Fixes:
ac01ce1410fc2 ("tracing: Make ftrace_print_array_seq compute buf_len")
Reported-by: He Kuang <hekuang@huawei.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Linus Torvalds [Fri, 17 Jul 2015 17:54:30 +0000 (10:54 -0700)]
Merge tag 'sound-4.2-rc3' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"There are two small fixes for HD-audio and USB LINE6, and the rest are
a few new quirks and device ID addition that are good enough to get
into 4.2"
* tag 'sound-4.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek: Enable HP amp and mute LED on HP Folio 9480m [v3]
ALSA: line6: Fix -EBUSY error during active monitoring
ALSA: hda - Fix a wrong busy check in alt PCM open
ALSA: hda - add codec ID for Broxton display audio codec
ALSA: usb-audio: Add MIDI support for Steinberg MI2/MI4
Linus Torvalds [Fri, 17 Jul 2015 17:40:45 +0000 (10:40 -0700)]
Merge tag 'gpio-v4.2-2' of git://git./linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"This is a first set of GPIO fixes for the v4.2 series, all hitting
individual drivers and nothing else (except for a documentation
oneliner. I intended to send a request earlier but life intervened)"
* tag 'gpio-v4.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: pca953x: fix nested irqs rescheduling
gpio: omap: prevent module from being unloaded while in use
gpio: max732x: Add missing dev reference to gpiochip
gpio/xilinx: Use correct address when setting initial values.
gpio: zynq: Fix problem with unbalanced pm_runtime_enable
gpio: omap: add missed spin_unlock_irqrestore in omap_gpio_irq_type
gpio: brcmstb: fix null ptr dereference in driver remove
gpio: Remove double "base" in comment
Olof Johansson [Fri, 17 Jul 2015 17:10:22 +0000 (10:10 -0700)]
Merge tag 'keystone-dts-fixes' of git://git./linux/kernel/git/ssantosh/linux-keystone into fixes
Merge "ARM: Couple of dts fixes for v4.2-rcx" from Santosh Shilimkar:
Couple of DTS fixes 4.2-rcx for Keystone EVMs:
K2E EVM boot hangs because of missing serdes driver which is needed to bring up
PCIe on K2E. These couple of fixes makes the PCIE disabled on common default and
let the specific board DTS to enable it.
* tag 'keystone-dts-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ssantosh/linux-keystone:
ARM: keystone: dts: rename pcie nodes to help override status
ARM: keystone: dts: fix dt bindings for PCIe
Signed-off-by: Olof Johansson <olof@lixom.net>
Linus Torvalds [Fri, 17 Jul 2015 17:05:00 +0000 (10:05 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Fixes all over the place.
The rockchip and imx fixes I missed while on holidays, so I've queued
them now which makes this a bit bigger.
The rest is misc amdgpu, radeon, i915 and armada.
I think the most important thing is the ioctl fix, we dropped the
avoid compat ball, so we get to add a compat wrapper.
There is also an i915 revert to avoid a regression with existing
userspace"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (43 commits)
drm/ttm: improve uncached page deallocation.
drm/ttm: fix uncached page deallocation to properly fill page pool v3.
drm/amdgpu/dce8: Re-set VBLANK interrupt state when enabling a CRTC
drm/radeon/ci: silence a harmless PCC warning
drm/amdgpu/cz: silence some dpm debug output
drm/amdgpu/cz: store the forced dpm level
drm/amdgpu/cz: unforce dpm levels before forcing to low/high
drm/amdgpu: remove bogus check in gfx8 rb setup
drm/amdgpu: set proper index/data pair for smc regs on CZ (v2)
drm/amdgpu: disable the IP module if early_init returns -ENOENT (v2)
drm/amdgpu: stop context leak in the error path
drm/amdgpu: validate the context id in the dependencies
drm/radeon: fix user ptr race condition
drm/radeon: Don't flush the GART TLB if rdev->gart.ptr == NULL
drm/radeon: add a dpm quirk for Sapphire Radeon R9 270X 2GB GDDR5
drm/armada: avoid saving the adjusted mode to crtc->mode
drm/armada: fix overlay when partially off-screen
drm/armada: convert overlay to use drm_plane_helper_check_update()
drm/armada: fix gem object free after failed prime import
drm/armada: fix incorrect overlay plane cleanup
...
Russell King [Fri, 17 Jul 2015 09:33:04 +0000 (10:33 +0100)]
ARM: fix __virt_to_idmap build error on !MMU
Fengguang Wu reports that building ARM with !MMU results in the
following build error:
arch/arm/kernel/built-in.o: In function `__soft_restart':
>> :(.text+0x1624): undefined reference to `arch_virt_to_idmap'
Fix this by adding an appropriate IS_ENABLED(CONFIG_MMU) into the
__virt_to_idmap() inline function.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Wed, 8 Jul 2015 23:30:24 +0000 (00:30 +0100)]
ARM: invalidate L1 before enabling coherency
We must invalidate the L1 cache before enabling coherency, otherwise
secondary CPUs can inject invalid cache lines into the coherent CPU
cluster, which could then be migrated to other CPUs. This fixes a
recent regression with SoCFPGA randomly failing to boot.
Fixes:
02b4e2756e01 ("ARM: v7 setup function should invalidate L1 cache")
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Marek Szyprowski [Wed, 8 Jul 2015 12:21:55 +0000 (13:21 +0100)]
ARM: 8404/1: dma-mapping: fix off-by-one error in bitmap size check
nr_bitmaps member of mapping structure stores the number of already
allocated bitmaps and it is interpreted as loop iterator (it starts from
0 not from 1), so a comparison against number of possible bitmap
extensions should include this fact. This patch fixes this by changing
the extension failure condition. This issue has been introduced by
commit
4d852ef8c2544ce21ae41414099a7504c61164a0 ("arm: dma-mapping: Add
support to extend DMA IOMMU mappings").
Reported-by: Hyungwon Hwang <human.hwang@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Hyungwon Hwang <human.hwang@samsung.com>
Cc: stable@vger.kernel.org # v3.15+
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Stephen Boyd [Tue, 7 Jul 2015 17:17:05 +0000 (18:17 +0100)]
ARM: 8402/1: perf: Don't use of_node after putting it
It's possible, albeit unlikely, that using the of_node here will
reference freed memory. Call of_node_put() after printing the
name to be safe.
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Vitaly Andrianov [Mon, 6 Jul 2015 15:43:18 +0000 (16:43 +0100)]
ARM: 8400/1: use virt_to_idmap to get phys_reset address
This patch is to get correct physical address of the reset function for
PAE systems, which use aliased physical memory for booting.
See the "ARM: mm: Introduce virt_to_idmap() with an arch hook" for details.
Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Arik Nemtsov [Wed, 8 Jul 2015 12:41:44 +0000 (15:41 +0300)]
cfg80211: use RTNL locked reg_can_beacon for IR-relaxation
The RTNL is required to check for IR-relaxation conditions that allow
more channels to beacon. Export an RTNL locked version of reg_can_beacon
and use it where possible in AP/STA interface type flows, where
IR-relaxation may be applicable.
Fixes:
06f207fc5418 ("cfg80211: change GO_CONCURRENT to IR_CONCURRENT for STA")
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bob Copeland [Tue, 14 Jul 2015 12:31:56 +0000 (08:31 -0400)]
mac80211: add missing length check for confirm frames
Although mesh_rx_plink_frame() already checks that frames have enough
bytes for the action code plus another two bytes for capability/reason
code, it doesn't take into account that confirm frames also have an
additional two-byte aid. As a result, a corrupt frame could cause a
subsequent subtraction to wrap around to ill effect. Add another
check for this case.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bob Copeland [Tue, 14 Jul 2015 12:31:55 +0000 (08:31 -0400)]
mac80211: correct aid location in peering frames
According to 802.11-2012 8.5.16.3.2 AID comes directly after the
capability bytes in mesh peering confirm frames. The existing
code, however, was adding a 2 byte offset to this location,
resulting in garbage data going out over the air. Remove the
offset to fix it.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Thomas Petazzoni [Thu, 9 Jul 2015 13:35:15 +0000 (15:35 +0200)]
wireless: regulatory: reduce log level of CRDA related messages
With a basic Linux userspace, the messages "Calling CRDA to update
world regulatory domain" appears 10 times after boot every second or
so, followed by a final "Exceeded CRDA call max attempts. Not calling
CRDA". For those of us not having the corresponding userspace parts,
having those messages repeatedly displayed at boot time is a bit
annoying, so this commit reduces their log level to pr_debug().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ingo Molnar [Fri, 17 Jul 2015 12:17:19 +0000 (14:17 +0200)]
Merge tag 'perf-urgent-for-mingo' of git://git./linux/kernel/git/acme/linux into perf/urgent
Pull perf/urgent fixes from Arnaldo Carvalho de Melo:
- Fix misplaced check for HAVE_SYNC_COMPARE_AND_SWAP_SUPPORT in
the auxtrace code, which made 'perf record' fail straight away
in some architectures, even when auxtrace wasn't involved. (Adrian Hunter)
- Really allow to specify custom CC, AR or LD (Alexey Brodkin)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:41 +0000 (10:29 -0700)]
x86/entry/64, x86/nmi/64: Add CONFIG_DEBUG_ENTRY NMI testing code
It turns out to be rather tedious to test the NMI nesting code.
Make it easier: add a new CONFIG_DEBUG_ENTRY option that causes
the NMI handler to pre-emptively unmask NMIs.
With this option set, errors in the repeat_nmi logic or failures
to detect that we're in a nested NMI will result in quick panics
under perf (especially if multiple counters are running at high
frequency) instead of requiring an unusual workload that
generates page faults or breakpoints inside NMIs.
I called it CONFIG_DEBUG_ENTRY instead of CONFIG_DEBUG_NMI_ENTRY
because I want to add new non-NMI checks elsewhere in the entry
code in the future, and I'd rather not add too many new config
options or add this option and then immediately rename it.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:40 +0000 (10:29 -0700)]
x86/nmi/64: Make the "NMI executing" variable more consistent
Currently, "NMI executing" is one the first time an outermost
NMI hits repeat_nmi and zero thereafter. Change it to be zero
each time for consistency.
This is intended to help NMI handling fail harder if it's buggy.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:39 +0000 (10:29 -0700)]
x86/nmi/64: Minor asm simplification
Replace LEA; MOV with an equivalent SUB. This saves one
instruction.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:38 +0000 (10:29 -0700)]
x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection
We have a tricky bug in the nested NMI code: if we see RSP
pointing to the NMI stack on NMI entry from kernel mode, we
assume that we are executing a nested NMI.
This isn't quite true. A malicious userspace program can point
RSP at the NMI stack, issue SYSCALL, and arrange for an NMI to
happen while RSP is still pointing at the NMI stack.
Fix it with a sneaky trick. Set DF in the region of code that
the RSP check is intended to detect. IRET will clear DF
atomically.
( Note: other than paravirt, there's little need for all this
complexity. We could check RIP instead of RSP. )
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:37 +0000 (10:29 -0700)]
x86/nmi/64: Reorder nested NMI checks
Check the repeat_nmi .. end_repeat_nmi special case first. The
next patch will rework the RSP check and, as a side effect, the
RSP check will no longer detect repeat_nmi .. end_repeat_nmi, so
we'll need this ordering of the checks.
Note: this is more subtle than it appears. The check for
repeat_nmi .. end_repeat_nmi jumps straight out of the NMI code
instead of adjusting the "iret" frame to force a repeat. This
is necessary, because the code between repeat_nmi and
end_repeat_nmi sets "NMI executing" and then writes to the
"iret" frame itself. If a nested NMI comes in and modifies the
"iret" frame while repeat_nmi is also modifying it, we'll end up
with garbage. The old code got this right, as does the new
code, but the new code is a bit more explicit.
If we were to move the check right after the "NMI executing"
check, then we'd get it wrong and have random crashes.
( Because the "NMI executing" check would jump to the code that would
modify the "iret" frame without checking if the interrupted NMI was
currently modifying it. )
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:36 +0000 (10:29 -0700)]
x86/nmi/64: Improve nested NMI comments
I found the nested NMI documentation to be difficult to follow.
Improve the comments.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:35 +0000 (10:29 -0700)]
x86/nmi/64: Switch stacks on userspace NMI entry
Returning to userspace is tricky: IRET can fail, and ESPFIX can
rearrange the stack prior to IRET.
The NMI nesting fixup relies on a precise stack layout and
atomic IRET. Rather than trying to teach the NMI nesting fixup
to handle ESPFIX and failed IRET, punt: run NMIs that came from
user mode on the normal kernel stack.
This will make some nested NMIs visible to C code, but the C
code is okay with that.
As a side effect, this should speed up perf: it eliminates an
RDMSR when NMIs come from user mode.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:34 +0000 (10:29 -0700)]
x86/nmi/64: Remove asm code that saves CR2
Now that do_nmi saves CR2, we don't need to save it in asm.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Andy Lutomirski [Wed, 15 Jul 2015 17:29:33 +0000 (10:29 -0700)]
x86/nmi: Enable nested do_nmi() handling for 64-bit kernels
32-bit kernels handle nested NMIs in C. Enable the exact same
handling on 64-bit kernels as well. This isn't currently
necessary, but it will become necessary once the asm code starts
allowing limited nesting.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Marc Zyngier [Fri, 17 Jul 2015 09:46:42 +0000 (10:46 +0100)]
irqchip/gicv3-its: Fix mapping of LPIs to collections
The GICv3 ITS architecture allows a given [DevID, EventID] pair to be
translated to a [LPI, Collection] pair, where DevID is the device writing
the MSI, EventID is the payload being written, LPI is the actual
interrupt number, and Collection is roughly equivalent to a target CPU.
Each LPI can be mapped to a separate collection, but the ITS driver
insists on maintaining the collection on a device basis, instead of doing
it on a per interrupt basis.
This is obviously flawed, and this patch fixes it by adding a per interrupt
index that indicates which collection number is in use.
Reported-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: <linux-arm-kernel@lists.infradead.org>
Cc: Jason Cooper <jason@lakedaemon.net>
Cc: stable@vger.kernel.org # 4.1, 4.0
Link: http://lkml.kernel.org/r/1437126402-11677-1-git-send-email-marc.zyngier@arm.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Thomas Gleixner [Thu, 16 Jul 2015 12:10:17 +0000 (14:10 +0200)]
genirq: Prevent resend to interrupts marked IRQ_NESTED_THREAD
The resend mechanism happily calls the interrupt handler of interrupts
which are marked IRQ_NESTED_THREAD from softirq context. This can
result in crashes because the interrupt handler is not the proper way
to invoke the device handlers. They must be invoked via
handle_nested_irq.
Prevent the resend even if the interrupt has no valid parent irq
set. Its better to have a lost interrupt than a crashing machine.
Reported-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Johannes Berg [Wed, 8 Jul 2015 12:41:50 +0000 (15:41 +0300)]
mac80211: shut down interfaces before destroying interface list
If the hardware is unregistered while interfaces are up, mac80211 will
unregister all interfaces, which in turns causes mac80211 to be called
again to remove them all from the driver and eventually shut down the
hardware.
During this shutdown, however, it's currently already unsafe to iterate
the list of interfaces atomically, as the list is manipulated in an
unsafe manner. This puts an undue burden on the driver - it must stop
all its activities before calling ieee80211_unregister_hw(), while in
the normal stop path it can do all cleanup in the stop method. If, for
example, it's using the iteration during RX for some reason, it would
have to stop RX before unregistering to avoid crashes.
Fix this problem by closing all interfaces before unregistering them.
This will cause the driver stop to have completed before we manipulate
the interface list, and after the driver is stopped *and* has called
ieee80211_unregister_hw() it really musn't be iterating any more as
the memory will be freed as well.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Chaitanya T K [Wed, 10 Jun 2015 13:42:31 +0000 (19:12 +0530)]
mac80211: wowlan: enable powersave if suspend while ps-polling
If for any reason we're in the middle of PS-polling or awake after
TX due to dynamic powersave while going to suspend, go back to save
power. This might cause a response frame to get lost, but since we
can't really wait for it while going to suspend that's still better
than not enabling powersave which would cause higher power usage
during (and possibly even after) suspend.
Note that this really only affects the very few drivers that use
the powersave implementation in mac80211.
Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com>
[rewrite misleading commit log]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Michal Kazior [Thu, 2 Jul 2015 07:59:56 +0000 (09:59 +0200)]
mac80211: don't clear all tx flags when requeing
When acting as AP and a PS-Poll frame is received
associated station is marked as one in a Service
Period. This state is kept until Tx status for
released frame is reported. While a station is in
Service Period PS-Poll frames are ignored.
However if PS-Poll was received during A-MPDU
teardown it was possible to have the to-be
released frame re-queued back to pending queue.
In such case the frame was stripped of 2 important
flags:
(a) IEEE80211_TX_CTL_NO_PS_BUFFER
(b) IEEE80211_TX_STATUS_EOSP
Stripping of (a) led to the frame that was to be
released to be queued back to ps_tx_buf queue. If
station remained to use only PS-Poll frames the
re-queued frame (and new ones) was never actually
transmitted because mac80211 would ignore
subsequent PS-Poll frames due to station being in
Service Period. There was nothing left to clear
the Service Period bit (no xmit -> no tx status ->
no SP end), i.e. the AP would have the station
stuck in Service Period. Beacon TIM would
repeatedly prompt station to poll for frames but
it would get none.
Once (a) is not stripped (b) becomes important
because it's the main condition to clear the
Service Period bit of the station when Tx status
for the released frame is reported back.
This problem was observed with ath9k acting as P2P
GO in some testing scenarios but isn't limited to
it. AP operation with mac80211 based Tx A-MPDU
control combined with clients using PS-Poll frames
is subject to this race.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Tom Hughes [Mon, 29 Jun 2015 18:41:49 +0000 (19:41 +0100)]
mac80211: clear subdir_stations when removing debugfs
If we don't do this, and we then fail to recreate the debugfs
directory during a mode change, then we will fail later trying
to add stations to this now bogus directory:
BUG: unable to handle kernel NULL pointer dereference at
0000006c
IP: [<
c0a92202>] mutex_lock+0x12/0x30
Call Trace:
[<
c0678ab4>] start_creating+0x44/0xc0
[<
c0679203>] debugfs_create_dir+0x13/0xf0
[<
f8a938ae>] ieee80211_sta_debugfs_add+0x6e/0x490 [mac80211]
Cc: stable@kernel.org
Signed-off-by: Tom Hughes <tom@compton.nu>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Kalle Valo [Fri, 17 Jul 2015 08:19:08 +0000 (11:19 +0300)]
Merge tag 'iwlwifi-for-kalle-2015-06-12' of https://git./linux/kernel/git/iwlwifi/iwlwifi-fixes
* bug fixes specific for 8000 series
* fix a crash in time events
* fix a crash in PCIe transport
* fix BT Coex code that prevented association on certain
devices (3160).
* revert the new RBD allocation model because it introduced
a bug when running on weak VM setups.
* a new device IDs
Jérôme Glisse [Thu, 9 Jul 2015 18:19:30 +0000 (14:19 -0400)]
drm/ttm: improve uncached page deallocation.
Calls to set_memory_wb() incure heavy TLB flush and IPI cost. To
minimize those wait until pool grow beyond batch size before
draining the pool.
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Reviewed-and-Tested-by: Michel Dänzer <michel@daenzer.net>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Jérôme Glisse [Thu, 9 Jul 2015 18:19:29 +0000 (14:19 -0400)]
drm/ttm: fix uncached page deallocation to properly fill page pool v3.
Current code never allowed the page pool to actualy fill in anyway.
This fix it, so that we only start freeing page from the pool when
we go over the pool size.
Changed since v1:
- Move the page batching optimization to its separate patch.
Changed since v2:
- Do not remove code part of the batching optimization with
this patch.
- Better commit message.
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Reviewed-and-Tested-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Krzysztof Kozlowski [Mon, 15 Jun 2015 04:54:29 +0000 (13:54 +0900)]
pinctrl: samsung: Remove old unused defines
Since
9a2c1c3b91aa ("pinctrl: samsung: Allow grouping multiple
pinmux/pinconf nodes") the defines for GPIO group and function names are
not used anywhere in the driver.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Inspired-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Sergei Shtylyov [Tue, 14 Jul 2015 21:56:52 +0000 (00:56 +0300)]
ravb: do not invalidate cache for RX buffer twice
First, dma_sync_single_for_cpu() shouldn't have been called in the first place
(it's a streaming DMA API), dma_unmap_single() should have been called instead.
Second, dma_unmap_single() call after handing the buffer to napi_gro_receive()
makes little sense. Moreover desc->dptr might not be valid at this point.
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 17 Jul 2015 04:10:53 +0000 (21:10 -0700)]
Merge tag 'pm+acpi-4.2-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fixes from Rafael Wysocki:
"These fix two bugs in the cpufreq core (including one recent
regression), fix a 4.0 PCI regression related to the ACPI resources
management and quieten an RCU-related lockdep complaint about a
tracepoint in the suspend-to-idle code.
Specifics:
- Fix a recently introduced issue in the cpufreq policy object
reinitialization that leads to CPU offline/online breakage (Viresh
Kumar)
- Make it possible to access frequency tables of offline CPUs which
is needed by thermal management code among other things (Viresh
Kumar)
- Fix an ACPI resource management regression introduced during the
4.0 cycle that may cause incorrect resource validation results to
appear in 32-bit x86 kernels due to silent truncation of 64-bit
values to 32-bit (Jiang Liu)
- Fix up an RCU-related lockdep complaint about suspicious RCU usage
in idle caused by using a suspend tracepoint in the core suspend-
to-idle code (Rafael J Wysocki)"
* tag 'pm+acpi-4.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / PCI: Fix regressions caused by resource_size_t overflow with 32-bit kernel
cpufreq: Allow freq_table to be obtained for offline CPUs
cpufreq: Initialize the governor again while restoring policy
suspend-to-idle: Prevent RCU from complaining about tick_freeze()
Linus Torvalds [Fri, 17 Jul 2015 03:57:25 +0000 (20:57 -0700)]
Merge tag 'platform-drivers-x86-v4.2-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
Pull x86 platform driver fixes from Darren Hart:
"Fix SMBIOS call handling and hwswitch state coherency in the
dell-laptop driver. Cleanups for intel_*_ipc drivers. Details:
dell-laptop:
- Do not cache hwswitch state
- Check return value of each SMBIOS call
- Clear buffer before each SMBIOS call
intel_scu_ipc:
- Move local memory initialization out of a mutex
intel_pmc_ipc:
- Update kerneldoc formatting
- Fix compiler casting warnings"
* tag 'platform-drivers-x86-v4.2-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
intel_scu_ipc: move local memory initialization out of a mutex
intel_pmc_ipc: Update kerneldoc formatting
dell-laptop: Do not cache hwswitch state
dell-laptop: Check return value of each SMBIOS call
dell-laptop: Clear buffer before each SMBIOS call
intel_pmc_ipc: Fix compiler casting warnings
Linus Torvalds [Fri, 17 Jul 2015 03:49:09 +0000 (20:49 -0700)]
Merge branch 'for-next' of git://git./linux/kernel/git/gerg/m68knommu
Pull m68knommu/coldfire fixes from Greg Ungerer:
"Contains build fixes and updates for the ColdFire defconfigs.
Specifically there is a couple of fixes that address problems building
allnoconfig. Also fix for enabling PCI bus on the M54xx family of
ColdFire"
* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k: enable PCI support for m5475evb defconfig
m68k: fix io functions for ColdFire/MMU/PCI case
m68knommu: update defconfig for ColdFire m5475evb
m68knommu: update defconfig for ColdFire m5407c3
m68knommu: update defconfig for ColdFire m5307c3
m68knommu: update defconfig for ColdFire m5275evb
m68knommu: update defconfig for ColdFire m5272c3
m68knommu: update defconfig for ColdFire m5249evb
m68knommu: update defconfig for m5208evb
m68knommu: make ColdFire SoC selection a choice
m68knommu: improve the clock configuration defaults
m68knommu: force setting of CONFIG_CLOCK_FREQ for ColdFire
Mike Snitzer [Fri, 17 Jul 2015 01:48:55 +0000 (21:48 -0400)]
dm cache: avoid calls to prealloc_free_structs() if possible
If no work was performed then prealloc_data_structs() wasn't ever called
so there isn't any need to call prealloc_free_structs().
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Mike Snitzer [Fri, 17 Jul 2015 01:26:10 +0000 (21:26 -0400)]
dm cache: avoid preallocation if no work in writeback_some_dirty_blocks()
Refactor writeback_some_dirty_blocks() to avoid prealloc_data_structs()
if the policy doesn't have any dirty blocks ready for writeback.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Mike Snitzer [Fri, 17 Jul 2015 01:16:31 +0000 (21:16 -0400)]
dm cache: do not wake_worker() in free_migration()
All methods that queue work call wake_worker() as you'd expect.
E.g. cell_defer, defer_bio, quiesce_migration (which is called by
writeback, promote, demote_then_promote, invalidate, discard, etc).
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Dave Airlie [Fri, 17 Jul 2015 00:25:02 +0000 (10:25 +1000)]
Merge branch 'drm-rockchip-2015-07-13' of https://github.com/markyzq/kernel-drm-rockchip into drm-fixes
misc rockchip fixes.
* 'drm-rockchip-2015-07-13' of https://github.com/markyzq/kernel-drm-rockchip:
drm/rockchip: vop: remove hardware cursor window
drm/rockchip: vop: switch cursor plane to window 3
drm/rockchip: Drop owner assignment from platform_driver
drm/rockchip: use drm_gem_mmap helpers
drm/rockchip: only call drm_fb_helper_hotplug_event if fb_helper present
drm/rockchip: Add BGR formats to VOP
Dave Airlie [Fri, 17 Jul 2015 00:24:34 +0000 (10:24 +1000)]
Merge tag 'imx-drm-fixes-2015-07-14' of git://git.pengutronix.de/git/pza/linux into drm-fixes
imx-drm: fixes for parallel-display, imx-tve, and ipu-common
These patches fix the parallel-display driver to use the standard OF
graph bindings for connecting a drm_panel via device tree instead of
an undocumented, driver specific device tree property, take care to
disable all IPU interrupts before setting up the irq chip to fix a
kexec lockup, and fix VGA output on i.MX53-QSB boards by correcting
the media bus format set by the imx-tve driver.
* tag 'imx-drm-fixes-2015-07-14' of git://git.pengutronix.de/git/pza/linux:
drm/imx: tve: fix media bus format for VGA output
GPU: ipu: fix lockup caused by pending chained interrupts
drm/imx: parallel-display: fix drm_panel support
Dave Airlie [Fri, 17 Jul 2015 00:06:04 +0000 (10:06 +1000)]
Merge branch 'drm-armada-fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm into drm-fixes
A range of fixes for the Armada DRM driver:
- A missing wakeup could result in overlay frames being delayed, causing
video playback to hiccup.
- Avoid unmapping a dma-buf attachment which was never mapped
- Fix the overlay when partially off the screen by switching to the
drm_plane_helper_check_update() helper and using the calculated
coordinates to set the start address.
- Remove an incorrect assignment to crtc->mode - which should be the
unadjusted mode.
- Fix a missing call to drm_plane_cleanup() in the overlay code.
* 'drm-armada-fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
drm/armada: avoid saving the adjusted mode to crtc->mode
drm/armada: fix overlay when partially off-screen
drm/armada: convert overlay to use drm_plane_helper_check_update()
drm/armada: fix gem object free after failed prime import
drm/armada: fix incorrect overlay plane cleanup
drm/armada: fix missing overlay wake-up
Dave Airlie [Thu, 16 Jul 2015 23:57:16 +0000 (09:57 +1000)]
Merge tag 'drm-intel-fixes-2015-07-15' of git://anongit.freedesktop.org/drm-intel into drm-fixes
Next batch of i915 fixes. Note that the compat32 patch here needs the drm
core one to be actually useful, I'll send you that one with a separate
drm-fixes pull request. One revert because a fix in -rc2 did break
existing userspace.
* tag 'drm-intel-fixes-2015-07-15' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Do not call intel_crtc_disable if the crtc is already disabled.
Revert "drm/i915: Declare the swizzling unknown for L-shaped configurations"
drm/i915: Forward all core DRM ioctls to core compat handling
drm/i915: fix oops in primary_check_plane
drm/i915: remove unused has_dma_mapping flag
drm/i915: Fix missing return warning for !CONFIG_DEBUGFS
drm/i915: avoid leaking DMA mappings
drm/i915: Snapshot seqno of most recently submitted request.
drm/i915: Store device pointer in contexts for late tracepoint usafe
Dave Airlie [Thu, 16 Jul 2015 23:56:00 +0000 (09:56 +1000)]
Merge tag 'topic/drm-fixes-2015-07-16' of git://anongit.freedesktop.org/drm-intel into drm-fixes
Ok next attempt at drm-fixes pull. Big thing really is just the compat32
one for addfb2.1.
* tag 'topic/drm-fixes-2015-07-16' of git://anongit.freedesktop.org/drm-intel:
drm: Provide compat ioctl for addfb2.1
Documentation: drm: Fix tablulation in KMS properties table
drm: add a check for x/y in drm_mode_setcrtc
drm/rockchip: use drm_gem_mmap helpers
Dave Airlie [Thu, 16 Jul 2015 23:39:23 +0000 (09:39 +1000)]
Merge branch 'drm-fixes-4.2' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
More radeon and amdgpu fixes for 4.2. Mostly amdgpu bug fixes.
* 'drm-fixes-4.2' of git://people.freedesktop.org/~agd5f/linux:
drm/amdgpu/dce8: Re-set VBLANK interrupt state when enabling a CRTC
drm/radeon/ci: silence a harmless PCC warning
drm/amdgpu/cz: silence some dpm debug output
drm/amdgpu/cz: store the forced dpm level
drm/amdgpu/cz: unforce dpm levels before forcing to low/high
drm/amdgpu: remove bogus check in gfx8 rb setup
drm/amdgpu: set proper index/data pair for smc regs on CZ (v2)
drm/amdgpu: disable the IP module if early_init returns -ENOENT (v2)
drm/amdgpu: stop context leak in the error path
drm/amdgpu: validate the context id in the dependencies
drm/radeon: fix user ptr race condition
drm/radeon: Don't flush the GART TLB if rdev->gart.ptr == NULL
drm/radeon: add a dpm quirk for Sapphire Radeon R9 270X 2GB GDDR5
Linus Torvalds [Thu, 16 Jul 2015 23:38:08 +0000 (16:38 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"A collection of fixes from the last few weeks that should go into the
current series. This contains:
- Various fixes for the per-blkcg policy data, fixing regressions
since 4.1. From Arianna and Tejun
- Code cleanup for bcache closure macros from me. Really just
flushing this out, it's been sitting in another branch for months
- FIELD_SIZEOF cleanup from Maninder Singh
- bio integrity oops fix from Mike
- Timeout regression fix for blk-mq from Ming Lei"
* 'for-linus' of git://git.kernel.dk/linux-block:
blk-mq: set default timeout as 30 seconds
NVMe: Reread partitions on metadata formats
bcache: don't embed 'return' statements in closure macros
blkcg: fix blkcg_policy_data allocation bug
blkcg: implement all_blkcgs list
blkcg: blkcg_css_alloc() should grab blkcg_pol_mutex while iterating blkcg_policy[]
blkcg: allow blkcg_pol_mutex to be grabbed from cgroup [file] methods
block/blk-cgroup.c: free per-blkcg data when freeing the blkcg
block: use FIELD_SIZEOF to calculate size of a field
bio integrity: do not assume bio_integrity_pool exists if bioset exists
Linus Torvalds [Thu, 16 Jul 2015 23:28:28 +0000 (16:28 -0700)]
Merge tag 'jfs-4.2' of git://github.com/kleikamp/linux-shaggy
Pull jfs fixes from David Kleikamp:
"A couple trivial fixes and an error path fix"
* tag 'jfs-4.2' of git://github.com/kleikamp/linux-shaggy:
jfs: clean up jfs_rename and fix out of order unlock
jfs: fix indentation on if statement
jfs: removed a prohibited space after opening parenthesis
Murali Karicheri [Thu, 16 Jul 2015 22:13:03 +0000 (18:13 -0400)]
ARM: keystone: dts: rename pcie nodes to help override status
Now that PCIe DT binding is disabled in SoC specific DTS,
we need a way to override it in a board specific DTS. So
rename the PCIe nodes accordingly.
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Signed-off-by: Santosh Shilimkar <ssantosh@kernel.org>
Murali Karicheri [Thu, 16 Jul 2015 22:12:57 +0000 (18:12 -0400)]
ARM: keystone: dts: fix dt bindings for PCIe
Currently PCIe DT bindings are broken. PCIe driver can't function
without having a SerDes driver that provide the phy configuration.
On K2E EVM, this causes problem since the EVM has Marvell SATA
controller present and with default values in the SerDes register,
it seems to pass the PCIe link check, but causes issues since
the configuration is not correct. The manifestation is that when
EVM is booted with NFS rootfs, the boot hangs. We shouldn't enable
PCIe on this EVM since to work, SerDes driver has to be present as
well. So by default, the PCIe DT binding should be disabled in SoC
specific DTS. It can be enabled in the board specific DTS when the
SerDes device driver is also present.
So fix the status of PCIe DT bindings in the SoC specific DTS to
"disabled". To enable PCIe, the status should be set to "ok" in
the EVM DTS file when SerDes driver support becomes available in
the upstream tree.
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Signed-off-by: Santosh Shilimkar <ssantosh@kernel.org>
Rafael J. Wysocki [Thu, 16 Jul 2015 21:47:19 +0000 (23:47 +0200)]
Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'acpi-resources'
* pm-cpuidle:
suspend-to-idle: Prevent RCU from complaining about tick_freeze()
* pm-cpufreq:
cpufreq: Allow freq_table to be obtained for offline CPUs
cpufreq: Initialize the governor again while restoring policy
* acpi-resources:
ACPI / PCI: Fix regressions caused by resource_size_t overflow with 32-bit kernel
Robert Jarzmik [Sat, 11 Jul 2015 19:33:06 +0000 (21:33 +0200)]
ARM: pxa: fix dm9000 platform data regression
Since dm9000 driver added support for a vcc regulator, platform data
based platforms have their ethernet broken, as the regulator claiming
returns -EPROBE_DEFER and prevents dm9000 loading.
This patch fixes this for all pxa boards using dm9000, by using the
specific regulator_has_full_constraints() function.
This was discovered and tested on the cm-x300 board.
Fixes:
7994fe55a4a2 ("dm9000: Add regulator and reset support to dm9000")
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
Michel Dänzer [Thu, 9 Jul 2015 09:24:24 +0000 (18:24 +0900)]
drm/amdgpu/dce8: Re-set VBLANK interrupt state when enabling a CRTC
Something (ATOM BIOS?) seems to be clobbering the LB_INTERRUPT_MASK
register while the CRTC is off, which caused e.g. glxgears or
gnome-shell to hang after a modeset.
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Alex Deucher [Thu, 16 Jul 2015 14:17:09 +0000 (10:17 -0400)]
drm/radeon/ci: silence a harmless PCC warning
This has been a source of confusion. Make it debug only.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Alex Deucher [Tue, 14 Jul 2015 21:37:48 +0000 (17:37 -0400)]
drm/amdgpu/cz: silence some dpm debug output
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Alex Deucher [Tue, 14 Jul 2015 16:29:00 +0000 (12:29 -0400)]
drm/amdgpu/cz: store the forced dpm level
So the selected forced level shows up properly in sysfs.
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Alex Deucher [Tue, 14 Jul 2015 16:26:41 +0000 (12:26 -0400)]
drm/amdgpu/cz: unforce dpm levels before forcing to low/high
This is necessary to properly reset the min/max limits before
clamping them otherwise we may get improper clamping depending
on what what was the last forced level.
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Alex Deucher [Fri, 10 Jul 2015 21:05:31 +0000 (17:05 -0400)]
drm/amdgpu: remove bogus check in gfx8 rb setup
Always respect the harvest configuration as is.
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Alex Deucher [Fri, 10 Jul 2015 20:21:10 +0000 (16:21 -0400)]
drm/amdgpu: set proper index/data pair for smc regs on CZ (v2)
v2: squash in later fix
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Alex Deucher [Fri, 10 Jul 2015 17:59:44 +0000 (13:59 -0400)]
drm/amdgpu: disable the IP module if early_init returns -ENOENT (v2)
If we run into a part with a harvest configuration where the entire
IP block is unusable, just disable the IP block.
v2: fix logic as noted by Christian
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Christian König [Tue, 7 Jul 2015 15:27:03 +0000 (17:27 +0200)]
drm/amdgpu: stop context leak in the error path
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Christian König [Mon, 6 Jul 2015 17:42:10 +0000 (19:42 +0200)]
drm/amdgpu: validate the context id in the dependencies
Just to make sure userspace don't send nonsense to the kernel.
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Christian König [Tue, 14 Jul 2015 13:58:30 +0000 (15:58 +0200)]
drm/radeon: fix user ptr race condition
Port of amdgpu patch
9298e52f8b51d1e4acd68f502832f3a97f8cf892.
Signed-off-by: Christian König <christian.koenig@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Michel Dänzer [Fri, 3 Jul 2015 01:02:27 +0000 (10:02 +0900)]
drm/radeon: Don't flush the GART TLB if rdev->gart.ptr == NULL
This can be the case when the GPU is powered off, e.g. via vgaswitcheroo
or runpm. When the GPU is powered up again, radeon_gart_table_vram_pin
flushes the TLB after setting rdev->gart.ptr to non-NULL.
Fixes panic on powering off R7xx GPUs.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=61529
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Alex Deucher [Fri, 10 Jul 2015 01:08:17 +0000 (21:08 -0400)]
drm/radeon: add a dpm quirk for Sapphire Radeon R9 270X 2GB GDDR5
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=76490
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Ming Lei [Thu, 16 Jul 2015 11:53:22 +0000 (19:53 +0800)]
blk-mq: set default timeout as 30 seconds
It is reasonable to set default timeout of request as 30 seconds instead of
30000 ticks, which may be 300 seconds if HZ is 100, for example, some arm64
based systems may choose 100 HZ.
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Fixes:
c76cbbcf4044 ("blk-mq: put blk_queue_rq_timeout together in blk_mq_init_queue()"
Signed-off-by: Jens Axboe <axboe@fb.com>
Mike Snitzer [Wed, 15 Jul 2015 15:42:59 +0000 (11:42 -0400)]
dm cache: display 'needs_check' in status if it is set
There is currently no way to see that the needs_check flag has been set
in the metadata. Display 'needs_check' in the cache status if it is set
in the cache metadata.
Also, update cache documentation.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Mike Snitzer [Wed, 15 Jul 2015 15:40:24 +0000 (11:40 -0400)]
dm thin: display 'needs_check' in status if it is set
There is currently no way to see that the needs_check flag has been set
in the metadata. Display 'needs_check' in the thin-pool status if it is
set in the thinp metadata.
Also, update thinp documentation.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Mike Snitzer [Wed, 15 Jul 2015 20:52:04 +0000 (16:52 -0400)]
dm thin: stay in out-of-data-space mode once no_space_timeout expires
This fixes an issue where running out of data space would cause the
thin-pool's metadata to become read-only. There was no reason to make
metadata read-only -- calling set_pool_mode() with PM_READ_ONLY was a
misguided way to error all queued and future write IOs. We can
accomplish the same by degrading from PM_OUT_OF_DATA_SPACE to
PM_OUT_OF_DATA_SPACE with error_if_no_space enabled.
Otherwise, the use of PM_READ_ONLY could cause a race where commit() was
started before the PM_READ_ONLY transition but dm_pool_commit_metadata()
would go on to fail because the block manager had transitioned to
read-only. The return of -EPERM from dm_pool_commit_metadata(), due to
attempting to commit while in read-only mode, caused the thin-pool to
set 'needs_check' because a metadata_operation_failed(). This needless
cascade of failures makes life for users more difficult than needed.
Reported-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Jens Axboe [Mon, 13 Jul 2015 14:24:39 +0000 (08:24 -0600)]
scsi: fix host max depth checking for the 'queue_depth' sysfs interface
Commit
1e6f2416044c0 changed the scsi sysfs 'queue_depth' code to
rejects depths higher than the scsi host template setting. But lots
of hosts set this to 1, and update the settings in the scsi host
when the controller/devices probing happens.
This breaks (at least) mpt2sas and mpt3sas runtime setting of queue
depth, returning EINVAL for all settings but '1'. And once it's set to
1, there's no way to go back up.
Cc: stable@vger.kernel.org
Fixes:
1e6f2416044c0 "scsi: don't allow setting of queue_depth bigger than can_queue"
Signed-off-by: Jens Axboe <axboe@fb.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Grygorii Strashko [Tue, 7 Jul 2015 14:34:49 +0000 (17:34 +0300)]
gpio: pca953x: fix nested irqs rescheduling
pca953x interrupt controller functionality is implemented using
nested threaded IRQs which require parent_irq to be configured
properly otherwise below warning can be seen if IRQ core
will try re-schedule nested IRQ:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 12 at kernel/irq/manage.c:696 irq_nested_primary_handler+0x30/0x38()
Primary handler called for nested irq 301
Modules linked in: uinput ipv6 smsc95xx usbnet mii imx2_wdt etnaviv(C) matrix_keypad matrix_keymap ar1021_i2c
CPU: 1 PID: 12 Comm: ksoftirqd/1 Tainted: G WC 4.1.1 #9
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Backtrace:
[<
c0013298>] (dump_backtrace) from [<
c0013488>] (show_stack+0x20/0x24)
[<
c0013468>] (show_stack) from [<
c05743c4>] (dump_stack+0x70/0xc0)
[<
c0574354>] (dump_stack) from [<
c002b7b8>] (warn_slowpath_common+0x88/0xc0)
[<
c002b730>] (warn_slowpath_common) from [<
c002b8ac>] (warn_slowpath_fmt+0x40/0x48)
[<
c002b870>] (warn_slowpath_fmt) from [<
c0075798>] (irq_nested_primary_handler+0x30/0x38)
[<
c0075768>] (irq_nested_primary_handler) from [<
c0075200>] (handle_irq_event_percpu+0x70/0x2d0)
[<
c0075190>] (handle_irq_event_percpu) from [<
c00754ac>] (handle_irq_event+0x4c/0x6c)
[<
c0075460>] (handle_irq_event) from [<
c0078204>] (handle_simple_irq+0xa4/0xc8)
[<
c0078160>] (handle_simple_irq) from [<
c0077cd4>] (resend_irqs+0x50/0x7c)
[<
c0077c84>] (resend_irqs) from [<
c002f99c>] (tasklet_action+0x94/0x140)
[<
c002f908>] (tasklet_action) from [<
c002eea8>] (__do_softirq+0xa0/0x3c8)
[<
c002ee08>] (__do_softirq) from [<
c002f208>] (run_ksoftirqd+0x38/0x54)
[<
c002f1d0>] (run_ksoftirqd) from [<
c004b1e4>] (smpboot_thread_fn+0x1f8/0x2f0)
[<
c004afec>] (smpboot_thread_fn) from [<
c0047744>] (kthread+0xe8/0x104)
[<
c004765c>] (kthread) from [<
c000fac8>] (ret_from_fork+0x14/0x2c)
---[ end trace
96052cda48865769 ]---
The issue was reported and described in details by Lothar Waßmann and
Christian Gmeiner in https://lkml.org/lkml/2014/9/9/123.
Fix it by adding missed call of gpiochip_set_chained_irqchip()
so GPIO IRQ chip helpers will set parent_irq for nested IRQs
properly.
Reported-by: Lothar Waßmann <LW@KARO-electronics.de>
Tested-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Seymour, Shane M [Thu, 2 Jul 2015 12:01:10 +0000 (12:01 +0000)]
st: null pointer dereference panic caused by use after kref_put by st_open
Two SLES11 SP3 servers encountered similar crashes simultaneously
following some kind of SAN/tape target issue:
...
qla2xxx [0000:81:00.0]-801c:3: Abort command issued nexus=3:0:2 -- 1 2002.
qla2xxx [0000:81:00.0]-801c:3: Abort command issued nexus=3:0:2 -- 1 2002.
qla2xxx [0000:81:00.0]-8009:3: DEVICE RESET ISSUED nexus=3:0:2 cmd=
ffff882f89c2c7c0.
qla2xxx [0000:81:00.0]-800c:3: do_reset failed for cmd=
ffff882f89c2c7c0.
qla2xxx [0000:81:00.0]-800f:3: DEVICE RESET FAILED: Task management failed nexus=3:0:2 cmd=
ffff882f89c2c7c0.
qla2xxx [0000:81:00.0]-8009:3: TARGET RESET ISSUED nexus=3:0:2 cmd=
ffff882f89c2c7c0.
qla2xxx [0000:81:00.0]-800c:3: do_reset failed for cmd=
ffff882f89c2c7c0.
qla2xxx [0000:81:00.0]-800f:3: TARGET RESET FAILED: Task management failed nexus=3:0:2 cmd=
ffff882f89c2c7c0.
qla2xxx [0000:81:00.0]-8012:3: BUS RESET ISSUED nexus=3:0:2.
qla2xxx [0000:81:00.0]-802b:3: BUS RESET SUCCEEDED nexus=3:0:2.
qla2xxx [0000:81:00.0]-505f:3: Link is operational (8 Gbps).
qla2xxx [0000:81:00.0]-8018:3: ADAPTER RESET ISSUED nexus=3:0:2.
qla2xxx [0000:81:00.0]-00af:3: Performing ISP error recovery - ha=
ffff88bf04d18000.
rport-3:0-0: blocked FC remote port time out: removing target and saving binding
qla2xxx [0000:81:00.0]-505f:3: Link is operational (8 Gbps).
qla2xxx [0000:81:00.0]-8017:3: ADAPTER RESET SUCCEEDED nexus=3:0:2.
rport-2:0-0: blocked FC remote port time out: removing target and saving binding
sg_rq_end_io: device detached
BUG: unable to handle kernel NULL pointer dereference at
00000000000002a8
IP: [<
ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
PGD
7e6586f067 PUD
7e5af06067 PMD 0 [
1739975.390354] Oops: 0002 [#1] SMP
CPU 0
...
Supported: No, Proprietary modules are loaded [
1739975.390463]
Pid: 27965, comm: ABCD Tainted: PF X 3.0.101-0.29-default #1 HP ProLiant DL580 Gen8
RIP: 0010:[<
ffffffff8133b268>] [<
ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
RSP: 0018:
ffff8839dc1e7c68 EFLAGS:
00010202
RAX:
0000000000000000 RBX:
ffff883f0592fc00 RCX:
0000000000000090
RDX:
0000000000000000 RSI:
0000000000000004 RDI:
0000000000000138
RBP:
0000000000000138 R08:
0000000000000010 R09:
ffffffff81bd39d0
R10:
00000000000009c0 R11:
ffffffff81025790 R12:
0000000000000001
R13:
ffff883022212b80 R14:
0000000000000004 R15:
ffff883022212b80
FS:
00007f8e54560720(0000) GS:
ffff88407f800000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
00000000000002a8 CR3:
0000007e6ced6000 CR4:
00000000001407f0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process ABCD (pid: 27965, threadinfo
ffff8839dc1e6000, task
ffff883592e0c640)
Stack:
ffff883f0592fc00 00000000fffffffa 0000000000000001 ffff883022212b80
ffff883eff772400 ffffffffa03fa309 0000000000000000 0000000000000000
ffffffffa04003a0 ffff883f063196c0 ffff887f0379a930 ffffffff8115ea1e
Call Trace:
[<
ffffffffa03fa309>] st_open+0x129/0x240 [st]
[<
ffffffff8115ea1e>] chrdev_open+0x13e/0x200
[<
ffffffff811588a8>] __dentry_open+0x198/0x310
[<
ffffffff81167d74>] do_last+0x1f4/0x800
[<
ffffffff81168fe9>] path_openat+0xd9/0x420
[<
ffffffff8116946c>] do_filp_open+0x4c/0xc0
[<
ffffffff8115a00f>] do_sys_open+0x17f/0x250
[<
ffffffff81468d92>] system_call_fastpath+0x16/0x1b
[<
00007f8e4f617fd0>] 0x7f8e4f617fcf
Code: eb d3 90 48 83 ec 28 40 f6 c6 04 48 89 6c 24 08 4c 89 74 24 20 48 89 fd 48 89 1c 24 4c 89 64 24 10 41 89 f6 4c 89 6c 24 18 74 11 <f0> ff 8f 70 01 00 00 0f 94 c0 45 31 ed 84 c0 74 2b 4c 8d a5 a0
RIP [<
ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
RSP <
ffff8839dc1e7c68>
CR2:
00000000000002a8
Analysis reveals the cause of the crash to be due to STp->device
being NULL. The pointer was NULLed via scsi_tape_put(STp) when it
calls scsi_tape_release(). In st_open() we jump to err_out after
scsi_block_when_processing_errors() completes and returns the
device as offline (sdev_state was SDEV_DEL):
1180 /* Open the device. Needs to take the BKL only because of incrementing the SCSI host
1181 module count. */
1182 static int st_open(struct inode *inode, struct file *filp)
1183 {
1184 int i, retval = (-EIO);
1185 int resumed = 0;
1186 struct scsi_tape *STp;
1187 struct st_partstat *STps;
1188 int dev = TAPE_NR(inode);
1189 char *name;
...
1217 if (scsi_autopm_get_device(STp->device) < 0) {
1218 retval = -EIO;
1219 goto err_out;
1220 }
1221 resumed = 1;
1222 if (!scsi_block_when_processing_errors(STp->device)) {
1223 retval = (-ENXIO);
1224 goto err_out;
1225 }
...
1264 err_out:
1265 normalize_buffer(STp->buffer);
1266 spin_lock(&st_use_lock);
1267 STp->in_use = 0;
1268 spin_unlock(&st_use_lock);
1269 scsi_tape_put(STp); <-- STp->device = 0 after this
1270 if (resumed)
1271 scsi_autopm_put_device(STp->device);
1272 return retval;
The ref count for the struct scsi_tape had already been reduced
to 1 when the .remove method of the st module had been called.
The kref_put() in scsi_tape_put() caused scsi_tape_release()
to be called:
0266 static void scsi_tape_put(struct scsi_tape *STp)
0267 {
0268 struct scsi_device *sdev = STp->device;
0269
0270 mutex_lock(&st_ref_mutex);
0271 kref_put(&STp->kref, scsi_tape_release); <-- calls this
0272 scsi_device_put(sdev);
0273 mutex_unlock(&st_ref_mutex);
0274 }
In scsi_tape_release() the struct scsi_device in the struct
scsi_tape gets set to NULL:
4273 static void scsi_tape_release(struct kref *kref)
4274 {
4275 struct scsi_tape *tpnt = to_scsi_tape(kref);
4276 struct gendisk *disk = tpnt->disk;
4277
4278 tpnt->device = NULL; <<<---- where the dev is nulled
4279
4280 if (tpnt->buffer) {
4281 normalize_buffer(tpnt->buffer);
4282 kfree(tpnt->buffer->reserved_pages);
4283 kfree(tpnt->buffer);
4284 }
4285
4286 disk->private_data = NULL;
4287 put_disk(disk);
4288 kfree(tpnt);
4289 return;
4290 }
Although the problem was reported on SLES11.3 the problem appears
in linux-next as well.
The crash is fixed by reordering the code so we no longer access
the struct scsi_tape after the kref_put() is done on it in st_open().
Signed-off-by: Shane Seymour <shane.seymour@hp.com>
Signed-off-by: Darren Lavender <darren.lavender@hp.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com>
Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi>
Cc: stable@vger.kernel.org
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Grygorii Strashko [Thu, 25 Jun 2015 15:13:33 +0000 (18:13 +0300)]
gpio: omap: prevent module from being unloaded while in use
OMAP GPIO driver allowed to be built as loadable module, but it
doesn't set owner field in GPIO chip structure. As result,
module_get/put() API is not working and it's possible to unload
OMAP driver while in use:
omap_gpio
48051000.gpio: REMOVING GPIOCHIP WITH GPIOS STILL REQUESTED
Hence, add missing configuration.
Cc: Tony Lindgren <tony@atomide.com>
Fixes:
cac089f9026e ('gpio: omap: Allow building as a loadable module')
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Marek Vasut [Tue, 30 Jun 2015 18:04:18 +0000 (20:04 +0200)]
gpio: max732x: Add missing dev reference to gpiochip
In case the gpiochip doesn't have the .dev field set, as is the case
in here, it is not possible to reference this device in DT as a GPIO
controller. A good example of this problem is that gpio-leds can not
be used when connected to this chip, the gpio-leds driver bails out
with -EPROBE_DEFER.
Fix this problem by setting the .dev field of the gpio_chip to the
parent i2c device.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Alexandre Courbot <gnurou@gmail.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Mans Rullgard <mans@mansr.com>
Cc: Olaf Mandel <o.mandel@menlosystems.com>
Cc: Semen Protsenko <semen.protsenko@globallogic.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Raphaël Teysseyre [Wed, 24 Jun 2015 07:19:45 +0000 (09:19 +0200)]
gpio/xilinx: Use correct address when setting initial values.
xgpio_save_regs() is used in this driver to setup the initial
values of the registers in the hardware.
The relevant registers at that time are:
0x0 -> channel 0 data (32 bits, one for each GPIO on this channel).
0x4 -> channel 0 tri, controls in/out status for each GPIO of this channel.
0x8 -> channel 1 data
0xC -> channel 1 tri
gpio-xilinx.c defines these:
XGPIO_DATA_OFFSET (0x0)
XGPIO_TRI_OFFSET (0x4)
XGPIO_CHANNEL_OFFSET 0x8
Before this patch, the "data" register value of channel 1 was written
at 0x4 intead of 0x8 (overwriting the channel 0 "tri" register),
and the "tri" register value for channel 1 was written at 0x8 instead of 0xC.
Signed-off-by: Raphaël Teysseyre <rteysseyre@gmail.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Michal Simek [Thu, 25 Jun 2015 08:29:19 +0000 (10:29 +0200)]
gpio: zynq: Fix problem with unbalanced pm_runtime_enable
Add missing pm_runtime_disabled to remove().
Error log:
root@zynqmp:~# modprobe gpio_zynq
root@zynqmp:~# lsmod
Not tainted
gpio_zynq 7086 0 - Live 0xffffffbffc00a000
root@zynqmp:~# rmmod gpio_zynq
root@zynqmp:~# lsmod
Not tainted
root@zynqmp:~# modprobe gpio_zynq
[ 246.924438] zynq-gpio
ff0a0000.gpio: Unbalanced pm_runtime_enable!
root@zynqmp:~# rmmod gpio_zynq
root@zynqmp:~# lsmod
Not tainted
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Keith Packard [Wed, 15 Jul 2015 19:14:39 +0000 (12:14 -0700)]
ALSA: hda/realtek: Enable HP amp and mute LED on HP Folio 9480m [v3]
This laptop needs GPIO4 pulled high to enable the headphone amplifier,
and has a mute LED on GPIO3. I modelled the patch on the existing
GPIO4 code which pulls the line low for the same purpose; this time,
the HP amp line is pulled high.
v2: Disable the headphone amplifier when no headphone is connected.
Don't disable power savings to preserve the LED state.
v3: Remove headset-specific hooks and code; this is just a headphone.
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Grygorii Strashko [Wed, 24 Jun 2015 14:54:17 +0000 (17:54 +0300)]
gpio: omap: add missed spin_unlock_irqrestore in omap_gpio_irq_type
Add missed spin_unlock_irqrestore in omap_gpio_irq_type when
omap_set_gpio_triggering() is failed.
It fixes static checker warning:
drivers/gpio/gpio-omap.c:523 omap_gpio_irq_type()
warn: inconsistent returns 'spin_lock:&bank->lock'.
This fixes commit:
1562e4618ded ('gpio: omap: fix error handling in omap_gpio_irq_type')
Reported-by: Javier Martinez Canillas <javier@dowhile0.org>
Signed-off-by: Grygorii Strashko <grygorii.strashko@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stefan Agner [Mon, 18 May 2015 16:33:28 +0000 (18:33 +0200)]
can: mcp251x: get regulators optionally
The regulators power and transceiver are optional. If those are not
present, the pointer (or error pointer) is correctly handled by the
driver, hence we can use devm_regulator_get_optional safely, which
avoids regulators getting created.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Stefan Agner [Mon, 18 May 2015 16:33:27 +0000 (18:33 +0200)]
can: mcp251x: fix resume when device is down
If a valid power regulator or a dummy regulator is used (which
happens to be the case when no regulator is specified), restart_work
is queued no matter whether the device was running or not at suspend
time. Since work queues get initialized in the ndo_open callback,
resuming leads to a NULL pointer exception.
Reverse exactly the steps executed at suspend time:
- Enable the power regulator in any case
- Enable the transceiver regulator if the device was running, even in
case we have a power regulator
- Queue restart_work only in case the device was running
Fixes:
bf66f3736a94 ("can: mcp251x: Move to threaded interrupts instead of workqueues.")
Signed-off-by: Stefan Agner <stefan@agner.ch>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
David S. Miller [Thu, 16 Jul 2015 04:59:23 +0000 (21:59 -0700)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says:
====================
pull request: bluetooth 2015-07-15
Here's a regression fix for Broadcom Bluetooth adapters found at least
in certain Apple laptops. The issue was introduced in 4.1 so there's the
appropriate "Cc: stable" entry for it.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexei Starovoitov [Tue, 14 Jul 2015 19:15:19 +0000 (12:15 -0700)]
tc: act_bpf: fix memory leak
prog->bpf_ops is populated when act_bpf is used with classic BPF and
prog->bpf_name is optionally used with extended BPF.
Fix memory leak when act_bpf is released.
Fixes:
d23b8ad8ab23 ("tc: add BPF based action")
Fixes:
a8cb5f556b56 ("act_bpf: add initial eBPF support for actions")
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
WANG Cong [Tue, 14 Jul 2015 18:21:58 +0000 (11:21 -0700)]
fq_codel: fix return value of fq_codel_drop()
The ->drop() is supposed to return the number of bytes it dropped,
however fq_codel_drop() returns the index of the flow where it drops
a packet from.
Fix this by introducing a helper to wrap fq_codel_drop().
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
WANG Cong [Tue, 14 Jul 2015 18:21:57 +0000 (11:21 -0700)]
net_sched: fix a use-after-free in sfq
Fixes:
25331d6ce42b ("net: sched: implement qstat helper routines")
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 16 Jul 2015 04:33:40 +0000 (21:33 -0700)]
Merge branch 'ipvlan'
Konstantin Khlebnikov says:
====================
ipvlan: cleanups and fixes
v1: http://comments.gmane.org/gmane.linux.network/363346
v2: http://comments.gmane.org/gmane.linux.network/369086
v3 has reduced set of patches from "ipvlan: fix ipv6 autoconfiguration".
Here just cleanups and patch which ignores ipv6 notifications from RA.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>