* [PATCH 4.2 000/258] 4.2.4-stable review
@ 2015-10-18 1:55 Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 001/258] arm: KVM: Fix incorrect device to IPA mapping Greg Kroah-Hartman
` (238 more replies)
0 siblings, 239 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah.kh, stable
This is the start of the stable review cycle for the 4.2.4 release.
There are 258 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Tue Oct 20 01:46:04 UTC 2015.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.2.4-rc1.gz
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.2.4-rc1
Christoph Hellwig <hch@lst.de>
3w-9xxx: don't unmap bounce buffered commands
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()
Akinobu Mita <akinobu.mita@gmail.com>
blk-mq: avoid setting hctx->tags->cpumask before allocation
Joonsoo Kim <js1304@gmail.com>
mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1)
Raanan Avargil <raanan.avargil@intel.com>
e1000e: Fix tight loop implementation of systime read algorithm
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
serial: atmel: fix error path of probe function
Mans Rullgard <mans@mansr.com>
serial: 8250: add uart_config entry for PORT_RT2880
Jann Horn <jann@thejh.net>
drivers/tty: require read access for controlling terminal
Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c
covici@ccs.covici.com <covici@ccs.covici.com>
staging: speakup: fix speakup-r regression
Joe Thornber <ejt@redhat.com>
dm cache: fix NULL pointer when switching from cleaner policy
Junichi Nomura <j-nomura@ce.jp.nec.com>
dm: fix AB-BA deadlock in __dm_destroy()
Trond Myklebust <trond.myklebust@primarydata.com>
namei: results of d_is_negative() should be checked after dentry revalidation
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
clk: samsung: fix cpu clock's flags checking
Peter Ujfalusi <peter.ujfalusi@ti.com>
clk: ti: clk-7xx: Remove hardwired ABE clock configuration
Ben Dooks <ben.dooks@codethink.co.uk>
clk: ti: fix dual-registration of uart4_ick
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
cpufreq: acpi_cpufreq: prevent crash on reading freqdomain_cpus
Marcin Wojtas <mw@semihalf.com>
mmc: sdhci-pxav3: fix error handling of armada_38x_quirks
Nadav Haklai <nadavh@marvell.com>
mmc: sdhci-pxav3: disable clock inversion for HS MMC cards
Nadav Haklai <nadavh@marvell.com>
mmc: sdhci-pxav3: remove broken clock base quirk for Armada 38x sdhci driver
Kinglong Mee <kinglongmee@gmail.com>
nfs/filelayout: Fix NULL reference caused by double freeing of fh_array
NeilBrown <neilb@suse.com>
md/bitmap: don't pass -1 to bitmap_storage_alloc.
John Stultz <john.stultz@linaro.org>
clocksource: Fix abs() usage w/ 64bit values
Ben Hutchings <ben@decadent.org.uk>
genirq: Fix race in register_irq_proc()
Stefan Assmann <sassmann@kpanic.de>
igb: do not re-init SR-IOV during probe
Chas Williams <3chas3@gmail.com>
net/xen-netfront: only napi_synchronize() if running
Roger Pau Monne <roger.pau@citrix.com>
xen/blkback: free requests on disconnection
Andreas Schwab <schwab@linux-m68k.org>
m68k: Define asmlinkage_protect
Mark Salyzyn <salyzyn@android.com>
arm64: readahead: fault retry breaks mmap file read random detection
Li Bin <huawei.libin@huawei.com>
arm64: ftrace: fix function_graph tracer panic
Ard Biesheuvel <ard.biesheuvel@linaro.org>
arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions
Eric W. Biederman <ebiederm@xmission.com>
vfs: Test for and handle paths that are unreachable from their mnt_root
Eric W. Biederman <ebiederm@xmission.com>
dcache: Handle escaped paths in prepend_path
Chaotian Jing <chaotian.jing@mediatek.com>
mmc: core: fix dead loop of mmc_retune
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Don't return an error for CD/WP GPIOs when GPIOLIB is unset
Nicholas Bellinger <nab@linux-iscsi.org>
iscsi-target: Avoid OFMarker + IFMarker negotiation
Sudip Mukherjee <sudipm.mukherjee@gmail.com>
net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected
shengyong <shengyong1@huawei.com>
UBI: return ENOSPC if no enough space available
Richard Weinberger <richard@nod.at>
UBI: Validate data_size
Richard Weinberger <richard@nod.at>
UBIFS: Kill unneeded locking in ubifs_init_security
Christian Engelmayer <cengelma@gmx.at>
rsi: Fix possible leak when loading firmware
Paul Mackerras <paulus@ozlabs.org>
powerpc/MSI: Fix race condition in tearing down MSI interrupts
Kapileshwar Singh <kapileshwar.singh@arm.com>
tools lib traceevent: Fix string handling in heterogeneous arch environments
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Fix potentially broken skb network header access
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Fix potential synchronization issues in mcast tvlv handler
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Make MCAST capability changes atomic
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Make TT capability changes atomic
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Make NC capability changes atomic
Paul Burton <paul.burton@imgtec.com>
MIPS: CPS: #ifdef on CONFIG_MIPS_MT_SMP rather than CONFIG_MIPS_MT
Paul Burton <paul.burton@imgtec.com>
MIPS: CPS: Don't include MT code in non-MT kernels.
Paul Burton <paul.burton@imgtec.com>
MIPS: CPS: Stop dangling delay slot from has_mt.
James Hogan <james.hogan@imgtec.com>
MIPS: dma-default: Fix 32-bit fall back to GFP_DMA
Aurelien Jarno <aurelien@aurel32.net>
MIPS: BPF: Fix build on pre-R2 little endian CPUs
Aurelien Jarno <aurelien@aurel32.net>
MIPS: BPF: Avoid unreachable code on little endian
Alexander Sverdlin <alexander.sverdlin@gmail.com>
MIPS: bootmem: Fix mapstart calculation for contiguous maps
Guenter Roeck <linux@roeck-us.net>
MIPS: Fix console output for Fulong2e system
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: dt: Tolerance applies on both sides of target voltage
Borislav Petkov <bp@suse.de>
cpu/cacheinfo: Fix teardown path
Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests
Yao-Wen Mao <yaowen@google.com>
USB: Add reset-resume quirk for two Plantronics usb headphones.
Vincent Palatin <vpalatin@chromium.org>
usb: Add device quirk for Logitech PTZ cameras
Alexander Inyukhin <shurick@sectorb.msk.ru>
USB: chaoskey read offset bug
Felipe Balbi <balbi@ti.com>
usb: musb: cppi41: allow it to work again
Roger Quadros <rogerq@ti.com>
usb: phy: phy-generic: Fix reset behaviour on legacy boot
Mathias Nyman <mathias.nyman@linux.intel.com>
usb: Use the USB_SS_MULT() macro to get the burst multiplier.
Peter Chen <peter.chen@freescale.com>
usb: chipidea: udc: using the correct stall implementation
Bin Liu <b-liu@ti.com>
usb: musb: dsps: fix polling in device-only mode
Jann Horn <jann@thejh.net>
security: fix typo in security_task_prctl
Mark Brown <broonie@kernel.org>
regmap: debugfs: Don't bother actually printing when calculating max length
Mark Brown <broonie@kernel.org>
regmap: debugfs: Ensure we don't underflow when printing access masks
Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
ipr: Enable SIS pipe commands for SIS-32 devices.
Russell King <rmk+kernel@arm.linux.org.uk>
pcmcia: sa11x0: fix missing clk_put() in sa11x0 socket drivers
Michal Kazior <michal.kazior@tieto.com>
ath10k: wake up queue upon vif creation
Michal Kazior <michal.kazior@tieto.com>
ath10k: wake up offchannel queue properly
Michal Kazior <michal.kazior@tieto.com>
ath10k: fix peer limit enforcement
Michal Kazior <michal.kazior@tieto.com>
ath10k: reject 11b tx fragmentation configuration
Michal Kazior <michal.kazior@tieto.com>
ath10k: fix per-vif queue locking
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
device property: fix potential NULL pointer dereference
Heiko Stuebner <heiko@sntech.de>
PM / AVS: rockchip-io: depend on CONFIG_POWER_AVS
Dan Carpenter <dan.carpenter@oracle.com>
hpsa: fix an sprintf() overflow in the reset handler
Boris BREZILLON <boris.brezillon@free-electrons.com>
mtd: nand: sunxi: fix OOB handling in ->write_xxx() functions
Boris BREZILLON <boris.brezillon@free-electrons.com>
mtd: nand: sunxi: fix sunxi_nand_chips_cleanup()
Antoine Ténart <antoine.tenart@free-electrons.com>
mtd: pxa3xx_nand: add a default chunk size
Hans de Goede <hdegoede@redhat.com>
extcon: Fix attached value returned by is_extcon_changed
Dan Carpenter <dan.carpenter@oracle.com>
extcon: Fix signedness bugs about break error handling
Mario Carrillo <mario.alfredo.c.arevalo@intel.com>
docs: update HOWTO for 3.x -> 4.x versioning
Marc Zyngier <marc.zyngier@arm.com>
irqchip/gic-v3-its: Add missing cache flushes
Ludovic Desroches <ludovic.desroches@atmel.com>
irqchip/atmel-aic5: Use per chip mask caches in mask/unmask()
Peter Seiderer <ps.report@gmx.net>
cifs: use server timestamp for ntlmv2 authentication
Li Jun <jun.li@freescale.com>
usb: chipidea: imx: fix a typo for imx6sx
Alexey Brodkin <Alexey.Brodkin@synopsys.com>
mmc: dw_mmc: handle data blocks > than 4kB if IDMAC is used
Dan Carpenter <dan.carpenter@oracle.com>
hv: util: checking the wrong variable
Javi Merino <javi.merino@arm.com>
thermal: cpu_cooling: free power table on error or when unregistering
Javi Merino <javi.merino@arm.com>
thermal: cpu_cooling: don't call kcalloc() under rcu_read_lock
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Make DAT capability changes atomic
Linus Torvalds <torvalds@linux-foundation.org>
Initialize msg/shm IPC objects before doing ipc_addid()
Reyad Attiyat <reyad.attiyat@gmail.com>
usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: init command timeout timer earlier to avoid deleting it uninitialized
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: change xhci 1.0 only restrictions to support xhci 1.1
Roger Quadros <rogerq@ti.com>
usb: xhci: exit early in xhci_setup_device() if we're halted or dying
Roger Quadros <rogerq@ti.com>
usb: xhci: stop everything on the first call to xhci_stop
Roger Quadros <rogerq@ti.com>
usb: xhci: Clear XHCI_STATE_DYING on start
Roger Quadros <rogerq@ti.com>
usb: xhci: lock mutex on xhci_stop
Tomer Barletz <barletz@gmail.com>
xhci: Move xhci_pme_quirk() behind #ifdef CONFIG_PM
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: give command abortion one more chance before killing xhci
Johan Hovold <johan@kernel.org>
USB: whiteheat: fix potential null-deref at probe
Dave Airlie <airlied@redhat.com>
drm/dp/mst: drop cancel work sync in the mstb destroy path (v2)
Dave Airlie <airlied@redhat.com>
drm/dp/mst: fixup handling hotplug on port removal.
Michel Dänzer <michel.daenzer@amd.com>
drm/radeon: Restore LCD backlight level on resume (>= R5xx)
Daniel Vetter <daniel.vetter@ffwll.ch>
drm: Reject DRI1 hw lock ioctl functions for kms drivers
Jani Nikula <jani.nikula@intel.com>
drm/i915/bios: handle MIPI Sequence Block v3+ gracefully
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu: Restore LCD backlight level on resume
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu: Fix max_vblank_count value for current display engines
Leo Liu <leo.liu@amd.com>
drm/amdgpu: make UVD handle checking more strict
Leo Liu <leo.liu@amd.com>
drm/amdgpu: fix the UVD suspend sequence order
Leo Liu <leo.liu@amd.com>
drm/amdgpu: Disable UVD PG
Christian König <christian.koenig@amd.com>
drm/amdgpu: fix overflow on 32bit systems
Fabiano Fidêncio <fidencio@redhat.com>
drm/qxl: recreate the primary surface when the bo is not primary
Dave Airlie <airlied@redhat.com>
drm/qxl: only report first monitor as connected if we have no state
Steve French <smfrench@gmail.com>
Do not fall back to SMBWriteX in set_file_size error cases
Steve French <smfrench@gmail.com>
disabling oplocks/leases via module parm enable_oplocks broken for SMB3
Steve French <smfrench@gmail.com>
Fix sec=krb5 on smb3 mounts
Trond Myklebust <trond.myklebust@primarydata.com>
NFS: Fix a write performance regression
Peng Tao <tao.peng@primarydata.com>
nfs: fix pg_test page count calculation
Trond Myklebust <trond.myklebust@primarydata.com>
NFSv4: Recovery of recalled read delegations is broken
Kinglong Mee <kinglongmee@gmail.com>
NFS: Do cleanup before resetting pageio read/write to mds
J. Bruce Fields <bfields@redhat.com>
nfs: fix v4.2 SEEK on files over 2 gigs
Johan Hedberg <johan.hedberg@intel.com>
Bluetooth: Delay check for conn->smp in smp_conn_security()
Mark Brown <broonie@kernel.org>
regulator: core: Handle probe deferral from DT when resolving supplies
Chen-Yu Tsai <wens@csie.org>
regulator: axp20x: Fix enable bit indexes for DCDC4 and DCDC5
Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
regulator: core: Correct return value check in regulator_resolve_supply
Florian Westphal <fw@strlen.de>
netfilter: nf_log: don't zap all loggers on unregister
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nft_compat: skip family comparison in case of NFPROTO_UNSPEC
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_log: wait for rcu grace after logger unregistration
Daniel Borkmann <daniel@iogearbox.net>
netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths
Elad Raz <eladr@mellanox.com>
netfilter: ipset: Fixing unnamed union init
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
netfilter: ipset: Out of bound access in hash:net* types fixed
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg()
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nfnetlink: work around wrong endianess in res_id field
Bernhard Thaler <bernhard.thaler@wvnet.at>
netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
Mikulas Patocka <mpatocka@redhat.com>
dm raid: fix round up of default region size
NeilBrown <neilb@suse.com>
md/raid0: apply base queue limits *before* disk_stack_limits
NeilBrown <neilb@suse.com>
md/raid0: update queue parameter in a safer location.
Liu.Zhao <lzsos369@163.com>
USB: option: add ZTE PIDs
Shawn Lin <shawn.lin@rock-chips.com>
staging: ion: fix corruption of ion_import_dma_buf
Chuck Lever <chuck.lever@oracle.com>
svcrdma: Fix send_reply() scatter/gather set-up
Michal Kazior <michal.kazior@tieto.com>
ath10k: fix dma_mapping_error() handling
Mike Snitzer <snitzer@redhat.com>
dm crypt: constrain crypt device's max_segment_size to PAGE_SIZE
Mike Snitzer <snitzer@redhat.com>
dm thin: disable discard support for thin devices if pool's is disabled
Bjorn Helgaas <bhelgaas@google.com>
PCI: Clear IORESOURCE_UNSET when clipping a bridge window
Alex Williamson <alex.williamson@redhat.com>
PCI: Use function 0 VPD for identical functions, regular VPD for others
Alex Williamson <alex.williamson@redhat.com>
PCI: Fix devfn for VPD access through function 0
Rusty Russell <rusty@rustcorp.com.au>
tools/lguest: Fix redefinition of struct virtio_pci_cfg_cap
Filipe Manana <fdmanana@suse.com>
Btrfs: update fix for read corruption of compressed and shared extents
Filipe Manana <fdmanana@suse.com>
Btrfs: fix read corruption of compressed and shared extents
Jeff Mahoney <jeffm@suse.com>
btrfs: skip waiting on ordered range for special files
Andreas Dannenberg <dannenberg@ti.com>
ASoC: tas2552: fix dBscale-min declaration
Gianluca Renzi <gianlucarenzi@eurekelettronica.it>
ASoC: sgtl5000: fix wrong register MIC_BIAS_VOLTAGE setup on probe
Lars-Peter Clausen <lars@metafoo.de>
ASoC: db1200: Fix DAI link format for db1300 and db1550
Yitian Bu <buyitian@gmail.com>
ASoC: dwc: correct irq clear method
Robert Jarzmik <robert.jarzmik@free.fr>
ASoC: fix broken pxa SoC support
Robert Jarzmik <robert.jarzmik@free.fr>
ASoC: pxa: pxa2xx-ac97: fix dma requestor lines
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Disable power_save_node for IDT 92HD73xx chips
John Flatness <john@zerocrates.org>
ALSA: hda - Apply SPDIF pin ctl to MacBookPro 12,1
Laura Abbott <labbott@fedoraproject.org>
ALSA: hda: Add dock support for ThinkPad T550
Takashi Iwai <tiwai@suse.de>
ALSA: synth: Fix conflicting OSS device registration on AWE32
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Disable power_save_node for Thinkpads
Takashi Iwai <tiwai@suse.de>
ALSA: hda/tegra - async probe for avoiding module loading deadlock
Greg Thelen <gthelen@google.com>
memcg: fix dirty page migration
Mel Gorman <mgorman@techsingularity.net>
mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault
Joseph Qi <joseph.qi@huawei.com>
ocfs2/dlm: fix deadlock when dispatch assert master
Sowmini Varadhan <sowmini.varadhan@oracle.com>
lib/iommu-common.c: do not try to deref a null iommu->lazy_flush() pointer when n < pool->hint
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
mm: migrate: hugetlb: putback destination hugepage to active list
Sudip Mukherjee <sudipm.mukherjee@gmail.com>
spi: spidev: fix possible NULL dereference
Tan, Jui Nee <jui.nee.tan@intel.com>
spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled
Martin Sperl <kernel@martin.sperl.org>
spi: bcm2835: BUG: fix wrong use of PAGE_MASK
Max Filippov <jcmvbkbc@gmail.com>
spi: xtensa-xtfpga: fix register endianness
Guenter Roeck <linux@roeck-us.net>
spi: Fix documentation of spi_alloc_master()
Greg Thelen <gthelen@google.com>
memcg: make mem_cgroup_read_stat() unsigned
Tejun Heo <tj@kernel.org>
Revert "sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem"
Tejun Heo <tj@kernel.org>
Revert "cgroup: simplify threadgroup locking"
Christian Borntraeger <borntraeger@de.ibm.com>
s390/boot/decompression: disable floating point in decompressor
Martin Schwidefsky <schwidefsky@de.ibm.com>
s390/compat: correct uc_sigmask of the compat signal frame
Peter Zijlstra <peterz@infradead.org>
sched/core: Fix TASK_DEAD race in finish_task_switch()
Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
leds/led-class: Add missing put_device()
Takashi Iwai <tiwai@suse.de>
leds:lp55xx: Correct Kconfig dependency for f/w user helper
Vitaly Kuznetsov <vkuznets@redhat.com>
x86/xen: Support kexec/kdump in HVM guests by doing a soft reset
Stephen Smalley <sds@tycho.nsa.gov>
x86/mm: Set NX on gap between __ex_table and rodata
Thomas Gleixner <tglx@linutronix.de>
x86/process: Add proper bound checks in 64bit get_wchan()
Lee, Chun-Yi <joeyli.kernel@gmail.com>
x86/kexec: Fix kexec crash in syscall kexec_file_load()
Matt Fleming <matt.fleming@intel.com>
x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down
Dirk Müller <dmueller@suse.com>
Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS
Andy Lutomirski <luto@kernel.org>
x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code
Andy Lutomirski <luto@kernel.org>
x86/paravirt: Replace the paravirt nop with a bona fide empty function
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
x86/pci/intel_mid_pci: Work around for IRQ0 assignment
Thomas Gleixner <tglx@linutronix.de>
x86/ioapic: Force affinity setting in setup_ioapic_dest()
David Woodhouse <dwmw2@infradead.org>
x86/platform: Fix Geode LX timekeeping in the generic x86 build
Thomas Gleixner <tglx@linutronix.de>
x86/alternatives: Make optimize_nops() interrupt safe and synced
Shaohua Li <shli@fb.com>
x86/apic: Serialize LVTT and TSC_DEADLINE writes
Ross Zwisler <ross.zwisler@linux.intel.com>
pmem: add proper fencing to pmem_rw_page()
Robert Jarzmik <robert.jarzmik@free.fr>
dmaengine: pxa_dma: fix initial list move
Ludovic Desroches <ludovic.desroches@atmel.com>
dmaengine: at_xdmac: fix bug in prep_dma_cyclic
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
dmaengine: dw: properly read DWC_PARAMS register
Ludovic Desroches <ludovic.desroches@atmel.com>
dmaengine: at_xdmac: clean used descriptor
Maxime Ripard <maxime.ripard@free-electrons.com>
dmaengine: at_xdmac: change block increment addressing mode
Tejun Heo <tj@kernel.org>
block: blkg_destroy_all() should clear q->root_blkg and ->root_rl.blkg
Jeff Moyer <jmoyer@redhat.com>
blockdev: don't set S_DAX for misaligned partitions
Jeff Moyer <jmoyer@redhat.com>
dax: fix O_DIRECT I/O to the last block of a blockdev
Felipe F. Tonello <eu@felipetonello.com>
ARM: dts: fix usb pin control for imx-rex dts
Joonyoung Shim <jy0922.shim@samsung.com>
ARM: dts: Fix wrong clock binding for sysmmu_fimd1_1 on exynos5420
Timo Sigurdsson <public_timo.s@silentcreek.de>
ARM: dts: sunxi: Raise minimum CPU voltage for sun7i-a20 to meet SoC specifications
Chanho Park <parkch98@gmail.com>
ARM: EXYNOS: reset Little cores when cpu is up
Jarkko Nikula <jarkko.nikula@linux.intel.com>
ARM: pxa: ssp: Fix build error by removing originally incorrect DT binding
Carl Frederik Werner <frederik@cfbw.eu>
ARM: dts: omap3-beagle: make i2c3, ddc and tfp410 gpio work again
Grazvydas Ignotas <notasas@gmail.com>
ARM: dts: omap5-uevm.dts: fix i2c5 pinctrl offsets
Doug Anderson <armlinux@m.disordat.com>
ARM: 8425/1: kgdb: Don't try to stop the machine when setting breakpoints
Paul Bolle <pebolle@tiscali.nl>
windfarm: decrement client count when unregistering
Ard Biesheuvel <ard.biesheuvel@linaro.org>
ARM: 8429/1: disable GCC SRA optimization
Russell King <rmk+kernel@arm.linux.org.uk>
ARM: fix Thumb2 signal handling when ARMv6 is enabled
Guenter Roeck <linux@roeck-us.net>
hwmon: (nct6775) Swap STEP_UP_TIME and STEP_DOWN_TIME registers for most chips
Dominik Dingel <dingel@linux.vnet.ibm.com>
sched: access local runqueue directly in single_task_running
Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
watchdog: imgpdc: Unregister restart handler on remove
Francesco Lavra <francescolavra.fl@gmail.com>
watchdog: sunxi: fix activation of system reset
Vineet Gupta <Vineet.Gupta1@synopsys.com>
ARCv2: [axs103_smp] Reduce clk for SMP FPGA configs
Arnaldo Carvalho de Melo <acme@redhat.com>
perf probe: Use existing routine to look for a kernel module by dso->short_name
Arnaldo Carvalho de Melo <acme@redhat.com>
perf header: Fixup reading of HEADER_NRCPUS feature
Jiri Olsa <jolsa@kernel.org>
perf tools: Fix parse_events_add_pmu caller
Ben Hutchings <ben@decadent.org.uk>
perf tools: Add empty Build files for architectures lacking them
Wang Nan <wangnan0@huawei.com>
perf tools: Add missing forward declaration of struct map to probe-event.h
Kan Liang <kan.liang@intel.com>
perf stat: Get correct cpu id for print_aggr
Arnaldo Carvalho de Melo <acme@redhat.com>
perf hists: Update the column width for the "srcline" sort key
Stephen Boyd <sboyd@codeaurora.org>
ARM: 8401/1: perf: Set affinity for PPI based PMUs
Adrian Hunter <adrian.hunter@intel.com>
perf tools: Fix copying of /proc/kcore
Peter Zijlstra <peterz@infradead.org>
locking/qspinlock/x86: Only emit the test-and-set fallback when building guest support
Peter Zijlstra <peterz@infradead.org>
locking/qspinlock/x86: Fix performance regression under unaccelerated VMs
Peter Zijlstra <peterz@infradead.org>
perf/x86/intel: Fix constraint access
Azael Avalos <coproscefalo@gmail.com>
toshiba_acpi: Fix hotkeys registration on some toshiba models
Jenny Derzhavetz <jennyf@mellanox.com>
iser-target: Put the reference on commands waiting for unsol data
Jenny Derzhavetz <jennyf@mellanox.com>
iser-target: remove command with state ISTATE_REMOVE
Nicholas Bellinger <nab@linux-iscsi.org>
target: Fix PR registration + APTPL RCU conversion regression
Nicholas Bellinger <nab@linux-iscsi.org>
target: Attach EXTENDED_COPY local I/O descriptors to xcopy_pt_sess
Michal Hocko <mhocko@suse.com>
scsi: fix scsi_error_handler vs. scsi_host_dev_release race
Andy Grover <agrover@redhat.com>
target/iscsi: Fix np_ip bracket issue by removing np_ip
John Stultz <john.stultz@linaro.org>
time: Fix timekeeping_freqadjust()'s incorrect use of abs() instead of abs64()
Paolo Bonzini <pbonzini@redhat.com>
Revert "KVM: SVM: Sync g_pat with guest-written PAT value"
Paolo Bonzini <pbonzini@redhat.com>
Revert "KVM: SVM: use NPT page attributes"
Paolo Bonzini <pbonzini@redhat.com>
Revert "KVM: x86: apply guest MTRR virtualization on host reserved pages"
Gautham R. Shenoy <ego@linux.vnet.ibm.com>
KVM: PPC: Book3S HV: Pass the correct trap argument to kvmhv_commence_exit
Thomas Huth <thuth@redhat.com>
KVM: PPC: Book3S: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store()
Paolo Bonzini <pbonzini@redhat.com>
KVM: x86: trap AMD MSRs for the TSeg base and mask
Igor Mammedov <imammedo@redhat.com>
kvm: svm: reset mmu on VCPU reset
Marc Zyngier <marc.zyngier@arm.com>
arm: KVM: Disable virtual timer even if the guest is not using it
Jason Wang <jasowang@redhat.com>
kvm: fix double free for fast mmio eventfd
Jason Wang <jasowang@redhat.com>
kvm: factor out core eventfd assign/deassign logic
Jason Wang <jasowang@redhat.com>
kvm: fix zero length mmio searching
Jason Wang <jasowang@redhat.com>
kvm: don't try to register to KVM_FAST_MMIO_BUS for non mmio eventfd
Wanpeng Li <wanpeng.li@hotmail.com>
KVM: vmx: fix VPID is 0000H in non-root operation
Marek Majtyka <marek.majtyka@tieto.com>
arm: KVM: Fix incorrect device to IPA mapping
-------------
Diffstat:
Documentation/HOWTO | 28 +++---
Makefile | 4 +-
arch/arc/plat-axs10x/axs10x.c | 2 +
arch/arm/Makefile | 8 ++
arch/arm/boot/dts/exynos5420.dtsi | 2 +-
arch/arm/boot/dts/imx6qdl-rex.dtsi | 2 -
arch/arm/boot/dts/omap3-beagle.dts | 2 +-
arch/arm/boot/dts/omap5-uevm.dts | 4 +-
arch/arm/boot/dts/sun7i-a20.dtsi | 2 +-
arch/arm/kernel/kgdb.c | 8 +-
arch/arm/kernel/perf_event.c | 4 +-
arch/arm/kernel/signal.c | 15 ++-
arch/arm/kvm/interrupts_head.S | 6 +-
arch/arm/kvm/mmu.c | 6 +-
arch/arm/mach-exynos/mcpm-exynos.c | 27 +++++-
arch/arm/mach-exynos/regs-pmu.h | 6 ++
arch/arm/plat-pxa/ssp.c | 1 -
arch/arm64/kernel/efi.c | 3 +-
arch/arm64/kernel/entry-ftrace.S | 22 ++++-
arch/arm64/mm/fault.c | 1 +
arch/m68k/include/asm/linkage.h | 30 ++++++
arch/mips/kernel/cps-vec.S | 12 ++-
arch/mips/kernel/setup.c | 10 +-
arch/mips/loongson64/common/env.c | 3 +
arch/mips/mm/dma-default.c | 2 +-
arch/mips/net/bpf_jit_asm.S | 50 +++++++++-
arch/powerpc/kvm/book3s.c | 6 ++
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 1 +
arch/powerpc/platforms/pasemi/msi.c | 5 +-
arch/powerpc/platforms/powernv/pci.c | 5 +-
arch/powerpc/sysdev/fsl_msi.c | 5 +-
arch/powerpc/sysdev/mpic_u3msi.c | 5 +-
arch/powerpc/sysdev/ppc4xx_msi.c | 5 +-
arch/s390/boot/compressed/Makefile | 2 +-
arch/s390/kernel/compat_signal.c | 27 +++++-
arch/x86/entry/entry_64.S | 16 +++-
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/include/asm/preempt.h | 4 +-
arch/x86/include/asm/qspinlock.h | 19 +++-
arch/x86/kernel/alternative.c | 5 +
arch/x86/kernel/apic/apic.c | 7 ++
arch/x86/kernel/apic/io_apic.c | 5 +-
arch/x86/kernel/cpu/perf_event_intel.c | 5 +-
arch/x86/kernel/crash.c | 7 +-
arch/x86/kernel/paravirt.c | 16 +++-
arch/x86/kernel/process_64.c | 52 +++++++++--
arch/x86/kernel/tsc.c | 17 ++--
arch/x86/kvm/svm.c | 111 ++--------------------
arch/x86/kvm/vmx.c | 13 ++-
arch/x86/kvm/x86.c | 2 +
arch/x86/mm/init_64.c | 2 +-
arch/x86/pci/intel_mid_pci.c | 24 ++++-
arch/x86/platform/efi/efi.c | 67 ++++++++++++-
arch/x86/xen/enlighten.c | 23 +++++
block/blk-cgroup.c | 3 +
block/blk-mq.c | 9 +-
drivers/base/cacheinfo.c | 10 +-
drivers/base/property.c | 5 +-
drivers/base/regmap/regmap-debugfs.c | 5 +-
drivers/block/xen-blkback/xenbus.c | 38 ++++----
drivers/clk/samsung/clk-cpu.c | 10 +-
drivers/clk/ti/clk-3xxx.c | 2 +-
drivers/clk/ti/clk-7xx.c | 18 +---
drivers/cpufreq/acpi-cpufreq.c | 3 +
drivers/cpufreq/cpufreq-dt.c | 3 +-
drivers/crypto/marvell/cesa.h | 27 ++++++
drivers/crypto/marvell/cipher.c | 7 +-
drivers/crypto/marvell/hash.c | 8 +-
drivers/dma/at_xdmac.c | 20 ++--
drivers/dma/dw/core.c | 4 +-
drivers/dma/pxa_dma.c | 1 +
drivers/extcon/extcon.c | 10 +-
drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++---
drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 68 ++++++++------
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +-
drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 3 +-
drivers/gpu/drm/amd/amdgpu/uvd_v4_2.c | 4 +-
drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c | 4 +-
drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 4 +-
drivers/gpu/drm/amd/amdgpu/vi.c | 3 +-
drivers/gpu/drm/drm_dp_mst_topology.c | 41 +++++---
drivers/gpu/drm/drm_lock.c | 6 ++
drivers/gpu/drm/i915/intel_bios.c | 12 ++-
drivers/gpu/drm/qxl/qxl_display.c | 14 +--
drivers/gpu/drm/radeon/atombios_encoders.c | 8 +-
drivers/hv/hv_utils_transport.c | 2 +-
drivers/hwmon/nct6775.c | 16 ++--
drivers/infiniband/ulp/isert/ib_isert.c | 47 +++++++++-
drivers/irqchip/irq-atmel-aic5.c | 24 +++--
drivers/irqchip/irq-gic-v3-its.c | 6 +-
drivers/leds/Kconfig | 2 +-
drivers/leds/led-class.c | 7 +-
drivers/macintosh/windfarm_core.c | 2 +-
drivers/md/bitmap.c | 3 +-
drivers/md/dm-cache-policy-cleaner.c | 2 +-
drivers/md/dm-crypt.c | 17 +++-
drivers/md/dm-raid.c | 3 +-
drivers/md/dm-thin.c | 4 +
drivers/md/dm.c | 6 +-
drivers/md/raid0.c | 75 ++++++++-------
drivers/mmc/core/core.c | 6 +-
drivers/mmc/core/host.c | 4 +-
drivers/mmc/host/dw_mmc.c | 109 ++++++++++++++--------
drivers/mmc/host/sdhci-pxav3.c | 6 +-
drivers/mtd/nand/pxa3xx_nand.c | 3 +
drivers/mtd/nand/sunxi_nand.c | 27 ++----
drivers/mtd/ubi/io.c | 5 +
drivers/mtd/ubi/vtbl.c | 1 +
drivers/mtd/ubi/wl.c | 1 +
drivers/net/ethernet/intel/e1000e/netdev.c | 31 +++++--
drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
drivers/net/ethernet/via/Kconfig | 2 +-
drivers/net/wireless/ath/ath10k/htc.c | 4 +-
drivers/net/wireless/ath/ath10k/htt_tx.c | 8 +-
drivers/net/wireless/ath/ath10k/mac.c | 85 ++++++++++-------
drivers/net/wireless/ath/ath10k/mac.h | 6 +-
drivers/net/wireless/ath/ath10k/pci.c | 8 +-
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 34 +++++--
drivers/net/wireless/ath/ath10k/wmi.c | 1 +
drivers/net/wireless/rsi/rsi_91x_sdio_ops.c | 8 +-
drivers/net/wireless/rsi/rsi_91x_usb_ops.c | 8 +-
drivers/net/xen-netfront.c | 3 +-
drivers/nvdimm/pmem.c | 2 +
drivers/pci/access.c | 27 +-----
drivers/pci/bus.c | 2 +
drivers/pci/quirks.c | 20 +++-
drivers/pcmcia/sa1100_generic.c | 1 -
drivers/pcmcia/sa11xx_base.c | 3 +-
drivers/platform/x86/toshiba_acpi.c | 8 +-
drivers/power/avs/Kconfig | 2 +-
drivers/regulator/axp20x-regulator.c | 4 +-
drivers/regulator/core.c | 20 ++--
drivers/scsi/3w-9xxx.c | 28 ++++--
drivers/scsi/hpsa.c | 15 +--
drivers/scsi/ipr.c | 2 +-
drivers/scsi/scsi_error.c | 11 ++-
drivers/spi/spi-bcm2835.c | 6 +-
drivers/spi/spi-pxa2xx.c | 4 +
drivers/spi/spi-xtensa-xtfpga.c | 4 +-
drivers/spi/spi.c | 3 +-
drivers/spi/spidev.c | 3 +-
drivers/staging/android/ion/ion.c | 6 +-
drivers/staging/speakup/fakekey.c | 1 +
drivers/target/iscsi/iscsi_target.c | 33 ++++---
drivers/target/iscsi/iscsi_target.h | 2 +-
drivers/target/iscsi/iscsi_target_configfs.c | 14 +--
drivers/target/iscsi/iscsi_target_login.c | 8 +-
drivers/target/iscsi/iscsi_target_parameters.c | 5 +-
drivers/target/iscsi/iscsi_target_tpg.c | 15 ++-
drivers/target/iscsi/iscsi_target_tpg.h | 2 +-
drivers/target/target_core_device.c | 5 +-
drivers/target/target_core_pr.c | 91 +++++++++++++-----
drivers/target/target_core_xcopy.c | 6 +-
drivers/thermal/cpu_cooling.c | 52 ++++++-----
drivers/tty/n_tty.c | 15 +--
drivers/tty/serial/8250/8250_core.c | 8 ++
drivers/tty/serial/atmel_serial.c | 2 +-
drivers/tty/tty_io.c | 31 ++++++-
drivers/usb/chipidea/ci_hdrc_imx.c | 2 +-
drivers/usb/chipidea/udc.c | 84 +++++++++--------
drivers/usb/core/config.c | 5 +-
drivers/usb/core/quirks.c | 13 +++
drivers/usb/host/xhci-mem.c | 17 ++--
drivers/usb/host/xhci-pci.c | 90 +++++++++---------
drivers/usb/host/xhci-ring.c | 79 ++++++++++++----
drivers/usb/host/xhci.c | 29 +++---
drivers/usb/misc/chaoskey.c | 2 +-
drivers/usb/musb/musb_cppi41.c | 6 +-
drivers/usb/musb/musb_dsps.c | 7 +-
drivers/usb/phy/phy-generic.c | 3 +-
drivers/usb/serial/option.c | 24 +++++
drivers/usb/serial/whiteheat.c | 31 +++++++
drivers/watchdog/imgpdc_wdt.c | 1 +
drivers/watchdog/sunxi_wdt.c | 2 +-
fs/block_dev.c | 7 ++
fs/btrfs/extent_io.c | 80 +++++++++++++---
fs/btrfs/inode.c | 3 +-
fs/cifs/cifsencrypt.c | 53 ++++++++++-
fs/cifs/inode.c | 34 -------
fs/cifs/smb2ops.c | 8 +-
fs/cifs/smb2pdu.c | 76 ++++++++++++---
fs/dax.c | 3 +-
fs/dcache.c | 7 ++
fs/namei.c | 35 ++++++-
fs/nfs/delegation.c | 8 +-
fs/nfs/delegation.h | 2 +-
fs/nfs/filelayout/filelayout.c | 31 +++----
fs/nfs/nfs42proc.c | 4 +-
fs/nfs/nfs4proc.c | 81 +++++++++-------
fs/nfs/pagelist.c | 2 +-
fs/nfs/read.c | 3 +
fs/nfs/write.c | 5 +-
fs/ocfs2/dlm/dlmmaster.c | 9 +-
fs/ocfs2/dlm/dlmrecovery.c | 8 +-
fs/ubifs/xattr.c | 3 -
include/asm-generic/preempt.h | 5 +-
include/asm-generic/qspinlock.h | 4 +-
include/linux/cgroup-defs.h | 27 +-----
include/linux/init_task.h | 8 ++
include/linux/mm.h | 21 +++++
include/linux/preempt.h | 19 +++-
include/linux/sched.h | 18 ++--
include/linux/security.h | 2 +-
include/net/netfilter/br_netfilter.h | 2 +-
include/net/netfilter/nf_conntrack.h | 1 +
include/net/netfilter/nf_tables.h | 2 +-
include/target/iscsi/iscsi_target_core.h | 1 -
include/xen/interface/sched.h | 8 ++
ipc/msg.c | 14 +--
ipc/shm.c | 13 +--
ipc/util.c | 8 +-
kernel/cgroup.c | 110 ++++++++++++++++------
kernel/fork.c | 4 +
kernel/irq/proc.c | 19 +++-
kernel/locking/qspinlock.c | 2 +-
kernel/sched/core.c | 31 ++++---
kernel/sched/sched.h | 5 +-
kernel/time/clocksource.c | 2 +-
kernel/time/timekeeping.c | 2 +-
lib/iommu-common.c | 6 +-
mm/hugetlb.c | 8 ++
mm/memcontrol.c | 30 +++---
mm/migrate.c | 14 ++-
mm/slab.c | 13 ++-
net/batman-adv/distributed-arp-table.c | 7 +-
net/batman-adv/multicast.c | 81 +++++++++++-----
net/batman-adv/network-coding.c | 7 +-
net/batman-adv/originator.c | 5 +
net/batman-adv/soft-interface.c | 7 +-
net/batman-adv/translation-table.c | 8 +-
net/batman-adv/types.h | 15 +--
net/bluetooth/smp.c | 12 +--
net/netfilter/ipset/ip_set_hash_gen.h | 12 ++-
net/netfilter/ipset/ip_set_hash_netnet.c | 20 +++-
net/netfilter/ipset/ip_set_hash_netportnet.c | 20 +++-
net/netfilter/nf_conntrack_core.c | 3 +-
net/netfilter/nf_log.c | 9 +-
net/netfilter/nf_synproxy_core.c | 2 +-
net/netfilter/nfnetlink.c | 8 +-
net/netfilter/nft_compat.c | 24 +++--
net/netfilter/xt_CT.c | 2 +-
net/sunrpc/xprtrdma/svc_rdma_sendto.c | 10 +-
sound/arm/Kconfig | 15 +--
sound/pci/hda/hda_tegra.c | 30 +++++-
sound/pci/hda/patch_cirrus.c | 1 +
sound/pci/hda/patch_realtek.c | 32 ++++---
sound/pci/hda/patch_sigmatel.c | 6 +-
sound/soc/au1x/db1200.c | 4 +
sound/soc/codecs/sgtl5000.c | 4 +-
sound/soc/codecs/tas2552.c | 2 +-
sound/soc/dwc/designware_i2s.c | 4 +-
sound/soc/pxa/Kconfig | 2 -
sound/soc/pxa/pxa2xx-ac97.c | 4 +-
sound/synth/emux/emux_oss.c | 3 +-
tools/lguest/lguest.c | 10 +-
tools/lib/traceevent/event-parse.c | 23 ++++-
tools/perf/arch/alpha/Build | 1 +
tools/perf/arch/mips/Build | 1 +
tools/perf/arch/parisc/Build | 1 +
tools/perf/builtin-stat.c | 5 +-
tools/perf/util/header.c | 4 +-
tools/perf/util/hist.c | 3 +
tools/perf/util/parse-events.y | 2 +-
tools/perf/util/probe-event.c | 13 +--
tools/perf/util/probe-event.h | 2 +
tools/perf/util/symbol-elf.c | 35 +++----
virt/kvm/eventfd.c | 124 +++++++++++++++----------
virt/kvm/kvm_main.c | 19 +++-
269 files changed, 2734 insertions(+), 1322 deletions(-)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 001/258] arm: KVM: Fix incorrect device to IPA mapping
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 003/258] kvm: dont try to register to KVM_FAST_MMIO_BUS for non mmio eventfd Greg Kroah-Hartman
` (237 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Marek Majtyka
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Majtyka <marek.majtyka@tieto.com>
commit ca09f02f122b2ecb0f5ddfc5fd47b29ed657d4fd upstream.
A critical bug has been found in device memory stage1 translation for
VMs with more then 4GB of address space. Once vm_pgoff size is smaller
then pa (which is true for LPAE case, u32 and u64 respectively) some
more significant bits of pa may be lost as a shift operation is performed
on u32 and later cast onto u64.
Example: vm_pgoff(u32)=0x00210030, PAGE_SHIFT=12
expected pa(u64): 0x0000002010030000
produced pa(u64): 0x0000000010030000
The fix is to change the order of operations (casting first onto phys_addr_t
and then shifting).
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
[maz: fixed changelog and patch formatting]
Signed-off-by: Marek Majtyka <marek.majtyka@tieto.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/kvm/mmu.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -1792,8 +1792,10 @@ int kvm_arch_prepare_memory_region(struc
if (vma->vm_flags & VM_PFNMAP) {
gpa_t gpa = mem->guest_phys_addr +
(vm_start - mem->userspace_addr);
- phys_addr_t pa = (vma->vm_pgoff << PAGE_SHIFT) +
- vm_start - vma->vm_start;
+ phys_addr_t pa;
+
+ pa = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
+ pa += vm_start - vma->vm_start;
/* IO region dirty page logging not allowed */
if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 003/258] kvm: dont try to register to KVM_FAST_MMIO_BUS for non mmio eventfd
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 001/258] arm: KVM: Fix incorrect device to IPA mapping Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 004/258] kvm: fix zero length mmio searching Greg Kroah-Hartman
` (236 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gleb Natapov, Paolo Bonzini,
Jason Wang, Cornelia Huck
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Wang <jasowang@redhat.com>
commit 8453fecbecae26edb3f278627376caab05d9a88d upstream.
We only want zero length mmio eventfd to be registered on
KVM_FAST_MMIO_BUS. So check this explicitly when arg->len is zero to
make sure this.
Cc: Gleb Natapov <gleb@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/eventfd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -846,7 +846,7 @@ kvm_assign_ioeventfd(struct kvm *kvm, st
/* When length is ignored, MMIO is also put on a separate bus, for
* faster lookups.
*/
- if (!args->len && !(args->flags & KVM_IOEVENTFD_FLAG_PIO)) {
+ if (!args->len && bus_idx == KVM_MMIO_BUS) {
ret = kvm_io_bus_register_dev(kvm, KVM_FAST_MMIO_BUS,
p->addr, 0, &p->dev);
if (ret < 0)
@@ -901,7 +901,7 @@ kvm_deassign_ioeventfd(struct kvm *kvm,
continue;
kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
- if (!p->length) {
+ if (!p->length && p->bus_idx == KVM_MMIO_BUS) {
kvm_io_bus_unregister_dev(kvm, KVM_FAST_MMIO_BUS,
&p->dev);
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 004/258] kvm: fix zero length mmio searching
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 001/258] arm: KVM: Fix incorrect device to IPA mapping Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 003/258] kvm: dont try to register to KVM_FAST_MMIO_BUS for non mmio eventfd Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 005/258] kvm: factor out core eventfd assign/deassign logic Greg Kroah-Hartman
` (235 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gleb Natapov, Paolo Bonzini,
Jason Wang, Cornelia Huck
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Wang <jasowang@redhat.com>
commit 8f4216c7d28976f7ec1b2bcbfa0a9f787133c45e upstream.
Currently, if we had a zero length mmio eventfd assigned on
KVM_MMIO_BUS. It will never be found by kvm_io_bus_cmp() since it
always compares the kvm_io_range() with the length that guest
wrote. This will cause e.g for vhost, kick will be trapped by qemu
userspace instead of vhost. Fixing this by using zero length if an
iodevice is zero length.
Cc: Gleb Natapov <gleb@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/kvm_main.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3080,10 +3080,25 @@ static void kvm_io_bus_destroy(struct kv
static inline int kvm_io_bus_cmp(const struct kvm_io_range *r1,
const struct kvm_io_range *r2)
{
- if (r1->addr < r2->addr)
+ gpa_t addr1 = r1->addr;
+ gpa_t addr2 = r2->addr;
+
+ if (addr1 < addr2)
return -1;
- if (r1->addr + r1->len > r2->addr + r2->len)
+
+ /* If r2->len == 0, match the exact address. If r2->len != 0,
+ * accept any overlapping write. Any order is acceptable for
+ * overlapping ranges, because kvm_io_bus_get_first_dev ensures
+ * we process all of them.
+ */
+ if (r2->len) {
+ addr1 += r1->len;
+ addr2 += r2->len;
+ }
+
+ if (addr1 > addr2)
return 1;
+
return 0;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 005/258] kvm: factor out core eventfd assign/deassign logic
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 004/258] kvm: fix zero length mmio searching Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 006/258] kvm: fix double free for fast mmio eventfd Greg Kroah-Hartman
` (234 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gleb Natapov, Paolo Bonzini,
Jason Wang, Cornelia Huck
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Wang <jasowang@redhat.com>
commit 85da11ca587c8eb73993a1b503052391a73586f9 upstream.
This patch factors out core eventfd assign/deassign logic and leaves
the argument checking and bus index selection to callers.
Cc: Gleb Natapov <gleb@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/eventfd.c | 85 +++++++++++++++++++++++++++++++----------------------
1 file changed, 50 insertions(+), 35 deletions(-)
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -771,40 +771,14 @@ static enum kvm_bus ioeventfd_bus_from_f
return KVM_MMIO_BUS;
}
-static int
-kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+static int kvm_assign_ioeventfd_idx(struct kvm *kvm,
+ enum kvm_bus bus_idx,
+ struct kvm_ioeventfd *args)
{
- enum kvm_bus bus_idx;
- struct _ioeventfd *p;
- struct eventfd_ctx *eventfd;
- int ret;
- bus_idx = ioeventfd_bus_from_flags(args->flags);
- /* must be natural-word sized, or 0 to ignore length */
- switch (args->len) {
- case 0:
- case 1:
- case 2:
- case 4:
- case 8:
- break;
- default:
- return -EINVAL;
- }
-
- /* check for range overflow */
- if (args->addr + args->len < args->addr)
- return -EINVAL;
-
- /* check for extra flags that we don't understand */
- if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
- return -EINVAL;
-
- /* ioeventfd with no length can't be combined with DATAMATCH */
- if (!args->len &&
- args->flags & (KVM_IOEVENTFD_FLAG_PIO |
- KVM_IOEVENTFD_FLAG_DATAMATCH))
- return -EINVAL;
+ struct eventfd_ctx *eventfd;
+ struct _ioeventfd *p;
+ int ret;
eventfd = eventfd_ctx_fdget(args->fd);
if (IS_ERR(eventfd))
@@ -873,14 +847,13 @@ fail:
}
static int
-kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx,
+ struct kvm_ioeventfd *args)
{
- enum kvm_bus bus_idx;
struct _ioeventfd *p, *tmp;
struct eventfd_ctx *eventfd;
int ret = -ENOENT;
- bus_idx = ioeventfd_bus_from_flags(args->flags);
eventfd = eventfd_ctx_fdget(args->fd);
if (IS_ERR(eventfd))
return PTR_ERR(eventfd);
@@ -918,6 +891,48 @@ kvm_deassign_ioeventfd(struct kvm *kvm,
return ret;
}
+static int kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+{
+ enum kvm_bus bus_idx = ioeventfd_bus_from_flags(args->flags);
+
+ return kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
+}
+
+static int
+kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
+{
+ enum kvm_bus bus_idx;
+
+ bus_idx = ioeventfd_bus_from_flags(args->flags);
+ /* must be natural-word sized, or 0 to ignore length */
+ switch (args->len) {
+ case 0:
+ case 1:
+ case 2:
+ case 4:
+ case 8:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ /* check for range overflow */
+ if (args->addr + args->len < args->addr)
+ return -EINVAL;
+
+ /* check for extra flags that we don't understand */
+ if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
+ return -EINVAL;
+
+ /* ioeventfd with no length can't be combined with DATAMATCH */
+ if (!args->len &&
+ args->flags & (KVM_IOEVENTFD_FLAG_PIO |
+ KVM_IOEVENTFD_FLAG_DATAMATCH))
+ return -EINVAL;
+
+ return kvm_assign_ioeventfd_idx(kvm, bus_idx, args);
+}
+
int
kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
{
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 006/258] kvm: fix double free for fast mmio eventfd
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 005/258] kvm: factor out core eventfd assign/deassign logic Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 007/258] arm: KVM: Disable virtual timer even if the guest is not using it Greg Kroah-Hartman
` (233 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gleb Natapov, Paolo Bonzini,
Jason Wang, Cornelia Huck
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Wang <jasowang@redhat.com>
commit eefd6b06b17c5478e7c24bea6f64beaa2c431ca6 upstream.
We register wildcard mmio eventfd on two buses, once for KVM_MMIO_BUS
and once on KVM_FAST_MMIO_BUS but with a single iodev
instance. This will lead to an issue: kvm_io_bus_destroy() knows
nothing about the devices on two buses pointing to a single dev. Which
will lead to double free[1] during exit. Fix this by allocating two
instances of iodevs then registering one on KVM_MMIO_BUS and another
on KVM_FAST_MMIO_BUS.
CPU: 1 PID: 2894 Comm: qemu-system-x86 Not tainted 3.19.0-26-generic #28-Ubuntu
Hardware name: LENOVO 2356BG6/2356BG6, BIOS G7ET96WW (2.56 ) 09/12/2013
task: ffff88009ae0c4b0 ti: ffff88020e7f0000 task.ti: ffff88020e7f0000
RIP: 0010:[<ffffffffc07e25d8>] [<ffffffffc07e25d8>] ioeventfd_release+0x28/0x60 [kvm]
RSP: 0018:ffff88020e7f3bc8 EFLAGS: 00010292
RAX: dead000000200200 RBX: ffff8801ec19c900 RCX: 000000018200016d
RDX: ffff8801ec19cf80 RSI: ffffea0008bf1d40 RDI: ffff8801ec19c900
RBP: ffff88020e7f3bd8 R08: 000000002fc75a01 R09: 000000018200016d
R10: ffffffffc07df6ae R11: ffff88022fc75a98 R12: ffff88021e7cc000
R13: ffff88021e7cca48 R14: ffff88021e7cca50 R15: ffff8801ec19c880
FS: 00007fc1ee3e6700(0000) GS:ffff88023e240000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8f389d8000 CR3: 000000023dc13000 CR4: 00000000001427e0
Stack:
ffff88021e7cc000 0000000000000000 ffff88020e7f3be8 ffffffffc07e2622
ffff88020e7f3c38 ffffffffc07df69a ffff880232524160 ffff88020e792d80
0000000000000000 ffff880219b78c00 0000000000000008 ffff8802321686a8
Call Trace:
[<ffffffffc07e2622>] ioeventfd_destructor+0x12/0x20 [kvm]
[<ffffffffc07df69a>] kvm_put_kvm+0xca/0x210 [kvm]
[<ffffffffc07df818>] kvm_vcpu_release+0x18/0x20 [kvm]
[<ffffffff811f69f7>] __fput+0xe7/0x250
[<ffffffff811f6bae>] ____fput+0xe/0x10
[<ffffffff81093f04>] task_work_run+0xd4/0xf0
[<ffffffff81079358>] do_exit+0x368/0xa50
[<ffffffff81082c8f>] ? recalc_sigpending+0x1f/0x60
[<ffffffff81079ad5>] do_group_exit+0x45/0xb0
[<ffffffff81085c71>] get_signal+0x291/0x750
[<ffffffff810144d8>] do_signal+0x28/0xab0
[<ffffffff810f3a3b>] ? do_futex+0xdb/0x5d0
[<ffffffff810b7028>] ? __wake_up_locked_key+0x18/0x20
[<ffffffff810f3fa6>] ? SyS_futex+0x76/0x170
[<ffffffff81014fc9>] do_notify_resume+0x69/0xb0
[<ffffffff817cb9af>] int_signal+0x12/0x17
Code: 5d c3 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb 48 83 ec 08 48 8b 7f 20 e8 06 d6 a5 c0 48 8b 43 08 48 8b 13 48 89 df 48 89 42 08 <48> 89 10 48 b8 00 01 10 00 00
RIP [<ffffffffc07e25d8>] ioeventfd_release+0x28/0x60 [kvm]
RSP <ffff88020e7f3bc8>
Cc: Gleb Natapov <gleb@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/eventfd.c | 43 +++++++++++++++++++++++++------------------
1 file changed, 25 insertions(+), 18 deletions(-)
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -817,16 +817,6 @@ static int kvm_assign_ioeventfd_idx(stru
if (ret < 0)
goto unlock_fail;
- /* When length is ignored, MMIO is also put on a separate bus, for
- * faster lookups.
- */
- if (!args->len && bus_idx == KVM_MMIO_BUS) {
- ret = kvm_io_bus_register_dev(kvm, KVM_FAST_MMIO_BUS,
- p->addr, 0, &p->dev);
- if (ret < 0)
- goto register_fail;
- }
-
kvm->buses[bus_idx]->ioeventfd_count++;
list_add_tail(&p->list, &kvm->ioeventfds);
@@ -834,8 +824,6 @@ static int kvm_assign_ioeventfd_idx(stru
return 0;
-register_fail:
- kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
unlock_fail:
mutex_unlock(&kvm->slots_lock);
@@ -874,10 +862,6 @@ kvm_deassign_ioeventfd_idx(struct kvm *k
continue;
kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
- if (!p->length && p->bus_idx == KVM_MMIO_BUS) {
- kvm_io_bus_unregister_dev(kvm, KVM_FAST_MMIO_BUS,
- &p->dev);
- }
kvm->buses[bus_idx]->ioeventfd_count--;
ioeventfd_release(p);
ret = 0;
@@ -894,14 +878,19 @@ kvm_deassign_ioeventfd_idx(struct kvm *k
static int kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
{
enum kvm_bus bus_idx = ioeventfd_bus_from_flags(args->flags);
+ int ret = kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
+
+ if (!args->len && bus_idx == KVM_MMIO_BUS)
+ kvm_deassign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args);
- return kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
+ return ret;
}
static int
kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
{
enum kvm_bus bus_idx;
+ int ret;
bus_idx = ioeventfd_bus_from_flags(args->flags);
/* must be natural-word sized, or 0 to ignore length */
@@ -930,7 +919,25 @@ kvm_assign_ioeventfd(struct kvm *kvm, st
KVM_IOEVENTFD_FLAG_DATAMATCH))
return -EINVAL;
- return kvm_assign_ioeventfd_idx(kvm, bus_idx, args);
+ ret = kvm_assign_ioeventfd_idx(kvm, bus_idx, args);
+ if (ret)
+ goto fail;
+
+ /* When length is ignored, MMIO is also put on a separate bus, for
+ * faster lookups.
+ */
+ if (!args->len && bus_idx == KVM_MMIO_BUS) {
+ ret = kvm_assign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args);
+ if (ret < 0)
+ goto fast_fail;
+ }
+
+ return 0;
+
+fast_fail:
+ kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
+fail:
+ return ret;
}
int
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 007/258] arm: KVM: Disable virtual timer even if the guest is not using it
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 006/258] kvm: fix double free for fast mmio eventfd Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 009/258] KVM: x86: trap AMD MSRs for the TSeg base and mask Greg Kroah-Hartman
` (232 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marc Zyngier
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <marc.zyngier@arm.com>
commit 688bc577ac42ae3d07c889a1f0a72f0b23763d58 upstream.
When running a guest with the architected timer disabled (with QEMU and
the kernel_irqchip=off option, for example), it is important to make
sure the timer gets turned off. Otherwise, the guest may try to
enable it anyway, leading to a screaming HW interrupt.
The fix is to unconditionally turn off the virtual timer on guest
exit.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/kvm/interrupts_head.S | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/arm/kvm/interrupts_head.S
+++ b/arch/arm/kvm/interrupts_head.S
@@ -515,8 +515,7 @@ ARM_BE8(rev r6, r6 )
mrc p15, 0, r2, c14, c3, 1 @ CNTV_CTL
str r2, [vcpu, #VCPU_TIMER_CNTV_CTL]
- bic r2, #1 @ Clear ENABLE
- mcr p15, 0, r2, c14, c3, 1 @ CNTV_CTL
+
isb
mrrc p15, 3, rr_lo_hi(r2, r3), c14 @ CNTV_CVAL
@@ -529,6 +528,9 @@ ARM_BE8(rev r6, r6 )
mcrr p15, 4, r2, r2, c14 @ CNTVOFF
1:
+ mov r2, #0 @ Clear ENABLE
+ mcr p15, 0, r2, c14, c3, 1 @ CNTV_CTL
+
@ Allow physical timer/counter access for the host
mrc p15, 4, r2, c14, c1, 0 @ CNTHCTL
orr r2, r2, #(CNTHCTL_PL1PCEN | CNTHCTL_PL1PCTEN)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 009/258] KVM: x86: trap AMD MSRs for the TSeg base and mask
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 007/258] arm: KVM: Disable virtual timer even if the guest is not using it Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 010/258] KVM: PPC: Book3S: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store() Greg Kroah-Hartman
` (231 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, M A Young, Borislav Petkov,
Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit 3afb1121800128aae9f5722e50097fcf1a9d4d88 upstream.
These have roughly the same purpose as the SMRR, which we do not need
to implement in KVM. However, Linux accesses MSR_K8_TSEG_ADDR at
boot, which causes problems when running a Xen dom0 under KVM.
Just return 0, meaning that processor protection of SMRAM is not
in effect.
Reported-by: M A Young <m.a.young@durham.ac.uk>
Acked-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kvm/x86.c | 2 ++
2 files changed, 3 insertions(+)
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -311,6 +311,7 @@
/* C1E active bits in int pending message */
#define K8_INTP_C1E_ACTIVE_MASK 0x18000000
#define MSR_K8_TSEG_ADDR 0xc0010112
+#define MSR_K8_TSEG_MASK 0xc0010113
#define K8_MTRRFIXRANGE_DRAM_ENABLE 0x00040000 /* MtrrFixDramEn bit */
#define K8_MTRRFIXRANGE_DRAM_MODIFY 0x00080000 /* MtrrFixDramModEn bit */
#define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem */
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2388,6 +2388,8 @@ int kvm_get_msr_common(struct kvm_vcpu *
case MSR_IA32_LASTINTFROMIP:
case MSR_IA32_LASTINTTOIP:
case MSR_K8_SYSCFG:
+ case MSR_K8_TSEG_ADDR:
+ case MSR_K8_TSEG_MASK:
case MSR_K7_HWCR:
case MSR_VM_HSAVE_PA:
case MSR_K8_INT_PENDING_MSG:
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 010/258] KVM: PPC: Book3S: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 009/258] KVM: x86: trap AMD MSRs for the TSeg base and mask Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 011/258] KVM: PPC: Book3S HV: Pass the correct trap argument to kvmhv_commence_exit Greg Kroah-Hartman
` (230 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Huth, Paul Mackerras
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Huth <thuth@redhat.com>
commit 3eb4ee68254235e4f47bc0410538fcdaede39589 upstream.
Access to the kvm->buses (like with the kvm_io_bus_read() and -write()
functions) has to be protected via the kvm->srcu lock.
The kvmppc_h_logical_ci_load() and -store() functions are missing
this lock so far, so let's add it there, too.
This fixes the problem that the kernel reports "suspicious RCU usage"
when lock debugging is enabled.
Fixes: 99342cf8044420eebdf9297ca03a14cb6a7085a1
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kvm/book3s.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/powerpc/kvm/book3s.c
+++ b/arch/powerpc/kvm/book3s.c
@@ -827,12 +827,15 @@ int kvmppc_h_logical_ci_load(struct kvm_
unsigned long size = kvmppc_get_gpr(vcpu, 4);
unsigned long addr = kvmppc_get_gpr(vcpu, 5);
u64 buf;
+ int srcu_idx;
int ret;
if (!is_power_of_2(size) || (size > sizeof(buf)))
return H_TOO_HARD;
+ srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, addr, size, &buf);
+ srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx);
if (ret != 0)
return H_TOO_HARD;
@@ -867,6 +870,7 @@ int kvmppc_h_logical_ci_store(struct kvm
unsigned long addr = kvmppc_get_gpr(vcpu, 5);
unsigned long val = kvmppc_get_gpr(vcpu, 6);
u64 buf;
+ int srcu_idx;
int ret;
switch (size) {
@@ -890,7 +894,9 @@ int kvmppc_h_logical_ci_store(struct kvm
return H_TOO_HARD;
}
+ srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, addr, size, &buf);
+ srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx);
if (ret != 0)
return H_TOO_HARD;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 011/258] KVM: PPC: Book3S HV: Pass the correct trap argument to kvmhv_commence_exit
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 010/258] KVM: PPC: Book3S: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store() Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 012/258] Revert "KVM: x86: apply guest MTRR virtualization on host reserved pages" Greg Kroah-Hartman
` (229 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gautham R. Shenoy, Paul Mackerras
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Gautham R. Shenoy" <ego@linux.vnet.ibm.com>
commit 7e022e717f54897e396504306d0c9b61452adf4e upstream.
In guest_exit_cont we call kvmhv_commence_exit which expects the trap
number as the argument. However r3 doesn't contain the trap number at
this point and as a result we would be calling the function with a
spurious trap number.
Fix this by copying r12 into r3 before calling kvmhv_commence_exit as
r12 contains the trap number.
Fixes: eddb60fb1443
Signed-off-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 1 +
1 file changed, 1 insertion(+)
--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
@@ -1171,6 +1171,7 @@ mc_cont:
bl kvmhv_accumulate_time
#endif
+ mr r3, r12
/* Increment exit count, poke other threads to exit */
bl kvmhv_commence_exit
nop
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 012/258] Revert "KVM: x86: apply guest MTRR virtualization on host reserved pages"
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 011/258] KVM: PPC: Book3S HV: Pass the correct trap argument to kvmhv_commence_exit Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 013/258] Revert "KVM: SVM: use NPT page attributes" Greg Kroah-Hartman
` (228 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, harn-solo, Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit 606decd67049217684e3cb5a54104d51ddd4ef35 upstream.
This reverts commit fd717f11015f673487ffc826e59b2bad69d20fe5.
It was reported to cause Machine Check Exceptions (bug 104091).
Reported-by: harn-solo@gmx.de
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 7 +++++--
arch/x86/kvm/vmx.c | 11 ++++++++---
2 files changed, 13 insertions(+), 5 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1166,11 +1166,14 @@ static u64 svm_get_mt_mask(struct kvm_vc
u8 mtrr;
/*
- * 1. MMIO: trust guest MTRR, so same as item 3.
+ * 1. MMIO: always map as UC
* 2. No passthrough: always map as WB, and force guest PAT to WB as well
* 3. Passthrough: can't guarantee the result, try to trust guest.
*/
- if (!is_mmio && !kvm_arch_has_assigned_device(vcpu->kvm))
+ if (is_mmio)
+ return _PAGE_NOCACHE;
+
+ if (!kvm_arch_has_assigned_device(vcpu->kvm))
return 0;
mtrr = kvm_mtrr_get_guest_memory_type(vcpu, gfn);
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8634,17 +8634,22 @@ static u64 vmx_get_mt_mask(struct kvm_vc
u64 ipat = 0;
/* For VT-d and EPT combination
- * 1. MMIO: guest may want to apply WC, trust it.
+ * 1. MMIO: always map as UC
* 2. EPT with VT-d:
* a. VT-d without snooping control feature: can't guarantee the
- * result, try to trust guest. So the same as item 1.
+ * result, try to trust guest.
* b. VT-d with snooping control feature: snooping control feature of
* VT-d engine can guarantee the cache correctness. Just set it
* to WB to keep consistent with host. So the same as item 3.
* 3. EPT without VT-d: always map as WB and set IPAT=1 to keep
* consistent with host MTRR
*/
- if (!is_mmio && !kvm_arch_has_noncoherent_dma(vcpu->kvm)) {
+ if (is_mmio) {
+ cache = MTRR_TYPE_UNCACHABLE;
+ goto exit;
+ }
+
+ if (!kvm_arch_has_noncoherent_dma(vcpu->kvm)) {
ipat = VMX_EPT_IPAT_BIT;
cache = MTRR_TYPE_WRBACK;
goto exit;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 013/258] Revert "KVM: SVM: use NPT page attributes"
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 012/258] Revert "KVM: x86: apply guest MTRR virtualization on host reserved pages" Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 014/258] Revert "KVM: SVM: Sync g_pat with guest-written PAT value" Greg Kroah-Hartman
` (227 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markus Trippelsdorf,
Sebastian Schuette, Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit fc07e76ac7ffa3afd621a1c3858a503386a14281 upstream.
This reverts commit 3c2e7f7de3240216042b61073803b61b9b3cfb22.
Initializing the mapping from MTRR to PAT values was reported to
fail nondeterministically, and it also caused extremely slow boot
(due to caching getting disabled---bug 103321) with assigned devices.
Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Reported-by: Sebastian Schuette <dracon@ewetel.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 101 ++---------------------------------------------------
1 file changed, 5 insertions(+), 96 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -865,64 +865,6 @@ static void svm_disable_lbrv(struct vcpu
set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
}
-#define MTRR_TYPE_UC_MINUS 7
-#define MTRR2PROTVAL_INVALID 0xff
-
-static u8 mtrr2protval[8];
-
-static u8 fallback_mtrr_type(int mtrr)
-{
- /*
- * WT and WP aren't always available in the host PAT. Treat
- * them as UC and UC- respectively. Everything else should be
- * there.
- */
- switch (mtrr)
- {
- case MTRR_TYPE_WRTHROUGH:
- return MTRR_TYPE_UNCACHABLE;
- case MTRR_TYPE_WRPROT:
- return MTRR_TYPE_UC_MINUS;
- default:
- BUG();
- }
-}
-
-static void build_mtrr2protval(void)
-{
- int i;
- u64 pat;
-
- for (i = 0; i < 8; i++)
- mtrr2protval[i] = MTRR2PROTVAL_INVALID;
-
- /* Ignore the invalid MTRR types. */
- mtrr2protval[2] = 0;
- mtrr2protval[3] = 0;
-
- /*
- * Use host PAT value to figure out the mapping from guest MTRR
- * values to nested page table PAT/PCD/PWT values. We do not
- * want to change the host PAT value every time we enter the
- * guest.
- */
- rdmsrl(MSR_IA32_CR_PAT, pat);
- for (i = 0; i < 8; i++) {
- u8 mtrr = pat >> (8 * i);
-
- if (mtrr2protval[mtrr] == MTRR2PROTVAL_INVALID)
- mtrr2protval[mtrr] = __cm_idx2pte(i);
- }
-
- for (i = 0; i < 8; i++) {
- if (mtrr2protval[i] == MTRR2PROTVAL_INVALID) {
- u8 fallback = fallback_mtrr_type(i);
- mtrr2protval[i] = mtrr2protval[fallback];
- BUG_ON(mtrr2protval[i] == MTRR2PROTVAL_INVALID);
- }
- }
-}
-
static __init int svm_hardware_setup(void)
{
int cpu;
@@ -989,7 +931,6 @@ static __init int svm_hardware_setup(voi
} else
kvm_disable_tdp();
- build_mtrr2protval();
return 0;
err:
@@ -1144,42 +1085,6 @@ static u64 svm_compute_tsc_offset(struct
return target_tsc - tsc;
}
-static void svm_set_guest_pat(struct vcpu_svm *svm, u64 *g_pat)
-{
- struct kvm_vcpu *vcpu = &svm->vcpu;
-
- /* Unlike Intel, AMD takes the guest's CR0.CD into account.
- *
- * AMD does not have IPAT. To emulate it for the case of guests
- * with no assigned devices, just set everything to WB. If guests
- * have assigned devices, however, we cannot force WB for RAM
- * pages only, so use the guest PAT directly.
- */
- if (!kvm_arch_has_assigned_device(vcpu->kvm))
- *g_pat = 0x0606060606060606;
- else
- *g_pat = vcpu->arch.pat;
-}
-
-static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
-{
- u8 mtrr;
-
- /*
- * 1. MMIO: always map as UC
- * 2. No passthrough: always map as WB, and force guest PAT to WB as well
- * 3. Passthrough: can't guarantee the result, try to trust guest.
- */
- if (is_mmio)
- return _PAGE_NOCACHE;
-
- if (!kvm_arch_has_assigned_device(vcpu->kvm))
- return 0;
-
- mtrr = kvm_mtrr_get_guest_memory_type(vcpu, gfn);
- return mtrr2protval[mtrr];
-}
-
static void init_vmcb(struct vcpu_svm *svm, bool init_event)
{
struct vmcb_control_area *control = &svm->vmcb->control;
@@ -1276,7 +1181,6 @@ static void init_vmcb(struct vcpu_svm *s
clr_cr_intercept(svm, INTERCEPT_CR3_READ);
clr_cr_intercept(svm, INTERCEPT_CR3_WRITE);
save->g_pat = svm->vcpu.arch.pat;
- svm_set_guest_pat(svm, &save->g_pat);
save->cr3 = 0;
save->cr4 = 0;
}
@@ -4195,6 +4099,11 @@ static bool svm_has_high_real_mode_segba
return true;
}
+static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
+{
+ return 0;
+}
+
static void svm_cpuid_update(struct kvm_vcpu *vcpu)
{
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 014/258] Revert "KVM: SVM: Sync g_pat with guest-written PAT value"
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 013/258] Revert "KVM: SVM: use NPT page attributes" Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 016/258] target/iscsi: Fix np_ip bracket issue by removing np_ip Greg Kroah-Hartman
` (226 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit 625422f60c55bbc368b8568ff925770b36bfc189 upstream.
This reverts commit e098223b789b4a618dacd79e5e0dad4a9d5018d1,
which has a dependency on other commits being reverted.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 10 ----------
1 file changed, 10 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3255,16 +3255,6 @@ static int svm_set_msr(struct kvm_vcpu *
case MSR_VM_IGNNE:
vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
break;
- case MSR_IA32_CR_PAT:
- if (npt_enabled) {
- if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data))
- return 1;
- vcpu->arch.pat = data;
- svm_set_guest_pat(svm, &svm->vmcb->save.g_pat);
- mark_dirty(svm->vmcb, VMCB_NPT);
- break;
- }
- /* fall through */
default:
return kvm_set_msr_common(vcpu, msr);
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 016/258] target/iscsi: Fix np_ip bracket issue by removing np_ip
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 014/258] Revert "KVM: SVM: Sync g_pat with guest-written PAT value" Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 017/258] scsi: fix scsi_error_handler vs. scsi_host_dev_release race Greg Kroah-Hartman
` (225 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Grover, Nicholas Bellinger
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Grover <agrover@redhat.com>
commit 76c28f1fcfeb42b47f798fe498351ee1d60086ae upstream.
Revert commit 1997e6259, which causes double brackets on ipv6
inaddr_any addresses.
Since we have np_sockaddr, if we need a textual representation we can
use "%pISc".
Change iscsit_add_network_portal() and iscsit_add_np() signatures to remove
*ip_str parameter.
Fix and extend some comments earlier in the function.
Tested to work for :: and ::1 via iscsiadm, previously :: failed, see
https://bugzilla.redhat.com/show_bug.cgi?id=1249107 .
Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/iscsi/iscsi_target.c | 33 +++++++++++++--------------
drivers/target/iscsi/iscsi_target.h | 2 -
drivers/target/iscsi/iscsi_target_configfs.c | 14 +++++------
drivers/target/iscsi/iscsi_target_login.c | 8 +++---
drivers/target/iscsi/iscsi_target_tpg.c | 15 +++++-------
drivers/target/iscsi/iscsi_target_tpg.h | 2 -
include/target/iscsi/iscsi_target_core.h | 1
7 files changed, 36 insertions(+), 39 deletions(-)
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -341,7 +341,6 @@ static struct iscsi_np *iscsit_get_np(
struct iscsi_np *iscsit_add_np(
struct __kernel_sockaddr_storage *sockaddr,
- char *ip_str,
int network_transport)
{
struct sockaddr_in *sock_in;
@@ -370,11 +369,9 @@ struct iscsi_np *iscsit_add_np(
np->np_flags |= NPF_IP_NETWORK;
if (sockaddr->ss_family == AF_INET6) {
sock_in6 = (struct sockaddr_in6 *)sockaddr;
- snprintf(np->np_ip, IPV6_ADDRESS_SPACE, "%s", ip_str);
np->np_port = ntohs(sock_in6->sin6_port);
} else {
sock_in = (struct sockaddr_in *)sockaddr;
- sprintf(np->np_ip, "%s", ip_str);
np->np_port = ntohs(sock_in->sin_port);
}
@@ -411,8 +408,8 @@ struct iscsi_np *iscsit_add_np(
list_add_tail(&np->np_list, &g_np_list);
mutex_unlock(&np_lock);
- pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n",
- np->np_ip, np->np_port, np->np_transport->name);
+ pr_debug("CORE[0] - Added Network Portal: %pISc:%hu on %s\n",
+ &np->np_sockaddr, np->np_port, np->np_transport->name);
return np;
}
@@ -481,8 +478,8 @@ int iscsit_del_np(struct iscsi_np *np)
list_del(&np->np_list);
mutex_unlock(&np_lock);
- pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n",
- np->np_ip, np->np_port, np->np_transport->name);
+ pr_debug("CORE[0] - Removed Network Portal: %pISc:%hu on %s\n",
+ &np->np_sockaddr, np->np_port, np->np_transport->name);
iscsit_put_transport(np->np_transport);
kfree(np);
@@ -3464,7 +3461,6 @@ iscsit_build_sendtargets_response(struct
tpg_np_list) {
struct iscsi_np *np = tpg_np->tpg_np;
bool inaddr_any = iscsit_check_inaddr_any(np);
- char *fmt_str;
if (np->np_network_transport != network_transport)
continue;
@@ -3492,15 +3488,18 @@ iscsit_build_sendtargets_response(struct
}
}
- if (np->np_sockaddr.ss_family == AF_INET6)
- fmt_str = "TargetAddress=[%s]:%hu,%hu";
- else
- fmt_str = "TargetAddress=%s:%hu,%hu";
-
- len = sprintf(buf, fmt_str,
- inaddr_any ? conn->local_ip : np->np_ip,
- np->np_port,
- tpg->tpgt);
+ if (inaddr_any) {
+ len = sprintf(buf, "TargetAddress="
+ "%s:%hu,%hu",
+ conn->local_ip,
+ np->np_port,
+ tpg->tpgt);
+ } else {
+ len = sprintf(buf, "TargetAddress="
+ "%pISpc,%hu",
+ &np->np_sockaddr,
+ tpg->tpgt);
+ }
len += 1;
if ((len + payload_len) > buffer_len) {
--- a/drivers/target/iscsi/iscsi_target.h
+++ b/drivers/target/iscsi/iscsi_target.h
@@ -13,7 +13,7 @@ extern int iscsit_deaccess_np(struct isc
extern bool iscsit_check_np_match(struct __kernel_sockaddr_storage *,
struct iscsi_np *, int);
extern struct iscsi_np *iscsit_add_np(struct __kernel_sockaddr_storage *,
- char *, int);
+ int);
extern int iscsit_reset_np_thread(struct iscsi_np *, struct iscsi_tpg_np *,
struct iscsi_portal_group *, bool);
extern int iscsit_del_np(struct iscsi_np *);
--- a/drivers/target/iscsi/iscsi_target_configfs.c
+++ b/drivers/target/iscsi/iscsi_target_configfs.c
@@ -99,7 +99,7 @@ static ssize_t lio_target_np_store_sctp(
* Use existing np->np_sockaddr for SCTP network portal reference
*/
tpg_np_sctp = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr,
- np->np_ip, tpg_np, ISCSI_SCTP_TCP);
+ tpg_np, ISCSI_SCTP_TCP);
if (!tpg_np_sctp || IS_ERR(tpg_np_sctp))
goto out;
} else {
@@ -177,7 +177,7 @@ static ssize_t lio_target_np_store_iser(
}
tpg_np_iser = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr,
- np->np_ip, tpg_np, ISCSI_INFINIBAND);
+ tpg_np, ISCSI_INFINIBAND);
if (IS_ERR(tpg_np_iser)) {
rc = PTR_ERR(tpg_np_iser);
goto out;
@@ -248,8 +248,8 @@ static struct se_tpg_np *lio_target_call
return ERR_PTR(-EINVAL);
}
str++; /* Skip over leading "[" */
- *str2 = '\0'; /* Terminate the IPv6 address */
- str2++; /* Skip over the "]" */
+ *str2 = '\0'; /* Terminate the unbracketed IPv6 address */
+ str2++; /* Skip over the \0 */
port_str = strstr(str2, ":");
if (!port_str) {
pr_err("Unable to locate \":port\""
@@ -316,7 +316,7 @@ static struct se_tpg_np *lio_target_call
* sys/kernel/config/iscsi/$IQN/$TPG/np/$IP:$PORT/
*
*/
- tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, str, NULL,
+ tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, NULL,
ISCSI_TCP);
if (IS_ERR(tpg_np)) {
iscsit_put_tpg(tpg);
@@ -344,8 +344,8 @@ static void lio_target_call_delnpfromtpg
se_tpg = &tpg->tpg_se_tpg;
pr_debug("LIO_Target_ConfigFS: DEREGISTER -> %s TPGT: %hu"
- " PORTAL: %s:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item),
- tpg->tpgt, tpg_np->tpg_np->np_ip, tpg_np->tpg_np->np_port);
+ " PORTAL: %pISc:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item),
+ tpg->tpgt, &tpg_np->tpg_np->np_sockaddr, tpg_np->tpg_np->np_port);
ret = iscsit_tpg_del_network_portal(tpg, tpg_np);
if (ret < 0)
--- a/drivers/target/iscsi/iscsi_target_login.c
+++ b/drivers/target/iscsi/iscsi_target_login.c
@@ -823,8 +823,8 @@ static void iscsi_handle_login_thread_ti
struct iscsi_np *np = (struct iscsi_np *) data;
spin_lock_bh(&np->np_thread_lock);
- pr_err("iSCSI Login timeout on Network Portal %s:%hu\n",
- np->np_ip, np->np_port);
+ pr_err("iSCSI Login timeout on Network Portal %pISc:%hu\n",
+ &np->np_sockaddr, np->np_port);
if (np->np_login_timer_flags & ISCSI_TF_STOP) {
spin_unlock_bh(&np->np_thread_lock);
@@ -1302,8 +1302,8 @@ static int __iscsi_target_login_thread(s
spin_lock_bh(&np->np_thread_lock);
if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
spin_unlock_bh(&np->np_thread_lock);
- pr_err("iSCSI Network Portal on %s:%hu currently not"
- " active.\n", np->np_ip, np->np_port);
+ pr_err("iSCSI Network Portal on %pISc:%hu currently not"
+ " active.\n", &np->np_sockaddr, np->np_port);
iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
goto new_sess_out;
--- a/drivers/target/iscsi/iscsi_target_tpg.c
+++ b/drivers/target/iscsi/iscsi_target_tpg.c
@@ -460,7 +460,6 @@ static bool iscsit_tpg_check_network_por
struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
struct iscsi_portal_group *tpg,
struct __kernel_sockaddr_storage *sockaddr,
- char *ip_str,
struct iscsi_tpg_np *tpg_np_parent,
int network_transport)
{
@@ -470,8 +469,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_netw
if (!tpg_np_parent) {
if (iscsit_tpg_check_network_portal(tpg->tpg_tiqn, sockaddr,
network_transport)) {
- pr_err("Network Portal: %s already exists on a"
- " different TPG on %s\n", ip_str,
+ pr_err("Network Portal: %pISc already exists on a"
+ " different TPG on %s\n", sockaddr,
tpg->tpg_tiqn->tiqn);
return ERR_PTR(-EEXIST);
}
@@ -484,7 +483,7 @@ struct iscsi_tpg_np *iscsit_tpg_add_netw
return ERR_PTR(-ENOMEM);
}
- np = iscsit_add_np(sockaddr, ip_str, network_transport);
+ np = iscsit_add_np(sockaddr, network_transport);
if (IS_ERR(np)) {
kfree(tpg_np);
return ERR_CAST(np);
@@ -514,8 +513,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_netw
spin_unlock(&tpg_np_parent->tpg_np_parent_lock);
}
- pr_debug("CORE[%s] - Added Network Portal: %s:%hu,%hu on %s\n",
- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt,
+ pr_debug("CORE[%s] - Added Network Portal: %pISc:%hu,%hu on %s\n",
+ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt,
np->np_transport->name);
return tpg_np;
@@ -528,8 +527,8 @@ static int iscsit_tpg_release_np(
{
iscsit_clear_tpg_np_login_thread(tpg_np, tpg, true);
- pr_debug("CORE[%s] - Removed Network Portal: %s:%hu,%hu on %s\n",
- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt,
+ pr_debug("CORE[%s] - Removed Network Portal: %pISc:%hu,%hu on %s\n",
+ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt,
np->np_transport->name);
tpg_np->tpg_np = NULL;
--- a/drivers/target/iscsi/iscsi_target_tpg.h
+++ b/drivers/target/iscsi/iscsi_target_tpg.h
@@ -22,7 +22,7 @@ extern struct iscsi_node_attrib *iscsit_
extern void iscsit_tpg_del_external_nps(struct iscsi_tpg_np *);
extern struct iscsi_tpg_np *iscsit_tpg_locate_child_np(struct iscsi_tpg_np *, int);
extern struct iscsi_tpg_np *iscsit_tpg_add_network_portal(struct iscsi_portal_group *,
- struct __kernel_sockaddr_storage *, char *, struct iscsi_tpg_np *,
+ struct __kernel_sockaddr_storage *, struct iscsi_tpg_np *,
int);
extern int iscsit_tpg_del_network_portal(struct iscsi_portal_group *,
struct iscsi_tpg_np *);
--- a/include/target/iscsi/iscsi_target_core.h
+++ b/include/target/iscsi/iscsi_target_core.h
@@ -776,7 +776,6 @@ struct iscsi_np {
enum iscsi_timer_flags_table np_login_timer_flags;
u32 np_exports;
enum np_flags_table np_flags;
- unsigned char np_ip[IPV6_ADDRESS_SPACE];
u16 np_port;
spinlock_t np_thread_lock;
struct completion np_restart_comp;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 017/258] scsi: fix scsi_error_handler vs. scsi_host_dev_release race
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 016/258] target/iscsi: Fix np_ip bracket issue by removing np_ip Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 018/258] target: Attach EXTENDED_COPY local I/O descriptors to xcopy_pt_sess Greg Kroah-Hartman
` (224 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Hocko, Dan Williams,
Hannes Reinecke, James Bottomley
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Hocko <mhocko@suse.com>
commit 537b604c8b3aa8b96fe35f87dd085816552e294c upstream.
b9d5c6b7ef57 ("[SCSI] cleanup setting task state in
scsi_error_handler()") has introduced a race between scsi_error_handler
and scsi_host_dev_release resulting in the hang when the device goes
away because scsi_error_handler might miss a wake up:
CPU0 CPU1
scsi_error_handler scsi_host_dev_release
kthread_stop()
kthread_should_stop()
test_bit(KTHREAD_SHOULD_STOP)
set_bit(KTHREAD_SHOULD_STOP)
wake_up_process()
wait_for_completion()
set_current_state(TASK_INTERRUPTIBLE)
schedule()
The most straightforward solution seems to be to invert the ordering of
the set_current_state and kthread_should_stop.
The issue has been noticed during reboot test on a 3.0 based kernel but
the current code seems to be affected in the same way.
[jejb: additional comment added]
Reported-and-debugged-by: Mike Mayer <Mike.Meyer@teradata.com>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/scsi_error.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -2169,8 +2169,17 @@ int scsi_error_handler(void *data)
* We never actually get interrupted because kthread_run
* disables signal delivery for the created thread.
*/
- while (!kthread_should_stop()) {
+ while (true) {
+ /*
+ * The sequence in kthread_stop() sets the stop flag first
+ * then wakes the process. To avoid missed wakeups, the task
+ * should always be in a non running state before the stop
+ * flag is checked
+ */
set_current_state(TASK_INTERRUPTIBLE);
+ if (kthread_should_stop())
+ break;
+
if ((shost->host_failed == 0 && shost->host_eh_scheduled == 0) ||
shost->host_failed != atomic_read(&shost->host_busy)) {
SCSI_LOG_ERROR_RECOVERY(1,
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 018/258] target: Attach EXTENDED_COPY local I/O descriptors to xcopy_pt_sess
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 017/258] scsi: fix scsi_error_handler vs. scsi_host_dev_release race Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 019/258] target: Fix PR registration + APTPL RCU conversion regression Greg Kroah-Hartman
` (223 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Gorbachev, Martin K. Petersen,
Hannes Reinecke, Christoph Hellwig, Doug Gilbert,
Nicholas Bellinger
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 4416f89b8cfcb794d040fc3b68e5fb159b7d8d02 upstream.
This patch is a >= v4.1 regression bug-fix where control CDB
emulation logic in commit 38b57f82 now expects a se_cmd->se_sess
pointer to exist when determining T10-PI support is to be exposed
for initiator host ports.
To address this bug, go ahead and add locally generated se_cmd
descriptors for copy-offload block-copy to it's own stand-alone
se_session nexus, while the parent EXTENDED_COPY se_cmd descriptor
remains associated with it's originating se_cmd->se_sess nexus.
Note a valid se_cmd->se_sess is also required for future support
of WRITE_INSERT and READ_STRIP software emulation when submitting
backend I/O to se_device that exposes T10-PI suport.
Reported-by: Alex Gorbachev <ag@iss-integration.com>
Tested-by: Alex Gorbachev <ag@iss-integration.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Doug Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/target_core_xcopy.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/target/target_core_xcopy.c
+++ b/drivers/target/target_core_xcopy.c
@@ -450,6 +450,8 @@ int target_xcopy_setup_pt(void)
memset(&xcopy_pt_sess, 0, sizeof(struct se_session));
INIT_LIST_HEAD(&xcopy_pt_sess.sess_list);
INIT_LIST_HEAD(&xcopy_pt_sess.sess_acl_list);
+ INIT_LIST_HEAD(&xcopy_pt_sess.sess_cmd_list);
+ spin_lock_init(&xcopy_pt_sess.sess_cmd_lock);
xcopy_pt_nacl.se_tpg = &xcopy_pt_tpg;
xcopy_pt_nacl.nacl_sess = &xcopy_pt_sess;
@@ -644,7 +646,7 @@ static int target_xcopy_read_source(
pr_debug("XCOPY: Built READ_16: LBA: %llu Sectors: %u Length: %u\n",
(unsigned long long)src_lba, src_sectors, length);
- transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, NULL, length,
+ transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, &xcopy_pt_sess, length,
DMA_FROM_DEVICE, 0, &xpt_cmd->sense_buffer[0]);
xop->src_pt_cmd = xpt_cmd;
@@ -704,7 +706,7 @@ static int target_xcopy_write_destinatio
pr_debug("XCOPY: Built WRITE_16: LBA: %llu Sectors: %u Length: %u\n",
(unsigned long long)dst_lba, dst_sectors, length);
- transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, NULL, length,
+ transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, &xcopy_pt_sess, length,
DMA_TO_DEVICE, 0, &xpt_cmd->sense_buffer[0]);
xop->dst_pt_cmd = xpt_cmd;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 019/258] target: Fix PR registration + APTPL RCU conversion regression
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 018/258] target: Attach EXTENDED_COPY local I/O descriptors to xcopy_pt_sess Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 020/258] iser-target: remove command with state ISTATE_REMOVE Greg Kroah-Hartman
` (222 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Scott L. Lykens, Christoph Hellwig,
Hannes Reinecke, Lee Duncan, Nicholas Bellinger
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 3ccd6e83df8a0d4a664edeecc453c4fa046395fb upstream.
This patch fixes a v4.2+ regression introduced by commit 79dc9c9e86
where lookup of t10_pr_registration->pr_reg_deve and associated
->pr_kref get was missing from __core_scsi3_do_alloc_registration(),
which is responsible for setting DEF_PR_REG_ACTIVE.
This would result in REGISTER operations completing successfully,
but subsequent core_scsi3_pr_seq_non_holder() checking would fail
with !DEF_PR_REG_ACTIVE -> RESERVATION CONFLICT status.
Update __core_scsi3_add_registration() to drop ->pr_kref reference
after registration and any optional ALL_TG_PT=1 processing has
completed. Update core_scsi3_decode_spec_i_port() to release
the new parent local_pr_reg->pr_kref as well.
Also, update __core_scsi3_check_aptpl_registration() to perform
the same target_nacl_find_deve() lookup + ->pr_kref get, now that
__core_scsi3_add_registration() expects to drop the reference.
Finally, since there are cases when se_dev_entry->se_lun_acl can
still be dereferenced in core_scsi3_lunacl_undepend_item() while
holding ->pr_kref, go ahead and move explicit rcu_assign_pointer()
NULL assignments within core_disable_device_list_for_node() until
after orig->pr_comp finishes.
Reported-by: Scott L. Lykens <scott@lykens.org>
Tested-by: Scott L. Lykens <scott@lykens.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Lee Duncan <lduncan@suse.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/target_core_device.c | 5 +
drivers/target/target_core_pr.c | 91 ++++++++++++++++++++++++++----------
2 files changed, 70 insertions(+), 26 deletions(-)
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -427,8 +427,6 @@ void core_disable_device_list_for_node(
hlist_del_rcu(&orig->link);
clear_bit(DEF_PR_REG_ACTIVE, &orig->deve_flags);
- rcu_assign_pointer(orig->se_lun, NULL);
- rcu_assign_pointer(orig->se_lun_acl, NULL);
orig->lun_flags = 0;
orig->creation_time = 0;
orig->attach_count--;
@@ -439,6 +437,9 @@ void core_disable_device_list_for_node(
kref_put(&orig->pr_kref, target_pr_kref_release);
wait_for_completion(&orig->pr_comp);
+ rcu_assign_pointer(orig->se_lun, NULL);
+ rcu_assign_pointer(orig->se_lun_acl, NULL);
+
kfree_rcu(orig, rcu_head);
core_scsi3_free_pr_reg_from_nacl(dev, nacl);
--- a/drivers/target/target_core_pr.c
+++ b/drivers/target/target_core_pr.c
@@ -618,7 +618,7 @@ static struct t10_pr_registration *__cor
struct se_device *dev,
struct se_node_acl *nacl,
struct se_lun *lun,
- struct se_dev_entry *deve,
+ struct se_dev_entry *dest_deve,
u64 mapped_lun,
unsigned char *isid,
u64 sa_res_key,
@@ -640,7 +640,29 @@ static struct t10_pr_registration *__cor
INIT_LIST_HEAD(&pr_reg->pr_reg_atp_mem_list);
atomic_set(&pr_reg->pr_res_holders, 0);
pr_reg->pr_reg_nacl = nacl;
- pr_reg->pr_reg_deve = deve;
+ /*
+ * For destination registrations for ALL_TG_PT=1 and SPEC_I_PT=1,
+ * the se_dev_entry->pr_ref will have been already obtained by
+ * core_get_se_deve_from_rtpi() or __core_scsi3_alloc_registration().
+ *
+ * Otherwise, locate se_dev_entry now and obtain a reference until
+ * registration completes in __core_scsi3_add_registration().
+ */
+ if (dest_deve) {
+ pr_reg->pr_reg_deve = dest_deve;
+ } else {
+ rcu_read_lock();
+ pr_reg->pr_reg_deve = target_nacl_find_deve(nacl, mapped_lun);
+ if (!pr_reg->pr_reg_deve) {
+ rcu_read_unlock();
+ pr_err("Unable to locate PR deve %s mapped_lun: %llu\n",
+ nacl->initiatorname, mapped_lun);
+ kmem_cache_free(t10_pr_reg_cache, pr_reg);
+ return NULL;
+ }
+ kref_get(&pr_reg->pr_reg_deve->pr_kref);
+ rcu_read_unlock();
+ }
pr_reg->pr_res_mapped_lun = mapped_lun;
pr_reg->pr_aptpl_target_lun = lun->unpacked_lun;
pr_reg->tg_pt_sep_rtpi = lun->lun_rtpi;
@@ -936,17 +958,29 @@ static int __core_scsi3_check_aptpl_regi
!(strcmp(pr_reg->pr_tport, t_port)) &&
(pr_reg->pr_reg_tpgt == tpgt) &&
(pr_reg->pr_aptpl_target_lun == target_lun)) {
+ /*
+ * Obtain the ->pr_reg_deve pointer + reference, that
+ * is released by __core_scsi3_add_registration() below.
+ */
+ rcu_read_lock();
+ pr_reg->pr_reg_deve = target_nacl_find_deve(nacl, mapped_lun);
+ if (!pr_reg->pr_reg_deve) {
+ pr_err("Unable to locate PR APTPL %s mapped_lun:"
+ " %llu\n", nacl->initiatorname, mapped_lun);
+ rcu_read_unlock();
+ continue;
+ }
+ kref_get(&pr_reg->pr_reg_deve->pr_kref);
+ rcu_read_unlock();
pr_reg->pr_reg_nacl = nacl;
pr_reg->tg_pt_sep_rtpi = lun->lun_rtpi;
-
list_del(&pr_reg->pr_reg_aptpl_list);
spin_unlock(&pr_tmpl->aptpl_reg_lock);
/*
* At this point all of the pointers in *pr_reg will
* be setup, so go ahead and add the registration.
*/
-
__core_scsi3_add_registration(dev, nacl, pr_reg, 0, 0);
/*
* If this registration is the reservation holder,
@@ -1044,18 +1078,11 @@ static void __core_scsi3_add_registratio
__core_scsi3_dump_registration(tfo, dev, nacl, pr_reg, register_type);
spin_unlock(&pr_tmpl->registration_lock);
-
- rcu_read_lock();
- deve = pr_reg->pr_reg_deve;
- if (deve)
- set_bit(DEF_PR_REG_ACTIVE, &deve->deve_flags);
- rcu_read_unlock();
-
/*
* Skip extra processing for ALL_TG_PT=0 or REGISTER_AND_MOVE.
*/
if (!pr_reg->pr_reg_all_tg_pt || register_move)
- return;
+ goto out;
/*
* Walk pr_reg->pr_reg_atp_list and add registrations for ALL_TG_PT=1
* allocated in __core_scsi3_alloc_registration()
@@ -1075,19 +1102,31 @@ static void __core_scsi3_add_registratio
__core_scsi3_dump_registration(tfo, dev, nacl_tmp, pr_reg_tmp,
register_type);
spin_unlock(&pr_tmpl->registration_lock);
-
+ /*
+ * Drop configfs group dependency reference and deve->pr_kref
+ * obtained from __core_scsi3_alloc_registration() code.
+ */
rcu_read_lock();
deve = pr_reg_tmp->pr_reg_deve;
- if (deve)
+ if (deve) {
set_bit(DEF_PR_REG_ACTIVE, &deve->deve_flags);
+ core_scsi3_lunacl_undepend_item(deve);
+ pr_reg_tmp->pr_reg_deve = NULL;
+ }
rcu_read_unlock();
-
- /*
- * Drop configfs group dependency reference from
- * __core_scsi3_alloc_registration()
- */
- core_scsi3_lunacl_undepend_item(pr_reg_tmp->pr_reg_deve);
}
+out:
+ /*
+ * Drop deve->pr_kref obtained in __core_scsi3_do_alloc_registration()
+ */
+ rcu_read_lock();
+ deve = pr_reg->pr_reg_deve;
+ if (deve) {
+ set_bit(DEF_PR_REG_ACTIVE, &deve->deve_flags);
+ kref_put(&deve->pr_kref, target_pr_kref_release);
+ pr_reg->pr_reg_deve = NULL;
+ }
+ rcu_read_unlock();
}
static int core_scsi3_alloc_registration(
@@ -1785,9 +1824,11 @@ core_scsi3_decode_spec_i_port(
dest_node_acl->initiatorname, i_buf, (dest_se_deve) ?
dest_se_deve->mapped_lun : 0);
- if (!dest_se_deve)
+ if (!dest_se_deve) {
+ kref_put(&local_pr_reg->pr_reg_deve->pr_kref,
+ target_pr_kref_release);
continue;
-
+ }
core_scsi3_lunacl_undepend_item(dest_se_deve);
core_scsi3_nodeacl_undepend_item(dest_node_acl);
core_scsi3_tpg_undepend_item(dest_tpg);
@@ -1823,9 +1864,11 @@ out:
kmem_cache_free(t10_pr_reg_cache, dest_pr_reg);
- if (!dest_se_deve)
+ if (!dest_se_deve) {
+ kref_put(&local_pr_reg->pr_reg_deve->pr_kref,
+ target_pr_kref_release);
continue;
-
+ }
core_scsi3_lunacl_undepend_item(dest_se_deve);
core_scsi3_nodeacl_undepend_item(dest_node_acl);
core_scsi3_tpg_undepend_item(dest_tpg);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 020/258] iser-target: remove command with state ISTATE_REMOVE
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 019/258] target: Fix PR registration + APTPL RCU conversion regression Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 021/258] iser-target: Put the reference on commands waiting for unsol data Greg Kroah-Hartman
` (221 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jenny Derzhavetz, Sagi Grimberg,
Nicholas Bellinger
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jenny Derzhavetz <jennyf@mellanox.com>
commit a4c15cd957cbd728f685645de7a150df5912591a upstream.
As documented in iscsit_sequence_cmd:
/*
* Existing callers for iscsit_sequence_cmd() will silently
* ignore commands with CMDSN_LOWER_THAN_EXP, so force this
* return for CMDSN_MAXCMDSN_OVERRUN as well..
*/
We need to silently finish a command when it's in ISTATE_REMOVE.
This fixes an teardown hang we were seeing where a mis-behaved
initiator (triggered by allocation error injections) sent us a
cmdsn which was lower than expected.
Signed-off-by: Jenny Derzhavetz <jennyf@mellanox.com>
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -3012,9 +3012,16 @@ isert_get_dataout(struct iscsi_conn *con
static int
isert_immediate_queue(struct iscsi_conn *conn, struct iscsi_cmd *cmd, int state)
{
- int ret;
+ struct isert_cmd *isert_cmd = iscsit_priv_cmd(cmd);
+ int ret = 0;
switch (state) {
+ case ISTATE_REMOVE:
+ spin_lock_bh(&conn->cmd_lock);
+ list_del_init(&cmd->i_conn_node);
+ spin_unlock_bh(&conn->cmd_lock);
+ isert_put_cmd(isert_cmd, true);
+ break;
case ISTATE_SEND_NOPIN_WANT_RESPONSE:
ret = isert_put_nopin(cmd, conn, false);
break;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 021/258] iser-target: Put the reference on commands waiting for unsol data
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 020/258] iser-target: remove command with state ISTATE_REMOVE Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models Greg Kroah-Hartman
` (220 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jenny Derzhavetz, Sagi Grimberg,
Nicholas Bellinger
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jenny Derzhavetz <jennyf@mellanox.com>
commit 3e03c4b01da3e6a5f3081eb0aa252490fe83e352 upstream.
The iscsi target core teardown sequence calls wait_conn for
all active commands to finish gracefully by:
- move the queue-pair to error state
- drain all the completions
- wait for the core to finish handling all session commands
However, when tearing down a session while there are sequenced
commands that are still waiting for unsolicited data outs, we can
block forever as these are missing an extra reference put.
We basically need the equivalent of iscsit_free_queue_reqs_for_conn()
which is called after wait_conn has returned. Address this by an
explicit walk on conn_cmd_list and put the extra reference.
Signed-off-by: Jenny Derzhavetz <jennyf@mellanox.com>
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 38 +++++++++++++++++++++++++++++++-
1 file changed, 37 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -3386,6 +3386,41 @@ isert_wait4flush(struct isert_conn *iser
wait_for_completion(&isert_conn->wait_comp_err);
}
+/**
+ * isert_put_unsol_pending_cmds() - Drop commands waiting for
+ * unsolicitate dataout
+ * @conn: iscsi connection
+ *
+ * We might still have commands that are waiting for unsolicited
+ * dataouts messages. We must put the extra reference on those
+ * before blocking on the target_wait_for_session_cmds
+ */
+static void
+isert_put_unsol_pending_cmds(struct iscsi_conn *conn)
+{
+ struct iscsi_cmd *cmd, *tmp;
+ static LIST_HEAD(drop_cmd_list);
+
+ spin_lock_bh(&conn->cmd_lock);
+ list_for_each_entry_safe(cmd, tmp, &conn->conn_cmd_list, i_conn_node) {
+ if ((cmd->cmd_flags & ICF_NON_IMMEDIATE_UNSOLICITED_DATA) &&
+ (cmd->write_data_done < conn->sess->sess_ops->FirstBurstLength) &&
+ (cmd->write_data_done < cmd->se_cmd.data_length))
+ list_move_tail(&cmd->i_conn_node, &drop_cmd_list);
+ }
+ spin_unlock_bh(&conn->cmd_lock);
+
+ list_for_each_entry_safe(cmd, tmp, &drop_cmd_list, i_conn_node) {
+ list_del_init(&cmd->i_conn_node);
+ if (cmd->i_state != ISTATE_REMOVE) {
+ struct isert_cmd *isert_cmd = iscsit_priv_cmd(cmd);
+
+ isert_info("conn %p dropping cmd %p\n", conn, cmd);
+ isert_put_cmd(isert_cmd, true);
+ }
+ }
+}
+
static void isert_wait_conn(struct iscsi_conn *conn)
{
struct isert_conn *isert_conn = conn->context;
@@ -3404,8 +3439,9 @@ static void isert_wait_conn(struct iscsi
isert_conn_terminate(isert_conn);
mutex_unlock(&isert_conn->mutex);
- isert_wait4cmds(conn);
isert_wait4flush(isert_conn);
+ isert_put_unsol_pending_cmds(conn);
+ isert_wait4cmds(conn);
isert_wait4logout(isert_conn);
queue_work(isert_release_wq, &isert_conn->release_work);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 021/258] iser-target: Put the reference on commands waiting for unsol data Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-19 23:32 ` Ben Hutchings
2015-10-18 1:55 ` [PATCH 4.2 023/258] perf/x86/intel: Fix constraint access Greg Kroah-Hartman
` (219 subsequent siblings)
238 siblings, 1 reply; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Azael Avalos, Darren Hart
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Azael Avalos <coproscefalo@gmail.com>
commit 53147b6cabee5e8d1997b5682fcc0c3b72ddf9c2 upstream.
Commit a2b3471b5b13 ("toshiba_acpi: Use the Hotkey Event Type function
for keymap choosing") changed the *setup_keyboard function to query for
the Hotkey Event Type to help choose the correct keymap, but turns out
that here are certain Toshiba models out there not implementing this
feature, and thus, failing to continue the input device registration and
leaving such laptops without hotkey support.
This patch changes such check, and instead of returning an error if
the Hotkey Event Type is not present, we simply inform userspace about it,
changing the message printed from err to notice, making the function
responsible for registering the input device to continue.
This issue was found on a Toshiba Portege Z30-B, but there might be
some other models out there affected by this regression as well.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/toshiba_acpi.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/drivers/platform/x86/toshiba_acpi.c
+++ b/drivers/platform/x86/toshiba_acpi.c
@@ -2408,11 +2408,9 @@ static int toshiba_acpi_setup_keyboard(s
if (error)
return error;
- error = toshiba_hotkey_event_type_get(dev, &events_type);
- if (error) {
- pr_err("Unable to query Hotkey Event Type\n");
- return error;
- }
+ if (toshiba_hotkey_event_type_get(dev, &events_type))
+ pr_notice("Unable to query Hotkey Event Type\n");
+
dev->hotkey_event_type = events_type;
dev->hotkey_dev = input_allocate_device();
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 023/258] perf/x86/intel: Fix constraint access
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 024/258] locking/qspinlock/x86: Fix performance regression under unaccelerated VMs Greg Kroah-Hartman
` (218 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephane Eranian, Sasha Levin,
Peter Zijlstra (Intel), Linus Torvalds, Thomas Gleixner,
Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
commit ebfb4988f0378e2ac3b4a0aa1ea20d724293f392 upstream.
Sasha reported that we can get here with .idx==-1, and
cpuc->event_constraints unallocated.
Suggested-by: Stephane Eranian <eranian@google.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: b371b5943178 ("perf/x86: Fix event/group validation")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/perf_event_intel.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -2102,9 +2102,12 @@ static struct event_constraint *
intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
struct perf_event *event)
{
- struct event_constraint *c1 = cpuc->event_constraint[idx];
+ struct event_constraint *c1 = NULL;
struct event_constraint *c2;
+ if (idx >= 0) /* fake does < 0 */
+ c1 = cpuc->event_constraint[idx];
+
/*
* first time only
* - static constraint: no change across incremental scheduling calls
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 024/258] locking/qspinlock/x86: Fix performance regression under unaccelerated VMs
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 023/258] perf/x86/intel: Fix constraint access Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 025/258] locking/qspinlock/x86: Only emit the test-and-set fallback when building guest support Greg Kroah-Hartman
` (217 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Dave Chinner,
Peter Zijlstra (Intel), Thomas Gleixner, Waiman Long, Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
commit 43b3f02899f74ae9914a39547cc5492156f0027a upstream.
Dave ran into horrible performance on a VM without PARAVIRT_SPINLOCKS
set and Linus noted that the test-and-set implementation was retarded.
One should spin on the variable with a load, not a RMW.
While there, remove 'queued' from the name, as the lock isn't queued
at all, but a simple test-and-set.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Dave Chinner <david@fromorbit.com>
Tested-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Waiman Long <Waiman.Long@hp.com>
Link: http://lkml.kernel.org/r/20150904152523.GR18673@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/arch/x86/include/asm/qspinlock.h b/arch/x86/include/asm/qspinlock.h
index 9d51fae1cba3..8dde3bdc4a05 100644
--- a/arch/x86/include/asm/qspinlock.h
+++ b/arch/x86/include/asm/qspinlock.h
@@ -39,15 +39,23 @@ static inline void queued_spin_unlock(struct qspinlock *lock)
}
#endif
-#define virt_queued_spin_lock virt_queued_spin_lock
+#define virt_spin_lock virt_spin_lock
-static inline bool virt_queued_spin_lock(struct qspinlock *lock)
+static inline bool virt_spin_lock(struct qspinlock *lock)
{
if (!static_cpu_has(X86_FEATURE_HYPERVISOR))
return false;
- while (atomic_cmpxchg(&lock->val, 0, _Q_LOCKED_VAL) != 0)
- cpu_relax();
+ /*
+ * On hypervisors without PARAVIRT_SPINLOCKS support we fall
+ * back to a Test-and-Set spinlock, because fair locks have
+ * horrible lock 'holder' preemption issues.
+ */
+
+ do {
+ while (atomic_read(&lock->val) != 0)
+ cpu_relax();
+ } while (atomic_cmpxchg(&lock->val, 0, _Q_LOCKED_VAL) != 0);
return true;
}
diff --git a/include/asm-generic/qspinlock.h b/include/asm-generic/qspinlock.h
index 83bfb87f5bf1..e2aadbc7151f 100644
--- a/include/asm-generic/qspinlock.h
+++ b/include/asm-generic/qspinlock.h
@@ -111,8 +111,8 @@ static inline void queued_spin_unlock_wait(struct qspinlock *lock)
cpu_relax();
}
-#ifndef virt_queued_spin_lock
-static __always_inline bool virt_queued_spin_lock(struct qspinlock *lock)
+#ifndef virt_spin_lock
+static __always_inline bool virt_spin_lock(struct qspinlock *lock)
{
return false;
}
diff --git a/kernel/locking/qspinlock.c b/kernel/locking/qspinlock.c
index 337c8818541d..87e9ce6a63c5 100644
--- a/kernel/locking/qspinlock.c
+++ b/kernel/locking/qspinlock.c
@@ -289,7 +289,7 @@ void queued_spin_lock_slowpath(struct qspinlock *lock, u32 val)
if (pv_enabled())
goto queue;
- if (virt_queued_spin_lock(lock))
+ if (virt_spin_lock(lock))
return;
/*
^ permalink raw reply related [flat|nested] 246+ messages in thread
* [PATCH 4.2 025/258] locking/qspinlock/x86: Only emit the test-and-set fallback when building guest support
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 024/258] locking/qspinlock/x86: Fix performance regression under unaccelerated VMs Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 026/258] perf tools: Fix copying of /proc/kcore Greg Kroah-Hartman
` (216 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Torvalds,
Peter Zijlstra (Intel), Thomas Gleixner, Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
commit a6b277857fd2c990bc208ca1958d3f34d26052f7 upstream.
Only emit the test-and-set fallback for Hypervisors lacking
PARAVIRT_SPINLOCKS support when building for guests.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/arch/x86/include/asm/qspinlock.h b/arch/x86/include/asm/qspinlock.h
index 8dde3bdc4a05..eaba08076030 100644
--- a/arch/x86/include/asm/qspinlock.h
+++ b/arch/x86/include/asm/qspinlock.h
@@ -39,8 +39,8 @@ static inline void queued_spin_unlock(struct qspinlock *lock)
}
#endif
+#ifdef CONFIG_PARAVIRT
#define virt_spin_lock virt_spin_lock
-
static inline bool virt_spin_lock(struct qspinlock *lock)
{
if (!static_cpu_has(X86_FEATURE_HYPERVISOR))
@@ -59,6 +59,7 @@ static inline bool virt_spin_lock(struct qspinlock *lock)
return true;
}
+#endif /* CONFIG_PARAVIRT */
#include <asm-generic/qspinlock.h>
^ permalink raw reply related [flat|nested] 246+ messages in thread
* [PATCH 4.2 026/258] perf tools: Fix copying of /proc/kcore
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 025/258] locking/qspinlock/x86: Only emit the test-and-set fallback when building guest support Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 027/258] ARM: 8401/1: perf: Set affinity for PPI based PMUs Greg Kroah-Hartman
` (215 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adrian Hunter <adrian.hunter@intel.com>
commit b5cabbcbd157a4bf5a92dfc85134999a3b55342d upstream.
A copy of /proc/kcore containing the kernel text can be made to the
buildid cache. e.g.
perf buildid-cache -v -k /proc/kcore
To workaround objdump limitations, a copy is also made when annotating
against /proc/kcore.
The copying process stops working from libelf about v1.62 onwards (the
problem was found with v1.63).
The cause is that a call to gelf_getphdr() in kcore__add_phdr() fails
because additional validation has been added to gelf_getphdr().
The use of gelf_getphdr() is a misguided attempt to get default
initialization of the Gelf_Phdr structure. That should not be
necessary because every member of the Gelf_Phdr structure is
subsequently assigned. So just remove the call to gelf_getphdr().
Similarly, a call to gelf_getehdr() in gelf_kcore__init() can be
removed also.
Committer notes:
Note to stable@kernel.org, from Adrian in the cover letter for this
patchkit:
The "Fix copying of /proc/kcore" problem goes back to v3.13 if you think
it is important enough for stable.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Link: http://lkml.kernel.org/r/1443089122-19082-3-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/symbol-elf.c | 33 ++++++++++++---------------------
1 file changed, 12 insertions(+), 21 deletions(-)
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -1260,8 +1260,6 @@ out_close:
static int kcore__init(struct kcore *kcore, char *filename, int elfclass,
bool temp)
{
- GElf_Ehdr *ehdr;
-
kcore->elfclass = elfclass;
if (temp)
@@ -1278,9 +1276,7 @@ static int kcore__init(struct kcore *kco
if (!gelf_newehdr(kcore->elf, elfclass))
goto out_end;
- ehdr = gelf_getehdr(kcore->elf, &kcore->ehdr);
- if (!ehdr)
- goto out_end;
+ memset(&kcore->ehdr, 0, sizeof(GElf_Ehdr));
return 0;
@@ -1337,23 +1333,18 @@ static int kcore__copy_hdr(struct kcore
static int kcore__add_phdr(struct kcore *kcore, int idx, off_t offset,
u64 addr, u64 len)
{
- GElf_Phdr gphdr;
- GElf_Phdr *phdr;
-
- phdr = gelf_getphdr(kcore->elf, idx, &gphdr);
- if (!phdr)
- return -1;
-
- phdr->p_type = PT_LOAD;
- phdr->p_flags = PF_R | PF_W | PF_X;
- phdr->p_offset = offset;
- phdr->p_vaddr = addr;
- phdr->p_paddr = 0;
- phdr->p_filesz = len;
- phdr->p_memsz = len;
- phdr->p_align = page_size;
+ GElf_Phdr phdr = {
+ .p_type = PT_LOAD,
+ .p_flags = PF_R | PF_W | PF_X,
+ .p_offset = offset,
+ .p_vaddr = addr,
+ .p_paddr = 0,
+ .p_filesz = len,
+ .p_memsz = len,
+ .p_align = page_size,
+ };
- if (!gelf_update_phdr(kcore->elf, idx, phdr))
+ if (!gelf_update_phdr(kcore->elf, idx, &phdr))
return -1;
return 0;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 027/258] ARM: 8401/1: perf: Set affinity for PPI based PMUs
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 026/258] perf tools: Fix copying of /proc/kcore Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 028/258] perf hists: Update the column width for the "srcline" sort key Greg Kroah-Hartman
` (214 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Rutland, Stephen Boyd,
Will Deacon, Russell King
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Boyd <sboyd@codeaurora.org>
commit 8ded1e1a92daa96307e4b84b707fee5993bc6047 upstream.
For PPI based PMUs, we bail out early in of_pmu_irq_cfg() without
setting the PMU's supported_cpus bitmap. This causes the
smp_call_function_any() in armv7_probe_num_events() to fail. Set
the bitmap to be all CPUs so that we properly probe PMUs that use
PPIs.
Fixes: cc88116da0d1 ("arm: perf: treat PMUs as CPU affine")
Cc: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/kernel/perf_event.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/arm/kernel/perf_event.c
+++ b/arch/arm/kernel/perf_event.c
@@ -795,8 +795,10 @@ static int of_pmu_irq_cfg(struct arm_pmu
/* Don't bother with PPIs; they're already affine */
irq = platform_get_irq(pdev, 0);
- if (irq >= 0 && irq_is_percpu(irq))
+ if (irq >= 0 && irq_is_percpu(irq)) {
+ cpumask_setall(&pmu->supported_cpus);
return 0;
+ }
irqs = kcalloc(pdev->num_resources, sizeof(*irqs), GFP_KERNEL);
if (!irqs)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 028/258] perf hists: Update the column width for the "srcline" sort key
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 027/258] ARM: 8401/1: perf: Set affinity for PPI based PMUs Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 029/258] perf stat: Get correct cpu id for print_aggr Greg Kroah-Hartman
` (213 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Namhyung Kim, Andi Kleen, Jiri Olsa,
Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
commit e8e6d37e73e6b950c891c780745460b87f4755b6 upstream.
When we introduce a new sort key, we need to update the
hists__calc_col_len() function accordingly, otherwise the width
will be limited to strlen(header).
We can't update it when obtaining a line value for a column (for
instance, in sort__srcline_cmp()), because we reset it all when doing a
resort (see hists__output_recalc_col_len()), so we need to, from what is
in the hist_entry fields, set each of the column widths.
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Fixes: 409a8be61560 ("perf tools: Add sort by src line/number")
Link: http://lkml.kernel.org/n/tip-jgbe0yx8v1gs89cslr93pvz2@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/hist.c | 3 +++
1 file changed, 3 insertions(+)
--- a/tools/perf/util/hist.c
+++ b/tools/perf/util/hist.c
@@ -151,6 +151,9 @@ void hists__calc_col_len(struct hists *h
hists__new_col_len(hists, HISTC_LOCAL_WEIGHT, 12);
hists__new_col_len(hists, HISTC_GLOBAL_WEIGHT, 12);
+ if (h->srcline)
+ hists__new_col_len(hists, HISTC_SRCLINE, strlen(h->srcline));
+
if (h->transaction)
hists__new_col_len(hists, HISTC_TRANSACTION,
hist_entry__transaction_len());
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 029/258] perf stat: Get correct cpu id for print_aggr
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 028/258] perf hists: Update the column width for the "srcline" sort key Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 030/258] perf tools: Add missing forward declaration of struct map to probe-event.h Greg Kroah-Hartman
` (212 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Jiri Olsa,
Stephane Eranian, Adrian Hunter, Andi Kleen, David Ahern,
Namhyung Kim, Peter Zijlstra, Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kan Liang <kan.liang@intel.com>
commit 601083cffb7cabdcc55b8195d732f0f7028570fa upstream.
print_aggr() fails to print per-core/per-socket statistics after commit
582ec0829b3d ("perf stat: Fix per-socket output bug for uncore events")
if events have differnt cpus. Because in print_aggr(), aggr_get_id needs
index (not cpu id) to find core/pkg id. Also, evsel cpu maps should be
used to get aggregated id.
Here is an example:
Counting events cycles,uncore_imc_0/cas_count_read/. (Uncore event has
cpumask 0,18)
$ perf stat -e cycles,uncore_imc_0/cas_count_read/ -C0,18 --per-core sleep 2
Without this patch, it failes to get CPU 18 result.
Performance counter stats for 'CPU(s) 0,18':
S0-C0 1 7526851 cycles
S0-C0 1 1.05 MiB uncore_imc_0/cas_count_read/
S1-C0 0 <not counted> cycles
S1-C0 0 <not counted> MiB uncore_imc_0/cas_count_read/
With this patch, it can get both CPU0 and CPU18 result.
Performance counter stats for 'CPU(s) 0,18':
S0-C0 1 6327768 cycles
S0-C0 1 0.47 MiB uncore_imc_0/cas_count_read/
S1-C0 1 330228 cycles
S1-C0 1 0.29 MiB uncore_imc_0/cas_count_read/
Signed-off-by: Kan Liang <kan.liang@intel.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Stephane Eranian <eranian@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Fixes: 582ec0829b3d ("perf stat: Fix per-socket output bug for uncore events")
Link: http://lkml.kernel.org/r/1435820925-51091-1-git-send-email-kan.liang@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/builtin-stat.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/tools/perf/builtin-stat.c
+++ b/tools/perf/builtin-stat.c
@@ -694,7 +694,7 @@ static void abs_printout(int id, int nr,
static void print_aggr(char *prefix)
{
struct perf_evsel *counter;
- int cpu, cpu2, s, s2, id, nr;
+ int cpu, s, s2, id, nr;
double uval;
u64 ena, run, val;
@@ -707,8 +707,7 @@ static void print_aggr(char *prefix)
val = ena = run = 0;
nr = 0;
for (cpu = 0; cpu < perf_evsel__nr_cpus(counter); cpu++) {
- cpu2 = perf_evsel__cpus(counter)->map[cpu];
- s2 = aggr_get_id(evsel_list->cpus, cpu2);
+ s2 = aggr_get_id(perf_evsel__cpus(counter), cpu);
if (s2 != id)
continue;
val += perf_counts(counter->counts, cpu, 0)->val;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 030/258] perf tools: Add missing forward declaration of struct map to probe-event.h
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 029/258] perf stat: Get correct cpu id for print_aggr Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 031/258] perf tools: Add empty Build files for architectures lacking them Greg Kroah-Hartman
` (211 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Nan, Alexei Starovoitov,
Brendan Gregg, Daniel Borkmann, David Ahern, He Kuang, Jiri Olsa,
Kaixu Xia, Masami Hiramatsu, Namhyung Kim, Peter Zijlstra,
Zefan Li, pi3orama, Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Nan <wangnan0@huawei.com>
commit 5a023b57a8e96327925a39312bccc443a7c540b6 upstream.
Commit 7b6ff0bdbf4f7f429c2116cca92a6d171217449e ("perf probe ppc64le:
Fixup function entry if using kallsyms lookup") adds 'struct map' into
probe-event.h but not forward declares it. This patch fixes it.
Signed-off-by: Wang Nan <wangnan0@huawei.com>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: David Ahern <dsahern@gmail.com>
Cc: He Kuang <hekuang@huawei.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kaixu Xia <xiakaixu@huawei.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Zefan Li <lizefan@huawei.com>
Cc: pi3orama@163.com
Fixes: 7b6ff0bdbf4f ("perf probe ppc64le: Fixup function entry if using kallsyms lookup")
Link: http://lkml.kernel.org/n/1436445342-1402-30-git-send-email-wangnan0@huawei.com
[ No need to include map.h, just forward declare 'struct map' ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/probe-event.h | 2 ++
1 file changed, 2 insertions(+)
--- a/tools/perf/util/probe-event.h
+++ b/tools/perf/util/probe-event.h
@@ -106,6 +106,8 @@ struct variable_list {
struct strlist *vars; /* Available variables */
};
+struct map;
+
/* Command string to events */
extern int parse_perf_probe_command(const char *cmd,
struct perf_probe_event *pev);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 031/258] perf tools: Add empty Build files for architectures lacking them
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 030/258] perf tools: Add missing forward declaration of struct map to probe-event.h Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 032/258] perf tools: Fix parse_events_add_pmu caller Greg Kroah-Hartman
` (210 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Hutchings, Peter Zijlstra,
Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 93df8a1ed6231727c5db94a80b1a6bd5ee67cec3 upstream.
perf currently fails to build on MIPS as there is no
tools/perf/arch/mips/Build file. Adding an empty file fixes this as
there are no MIPS-specific sources to build.
It looks like the same is needed for Alpha and PA-RISC, though I
haven't been able to test those.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: 5e8c0fb6a957 ("perf build: Add arch x86 objects building")
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/1438704627.7315.2.camel@decadent.org.uk
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/arch/alpha/Build | 1 +
tools/perf/arch/mips/Build | 1 +
tools/perf/arch/parisc/Build | 1 +
3 files changed, 3 insertions(+)
--- /dev/null
+++ b/tools/perf/arch/alpha/Build
@@ -0,0 +1 @@
+# empty
--- /dev/null
+++ b/tools/perf/arch/mips/Build
@@ -0,0 +1 @@
+# empty
--- /dev/null
+++ b/tools/perf/arch/parisc/Build
@@ -0,0 +1 @@
+# empty
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 032/258] perf tools: Fix parse_events_add_pmu caller
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 031/258] perf tools: Add empty Build files for architectures lacking them Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 033/258] perf header: Fixup reading of HEADER_NRCPUS feature Greg Kroah-Hartman
` (209 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Olsa, Raphael Beamonte,
David Ahern, Matt Fleming, Namhyung Kim, Peter Zijlstra,
Steven Rostedt, Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
commit 5ad4da4302712fba10624d28cb6c269fee592b69 upstream.
Following commit changed parse_events_add_pmu interface:
36adec85a86f perf tools: Change parse_events_add_pmu interface
but forgot to change one caller. Because of lessen compilation rules for
the bison parser, the compiler did not warn on that.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Cc: Raphael Beamonte <raphael.beamonte@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Steven Rostedt <rostedt@goodmis.org>
Fixes: 36adec85a86f ("perf tools: Change parse_events_add_pmu interface")
Link: http://lkml.kernel.org/r/1441180605-24737-2-git-send-email-jolsa@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/parse-events.y | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/util/parse-events.y
+++ b/tools/perf/util/parse-events.y
@@ -255,7 +255,7 @@ PE_PMU_EVENT_PRE '-' PE_PMU_EVENT_SUF se
list_add_tail(&term->list, head);
ALLOC_LIST(list);
- ABORT_ON(parse_events_add_pmu(list, &data->idx, "cpu", head));
+ ABORT_ON(parse_events_add_pmu(data, list, "cpu", head));
parse_events__free_terms(head);
$$ = list;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 033/258] perf header: Fixup reading of HEADER_NRCPUS feature
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 032/258] perf tools: Fix parse_events_add_pmu caller Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 034/258] perf probe: Use existing routine to look for a kernel module by dso->short_name Greg Kroah-Hartman
` (208 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Namhyung Kim, Adrian Hunter,
Borislav Petkov, David Ahern, Frederic Weisbecker, Jiri Olsa,
Kan Liang, Stephane Eranian, Wang Nan, Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
commit caa470475d9b59eeff093ae650800d34612c4379 upstream.
The original patch introducing this header wrote the number of CPUs available
and online in one order and then swapped those values when reading, fix it.
Before:
# perf record usleep 1
# perf report --header-only | grep 'nrcpus \(online\|avail\)'
# nrcpus online : 4
# nrcpus avail : 4
# echo 0 > /sys/devices/system/cpu/cpu2/online
# perf record usleep 1
# perf report --header-only | grep 'nrcpus \(online\|avail\)'
# nrcpus online : 4
# nrcpus avail : 3
# echo 0 > /sys/devices/system/cpu/cpu1/online
# perf record usleep 1
# perf report --header-only | grep 'nrcpus \(online\|avail\)'
# nrcpus online : 4
# nrcpus avail : 2
After the fix, bringing back the CPUs online:
# perf report --header-only | grep 'nrcpus \(online\|avail\)'
# nrcpus online : 2
# nrcpus avail : 4
# echo 1 > /sys/devices/system/cpu/cpu2/online
# perf record usleep 1
# perf report --header-only | grep 'nrcpus \(online\|avail\)'
# nrcpus online : 3
# nrcpus avail : 4
# echo 1 > /sys/devices/system/cpu/cpu1/online
# perf record usleep 1
# perf report --header-only | grep 'nrcpus \(online\|avail\)'
# nrcpus online : 4
# nrcpus avail : 4
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Wang Nan <wangnan0@huawei.com>
Fixes: fbe96f29ce4b ("perf tools: Make perf.data more self-descriptive (v8)")
Link: http://lkml.kernel.org/r/20150911153323.GP23511@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
| 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -1442,7 +1442,7 @@ static int process_nrcpus(struct perf_fi
if (ph->needs_swap)
nr = bswap_32(nr);
- ph->env.nr_cpus_online = nr;
+ ph->env.nr_cpus_avail = nr;
ret = readn(fd, &nr, sizeof(nr));
if (ret != sizeof(nr))
@@ -1451,7 +1451,7 @@ static int process_nrcpus(struct perf_fi
if (ph->needs_swap)
nr = bswap_32(nr);
- ph->env.nr_cpus_avail = nr;
+ ph->env.nr_cpus_online = nr;
return 0;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 034/258] perf probe: Use existing routine to look for a kernel module by dso->short_name
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 033/258] perf header: Fixup reading of HEADER_NRCPUS feature Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 035/258] ARCv2: [axs103_smp] Reduce clk for SMP FPGA configs Greg Kroah-Hartman
` (207 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Nan, Masami Hiramatsu,
Adrian Hunter, Borislav Petkov, David Ahern, Frederic Weisbecker,
Jiri Olsa, Namhyung Kim, Stephane Eranian,
Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
commit 266fa2b22294909ddf6e7d2f8acfe07adf9fd978 upstream.
We have map_groups__find_by_name() to look at the list of modules that
are in place for a given machine, so use it instead of traversing the
machine dso list, which also includes DSOs for userspace.
When merging the user and kernel DSO lists a bug was introduced where
'perf probe' stopped being able to add probes to modules using its short
name:
# perf probe -m usbnet --add usbnet_start_xmit
usbnet_start_xmit is out of .text, skip it.
Error: Failed to add events.
#
With this fix it works again:
# perf probe -m usbnet --add usbnet_start_xmit
Added new event:
probe:usbnet_start_xmit (on usbnet_start_xmit in usbnet)
You can now use it in all perf tools, such as:
perf record -e probe:usbnet_start_xmit -aR sleep 1
#
Reported-by: Wang Nan <wangnan0@huawei.com>
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Stephane Eranian <eranian@google.com>
Fixes: 3d39ac538629 ("perf machine: No need to have two DSOs lists")
Link: http://lkml.kernel.org/r/20150924015008.GE1897@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/probe-event.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/tools/perf/util/probe-event.c
+++ b/tools/perf/util/probe-event.c
@@ -274,12 +274,13 @@ static int kernel_get_module_dso(const c
int ret = 0;
if (module) {
- list_for_each_entry(dso, &host_machine->dsos.head, node) {
- if (!dso->kernel)
- continue;
- if (strncmp(dso->short_name + 1, module,
- dso->short_name_len - 2) == 0)
- goto found;
+ char module_name[128];
+
+ snprintf(module_name, sizeof(module_name), "[%s]", module);
+ map = map_groups__find_by_name(&host_machine->kmaps, MAP__FUNCTION, module_name);
+ if (map) {
+ dso = map->dso;
+ goto found;
}
pr_debug("Failed to find module %s.\n", module);
return -ENOENT;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 035/258] ARCv2: [axs103_smp] Reduce clk for SMP FPGA configs
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 034/258] perf probe: Use existing routine to look for a kernel module by dso->short_name Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 036/258] watchdog: sunxi: fix activation of system reset Greg Kroah-Hartman
` (206 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vineet Gupta, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vineet Gupta <Vineet.Gupta1@synopsys.com>
commit 3ebb0540c20d6670396ccee9ff6794c095fa9311 upstream.
Newer bitfiles needs the reduced clk even for SMP builds
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/plat-axs10x/axs10x.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/arc/plat-axs10x/axs10x.c
+++ b/arch/arc/plat-axs10x/axs10x.c
@@ -402,6 +402,8 @@ static void __init axs103_early_init(voi
unsigned int num_cores = (read_aux_reg(ARC_REG_MCIP_BCR) >> 16) & 0x3F;
if (num_cores > 2)
arc_set_core_freq(50 * 1000000);
+ else if (num_cores == 2)
+ arc_set_core_freq(75 * 1000000);
#endif
switch (arc_get_core_freq()/1000000) {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 036/258] watchdog: sunxi: fix activation of system reset
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 035/258] ARCv2: [axs103_smp] Reduce clk for SMP FPGA configs Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 037/258] watchdog: imgpdc: Unregister restart handler on remove Greg Kroah-Hartman
` (205 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Francesco Lavra, Maxime Ripard,
Guenter Roeck, Wim Van Sebroeck
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Francesco Lavra <francescolavra.fl@gmail.com>
commit 0919e4445190da18496d31aac08b90828a47d45f upstream.
Commit f2147de33470 ("watchdog: sunxi: support parameterized compatible
strings") introduced a regression in sunxi_wdt_start(), by which
the system reset function of the watchdog is not enabled upon
starting the watchdog. As a result, the system is not reset when the
watchdog expires. Fix it.
Fixes: f2147de33470 ("watchdog: sunxi: support parameterized compatible strings")
Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/watchdog/sunxi_wdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/watchdog/sunxi_wdt.c
+++ b/drivers/watchdog/sunxi_wdt.c
@@ -184,7 +184,7 @@ static int sunxi_wdt_start(struct watchd
/* Set system reset function */
reg = readl(wdt_base + regs->wdt_cfg);
reg &= ~(regs->wdt_reset_mask);
- reg |= ~(regs->wdt_reset_val);
+ reg |= regs->wdt_reset_val;
writel(reg, wdt_base + regs->wdt_cfg);
/* Enable watchdog */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 037/258] watchdog: imgpdc: Unregister restart handler on remove
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 036/258] watchdog: sunxi: fix activation of system reset Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 038/258] sched: access local runqueue directly in single_task_running Greg Kroah-Hartman
` (204 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ariel DAlessandro, Ezequiel Garcia,
Guenter Roeck, Wim Van Sebroeck
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
commit 8a340dbbc4b10fe07a924e91979bfc93e966dd65 upstream.
Commit c631f20068 ("watchdog: imgpdc: Add reboot support") introduced
a restart handler but forgot to unregister it on driver removal. Fix it.
Fixes: c631f20068 ("watchdog: imgpdc: Add reboot support")
Reported-by: Ariel D'Alessandro <ariel@vanguardiasur.com.ar>
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/watchdog/imgpdc_wdt.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/watchdog/imgpdc_wdt.c
+++ b/drivers/watchdog/imgpdc_wdt.c
@@ -316,6 +316,7 @@ static int pdc_wdt_remove(struct platfor
{
struct pdc_wdt_dev *pdc_wdt = platform_get_drvdata(pdev);
+ unregister_restart_handler(&pdc_wdt->restart_handler);
pdc_wdt_stop(&pdc_wdt->wdt_dev);
watchdog_unregister_device(&pdc_wdt->wdt_dev);
clk_disable_unprepare(pdc_wdt->wdt_clk);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 038/258] sched: access local runqueue directly in single_task_running
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 037/258] watchdog: imgpdc: Unregister restart handler on remove Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 039/258] hwmon: (nct6775) Swap STEP_UP_TIME and STEP_DOWN_TIME registers for most chips Greg Kroah-Hartman
` (203 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tim Chen, Peter Zijlstra,
Dominik Dingel, Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dominik Dingel <dingel@linux.vnet.ibm.com>
commit 00cc1633816de8c95f337608a1ea64e228faf771 upstream.
Commit 2ee507c47293 ("sched: Add function single_task_running to let a task
check if it is the only task running on a cpu") referenced the current
runqueue with the smp_processor_id. When CONFIG_DEBUG_PREEMPT is enabled,
that is only allowed if preemption is disabled or the currrent task is
bound to the local cpu (e.g. kernel worker).
With commit f78195129963 ("kvm: add halt_poll_ns module parameter") KVM
calls single_task_running. If CONFIG_DEBUG_PREEMPT is enabled that
generates a lot of kernel messages.
To avoid adding preemption in that cases, as it would limit the usefulness,
we change single_task_running to access directly the cpu local runqueue.
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Fixes: 2ee507c472939db4b146d545352b8a7c79ef47f8
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/core.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2614,13 +2614,20 @@ unsigned long nr_running(void)
/*
* Check if only the current task is running on the cpu.
+ *
+ * Caution: this function does not check that the caller has disabled
+ * preemption, thus the result might have a time-of-check-to-time-of-use
+ * race. The caller is responsible to use it correctly, for example:
+ *
+ * - from a non-preemptable section (of course)
+ *
+ * - from a thread that is bound to a single CPU
+ *
+ * - in a loop with very short iterations (e.g. a polling loop)
*/
bool single_task_running(void)
{
- if (cpu_rq(smp_processor_id())->nr_running == 1)
- return true;
- else
- return false;
+ return raw_rq()->nr_running == 1;
}
EXPORT_SYMBOL(single_task_running);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 039/258] hwmon: (nct6775) Swap STEP_UP_TIME and STEP_DOWN_TIME registers for most chips
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 038/258] sched: access local runqueue directly in single_task_running Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 040/258] ARM: fix Thumb2 signal handling when ARMv6 is enabled Greg Kroah-Hartman
` (202 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grazvydas Ignotas, Jean Delvare,
Guenter Roeck
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
commit 728d29400488d54974d3317fe8a232b45fdb42ee upstream.
The STEP_UP_TIME and STEP_DOWN_TIME registers are swapped for all chips but
NCT6775.
Reported-by: Grazvydas Ignotas <notasas@gmail.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/nct6775.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/drivers/hwmon/nct6775.c
+++ b/drivers/hwmon/nct6775.c
@@ -354,6 +354,10 @@ static const u16 NCT6775_REG_TEMP_CRIT[A
/* NCT6776 specific data */
+/* STEP_UP_TIME and STEP_DOWN_TIME regs are swapped for all chips but NCT6775 */
+#define NCT6776_REG_FAN_STEP_UP_TIME NCT6775_REG_FAN_STEP_DOWN_TIME
+#define NCT6776_REG_FAN_STEP_DOWN_TIME NCT6775_REG_FAN_STEP_UP_TIME
+
static const s8 NCT6776_ALARM_BITS[] = {
0, 1, 2, 3, 8, 21, 20, 16, /* in0.. in7 */
17, -1, -1, -1, -1, -1, -1, /* in8..in14 */
@@ -3528,8 +3532,8 @@ static int nct6775_probe(struct platform
data->REG_FAN_PULSES = NCT6776_REG_FAN_PULSES;
data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
+ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
+ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
data->REG_PWM[0] = NCT6775_REG_PWM;
data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
@@ -3600,8 +3604,8 @@ static int nct6775_probe(struct platform
data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES;
data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
+ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
+ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
data->REG_PWM[0] = NCT6775_REG_PWM;
data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
@@ -3677,8 +3681,8 @@ static int nct6775_probe(struct platform
data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES;
data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
+ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
+ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
data->REG_PWM[0] = NCT6775_REG_PWM;
data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 040/258] ARM: fix Thumb2 signal handling when ARMv6 is enabled
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 039/258] hwmon: (nct6775) Swap STEP_UP_TIME and STEP_DOWN_TIME registers for most chips Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 041/258] ARM: 8429/1: disable GCC SRA optimization Greg Kroah-Hartman
` (201 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Lindgren, H. Nikolaus Schaller,
Grazvydas Ignotas, Russell King
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell King <rmk+kernel@arm.linux.org.uk>
commit 9b55613f42e8d40d5c9ccb8970bde6af4764b2ab upstream.
When a kernel is built covering ARMv6 to ARMv7, we omit to clear the
IT state when entering a signal handler. This can cause the first
few instructions to be conditionally executed depending on the parent
context.
In any case, the original test for >= ARMv7 is broken - ARMv6 can have
Thumb-2 support as well, and an ARMv6T2 specific build would omit this
code too.
Relax the test back to ARMv6 or greater. This results in us always
clearing the IT state bits in the PSR, even on CPUs where these bits
are reserved. However, they're reserved for the IT state, so this
should cause no harm.
Fixes: d71e1352e240 ("Clear the IT state when invoking a Thumb-2 signal handler")
Acked-by: Tony Lindgren <tony@atomide.com>
Tested-by: H. Nikolaus Schaller <hns@goldelico.com>
Tested-by: Grazvydas Ignotas <notasas@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/kernel/signal.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -343,12 +343,17 @@ setup_return(struct pt_regs *regs, struc
*/
thumb = handler & 1;
-#if __LINUX_ARM_ARCH__ >= 7
+#if __LINUX_ARM_ARCH__ >= 6
/*
- * Clear the If-Then Thumb-2 execution state
- * ARM spec requires this to be all 000s in ARM mode
- * Snapdragon S4/Krait misbehaves on a Thumb=>ARM
- * signal transition without this.
+ * Clear the If-Then Thumb-2 execution state. ARM spec
+ * requires this to be all 000s in ARM mode. Snapdragon
+ * S4/Krait misbehaves on a Thumb=>ARM signal transition
+ * without this.
+ *
+ * We must do this whenever we are running on a Thumb-2
+ * capable CPU, which includes ARMv6T2. However, we elect
+ * to do this whenever we're on an ARMv6 or later CPU for
+ * simplicity.
*/
cpsr &= ~PSR_IT_MASK;
#endif
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 041/258] ARM: 8429/1: disable GCC SRA optimization
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 040/258] ARM: fix Thumb2 signal handling when ARMv6 is enabled Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 042/258] windfarm: decrement client count when unregistering Greg Kroah-Hartman
` (200 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Pitre, Ard Biesheuvel,
Russell King
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit a077224fd35b2f7fbc93f14cf67074fc792fbac2 upstream.
While working on the 32-bit ARM port of UEFI, I noticed a strange
corruption in the kernel log. The following snprintf() statement
(in drivers/firmware/efi/efi.c:efi_md_typeattr_format())
snprintf(pos, size, "|%3s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]",
was producing the following output in the log:
| | | | | |WB|WT|WC|UC]
| | | | | |WB|WT|WC|UC]
| | | | | |WB|WT|WC|UC]
|RUN| | | | |WB|WT|WC|UC]*
|RUN| | | | |WB|WT|WC|UC]*
| | | | | |WB|WT|WC|UC]
|RUN| | | | |WB|WT|WC|UC]*
| | | | | |WB|WT|WC|UC]
|RUN| | | | | | | |UC]
|RUN| | | | | | | |UC]
As it turns out, this is caused by incorrect code being emitted for
the string() function in lib/vsprintf.c. The following code
if (!(spec.flags & LEFT)) {
while (len < spec.field_width--) {
if (buf < end)
*buf = ' ';
++buf;
}
}
for (i = 0; i < len; ++i) {
if (buf < end)
*buf = *s;
++buf; ++s;
}
while (len < spec.field_width--) {
if (buf < end)
*buf = ' ';
++buf;
}
when called with len == 0, triggers an issue in the GCC SRA optimization
pass (Scalar Replacement of Aggregates), which handles promotion of signed
struct members incorrectly. This is a known but as yet unresolved issue.
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65932). In this particular
case, it is causing the second while loop to be executed erroneously a
single time, causing the additional space characters to be printed.
So disable the optimization by passing -fno-ipa-sra.
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/Makefile | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -54,6 +54,14 @@ AS += -EL
LD += -EL
endif
+#
+# The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and
+# later may result in code being generated that handles signed short and signed
+# char struct members incorrectly. So disable it.
+# (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65932)
+#
+KBUILD_CFLAGS += $(call cc-option,-fno-ipa-sra)
+
# This selects which instruction set is used.
# Note that GCC does not numerically define an architecture version
# macro, but instead defines a whole series of macros which makes
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 042/258] windfarm: decrement client count when unregistering
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 041/258] ARM: 8429/1: disable GCC SRA optimization Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 043/258] ARM: 8425/1: kgdb: Dont try to stop the machine when setting breakpoints Greg Kroah-Hartman
` (199 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Bolle, Michael Ellerman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Bolle <pebolle@tiscali.nl>
commit fe2b592173ff0274e70dc44d1d28c19bb995aa7c upstream.
wf_unregister_client() increments the client count when a client
unregisters. That is obviously incorrect. Decrement that client count
instead.
Fixes: 75722d3992f5 ("[PATCH] ppc64: Thermal control for SMU based machines")
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/macintosh/windfarm_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/macintosh/windfarm_core.c
+++ b/drivers/macintosh/windfarm_core.c
@@ -435,7 +435,7 @@ int wf_unregister_client(struct notifier
{
mutex_lock(&wf_lock);
blocking_notifier_chain_unregister(&wf_client_list, nb);
- wf_client_count++;
+ wf_client_count--;
if (wf_client_count == 0)
wf_stop_thread();
mutex_unlock(&wf_lock);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 043/258] ARM: 8425/1: kgdb: Dont try to stop the machine when setting breakpoints
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 042/258] windfarm: decrement client count when unregistering Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 044/258] ARM: dts: omap5-uevm.dts: fix i2c5 pinctrl offsets Greg Kroah-Hartman
` (198 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aapo Vienamo, Douglas Anderson,
Stephen Boyd, Kees Cook, Russell King
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Doug Anderson <armlinux@m.disordat.com>
commit 7ae85dc7687c7e7119053d83d02c560ea217b772 upstream.
In (23a4e40 arm: kgdb: Handle read-only text / modules) we moved to
using patch_text() to set breakpoints so that we could handle the case
when we had CONFIG_DEBUG_RODATA. That patch used patch_text().
Unfortunately, patch_text() assumes that we're not in atomic context
when it runs since it needs to grab a mutex and also wait for other
CPUs to stop (which it does with a completion).
This would result in a stack crawl if you had
CONFIG_DEBUG_ATOMIC_SLEEP and tried to set a breakpoint in kgdb. The
crawl looked something like:
BUG: scheduling while atomic: swapper/0/0/0x00010007
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.2.0-rc7-00133-geb63b34 #1073
Hardware name: Rockchip (Device Tree)
(unwind_backtrace) from [<c00133d4>] (show_stack+0x20/0x24)
(show_stack) from [<c05400e8>] (dump_stack+0x84/0xb8)
(dump_stack) from [<c004913c>] (__schedule_bug+0x54/0x6c)
(__schedule_bug) from [<c054065c>] (__schedule+0x80/0x668)
(__schedule) from [<c0540cfc>] (schedule+0xb8/0xd4)
(schedule) from [<c0543a3c>] (schedule_timeout+0x2c/0x234)
(schedule_timeout) from [<c05417c0>] (wait_for_common+0xf4/0x188)
(wait_for_common) from [<c0541874>] (wait_for_completion+0x20/0x24)
(wait_for_completion) from [<c00a0104>] (__stop_cpus+0x58/0x70)
(__stop_cpus) from [<c00a0580>] (stop_cpus+0x3c/0x54)
(stop_cpus) from [<c00a06c4>] (__stop_machine+0xcc/0xe8)
(__stop_machine) from [<c00a0714>] (stop_machine+0x34/0x44)
(stop_machine) from [<c00173e8>] (patch_text+0x28/0x34)
(patch_text) from [<c001733c>] (kgdb_arch_set_breakpoint+0x40/0x4c)
(kgdb_arch_set_breakpoint) from [<c00a0d68>] (kgdb_validate_break_address+0x2c/0x60)
(kgdb_validate_break_address) from [<c00a0e90>] (dbg_set_sw_break+0x1c/0xdc)
(dbg_set_sw_break) from [<c00a2e88>] (gdb_serial_stub+0x9c4/0xba4)
(gdb_serial_stub) from [<c00a11cc>] (kgdb_cpu_enter+0x1f8/0x60c)
(kgdb_cpu_enter) from [<c00a18cc>] (kgdb_handle_exception+0x19c/0x1d0)
(kgdb_handle_exception) from [<c0016f7c>] (kgdb_compiled_brk_fn+0x30/0x3c)
(kgdb_compiled_brk_fn) from [<c00091a4>] (do_undefinstr+0x1a4/0x20c)
(do_undefinstr) from [<c001400c>] (__und_svc_finish+0x0/0x34)
It turns out that when we're in kgdb all the CPUs are stopped anyway
so there's no reason we should be calling patch_text(). We can
instead directly call __patch_text() which assumes that CPUs have
already been stopped.
Fixes: 23a4e4050ba9 ("arm: kgdb: Handle read-only text / modules")
Reported-by: Aapo Vienamo <avienamo@nvidia.com>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/kernel/kgdb.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/arch/arm/kernel/kgdb.c
+++ b/arch/arm/kernel/kgdb.c
@@ -259,15 +259,17 @@ int kgdb_arch_set_breakpoint(struct kgdb
if (err)
return err;
- patch_text((void *)bpt->bpt_addr,
- *(unsigned int *)arch_kgdb_ops.gdb_bpt_instr);
+ /* Machine is already stopped, so we can use __patch_text() directly */
+ __patch_text((void *)bpt->bpt_addr,
+ *(unsigned int *)arch_kgdb_ops.gdb_bpt_instr);
return err;
}
int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
{
- patch_text((void *)bpt->bpt_addr, *(unsigned int *)bpt->saved_instr);
+ /* Machine is already stopped, so we can use __patch_text() directly */
+ __patch_text((void *)bpt->bpt_addr, *(unsigned int *)bpt->saved_instr);
return 0;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 044/258] ARM: dts: omap5-uevm.dts: fix i2c5 pinctrl offsets
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 043/258] ARM: 8425/1: kgdb: Dont try to stop the machine when setting breakpoints Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 045/258] ARM: dts: omap3-beagle: make i2c3, ddc and tfp410 gpio work again Greg Kroah-Hartman
` (197 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Grazvydas Ignotas, Tony Lindgren
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Grazvydas Ignotas <notasas@gmail.com>
commit 1dbdad75074d16c3e3005180f81a01cdc04a7872 upstream.
The i2c5 pinctrl offsets are wrong. If the bootloader doesn't set the
pins up, communication with tca6424a doesn't work (controller timeouts)
and it is not possible to enable HDMI.
Fixes: 9be495c42609 ("ARM: dts: omap5-evm: Add I2c pinctrl data")
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/omap5-uevm.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/boot/dts/omap5-uevm.dts
+++ b/arch/arm/boot/dts/omap5-uevm.dts
@@ -174,8 +174,8 @@
i2c5_pins: pinmux_i2c5_pins {
pinctrl-single,pins = <
- 0x184 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */
- 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */
+ 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */
+ 0x188 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */
>;
};
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 045/258] ARM: dts: omap3-beagle: make i2c3, ddc and tfp410 gpio work again
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 044/258] ARM: dts: omap5-uevm.dts: fix i2c5 pinctrl offsets Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 046/258] ARM: pxa: ssp: Fix build error by removing originally incorrect DT binding Greg Kroah-Hartman
` (196 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Carl Frederik Werner, Tony Lindgren
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carl Frederik Werner <frederik@cfbw.eu>
commit 3a2fa775bd1d0579113666c1a2e37654a34018a0 upstream.
Let's fix pinmux address of gpio 170 used by tfp410 powerdown-gpio.
According to the OMAP35x Technical Reference Manual
CONTROL_PADCONF_I2C3_SDA[15:0] 0x480021C4 mode0: i2c3_sda
CONTROL_PADCONF_I2C3_SDA[31:16] 0x480021C4 mode4: gpio_170
the pinmux address of gpio 170 must be 0x480021C6.
The former wrong address broke i2c3 (used by hdmi ddc), resulting in
kernel message:
omap_i2c 48060000.i2c: controller timed out
Fixes: 8cecf52befd7 ("ARM: omap3-beagle.dts: add display information")
Signed-off-by: Carl Frederik Werner <frederik@cfbw.eu>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/omap3-beagle.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/omap3-beagle.dts
+++ b/arch/arm/boot/dts/omap3-beagle.dts
@@ -202,7 +202,7 @@
tfp410_pins: pinmux_tfp410_pins {
pinctrl-single,pins = <
- 0x194 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */
+ 0x196 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */
>;
};
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 046/258] ARM: pxa: ssp: Fix build error by removing originally incorrect DT binding
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 045/258] ARM: dts: omap3-beagle: make i2c3, ddc and tfp410 gpio work again Greg Kroah-Hartman
@ 2015-10-18 1:55 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 047/258] ARM: EXYNOS: reset Little cores when cpu is up Greg Kroah-Hartman
` (195 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jarkko Nikula, Axel Lin,
Robert Jarzmik
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Nikula <jarkko.nikula@linux.intel.com>
commit b692cb83b14d2f741f513221f5f78042c674c2a9 upstream.
Commit 03fbf488cece ("spi: pxa2xx: Differentiate Intel LPSS types") caused
build error here because it removed the type LPSS_SSP and I didn't notice
the type was used here too.
I believe commit a6e56c28a178 ("ARM: pxa: ssp: add DT bindings") added it
accidentally by copying all enum pxa_ssp_type types from
include/linux/pxa2xx_ssp.h even LPSS_SSP was for Intel LPSS SPI devices.
Fix the build error by removing this incorrect binding.
Fixes: 03fbf488cece ("spi: pxa2xx: Differentiate Intel LPSS types")
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Reported-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/plat-pxa/ssp.c | 1 -
1 file changed, 1 deletion(-)
--- a/arch/arm/plat-pxa/ssp.c
+++ b/arch/arm/plat-pxa/ssp.c
@@ -107,7 +107,6 @@ static const struct of_device_id pxa_ssp
{ .compatible = "mvrl,pxa168-ssp", .data = (void *) PXA168_SSP },
{ .compatible = "mrvl,pxa910-ssp", .data = (void *) PXA910_SSP },
{ .compatible = "mrvl,ce4100-ssp", .data = (void *) CE4100_SSP },
- { .compatible = "mrvl,lpss-ssp", .data = (void *) LPSS_SSP },
{ },
};
MODULE_DEVICE_TABLE(of, pxa_ssp_of_ids);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 047/258] ARM: EXYNOS: reset Little cores when cpu is up
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2015-10-18 1:55 ` [PATCH 4.2 046/258] ARM: pxa: ssp: Fix build error by removing originally incorrect DT binding Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 048/258] ARM: dts: sunxi: Raise minimum CPU voltage for sun7i-a20 to meet SoC specifications Greg Kroah-Hartman
` (194 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Hilman,
Javier Martinez Canillas, Krzysztof Kozlowski, Kevin Hilman,
Chanho Park
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chanho Park <parkch98@gmail.com>
commit 833b5794e3303cc97a0d2d4ba97f26cc9d9b4b79 upstream.
The cpu booting of exynos5422 has been still broken since we discussed
it in last year[1]. This patch is inspired from Odroid XU3
code (Actually, it was from samsung exynos vendor kernel)[2]. This weird
reset code was founded exynos5420 octa cores series SoCs and only
required for the first boot core is the Little core (Cortex A7).
Some of the exynos5420 boards and all of the exynos5422 boards will require
this code.
There is two ways to check the little core is the first cpu. One is
checking GPG2CON[1] GPIO value and the other is checking the cluster
number of the first cpu. I selected the latter because it's more easier
than the former.
[1] http://lists.infradead.org/pipermail/linux-arm-kernel/2015-June/350632.html
[2] https://patchwork.kernel.org/patch/6782891/
Cc: Kevin Hilman <khilman@kernel.org>
Cc: Javier Martinez Canillas <javier@osg.samsung.com>
Cc: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Tested-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Chanho Park <parkch98@gmail.com>
[k.kozlowski: Adding stable for v4.1+, reformat comment]
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-exynos/mcpm-exynos.c | 27 ++++++++++++++++++++++++++-
arch/arm/mach-exynos/regs-pmu.h | 6 ++++++
2 files changed, 32 insertions(+), 1 deletion(-)
--- a/arch/arm/mach-exynos/mcpm-exynos.c
+++ b/arch/arm/mach-exynos/mcpm-exynos.c
@@ -20,6 +20,7 @@
#include <asm/cputype.h>
#include <asm/cp15.h>
#include <asm/mcpm.h>
+#include <asm/smp_plat.h>
#include "regs-pmu.h"
#include "common.h"
@@ -70,7 +71,31 @@ static int exynos_cpu_powerup(unsigned i
cluster >= EXYNOS5420_NR_CLUSTERS)
return -EINVAL;
- exynos_cpu_power_up(cpunr);
+ if (!exynos_cpu_power_state(cpunr)) {
+ exynos_cpu_power_up(cpunr);
+
+ /*
+ * This assumes the cluster number of the big cores(Cortex A15)
+ * is 0 and the Little cores(Cortex A7) is 1.
+ * When the system was booted from the Little core,
+ * they should be reset during power up cpu.
+ */
+ if (cluster &&
+ cluster == MPIDR_AFFINITY_LEVEL(cpu_logical_map(0), 1)) {
+ /*
+ * Before we reset the Little cores, we should wait
+ * the SPARE2 register is set to 1 because the init
+ * codes of the iROM will set the register after
+ * initialization.
+ */
+ while (!pmu_raw_readl(S5P_PMU_SPARE2))
+ udelay(10);
+
+ pmu_raw_writel(EXYNOS5420_KFC_CORE_RESET(cpu),
+ EXYNOS_SWRESET);
+ }
+ }
+
return 0;
}
--- a/arch/arm/mach-exynos/regs-pmu.h
+++ b/arch/arm/mach-exynos/regs-pmu.h
@@ -513,6 +513,12 @@ static inline unsigned int exynos_pmu_cp
#define SPREAD_ENABLE 0xF
#define SPREAD_USE_STANDWFI 0xF
+#define EXYNOS5420_KFC_CORE_RESET0 BIT(8)
+#define EXYNOS5420_KFC_ETM_RESET0 BIT(20)
+
+#define EXYNOS5420_KFC_CORE_RESET(_nr) \
+ ((EXYNOS5420_KFC_CORE_RESET0 | EXYNOS5420_KFC_ETM_RESET0) << (_nr))
+
#define EXYNOS5420_BB_CON1 0x0784
#define EXYNOS5420_BB_SEL_EN BIT(31)
#define EXYNOS5420_BB_PMOS_EN BIT(7)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 048/258] ARM: dts: sunxi: Raise minimum CPU voltage for sun7i-a20 to meet SoC specifications
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 047/258] ARM: EXYNOS: reset Little cores when cpu is up Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 049/258] ARM: dts: Fix wrong clock binding for sysmmu_fimd1_1 on exynos5420 Greg Kroah-Hartman
` (193 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Timo Sigurdsson, Iain Paton,
Maxime Ripard
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Timo Sigurdsson <public_timo.s@silentcreek.de>
commit eaeef1ad9b6ea6df1d1220c254d9563da60cb9d1 upstream.
sun7i-a20.dtsi contains a cpufreq operating point at 0.9 volts. The minimum
CPU voltage for the Allwinner A20 SoC, however, is 1.0 volts. Thus, raise
the voltage for the lowest operating point to 1.0 volts in order to stay
within the SoC specifications. It is an undervolted setting that isn't
stable across all SoCs and boards out there.
Fixes: d96b7161916f ("ARM: dts: sun7i: Add cpu clock reference and operating points to dtsi")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
Acked-by: Iain Paton <ipaton0@gmail.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/sun7i-a20.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/sun7i-a20.dtsi
+++ b/arch/arm/boot/dts/sun7i-a20.dtsi
@@ -107,7 +107,7 @@
720000 1200000
528000 1100000
312000 1000000
- 144000 900000
+ 144000 1000000
>;
#cooling-cells = <2>;
cooling-min-level = <0>;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 049/258] ARM: dts: Fix wrong clock binding for sysmmu_fimd1_1 on exynos5420
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 048/258] ARM: dts: sunxi: Raise minimum CPU voltage for sun7i-a20 to meet SoC specifications Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 050/258] ARM: dts: fix usb pin control for imx-rex dts Greg Kroah-Hartman
` (192 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joonyoung Shim,
Javier Martinez Canillas, Marek Szyprowski, Krzysztof Kozlowski
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joonyoung Shim <jy0922.shim@samsung.com>
commit c7d2ecd9f64c351cb4d551f1f472d0fc09c3cae8 upstream.
The sysmmu_fimd1_1 should bind the clock CLK_SMMU_FIMD1M1, not the clock
CLK_SMMU_FIMD1M0. CLK_SMMU_FIMD1M0 is a clock for the sysmmu_fimd1_0.
This wrong clock binding causes the problem that is blocked in iommu_map
function when IOMMU is enabled and exynos-drm driver tries to allocate
buffer via DMA mapping API on Odroid-XU3 board.
Fixes: b70045167815 ("ARM: dts: add sysmmu nodes for exynos5420")
Signed-off-by: Joonyoung Shim <jy0922.shim@samsung.com>
Reviewed-by: Javier Martinez Canillas <javier@osg.samsung.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos5420.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/exynos5420.dtsi
+++ b/arch/arm/boot/dts/exynos5420.dtsi
@@ -1118,7 +1118,7 @@
interrupt-parent = <&combiner>;
interrupts = <3 0>;
clock-names = "sysmmu", "master";
- clocks = <&clock CLK_SMMU_FIMD1M0>, <&clock CLK_FIMD1>;
+ clocks = <&clock CLK_SMMU_FIMD1M1>, <&clock CLK_FIMD1>;
power-domains = <&disp_pd>;
#iommu-cells = <0>;
};
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 050/258] ARM: dts: fix usb pin control for imx-rex dts
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 049/258] ARM: dts: Fix wrong clock binding for sysmmu_fimd1_1 on exynos5420 Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 051/258] dax: fix O_DIRECT I/O to the last block of a blockdev Greg Kroah-Hartman
` (191 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felipe F. Tonello, Shawn Guo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Felipe F. Tonello" <eu@felipetonello.com>
commit 0af822110871400908d5b6f83a8908c45f881d8f upstream.
This fixes a duplicated pin control causing this error:
imx6q-pinctrl 20e0000.iomuxc: pin MX6Q_PAD_GPIO_1 already
requested by regulators:regulator@2; cannot claim for 2184000.usb
imx6q-pinctrl 20e0000.iomuxc: pin-137 (2184000.usb) status -22
imx6q-pinctrl 20e0000.iomuxc: could not request pin 137
(MX6Q_PAD_GPIO_1) from group usbotggrp on device 20e0000.iomuxc
imx_usb 2184000.usb: Error applying setting, reverse things
back
imx6q-pinctrl 20e0000.iomuxc: pin MX6Q_PAD_EIM_D31 already
requested by regulators:regulator@1; cannot claim for 2184200.usb
imx6q-pinctrl 20e0000.iomuxc: pin-52 (2184200.usb) status -22
imx6q-pinctrl 20e0000.iomuxc: could not request pin 52 (MX6Q_PAD_EIM_D31)
from group usbh1grp on device 20e0000.iomuxc
imx_usb 2184200.usb: Error applying setting, reverse things
back
Signed-off-by: Felipe F. Tonello <eu@felipetonello.com>
Fixes: e2047e33f2bd ("ARM: dts: add initial Rex Pro board support")
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/imx6qdl-rex.dtsi | 2 --
1 file changed, 2 deletions(-)
--- a/arch/arm/boot/dts/imx6qdl-rex.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-rex.dtsi
@@ -35,7 +35,6 @@
compatible = "regulator-fixed";
reg = <1>;
pinctrl-names = "default";
- pinctrl-0 = <&pinctrl_usbh1>;
regulator-name = "usbh1_vbus";
regulator-min-microvolt = <5000000>;
regulator-max-microvolt = <5000000>;
@@ -47,7 +46,6 @@
compatible = "regulator-fixed";
reg = <2>;
pinctrl-names = "default";
- pinctrl-0 = <&pinctrl_usbotg>;
regulator-name = "usb_otg_vbus";
regulator-min-microvolt = <5000000>;
regulator-max-microvolt = <5000000>;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 051/258] dax: fix O_DIRECT I/O to the last block of a blockdev
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 050/258] ARM: dts: fix usb pin control for imx-rex dts Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 052/258] blockdev: dont set S_DAX for misaligned partitions Greg Kroah-Hartman
` (190 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Moyer, Linda Knippers,
Dan Williams
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Moyer <jmoyer@redhat.com>
commit e94f5a2285fc94202a9efb2c687481f29b64132c upstream.
commit bbab37ddc20b (block: Add support for DAX reads/writes to
block devices) caused a regression in mkfs.xfs. That utility
sets the block size of the device to the logical block size
using the BLKBSZSET ioctl, and then issues a single sector read
from the last sector of the device. This results in the dax_io
code trying to do a page-sized read from 512 bytes from the end
of the device. The result is -ERANGE being returned to userspace.
The fix is to align the block to the page size before calling
get_block.
Thanks to willy for simplifying my original patch.
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Tested-by: Linda Knippers <linda.knippers@hp.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dax.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -116,7 +116,8 @@ static ssize_t dax_io(struct inode *inod
unsigned len;
if (pos == max) {
unsigned blkbits = inode->i_blkbits;
- sector_t block = pos >> blkbits;
+ long page = pos >> PAGE_SHIFT;
+ sector_t block = page << (PAGE_SHIFT - blkbits);
unsigned first = pos - (block << blkbits);
long size;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 052/258] blockdev: dont set S_DAX for misaligned partitions
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 051/258] dax: fix O_DIRECT I/O to the last block of a blockdev Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 053/258] block: blkg_destroy_all() should clear q->root_blkg and ->root_rl.blkg Greg Kroah-Hartman
` (189 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Boaz Harrosh, Jeff Moyer,
Dan Williams
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Moyer <jmoyer@redhat.com>
commit f0b2e563bc419df7c1b3d2f494574c25125f6aed upstream.
The dax code doesn't currently support misaligned partitions,
so disable O_DIRECT via dax until such time as that support
materializes.
Suggested-by: Boaz Harrosh <boaz@plexistor.com>
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/block_dev.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1241,6 +1241,13 @@ static int __blkdev_get(struct block_dev
goto out_clear;
}
bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9);
+ /*
+ * If the partition is not aligned on a page
+ * boundary, we can't do dax I/O to it.
+ */
+ if ((bdev->bd_part->start_sect % (PAGE_SIZE / 512)) ||
+ (bdev->bd_part->nr_sects % (PAGE_SIZE / 512)))
+ bdev->bd_inode->i_flags &= ~S_DAX;
}
} else {
if (bdev->bd_contains == bdev) {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 053/258] block: blkg_destroy_all() should clear q->root_blkg and ->root_rl.blkg
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 052/258] blockdev: dont set S_DAX for misaligned partitions Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 054/258] dmaengine: at_xdmac: change block increment addressing mode Greg Kroah-Hartman
` (188 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tejun Heo, Richard W.M. Jones,
Josh Boyer, Jens Axboe
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 6fe810bda0bd9a5d7674fc671fac27b8aa8ec243 upstream.
While making the root blkg unconditional, ec13b1d6f0a0 ("blkcg: always
create the blkcg_gq for the root blkcg") removed the part which clears
q->root_blkg and ->root_rl.blkg during q exit. This leaves the two
pointers dangling after blkg_destroy_all(). blk-throttle exit path
performs blkg traversals and dereferences ->root_blkg and can lead to
the following oops.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000558
IP: [<ffffffff81389746>] __blkg_lookup+0x26/0x70
...
task: ffff88001b4e2580 ti: ffff88001ac0c000 task.ti: ffff88001ac0c000
RIP: 0010:[<ffffffff81389746>] [<ffffffff81389746>] __blkg_lookup+0x26/0x70
...
Call Trace:
[<ffffffff8138d14a>] blk_throtl_drain+0x5a/0x110
[<ffffffff8138a108>] blkcg_drain_queue+0x18/0x20
[<ffffffff81369a70>] __blk_drain_queue+0xc0/0x170
[<ffffffff8136a101>] blk_queue_bypass_start+0x61/0x80
[<ffffffff81388c59>] blkcg_deactivate_policy+0x39/0x100
[<ffffffff8138d328>] blk_throtl_exit+0x38/0x50
[<ffffffff8138a14e>] blkcg_exit_queue+0x3e/0x50
[<ffffffff8137016e>] blk_release_queue+0x1e/0xc0
...
While the bug is a straigh-forward use-after-free bug, it is tricky to
reproduce because blkg release is RCU protected and the rest of exit
path usually finishes before RCU grace period.
This patch fixes the bug by updating blkg_destro_all() to clear
q->root_blkg and ->root_rl.blkg.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: "Richard W.M. Jones" <rjones@redhat.com>
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
Link: http://lkml.kernel.org/g/CA+5PVA5rzQ0s4723n5rHBcxQa9t0cW8BPPBekr_9aMRoWt2aYg@mail.gmail.com
Fixes: ec13b1d6f0a0 ("blkcg: always create the blkcg_gq for the root blkcg")
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-cgroup.c | 3 +++
1 file changed, 3 insertions(+)
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -387,6 +387,9 @@ static void blkg_destroy_all(struct requ
blkg_destroy(blkg);
spin_unlock(&blkcg->lock);
}
+
+ q->root_blkg = NULL;
+ q->root_rl.blkg = NULL;
}
/*
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 054/258] dmaengine: at_xdmac: change block increment addressing mode
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 053/258] block: blkg_destroy_all() should clear q->root_blkg and ->root_rl.blkg Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 055/258] dmaengine: at_xdmac: clean used descriptor Greg Kroah-Hartman
` (187 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Ludovic Desroches,
Vinod Koul
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxime Ripard <maxime.ripard@free-electrons.com>
commit a1cf09031e641d3cceaca4a4dd20ef6a785bc9b3 upstream.
The addressing mode we were using was not only incrementing the address at
each microblock, but also at each data boundary, which was severely slowing
the transfer, without any benefit since we were not using the data stride.
Switch to the micro block increment only in order to get back to an
acceptable performance level.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Fixes: 6007ccb57744 ("dmaengine: xdmac: Add interleaved transfer support")
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -878,14 +878,14 @@ at_xdmac_interleaved_queue_desc(struct d
if (xt->src_inc) {
if (xt->src_sgl)
- chan_cc |= AT_XDMAC_CC_SAM_UBS_DS_AM;
+ chan_cc |= AT_XDMAC_CC_SAM_UBS_AM;
else
chan_cc |= AT_XDMAC_CC_SAM_INCREMENTED_AM;
}
if (xt->dst_inc) {
if (xt->dst_sgl)
- chan_cc |= AT_XDMAC_CC_DAM_UBS_DS_AM;
+ chan_cc |= AT_XDMAC_CC_DAM_UBS_AM;
else
chan_cc |= AT_XDMAC_CC_DAM_INCREMENTED_AM;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 055/258] dmaengine: at_xdmac: clean used descriptor
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 054/258] dmaengine: at_xdmac: change block increment addressing mode Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 056/258] dmaengine: dw: properly read DWC_PARAMS register Greg Kroah-Hartman
` (186 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ludovic Desroches, Vinod Koul
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ludovic Desroches <ludovic.desroches@atmel.com>
commit 0be2136b67067617b36c70e525d7534108361e36 upstream.
When putting back a descriptor to the free descs list, some fields are
not set to 0, it can cause bugs if someone uses it without having this
in mind.
Descriptor are not put back one by one so it is easier to clean
descriptors when we request them.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -455,6 +455,15 @@ static struct at_xdmac_desc *at_xdmac_al
return desc;
}
+void at_xdmac_init_used_desc(struct at_xdmac_desc *desc)
+{
+ memset(&desc->lld, 0, sizeof(desc->lld));
+ INIT_LIST_HEAD(&desc->descs_list);
+ desc->direction = DMA_TRANS_NONE;
+ desc->xfer_size = 0;
+ desc->active_xfer = false;
+}
+
/* Call must be protected by lock. */
static struct at_xdmac_desc *at_xdmac_get_desc(struct at_xdmac_chan *atchan)
{
@@ -466,7 +475,7 @@ static struct at_xdmac_desc *at_xdmac_ge
desc = list_first_entry(&atchan->free_descs_list,
struct at_xdmac_desc, desc_node);
list_del(&desc->desc_node);
- desc->active_xfer = false;
+ at_xdmac_init_used_desc(desc);
}
return desc;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 056/258] dmaengine: dw: properly read DWC_PARAMS register
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 055/258] dmaengine: at_xdmac: clean used descriptor Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 057/258] dmaengine: at_xdmac: fix bug in prep_dma_cyclic Greg Kroah-Hartman
` (185 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yitian.bu, Andy Shevchenko,
Vinod Koul
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 6bea0f6d1c47b07be88dfd93f013ae05fcb3d8bf upstream.
In case we have less than maximum allowed channels (8) and autoconfiguration is
enabled the DWC_PARAMS read is wrong because it uses different arithmetic to
what is needed for channel priority setup.
Re-do the caclulations properly. This now works on AVR32 board well.
Fixes: fed2574b3c9f (dw_dmac: introduce software emulation of LLP transfers)
Cc: yitian.bu@tangramtek.com
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/dw/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/dma/dw/core.c
+++ b/drivers/dma/dw/core.c
@@ -1591,7 +1591,6 @@ int dw_dma_probe(struct dw_dma_chip *chi
INIT_LIST_HEAD(&dw->dma.channels);
for (i = 0; i < nr_channels; i++) {
struct dw_dma_chan *dwc = &dw->chan[i];
- int r = nr_channels - i - 1;
dwc->chan.device = &dw->dma;
dma_cookie_init(&dwc->chan);
@@ -1603,7 +1602,7 @@ int dw_dma_probe(struct dw_dma_chip *chi
/* 7 is highest priority & 0 is lowest. */
if (pdata->chan_priority == CHAN_PRIORITY_ASCENDING)
- dwc->priority = r;
+ dwc->priority = nr_channels - i - 1;
else
dwc->priority = i;
@@ -1622,6 +1621,7 @@ int dw_dma_probe(struct dw_dma_chip *chi
/* Hardware configuration */
if (autocfg) {
unsigned int dwc_params;
+ unsigned int r = DW_DMA_MAX_NR_CHANNELS - i - 1;
void __iomem *addr = chip->regs + r * sizeof(u32);
dwc_params = dma_read_byaddr(addr, DWC_PARAMS);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 057/258] dmaengine: at_xdmac: fix bug in prep_dma_cyclic
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 056/258] dmaengine: dw: properly read DWC_PARAMS register Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 058/258] dmaengine: pxa_dma: fix initial list move Greg Kroah-Hartman
` (184 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ludovic Desroches, Vinod Koul
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ludovic Desroches <ludovic.desroches@atmel.com>
commit e900c30dc1bb0cbc07708e9be1188f531632b2ef upstream.
In cyclic mode, the round chaining has been broken by the introduction
of at_xdmac_queue_desc(): AT_XDMAC_MBR_UBC_NDE is set for all descriptors
excepted for the last one. at_xdmac_queue_desc() has to be called one
more time to chain the last and the first descriptors.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Fixes: 0d0ee751f7f7 ("dmaengine: xdmac: Rework the chaining logic")
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -806,10 +806,7 @@ at_xdmac_prep_dma_cyclic(struct dma_chan
list_add_tail(&desc->desc_node, &first->descs_list);
}
- prev->lld.mbr_nda = first->tx_dma_desc.phys;
- dev_dbg(chan2dev(chan),
- "%s: chain lld: prev=0x%p, mbr_nda=%pad\n",
- __func__, prev, &prev->lld.mbr_nda);
+ at_xdmac_queue_desc(chan, prev, first);
first->tx_dma_desc.flags = flags;
first->xfer_size = buf_len;
first->direction = direction;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 058/258] dmaengine: pxa_dma: fix initial list move
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 057/258] dmaengine: at_xdmac: fix bug in prep_dma_cyclic Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 059/258] pmem: add proper fencing to pmem_rw_page() Greg Kroah-Hartman
` (183 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Jarzmik, Vinod Koul
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robert Jarzmik <robert.jarzmik@free.fr>
commit aebf5a67db8dbacbc624b9c652b81f5460b15eff upstream.
Since the commit to have an allocated list of virtual descriptors was
reverted, the pxa_dma driver is broken, as it assumes the descriptor is
placed on the allocated list upon allocation.
Fix the issue in pxa_dma by making an allocated virtual descriptor a
singleton.
Fixes: 8c8fe97b2b8a ("Revert "dmaengine: virt-dma: don't always free descriptor upon completion"")
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/pxa_dma.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/dma/pxa_dma.c
+++ b/drivers/dma/pxa_dma.c
@@ -888,6 +888,7 @@ pxad_tx_prep(struct virt_dma_chan *vc, s
struct dma_async_tx_descriptor *tx;
struct pxad_chan *chan = container_of(vc, struct pxad_chan, vc);
+ INIT_LIST_HEAD(&vd->node);
tx = vchan_tx_prep(vc, vd, tx_flags);
tx->tx_submit = pxad_tx_submit;
dev_dbg(&chan->vc.chan.dev->device,
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 059/258] pmem: add proper fencing to pmem_rw_page()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 058/258] dmaengine: pxa_dma: fix initial list move Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 060/258] x86/apic: Serialize LVTT and TSC_DEADLINE writes Greg Kroah-Hartman
` (182 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ross Zwisler, Dan Williams
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ross Zwisler <ross.zwisler@linux.intel.com>
commit ba8fe0f85e15d047686caf8a42463b592c63c98c upstream.
pmem_rw_page() needs to call wmb_pmem() on writes to make sure that the
newly written data is durable. This flow was added to pmem_rw_bytes()
and pmem_make_request() with this commit:
commit 61031952f4c8 ("arch, x86: pmem api for ensuring durability of
persistent memory updates")
...the pmem_rw_page() path was missed.
Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvdimm/pmem.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/nvdimm/pmem.c
+++ b/drivers/nvdimm/pmem.c
@@ -86,6 +86,8 @@ static int pmem_rw_page(struct block_dev
struct pmem_device *pmem = bdev->bd_disk->private_data;
pmem_do_bvec(pmem, page, PAGE_CACHE_SIZE, 0, rw, sector);
+ if (rw & WRITE)
+ wmb_pmem();
page_endio(page, rw & WRITE, 0);
return 0;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 060/258] x86/apic: Serialize LVTT and TSC_DEADLINE writes
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 059/258] pmem: add proper fencing to pmem_rw_page() Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 061/258] x86/alternatives: Make optimize_nops() interrupt safe and synced Greg Kroah-Hartman
` (181 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaohua Li, Ingo Molnar, Kernel-team,
lenb, fenghua.yu, Andi Kleen, H. Peter Anvin, Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shaohua Li <shli@fb.com>
commit 5d7c631d926b59aa16f3c56eaeb83f1036c81dc7 upstream.
The APIC LVTT register is MMIO mapped but the TSC_DEADLINE register is an
MSR. The write to the TSC_DEADLINE MSR is not serializing, so it's not
guaranteed that the write to LVTT has reached the APIC before the
TSC_DEADLINE MSR is written. In such a case the write to the MSR is
ignored and as a consequence the local timer interrupt never fires.
The SDM decribes this issue for xAPIC and x2APIC modes. The
serialization methods recommended by the SDM differ.
xAPIC:
"1. Memory-mapped write to LVT Timer Register, setting bits 18:17 to 10b.
2. WRMSR to the IA32_TSC_DEADLINE MSR a value much larger than current time-stamp counter.
3. If RDMSR of the IA32_TSC_DEADLINE MSR returns zero, go to step 2.
4. WRMSR to the IA32_TSC_DEADLINE MSR the desired deadline."
x2APIC:
"To allow for efficient access to the APIC registers in x2APIC mode,
the serializing semantics of WRMSR are relaxed when writing to the
APIC registers. Thus, system software should not use 'WRMSR to APIC
registers in x2APIC mode' as a serializing instruction. Read and write
accesses to the APIC registers will occur in program order. A WRMSR to
an APIC register may complete before all preceding stores are globally
visible; software can prevent this by inserting a serializing
instruction, an SFENCE, or an MFENCE before the WRMSR."
The xAPIC method is to just wait for the memory mapped write to hit
the LVTT by checking whether the MSR write has reached the hardware.
There is no reason why a proper MFENCE after the memory mapped write would
not do the same. Andi Kleen confirmed that MFENCE is sufficient for the
xAPIC case as well.
Issue MFENCE before writing to the TSC_DEADLINE MSR. This can be done
unconditionally as all CPUs which have TSC_DEADLINE also have MFENCE
support.
[ tglx: Massaged the changelog ]
Signed-off-by: Shaohua Li <shli@fb.com>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: <Kernel-team@fb.com>
Cc: <lenb@kernel.org>
Cc: <fenghua.yu@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Link: http://lkml.kernel.org/r/20150909041352.GA2059853@devbig257.prn2.facebook.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/apic/apic.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -336,6 +336,13 @@ static void __setup_APIC_LVTT(unsigned i
apic_write(APIC_LVTT, lvtt_value);
if (lvtt_value & APIC_LVT_TIMER_TSCDEADLINE) {
+ /*
+ * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode,
+ * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized.
+ * According to Intel, MFENCE can do the serialization here.
+ */
+ asm volatile("mfence" : : : "memory");
+
printk_once(KERN_DEBUG "TSC deadline timer enabled\n");
return;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 061/258] x86/alternatives: Make optimize_nops() interrupt safe and synced
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 060/258] x86/apic: Serialize LVTT and TSC_DEADLINE writes Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 062/258] x86/platform: Fix Geode LX timekeeping in the generic x86 build Greg Kroah-Hartman
` (180 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Richard W.M. Jones,
Chuck Ebbert, Borislav Petkov
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit 66c117d7fa2ae429911e60d84bf31a90b2b96189 upstream.
Richard reported the following crash:
[ 0.036000] BUG: unable to handle kernel paging request at 55501e06
[ 0.036000] IP: [<c0aae48b>] common_interrupt+0xb/0x38
[ 0.036000] Call Trace:
[ 0.036000] [<c0409c80>] ? add_nops+0x90/0xa0
[ 0.036000] [<c040a054>] apply_alternatives+0x274/0x630
Chuck decoded:
" 0: 8d 90 90 83 04 24 lea 0x24048390(%eax),%edx
6: 80 fc 0f cmp $0xf,%ah
9: a8 0f test $0xf,%al
>> b: a0 06 1e 50 55 mov 0x55501e06,%al
10: 57 push %edi
11: 56 push %esi
Interrupt 0x30 occurred while the alternatives code was replacing the
initial 0x90,0x90,0x90 NOPs (from the ASM_CLAC macro) with the
optimized version, 0x8d,0x76,0x00. Only the first byte has been
replaced so far, and it makes a mess out of the insn decoding."
optimize_nops() is buggy in two aspects:
- It's not disabling interrupts across the modification
- It's lacking a sync_core() call
Add both.
Fixes: 4fd4b6e5537c 'x86/alternatives: Use optimized NOPs for padding'
Reported-and-tested-by: "Richard W.M. Jones" <rjones@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Richard W.M. Jones <rjones@redhat.com>
Cc: Chuck Ebbert <cebbert.lkml@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1509031232340.15006@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/alternative.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -338,10 +338,15 @@ done:
static void __init_or_module optimize_nops(struct alt_instr *a, u8 *instr)
{
+ unsigned long flags;
+
if (instr[0] != 0x90)
return;
+ local_irq_save(flags);
add_nops(instr + (a->instrlen - a->padlen), a->padlen);
+ sync_core();
+ local_irq_restore(flags);
DUMP_BYTES(instr, a->instrlen, "%p: [%d:%d) optimized NOPs: ",
instr, a->instrlen - a->padlen, a->padlen);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 062/258] x86/platform: Fix Geode LX timekeeping in the generic x86 build
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 061/258] x86/alternatives: Make optimize_nops() interrupt safe and synced Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 063/258] x86/ioapic: Force affinity setting in setup_ioapic_dest() Greg Kroah-Hartman
` (179 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Woodhouse, Andres Salomon,
Linus Torvalds, Marcelo Tosatti, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <dwmw2@infradead.org>
commit 03da3ff1cfcd7774c8780d2547ba0d995f7dc03d upstream.
In 2007, commit 07190a08eef36 ("Mark TSC on GeodeLX reliable")
bypassed verification of the TSC on Geode LX. However, this code
(now in the check_system_tsc_reliable() function in
arch/x86/kernel/tsc.c) was only present if CONFIG_MGEODE_LX was
set.
OpenWRT has recently started building its generic Geode target
for Geode GX, not LX, to include support for additional
platforms. This broke the timekeeping on LX-based devices,
because the TSC wasn't marked as reliable:
https://dev.openwrt.org/ticket/20531
By adding a runtime check on is_geode_lx(), we can also include
the fix if CONFIG_MGEODEGX1 or CONFIG_X86_GENERIC are set, thus
fixing the problem.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Cc: Andres Salomon <dilinger@queued.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Marcelo Tosatti <marcelo@kvack.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1442409003.131189.87.camel@infradead.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/tsc.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -21,6 +21,7 @@
#include <asm/hypervisor.h>
#include <asm/nmi.h>
#include <asm/x86_init.h>
+#include <asm/geode.h>
unsigned int __read_mostly cpu_khz; /* TSC clocks / usec, not used here */
EXPORT_SYMBOL(cpu_khz);
@@ -1013,15 +1014,17 @@ EXPORT_SYMBOL_GPL(mark_tsc_unstable);
static void __init check_system_tsc_reliable(void)
{
-#ifdef CONFIG_MGEODE_LX
- /* RTSC counts during suspend */
+#if defined(CONFIG_MGEODEGX1) || defined(CONFIG_MGEODE_LX) || defined(CONFIG_X86_GENERIC)
+ if (is_geode_lx()) {
+ /* RTSC counts during suspend */
#define RTSC_SUSP 0x100
- unsigned long res_low, res_high;
+ unsigned long res_low, res_high;
- rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
- /* Geode_LX - the OLPC CPU has a very reliable TSC */
- if (res_low & RTSC_SUSP)
- tsc_clocksource_reliable = 1;
+ rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
+ /* Geode_LX - the OLPC CPU has a very reliable TSC */
+ if (res_low & RTSC_SUSP)
+ tsc_clocksource_reliable = 1;
+ }
#endif
if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE))
tsc_clocksource_reliable = 1;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 063/258] x86/ioapic: Force affinity setting in setup_ioapic_dest()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 062/258] x86/platform: Fix Geode LX timekeeping in the generic x86 build Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 064/258] x86/pci/intel_mid_pci: Work around for IRQ0 assignment Greg Kroah-Hartman
` (178 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Jiang Liu,
jarkko.nikula
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit 4857c91f0d195f05908fff296ba1ec5fca87066c upstream.
The recent ioapic cleanups changed the affinity setting in
setup_ioapic_dest() from a direct write to the hardware to the delayed
affinity setup via irq_set_affinity().
That results in a warning from chained_irq_exit():
WARNING: CPU: 0 PID: 5 at kernel/irq/migration.c:32 irq_move_masked_irq
[<ffffffff810a0a88>] irq_move_masked_irq+0xb8/0xc0
[<ffffffff8103c161>] ioapic_ack_level+0x111/0x130
[<ffffffff812bbfe8>] intel_gpio_irq_handler+0x148/0x1c0
The reason is that irq_set_affinity() does not write directly to the
hardware. It marks the affinity setting as pending and executes it
from the next interrupt. The chained handler infrastructure does not
take the irq descriptor lock for performance reasons because such a
chained interrupt is not visible to any interfaces. So the delayed
affinity setting triggers the warning in irq_move_masked_irq().
Restore the old behaviour by calling the set_affinity function of the
ioapic chip in setup_ioapic_dest(). This is safe as none of the
interrupts can be on the fly at this point.
Fixes: aa5cb97f14a2 'x86/irq: Remove x86_io_apic_ops.set_affinity and related interfaces'
Reported-and-tested-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Jiang Liu <jiang.liu@linux.intel.com>
Cc: jarkko.nikula@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/apic/io_apic.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -2522,6 +2522,7 @@ void __init setup_ioapic_dest(void)
int pin, ioapic, irq, irq_entry;
const struct cpumask *mask;
struct irq_data *idata;
+ struct irq_chip *chip;
if (skip_ioapic_setup == 1)
return;
@@ -2545,9 +2546,9 @@ void __init setup_ioapic_dest(void)
else
mask = apic->target_cpus();
- irq_set_affinity(irq, mask);
+ chip = irq_data_get_irq_chip(idata);
+ chip->irq_set_affinity(idata, mask, false);
}
-
}
#endif
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 064/258] x86/pci/intel_mid_pci: Work around for IRQ0 assignment
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 063/258] x86/ioapic: Force affinity setting in setup_ioapic_dest() Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 065/258] x86/paravirt: Replace the paravirt nop with a bona fide empty function Greg Kroah-Hartman
` (177 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Bjorn Helgaas,
Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 39d9b77b8debb4746e189aa5b61ae6e81ec5eab8 upstream.
On Intel Tangier the MMC host controller is wired up to irq 0. But
several other devices have irq 0 associated as well due to a bogus PCI
configuration.
The first initialized driver will acquire irq 0 and make it
unavailable for other devices. If the sdhci driver is not the first
one it will fail to acquire the interrupt and therefor be non
functional.
Add a quirk to the pci irq enable function which denies irq 0 to
anything else than the MMC host controller driver on Tangier
platforms.
Fixes: 90b9aacf912a (serial: 8250_pci: add Intel Tangier support)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Link: http://lkml.kernel.org/r/1438161409-4671-2-git-send-email-andriy.shevchenko@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/pci/intel_mid_pci.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
--- a/arch/x86/pci/intel_mid_pci.c
+++ b/arch/x86/pci/intel_mid_pci.c
@@ -35,6 +35,9 @@
#define PCIE_CAP_OFFSET 0x100
+/* Quirks for the listed devices */
+#define PCI_DEVICE_ID_INTEL_MRFL_MMC 0x1190
+
/* Fixed BAR fields */
#define PCIE_VNDR_CAP_ID_FIXED_BAR 0x00 /* Fixed BAR (TBD) */
#define PCI_FIXED_BAR_0_SIZE 0x04
@@ -214,10 +217,27 @@ static int intel_mid_pci_irq_enable(stru
if (dev->irq_managed && dev->irq > 0)
return 0;
- if (intel_mid_identify_cpu() == INTEL_MID_CPU_CHIP_TANGIER)
+ switch (intel_mid_identify_cpu()) {
+ case INTEL_MID_CPU_CHIP_TANGIER:
polarity = 0; /* active high */
- else
+
+ /* Special treatment for IRQ0 */
+ if (dev->irq == 0) {
+ /*
+ * TNG has IRQ0 assigned to eMMC controller. But there
+ * are also other devices with bogus PCI configuration
+ * that have IRQ0 assigned. This check ensures that
+ * eMMC gets it.
+ */
+ if (dev->device != PCI_DEVICE_ID_INTEL_MRFL_MMC)
+ return -EBUSY;
+ }
+ break;
+ default:
polarity = 1; /* active low */
+ break;
+ }
+
ioapic_set_alloc_attr(&info, dev_to_node(&dev->dev), 1, polarity);
/*
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 065/258] x86/paravirt: Replace the paravirt nop with a bona fide empty function
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 064/258] x86/pci/intel_mid_pci: Work around for IRQ0 assignment Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 066/258] x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code Greg Kroah-Hartman
` (176 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Lutomirski, Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto@kernel.org>
commit fc57a7c68020dcf954428869eafd934c0ab1536f upstream.
PARAVIRT_ADJUST_EXCEPTION_FRAME generates this code (using nmi as an
example, trimmed for readability):
ff 15 00 00 00 00 callq *0x0(%rip) # 2796 <nmi+0x6>
2792: R_X86_64_PC32 pv_irq_ops+0x2c
That's a call through a function pointer to regular C function that
does nothing on native boots, but that function isn't protected
against kprobes, isn't marked notrace, and is certainly not
guaranteed to preserve any registers if the compiler is feeling
perverse. This is bad news for a CLBR_NONE operation.
Of course, if everything works correctly, once paravirt ops are
patched, it gets nopped out, but what if we hit this code before
paravirt ops are patched in? This can potentially cause breakage
that is very difficult to debug.
A more subtle failure is possible here, too: if _paravirt_nop uses
the stack at all (even just to push RBP), it will overwrite the "NMI
executing" variable if it's called in the NMI prologue.
The Xen case, perhaps surprisingly, is fine, because it's already
written in asm.
Fix all of the cases that default to paravirt_nop (including
adjust_exception_frame) with a big hammer: replace paravirt_nop with
an asm function that is just a ret instruction.
The Xen case may have other problems, so document them.
This is part of a fix for some random crashes that Sasha saw.
Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Link: http://lkml.kernel.org/r/8f5d2ba295f9d73751c33d97fda03e0495d9ade0.1442791737.git.luto@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/entry/entry_64.S | 11 +++++++++++
arch/x86/kernel/paravirt.c | 16 ++++++++++++----
2 files changed, 23 insertions(+), 4 deletions(-)
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -1219,7 +1219,18 @@ END(error_exit)
/* Runs on exception stack */
ENTRY(nmi)
+ /*
+ * Fix up the exception frame if we're on Xen.
+ * PARAVIRT_ADJUST_EXCEPTION_FRAME is guaranteed to push at most
+ * one value to the stack on native, so it may clobber the rdx
+ * scratch slot, but it won't clobber any of the important
+ * slots past it.
+ *
+ * Xen is a different story, because the Xen frame itself overlaps
+ * the "NMI executing" variable.
+ */
PARAVIRT_ADJUST_EXCEPTION_FRAME
+
/*
* We allow breakpoints in NMIs. If a breakpoint occurs, then
* the iretq it performs will take us out of NMI context.
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -41,10 +41,18 @@
#include <asm/timer.h>
#include <asm/special_insns.h>
-/* nop stub */
-void _paravirt_nop(void)
-{
-}
+/*
+ * nop stub, which must not clobber anything *including the stack* to
+ * avoid confusing the entry prologues.
+ */
+extern void _paravirt_nop(void);
+asm (".pushsection .entry.text, \"ax\"\n"
+ ".global _paravirt_nop\n"
+ "_paravirt_nop:\n\t"
+ "ret\n\t"
+ ".size _paravirt_nop, . - _paravirt_nop\n\t"
+ ".type _paravirt_nop, @function\n\t"
+ ".popsection");
/* identity function, which can be inlined */
u32 _paravirt_ident_32(u32 x)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 066/258] x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 065/258] x86/paravirt: Replace the paravirt nop with a bona fide empty function Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 067/258] Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS Greg Kroah-Hartman
` (175 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Lutomirski, Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto@kernel.org>
commit 83c133cf11fb0e68a51681447e372489f052d40e upstream.
The NMI entry code that switches to the normal kernel stack needs to
be very careful not to clobber any extra stack slots on the NMI
stack. The code is fine under the assumption that SWAPGS is just a
normal instruction, but that assumption isn't really true. Use
SWAPGS_UNSAFE_STACK instead.
This is part of a fix for some random crashes that Sasha saw.
Fixes: 9b6e6a8334d5 ("x86/nmi/64: Switch stacks on userspace NMI entry")
Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Link: http://lkml.kernel.org/r/974bc40edffdb5c2950a5c4977f821a446b76178.1442791737.git.luto@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/entry/entry_64.S | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -1281,9 +1281,12 @@ ENTRY(nmi)
* we don't want to enable interrupts, because then we'll end
* up in an awkward situation in which IRQs are on but NMIs
* are off.
+ *
+ * We also must not push anything to the stack before switching
+ * stacks lest we corrupt the "NMI executing" variable.
*/
- SWAPGS
+ SWAPGS_UNSAFE_STACK
cld
movq %rsp, %rdx
movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 067/258] Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 066/258] x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 068/258] x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down Greg Kroah-Hartman
` (174 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dirk Mueller, Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Dirk=20M=C3=BCller?= <dmueller@suse.com>
commit d2922422c48df93f3edff7d872ee4f3191fefb08 upstream.
The cpu feature flags are not ever going to change, so warning
everytime can cause a lot of kernel log spam
(in our case more than 10GB/hour).
The warning seems to only occur when nested virtualization is
enabled, so it's probably triggered by a KVM bug. This is a
sensible and safe change anyway, and the KVM bug fix might not
be suitable for stable releases anyway.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -513,7 +513,7 @@ static void skip_emulated_instruction(st
struct vcpu_svm *svm = to_svm(vcpu);
if (svm->vmcb->control.next_rip != 0) {
- WARN_ON(!static_cpu_has(X86_FEATURE_NRIPS));
+ WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
svm->next_rip = svm->vmcb->control.next_rip;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 068/258] x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 067/258] Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 069/258] x86/kexec: Fix kexec crash in syscall kexec_file_load() Greg Kroah-Hartman
` (173 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Matt Fleming,
Borislav Petkov, Chun-Yi, Dave Young, H. Peter Anvin,
James Bottomley, Leif Lindholm, Linus Torvalds, Matthew Garrett,
Mike Galbraith, Peter Jones, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Fleming <matt.fleming@intel.com>
commit a5caa209ba9c29c6421292e7879d2387a2ef39c9 upstream.
Beginning with UEFI v2.5 EFI_PROPERTIES_TABLE was introduced
that signals that the firmware PE/COFF loader supports splitting
code and data sections of PE/COFF images into separate EFI
memory map entries. This allows the kernel to map those regions
with strict memory protections, e.g. EFI_MEMORY_RO for code,
EFI_MEMORY_XP for data, etc.
Unfortunately, an unwritten requirement of this new feature is
that the regions need to be mapped with the same offsets
relative to each other as observed in the EFI memory map. If
this is not done crashes like this may occur,
BUG: unable to handle kernel paging request at fffffffefe6086dd
IP: [<fffffffefe6086dd>] 0xfffffffefe6086dd
Call Trace:
[<ffffffff8104c90e>] efi_call+0x7e/0x100
[<ffffffff81602091>] ? virt_efi_set_variable+0x61/0x90
[<ffffffff8104c583>] efi_delete_dummy_variable+0x63/0x70
[<ffffffff81f4e4aa>] efi_enter_virtual_mode+0x383/0x392
[<ffffffff81f37e1b>] start_kernel+0x38a/0x417
[<ffffffff81f37495>] x86_64_start_reservations+0x2a/0x2c
[<ffffffff81f37582>] x86_64_start_kernel+0xeb/0xef
Here 0xfffffffefe6086dd refers to an address the firmware
expects to be mapped but which the OS never claimed was mapped.
The issue is that included in these regions are relative
addresses to other regions which were emitted by the firmware
toolchain before the "splitting" of sections occurred at
runtime.
Needless to say, we don't satisfy this unwritten requirement on
x86_64 and instead map the EFI memory map entries in reverse
order. The above crash is almost certainly triggerable with any
kernel newer than v3.13 because that's when we rewrote the EFI
runtime region mapping code, in commit d2f7cbe7b26a ("x86/efi:
Runtime services virtual mapping"). For kernel versions before
v3.13 things may work by pure luck depending on the
fragmentation of the kernel virtual address space at the time we
map the EFI regions.
Instead of mapping the EFI memory map entries in reverse order,
where entry N has a higher virtual address than entry N+1, map
them in the same order as they appear in the EFI memory map to
preserve this relative offset between regions.
This patch has been kept as small as possible with the intention
that it should be applied aggressively to stable and
distribution kernels. It is very much a bugfix rather than
support for a new feature, since when EFI_PROPERTIES_TABLE is
enabled we must map things as outlined above to even boot - we
have no way of asking the firmware not to split the code/data
regions.
In fact, this patch doesn't even make use of the more strict
memory protections available in UEFI v2.5. That will come later.
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Chun-Yi <jlee@suse.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: James Bottomley <JBottomley@Odin.com>
Cc: Lee, Chun-Yi <jlee@suse.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Jones <pjones@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Link: http://lkml.kernel.org/r/1443218539-7610-2-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/platform/efi/efi.c | 67 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 66 insertions(+), 1 deletion(-)
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -705,6 +705,70 @@ out:
}
/*
+ * Iterate the EFI memory map in reverse order because the regions
+ * will be mapped top-down. The end result is the same as if we had
+ * mapped things forward, but doesn't require us to change the
+ * existing implementation of efi_map_region().
+ */
+static inline void *efi_map_next_entry_reverse(void *entry)
+{
+ /* Initial call */
+ if (!entry)
+ return memmap.map_end - memmap.desc_size;
+
+ entry -= memmap.desc_size;
+ if (entry < memmap.map)
+ return NULL;
+
+ return entry;
+}
+
+/*
+ * efi_map_next_entry - Return the next EFI memory map descriptor
+ * @entry: Previous EFI memory map descriptor
+ *
+ * This is a helper function to iterate over the EFI memory map, which
+ * we do in different orders depending on the current configuration.
+ *
+ * To begin traversing the memory map @entry must be %NULL.
+ *
+ * Returns %NULL when we reach the end of the memory map.
+ */
+static void *efi_map_next_entry(void *entry)
+{
+ if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
+ /*
+ * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
+ * config table feature requires us to map all entries
+ * in the same order as they appear in the EFI memory
+ * map. That is to say, entry N must have a lower
+ * virtual address than entry N+1. This is because the
+ * firmware toolchain leaves relative references in
+ * the code/data sections, which are split and become
+ * separate EFI memory regions. Mapping things
+ * out-of-order leads to the firmware accessing
+ * unmapped addresses.
+ *
+ * Since we need to map things this way whether or not
+ * the kernel actually makes use of
+ * EFI_PROPERTIES_TABLE, let's just switch to this
+ * scheme by default for 64-bit.
+ */
+ return efi_map_next_entry_reverse(entry);
+ }
+
+ /* Initial call */
+ if (!entry)
+ return memmap.map;
+
+ entry += memmap.desc_size;
+ if (entry >= memmap.map_end)
+ return NULL;
+
+ return entry;
+}
+
+/*
* Map the efi memory ranges of the runtime services and update new_mmap with
* virtual addresses.
*/
@@ -714,7 +778,8 @@ static void * __init efi_map_regions(int
unsigned long left = 0;
efi_memory_desc_t *md;
- for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
+ p = NULL;
+ while ((p = efi_map_next_entry(p))) {
md = p;
if (!(md->attribute & EFI_MEMORY_RUNTIME)) {
#ifdef CONFIG_X86_64
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 069/258] x86/kexec: Fix kexec crash in syscall kexec_file_load()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 068/258] x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 070/258] x86/process: Add proper bound checks in 64bit get_wchan() Greg Kroah-Hartman
` (172 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lee, Chun-Yi, Andy Lutomirski,
Baoquan He, Jiang Liu, Linus Torvalds, Mike Galbraith,
Peter Zijlstra, Stephen Rothwell, Takashi Iwai, Thomas Gleixner,
Viresh Kumar, Vivek Goyal, kexec, Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
commit e3c41e37b0f4b18cbd4dac76cbeece5a7558b909 upstream.
The original bug is a page fault crash that sometimes happens
on big machines when preparing ELF headers:
BUG: unable to handle kernel paging request at ffffc90613fc9000
IP: [<ffffffff8103d645>] prepare_elf64_ram_headers_callback+0x165/0x260
The bug is caused by us under-counting the number of memory ranges
and subsequently not allocating enough ELF header space for them.
The bug is typically masked on smaller systems, because the ELF header
allocation is rounded up to the next page.
This patch modifies the code in fill_up_crash_elf_data() by using
walk_system_ram_res() instead of walk_system_ram_range() to correctly
count the max number of crash memory ranges. That's because the
walk_system_ram_range() filters out small memory regions that
reside in the same page, but walk_system_ram_res() does not.
Here's how I found the bug:
After tracing prepare_elf64_headers() and prepare_elf64_ram_headers_callback(),
the code uses walk_system_ram_res() to fill-in crash memory regions information
to the program header, so it counts those small memory regions that
reside in a page area.
But, when the kernel was using walk_system_ram_range() in
fill_up_crash_elf_data() to count the number of crash memory regions,
it filters out small regions.
I printed those small memory regions, for example:
kexec: Get nr_ram ranges. vaddr=0xffff880077592258 paddr=0x77592258, sz=0xdc0
Based on the code in walk_system_ram_range(), this memory region
will be filtered out:
pfn = (0x77592258 + 0x1000 - 1) >> 12 = 0x77593
end_pfn = (0x77592258 + 0xfc0 -1 + 1) >> 12 = 0x77593
end_pfn - pfn = 0x77593 - 0x77593 = 0 <=== if (end_pfn > pfn) is FALSE
So, the max_nr_ranges that's counted by the kernel doesn't include
small memory regions - causing us to under-allocate the required space.
That causes the page fault crash that happens in a later code path
when preparing ELF headers.
This bug is not easy to reproduce on small machines that have few
CPUs, because the allocated page aligned ELF buffer has more free
space to cover those small memory regions' PT_LOAD headers.
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: kexec@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Link: http://lkml.kernel.org/r/1443531537-29436-1-git-send-email-jlee@suse.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/crash.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -185,10 +185,9 @@ void native_machine_crash_shutdown(struc
}
#ifdef CONFIG_KEXEC_FILE
-static int get_nr_ram_ranges_callback(unsigned long start_pfn,
- unsigned long nr_pfn, void *arg)
+static int get_nr_ram_ranges_callback(u64 start, u64 end, void *arg)
{
- int *nr_ranges = arg;
+ unsigned int *nr_ranges = arg;
(*nr_ranges)++;
return 0;
@@ -214,7 +213,7 @@ static void fill_up_crash_elf_data(struc
ced->image = image;
- walk_system_ram_range(0, -1, &nr_ranges,
+ walk_system_ram_res(0, -1, &nr_ranges,
get_nr_ram_ranges_callback);
ced->max_nr_ranges = nr_ranges;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 070/258] x86/process: Add proper bound checks in 64bit get_wchan()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 069/258] x86/kexec: Fix kexec crash in syscall kexec_file_load() Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 071/258] x86/mm: Set NX on gap between __ex_table and rodata Greg Kroah-Hartman
` (171 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Vyukov, Sasha Levin,
Thomas Gleixner, Borislav Petkov, Andrey Ryabinin,
Andy Lutomirski, Andrey Konovalov, Kostya Serebryany,
Alexander Potapenko, kasan-dev, Denys Vlasenko, Andi Kleen,
Wolfram Gloger
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit eddd3826a1a0190e5235703d1e666affa4d13b96 upstream.
Dmitry Vyukov reported the following using trinity and the memory
error detector AddressSanitizer
(https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel).
[ 124.575597] ERROR: AddressSanitizer: heap-buffer-overflow on
address ffff88002e280000
[ 124.576801] ffff88002e280000 is located 131938492886538 bytes to
the left of 28857600-byte region [ffffffff81282e0a, ffffffff82e0830a)
[ 124.578633] Accessed by thread T10915:
[ 124.579295] inlined in describe_heap_address
./arch/x86/mm/asan/report.c:164
[ 124.579295] #0 ffffffff810dd277 in asan_report_error
./arch/x86/mm/asan/report.c:278
[ 124.580137] #1 ffffffff810dc6a0 in asan_check_region
./arch/x86/mm/asan/asan.c:37
[ 124.581050] #2 ffffffff810dd423 in __tsan_read8 ??:0
[ 124.581893] #3 ffffffff8107c093 in get_wchan
./arch/x86/kernel/process_64.c:444
The address checks in the 64bit implementation of get_wchan() are
wrong in several ways:
- The lower bound of the stack is not the start of the stack
page. It's the start of the stack page plus sizeof (struct
thread_info)
- The upper bound must be:
top_of_stack - TOP_OF_KERNEL_STACK_PADDING - 2 * sizeof(unsigned long).
The 2 * sizeof(unsigned long) is required because the stack pointer
points at the frame pointer. The layout on the stack is: ... IP FP
... IP FP. So we need to make sure that both IP and FP are in the
bounds.
Fix the bound checks and get rid of the mix of numeric constants, u64
and unsigned long. Making all unsigned long allows us to use the same
function for 32bit as well.
Use READ_ONCE() when accessing the stack. This does not prevent a
concurrent wakeup of the task and the stack changing, but at least it
avoids TOCTOU.
Also check task state at the end of the loop. Again that does not
prevent concurrent changes, but it avoids walking for nothing.
Add proper comments while at it.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Based-on-patch-from: Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@alien8.de>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: kasan-dev <kasan-dev@googlegroups.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
Link: http://lkml.kernel.org/r/20150930083302.694788319@linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/process_64.c | 52 ++++++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 10 deletions(-)
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -497,27 +497,59 @@ void set_personality_ia32(bool x32)
}
EXPORT_SYMBOL_GPL(set_personality_ia32);
+/*
+ * Called from fs/proc with a reference on @p to find the function
+ * which called into schedule(). This needs to be done carefully
+ * because the task might wake up and we might look at a stack
+ * changing under us.
+ */
unsigned long get_wchan(struct task_struct *p)
{
- unsigned long stack;
- u64 fp, ip;
+ unsigned long start, bottom, top, sp, fp, ip;
int count = 0;
if (!p || p == current || p->state == TASK_RUNNING)
return 0;
- stack = (unsigned long)task_stack_page(p);
- if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
+
+ start = (unsigned long)task_stack_page(p);
+ if (!start)
return 0;
- fp = *(u64 *)(p->thread.sp);
+
+ /*
+ * Layout of the stack page:
+ *
+ * ----------- topmax = start + THREAD_SIZE - sizeof(unsigned long)
+ * PADDING
+ * ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING
+ * stack
+ * ----------- bottom = start + sizeof(thread_info)
+ * thread_info
+ * ----------- start
+ *
+ * The tasks stack pointer points at the location where the
+ * framepointer is stored. The data on the stack is:
+ * ... IP FP ... IP FP
+ *
+ * We need to read FP and IP, so we need to adjust the upper
+ * bound by another unsigned long.
+ */
+ top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING;
+ top -= 2 * sizeof(unsigned long);
+ bottom = start + sizeof(struct thread_info);
+
+ sp = READ_ONCE(p->thread.sp);
+ if (sp < bottom || sp > top)
+ return 0;
+
+ fp = READ_ONCE(*(unsigned long *)sp);
do {
- if (fp < (unsigned long)stack ||
- fp >= (unsigned long)stack+THREAD_SIZE)
+ if (fp < bottom || fp > top)
return 0;
- ip = *(u64 *)(fp+8);
+ ip = READ_ONCE(*(unsigned long *)(fp + sizeof(unsigned long)));
if (!in_sched_functions(ip))
return ip;
- fp = *(u64 *)fp;
- } while (count++ < 16);
+ fp = READ_ONCE(*(unsigned long *)fp);
+ } while (count++ < 16 && p->state != TASK_RUNNING);
return 0;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 071/258] x86/mm: Set NX on gap between __ex_table and rodata
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 070/258] x86/process: Add proper bound checks in 64bit get_wchan() Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 072/258] x86/xen: Support kexec/kdump in HVM guests by doing a soft reset Greg Kroah-Hartman
` (170 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Smalley, Kees Cook,
Linus Torvalds, Mike Galbraith, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Smalley <sds@tycho.nsa.gov>
commit ab76f7b4ab2397ffdd2f1eb07c55697d19991d10 upstream.
Unused space between the end of __ex_table and the start of
rodata can be left W+x in the kernel page tables. Extend the
setting of the NX bit to cover this gap by starting from
text_end rather than rodata_start.
Before:
---[ High Kernel Mapping ]---
0xffffffff80000000-0xffffffff81000000 16M pmd
0xffffffff81000000-0xffffffff81600000 6M ro PSE GLB x pmd
0xffffffff81600000-0xffffffff81754000 1360K ro GLB x pte
0xffffffff81754000-0xffffffff81800000 688K RW GLB x pte
0xffffffff81800000-0xffffffff81a00000 2M ro PSE GLB NX pmd
0xffffffff81a00000-0xffffffff81b3b000 1260K ro GLB NX pte
0xffffffff81b3b000-0xffffffff82000000 4884K RW GLB NX pte
0xffffffff82000000-0xffffffff82200000 2M RW PSE GLB NX pmd
0xffffffff82200000-0xffffffffa0000000 478M pmd
After:
---[ High Kernel Mapping ]---
0xffffffff80000000-0xffffffff81000000 16M pmd
0xffffffff81000000-0xffffffff81600000 6M ro PSE GLB x pmd
0xffffffff81600000-0xffffffff81754000 1360K ro GLB x pte
0xffffffff81754000-0xffffffff81800000 688K RW GLB NX pte
0xffffffff81800000-0xffffffff81a00000 2M ro PSE GLB NX pmd
0xffffffff81a00000-0xffffffff81b3b000 1260K ro GLB NX pte
0xffffffff81b3b000-0xffffffff82000000 4884K RW GLB NX pte
0xffffffff82000000-0xffffffff82200000 2M RW PSE GLB NX pmd
0xffffffff82200000-0xffffffffa0000000 478M pmd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Link: http://lkml.kernel.org/r/1443704662-3138-1-git-send-email-sds@tycho.nsa.gov
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/init_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -1132,7 +1132,7 @@ void mark_rodata_ro(void)
* has been zapped already via cleanup_highmem().
*/
all_end = roundup((unsigned long)_brk_end, PMD_SIZE);
- set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT);
+ set_memory_nx(text_end, (all_end - text_end) >> PAGE_SHIFT);
rodata_test();
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 072/258] x86/xen: Support kexec/kdump in HVM guests by doing a soft reset
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 071/258] x86/mm: Set NX on gap between __ex_table and rodata Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 073/258] leds:lp55xx: Correct Kconfig dependency for f/w user helper Greg Kroah-Hartman
` (169 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vitaly Kuznetsov, David Vrabel
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitaly Kuznetsov <vkuznets@redhat.com>
commit 0b34a166f291d255755be46e43ed5497cdd194f2 upstream.
Currently there is a number of issues preventing PVHVM Xen guests from
doing successful kexec/kdump:
- Bound event channels.
- Registered vcpu_info.
- PIRQ/emuirq mappings.
- shared_info frame after XENMAPSPACE_shared_info operation.
- Active grant mappings.
Basically, newly booted kernel stumbles upon already set up Xen
interfaces and there is no way to reestablish them. In Xen-4.7 a new
feature called 'soft reset' is coming. A guest performing kexec/kdump
operation is supposed to call SCHEDOP_shutdown hypercall with
SHUTDOWN_soft_reset reason before jumping to new kernel. Hypervisor
(with some help from toolstack) will do full domain cleanup (but
keeping its memory and vCPU contexts intact) returning the guest to
the state it had when it was first booted and thus allowing it to
start over.
Doing SHUTDOWN_soft_reset on Xen hypervisors which don't support it is
probably OK as by default all unknown shutdown reasons cause domain
destroy with a message in toolstack log: 'Unknown shutdown reason code
5. Destroying domain.' which gives a clue to what the problem is and
eliminates false expectations.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/xen/enlighten.c | 23 +++++++++++++++++++++++
include/xen/interface/sched.h | 8 ++++++++
2 files changed, 31 insertions(+)
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -33,6 +33,10 @@
#include <linux/memblock.h>
#include <linux/edd.h>
+#ifdef CONFIG_KEXEC_CORE
+#include <linux/kexec.h>
+#endif
+
#include <xen/xen.h>
#include <xen/events.h>
#include <xen/interface/xen.h>
@@ -1800,6 +1804,21 @@ static struct notifier_block xen_hvm_cpu
.notifier_call = xen_hvm_cpu_notify,
};
+#ifdef CONFIG_KEXEC_CORE
+static void xen_hvm_shutdown(void)
+{
+ native_machine_shutdown();
+ if (kexec_in_progress)
+ xen_reboot(SHUTDOWN_soft_reset);
+}
+
+static void xen_hvm_crash_shutdown(struct pt_regs *regs)
+{
+ native_machine_crash_shutdown(regs);
+ xen_reboot(SHUTDOWN_soft_reset);
+}
+#endif
+
static void __init xen_hvm_guest_init(void)
{
if (xen_pv_domain())
@@ -1819,6 +1838,10 @@ static void __init xen_hvm_guest_init(vo
x86_init.irqs.intr_init = xen_init_IRQ;
xen_hvm_init_time_ops();
xen_hvm_init_mmu_ops();
+#ifdef CONFIG_KEXEC_CORE
+ machine_ops.shutdown = xen_hvm_shutdown;
+ machine_ops.crash_shutdown = xen_hvm_crash_shutdown;
+#endif
}
#endif
--- a/include/xen/interface/sched.h
+++ b/include/xen/interface/sched.h
@@ -107,5 +107,13 @@ struct sched_watchdog {
#define SHUTDOWN_suspend 2 /* Clean up, save suspend info, kill. */
#define SHUTDOWN_crash 3 /* Tell controller we've crashed. */
#define SHUTDOWN_watchdog 4 /* Restart because watchdog time expired. */
+/*
+ * Domain asked to perform 'soft reset' for it. The expected behavior is to
+ * reset internal Xen state for the domain returning it to the point where it
+ * was created but leaving the domain's memory contents and vCPU contexts
+ * intact. This will allow the domain to start over and set up all Xen specific
+ * interfaces again.
+ */
+#define SHUTDOWN_soft_reset 5
#endif /* __XEN_PUBLIC_SCHED_H__ */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 073/258] leds:lp55xx: Correct Kconfig dependency for f/w user helper
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 072/258] x86/xen: Support kexec/kdump in HVM guests by doing a soft reset Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 074/258] leds/led-class: Add missing put_device() Greg Kroah-Hartman
` (168 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Jacek Anaszewski
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 2338f73d407d5abe2036d92716ba25ef5279c3d2 upstream.
The commit [b67893206fc0: leds:lp55xx: fix firmware loading error]
tries to address the firmware file handling with user helper, but it
sets a wrong Kconfig CONFIG_FW_LOADER_USER_HELPER_FALLBACK. Since the
wrong option was enabled, the system got a regression -- it suffers
from the unexpected long delays for non-present firmware files.
This patch corrects the Kconfig dependency to the right one,
CONFIG_FW_LOADER_USER_HELPER. This doesn't change the fallback
behavior but only enables UMH when needed.
Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=944661
Fixes: b67893206fc0 ('leds:lp55xx: fix firmware loading error')
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/leds/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/leds/Kconfig
+++ b/drivers/leds/Kconfig
@@ -229,7 +229,7 @@ config LEDS_LP55XX_COMMON
tristate "Common Driver for TI/National LP5521/5523/55231/5562/8501"
depends on LEDS_LP5521 || LEDS_LP5523 || LEDS_LP5562 || LEDS_LP8501
select FW_LOADER
- select FW_LOADER_USER_HELPER_FALLBACK
+ select FW_LOADER_USER_HELPER
help
This option supports common operations for LP5521/5523/55231/5562/8501
devices.
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 074/258] leds/led-class: Add missing put_device()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 073/258] leds:lp55xx: Correct Kconfig dependency for f/w user helper Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 075/258] sched/core: Fix TASK_DEAD race in finish_task_switch() Greg Kroah-Hartman
` (167 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Tull, Ricardo Ribalda Delgado,
Jacek Anaszewski
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
commit e5b5a61fcb3743f1dacf9e20d28f48423cecf0c1 upstream.
Devices found by class_find_device must be freed with put_device().
Otherwise the reference count will not work properly.
Fixes: a96aa64cb572 ("leds/led-class: Handle LEDs with the same name")
Reported-by: Alan Tull <delicious.quinoa@gmail.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/leds/led-class.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/leds/led-class.c
+++ b/drivers/leds/led-class.c
@@ -228,12 +228,15 @@ static int led_classdev_next_name(const
{
unsigned int i = 0;
int ret = 0;
+ struct device *dev;
strlcpy(name, init_name, len);
- while (class_find_device(leds_class, NULL, name, match_name) &&
- (ret < len))
+ while ((ret < len) &&
+ (dev = class_find_device(leds_class, NULL, name, match_name))) {
+ put_device(dev);
ret = snprintf(name, len, "%s_%u", init_name, ++i);
+ }
if (ret >= len)
return -ENOMEM;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 075/258] sched/core: Fix TASK_DEAD race in finish_task_switch()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 074/258] leds/led-class: Add missing put_device() Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 076/258] s390/compat: correct uc_sigmask of the compat signal frame Greg Kroah-Hartman
` (166 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleg Nesterov, Peter Zijlstra (Intel),
Linus Torvalds, Thomas Gleixner, manfred, will.deacon,
Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
commit 95913d97914f44db2b81271c2e2ebd4d2ac2df83 upstream.
So the problem this patch is trying to address is as follows:
CPU0 CPU1
context_switch(A, B)
ttwu(A)
LOCK A->pi_lock
A->on_cpu == 0
finish_task_switch(A)
prev_state = A->state <-.
WMB |
A->on_cpu = 0; |
UNLOCK rq0->lock |
| context_switch(C, A)
`-- A->state = TASK_DEAD
prev_state == TASK_DEAD
put_task_struct(A)
context_switch(A, C)
finish_task_switch(A)
A->state == TASK_DEAD
put_task_struct(A)
The argument being that the WMB will allow the load of A->state on CPU0
to cross over and observe CPU1's store of A->state, which will then
result in a double-drop and use-after-free.
Now the comment states (and this was true once upon a long time ago)
that we need to observe A->state while holding rq->lock because that
will order us against the wakeup; however the wakeup will not in fact
acquire (that) rq->lock; it takes A->pi_lock these days.
We can obviously fix this by upgrading the WMB to an MB, but that is
expensive, so we'd rather avoid that.
The alternative this patch takes is: smp_store_release(&A->on_cpu, 0),
which avoids the MB on some archs, but not important ones like ARM.
Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Cc: manfred@colorfullife.com
Cc: will.deacon@arm.com
Fixes: e4a52bcb9a18 ("sched: Remove rq->lock from the first half of ttwu()")
Link: http://lkml.kernel.org/r/20150929124509.GG3816@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/core.c | 10 +++++-----
kernel/sched/sched.h | 5 +++--
2 files changed, 8 insertions(+), 7 deletions(-)
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2461,11 +2461,11 @@ static struct rq *finish_task_switch(str
* If a task dies, then it sets TASK_DEAD in tsk->state and calls
* schedule one last time. The schedule call will never return, and
* the scheduled task must drop that reference.
- * The test for TASK_DEAD must occur while the runqueue locks are
- * still held, otherwise prev could be scheduled on another cpu, die
- * there before we look at prev->state, and then the reference would
- * be dropped twice.
- * Manfred Spraul <manfred@colorfullife.com>
+ *
+ * We must observe prev->state before clearing prev->on_cpu (in
+ * finish_lock_switch), otherwise a concurrent wakeup can get prev
+ * running on another CPU and we could rave with its RUNNING -> DEAD
+ * transition, resulting in a double drop.
*/
prev_state = prev->state;
vtime_task_switch(prev);
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -1091,9 +1091,10 @@ static inline void finish_lock_switch(st
* After ->on_cpu is cleared, the task can be moved to a different CPU.
* We must ensure this doesn't happen until the switch is completely
* finished.
+ *
+ * Pairs with the control dependency and rmb in try_to_wake_up().
*/
- smp_wmb();
- prev->on_cpu = 0;
+ smp_store_release(&prev->on_cpu, 0);
#endif
#ifdef CONFIG_DEBUG_SPINLOCK
/* this is a valid case when another task releases the spinlock */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 076/258] s390/compat: correct uc_sigmask of the compat signal frame
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 075/258] sched/core: Fix TASK_DEAD race in finish_task_switch() Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 077/258] s390/boot/decompression: disable floating point in decompressor Greg Kroah-Hartman
` (165 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Liebler, Martin Schwidefsky
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
commit 8d4bd0ed0439dfc780aab801a085961925ed6838 upstream.
The uc_sigmask in the ucontext structure is an array of words to keep
the 64 signal bits (or 1024 if you ask glibc but the kernel sigset_t
only has 64 bits).
For 64 bit the sigset_t contains a single 8 byte word, but for 31 bit
there are two 4 byte words. The compat signal handler code uses a
simple copy of the 64 bit sigset_t to the 31 bit compat_sigset_t.
As s390 is a big-endian architecture this is incorrect, the two words
in the 31 bit sigset_t array need to be swapped.
Reported-by: Stefan Liebler <stli@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/compat_signal.c | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
--- a/arch/s390/kernel/compat_signal.c
+++ b/arch/s390/kernel/compat_signal.c
@@ -48,6 +48,19 @@ typedef struct
struct ucontext32 uc;
} rt_sigframe32;
+static inline void sigset_to_sigset32(unsigned long *set64,
+ compat_sigset_word *set32)
+{
+ set32[0] = (compat_sigset_word) set64[0];
+ set32[1] = (compat_sigset_word)(set64[0] >> 32);
+}
+
+static inline void sigset32_to_sigset(compat_sigset_word *set32,
+ unsigned long *set64)
+{
+ set64[0] = (unsigned long) set32[0] | ((unsigned long) set32[1] << 32);
+}
+
int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
{
int err;
@@ -303,10 +316,12 @@ COMPAT_SYSCALL_DEFINE0(sigreturn)
{
struct pt_regs *regs = task_pt_regs(current);
sigframe32 __user *frame = (sigframe32 __user *)regs->gprs[15];
+ compat_sigset_t cset;
sigset_t set;
- if (__copy_from_user(&set.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
+ if (__copy_from_user(&cset.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
goto badframe;
+ sigset32_to_sigset(cset.sig, set.sig);
set_current_blocked(&set);
if (restore_sigregs32(regs, &frame->sregs))
goto badframe;
@@ -323,10 +338,12 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
{
struct pt_regs *regs = task_pt_regs(current);
rt_sigframe32 __user *frame = (rt_sigframe32 __user *)regs->gprs[15];
+ compat_sigset_t cset;
sigset_t set;
- if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
+ if (__copy_from_user(&cset, &frame->uc.uc_sigmask, sizeof(cset)))
goto badframe;
+ sigset32_to_sigset(cset.sig, set.sig);
set_current_blocked(&set);
if (compat_restore_altstack(&frame->uc.uc_stack))
goto badframe;
@@ -397,7 +414,7 @@ static int setup_frame32(struct ksignal
return -EFAULT;
/* Create struct sigcontext32 on the signal stack */
- memcpy(&sc.oldmask, &set->sig, _SIGMASK_COPY_SIZE32);
+ sigset_to_sigset32(set->sig, sc.oldmask);
sc.sregs = (__u32)(unsigned long __force) &frame->sregs;
if (__copy_to_user(&frame->sc, &sc, sizeof(frame->sc)))
return -EFAULT;
@@ -458,6 +475,7 @@ static int setup_frame32(struct ksignal
static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set,
struct pt_regs *regs)
{
+ compat_sigset_t cset;
rt_sigframe32 __user *frame;
unsigned long restorer;
size_t frame_size;
@@ -505,11 +523,12 @@ static int setup_rt_frame32(struct ksign
store_sigregs();
/* Create ucontext on the signal stack. */
+ sigset_to_sigset32(set->sig, cset.sig);
if (__put_user(uc_flags, &frame->uc.uc_flags) ||
__put_user(0, &frame->uc.uc_link) ||
__compat_save_altstack(&frame->uc.uc_stack, regs->gprs[15]) ||
save_sigregs32(regs, &frame->uc.uc_mcontext) ||
- __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)) ||
+ __copy_to_user(&frame->uc.uc_sigmask, &cset, sizeof(cset)) ||
save_sigregs_ext32(regs, &frame->uc.uc_mcontext_ext))
return -EFAULT;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 077/258] s390/boot/decompression: disable floating point in decompressor
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 076/258] s390/compat: correct uc_sigmask of the compat signal frame Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 078/258] Revert "cgroup: simplify threadgroup locking" Greg Kroah-Hartman
` (164 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Borntraeger, Heiko Carstens
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Borntraeger <borntraeger@de.ibm.com>
commit adc0b7fbf6fe9967505c0254d9535ec7288186ae upstream.
my gcc 5.1 used an ldgr instruction with a register != 0,2,4,6 for
spilling/filling into a floating point register in our decompressor.
This will cause an AFP-register data exception as the decompressor
did not setup the additional floating point registers via cr0.
That causes a program check loop that looked like a hang with
one "Uncompressing Linux... " message (directly booted via kvm)
or a loop of "Uncompressing Linux... " messages (when booted via
zipl boot loader).
The offending code in my build was
48e400: e3 c0 af ff ff 71 lay %r12,-1(%r10)
-->48e406: b3 c1 00 1c ldgr %f1,%r12
48e40a: ec 6c 01 22 02 7f clij %r6,2,12,0x48e64e
but gcc could do spilling into an fpr at any function. We can
simply disable floating point support at that early stage.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/boot/compressed/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/s390/boot/compressed/Makefile
+++ b/arch/s390/boot/compressed/Makefile
@@ -10,7 +10,7 @@ targets += misc.o piggy.o sizes.h head.o
KBUILD_CFLAGS := -m64 -D__KERNEL__ $(LINUX_INCLUDE) -O2
KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING
-KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks
+KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks -msoft-float
KBUILD_CFLAGS += $(call cc-option,-mpacked-stack)
KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 078/258] Revert "cgroup: simplify threadgroup locking"
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 077/258] s390/boot/decompression: disable floating point in decompressor Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 079/258] Revert "sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem" Greg Kroah-Hartman
` (163 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tejun Heo, Christian Borntraeger,
Oleg Nesterov, Paul E. McKenney, Peter Zijlstra, Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit f9f9e7b776142fb1c0782cade004cc8e0147a199 upstream.
This reverts commit b5ba75b5fc0e8404e2c50cb68f39bb6a53fc916f.
d59cfc09c32a ("sched, cgroup: replace signal_struct->group_rwsem with
a global percpu_rwsem") and b5ba75b5fc0e ("cgroup: simplify
threadgroup locking") changed how cgroup synchronizes against task
fork and exits so that it uses global percpu_rwsem instead of
per-process rwsem; unfortunately, the write [un]lock paths of
percpu_rwsem always involve synchronize_rcu_expedited() which turned
out to be too expensive.
Improvements for percpu_rwsem are scheduled to be merged in the coming
v4.4-rc1 merge window which alleviates this issue. For now, revert
the two commits to restore per-process rwsem. They will be re-applied
for the v4.4-rc1 merge window.
Signed-off-by: Tejun Heo <tj@kernel.org>
Link: http://lkml.kernel.org/g/55F8097A.7000206@de.ibm.com
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/cgroup.c | 45 +++++++++++++++++++++++++++++++++------------
1 file changed, 33 insertions(+), 12 deletions(-)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2452,13 +2452,14 @@ static ssize_t __cgroup_procs_write(stru
if (!cgrp)
return -ENODEV;
- percpu_down_write(&cgroup_threadgroup_rwsem);
+retry_find_task:
rcu_read_lock();
if (pid) {
tsk = find_task_by_vpid(pid);
if (!tsk) {
+ rcu_read_unlock();
ret = -ESRCH;
- goto out_unlock_rcu;
+ goto out_unlock_cgroup;
}
} else {
tsk = current;
@@ -2474,23 +2475,37 @@ static ssize_t __cgroup_procs_write(stru
*/
if (tsk == kthreadd_task || (tsk->flags & PF_NO_SETAFFINITY)) {
ret = -EINVAL;
- goto out_unlock_rcu;
+ rcu_read_unlock();
+ goto out_unlock_cgroup;
}
get_task_struct(tsk);
rcu_read_unlock();
+ percpu_down_write(&cgroup_threadgroup_rwsem);
+ if (threadgroup) {
+ if (!thread_group_leader(tsk)) {
+ /*
+ * a race with de_thread from another thread's exec()
+ * may strip us of our leadership, if this happens,
+ * there is no choice but to throw this task away and
+ * try again; this is
+ * "double-double-toil-and-trouble-check locking".
+ */
+ percpu_up_write(&cgroup_threadgroup_rwsem);
+ put_task_struct(tsk);
+ goto retry_find_task;
+ }
+ }
+
ret = cgroup_procs_write_permission(tsk, cgrp, of);
if (!ret)
ret = cgroup_attach_task(cgrp, tsk, threadgroup);
- put_task_struct(tsk);
- goto out_unlock_threadgroup;
-
-out_unlock_rcu:
- rcu_read_unlock();
-out_unlock_threadgroup:
percpu_up_write(&cgroup_threadgroup_rwsem);
+
+ put_task_struct(tsk);
+out_unlock_cgroup:
cgroup_kn_unlock(of->kn);
return ret ?: nbytes;
}
@@ -2635,8 +2650,6 @@ static int cgroup_update_dfl_csses(struc
lockdep_assert_held(&cgroup_mutex);
- percpu_down_write(&cgroup_threadgroup_rwsem);
-
/* look up all csses currently attached to @cgrp's subtree */
down_read(&css_set_rwsem);
css_for_each_descendant_pre(css, cgroup_css(cgrp, NULL)) {
@@ -2692,8 +2705,17 @@ static int cgroup_update_dfl_csses(struc
goto out_finish;
last_task = task;
+ percpu_down_write(&cgroup_threadgroup_rwsem);
+ /* raced against de_thread() from another thread? */
+ if (!thread_group_leader(task)) {
+ percpu_up_write(&cgroup_threadgroup_rwsem);
+ put_task_struct(task);
+ continue;
+ }
+
ret = cgroup_migrate(src_cset->dfl_cgrp, task, true);
+ percpu_up_write(&cgroup_threadgroup_rwsem);
put_task_struct(task);
if (WARN(ret, "cgroup: failed to update controllers for the default hierarchy (%d), further operations may crash or hang\n", ret))
@@ -2703,7 +2725,6 @@ static int cgroup_update_dfl_csses(struc
out_finish:
cgroup_migrate_finish(&preloaded_csets);
- percpu_up_write(&cgroup_threadgroup_rwsem);
return ret;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 079/258] Revert "sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem"
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 078/258] Revert "cgroup: simplify threadgroup locking" Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 080/258] memcg: make mem_cgroup_read_stat() unsigned Greg Kroah-Hartman
` (162 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tejun Heo, Christian Borntraeger,
Oleg Nesterov, Paul E. McKenney, Peter Zijlstra, Paolo Bonzini
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 0c986253b939cc14c69d4adbe2b4121bdf4aa220 upstream.
This reverts commit d59cfc09c32a2ae31f1c3bc2983a0cd79afb3f14.
d59cfc09c32a ("sched, cgroup: replace signal_struct->group_rwsem with
a global percpu_rwsem") and b5ba75b5fc0e ("cgroup: simplify
threadgroup locking") changed how cgroup synchronizes against task
fork and exits so that it uses global percpu_rwsem instead of
per-process rwsem; unfortunately, the write [un]lock paths of
percpu_rwsem always involve synchronize_rcu_expedited() which turned
out to be too expensive.
Improvements for percpu_rwsem are scheduled to be merged in the coming
v4.4-rc1 merge window which alleviates this issue. For now, revert
the two commits to restore per-process rwsem. They will be re-applied
for the v4.4-rc1 merge window.
Signed-off-by: Tejun Heo <tj@kernel.org>
Link: http://lkml.kernel.org/g/55F8097A.7000206@de.ibm.com
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/cgroup-defs.h | 27 +--------------
include/linux/init_task.h | 8 ++++
include/linux/sched.h | 12 ++++++
kernel/cgroup.c | 77 ++++++++++++++++++++++++++++++++------------
kernel/fork.c | 4 ++
5 files changed, 83 insertions(+), 45 deletions(-)
--- a/include/linux/cgroup-defs.h
+++ b/include/linux/cgroup-defs.h
@@ -463,31 +463,8 @@ struct cgroup_subsys {
unsigned int depends_on;
};
-extern struct percpu_rw_semaphore cgroup_threadgroup_rwsem;
-
-/**
- * cgroup_threadgroup_change_begin - threadgroup exclusion for cgroups
- * @tsk: target task
- *
- * Called from threadgroup_change_begin() and allows cgroup operations to
- * synchronize against threadgroup changes using a percpu_rw_semaphore.
- */
-static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
-{
- percpu_down_read(&cgroup_threadgroup_rwsem);
-}
-
-/**
- * cgroup_threadgroup_change_end - threadgroup exclusion for cgroups
- * @tsk: target task
- *
- * Called from threadgroup_change_end(). Counterpart of
- * cgroup_threadcgroup_change_begin().
- */
-static inline void cgroup_threadgroup_change_end(struct task_struct *tsk)
-{
- percpu_up_read(&cgroup_threadgroup_rwsem);
-}
+void cgroup_threadgroup_change_begin(struct task_struct *tsk);
+void cgroup_threadgroup_change_end(struct task_struct *tsk);
#else /* CONFIG_CGROUPS */
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -25,6 +25,13 @@
extern struct files_struct init_files;
extern struct fs_struct init_fs;
+#ifdef CONFIG_CGROUPS
+#define INIT_GROUP_RWSEM(sig) \
+ .group_rwsem = __RWSEM_INITIALIZER(sig.group_rwsem),
+#else
+#define INIT_GROUP_RWSEM(sig)
+#endif
+
#ifdef CONFIG_CPUSETS
#define INIT_CPUSET_SEQ(tsk) \
.mems_allowed_seq = SEQCNT_ZERO(tsk.mems_allowed_seq),
@@ -48,6 +55,7 @@ extern struct fs_struct init_fs;
}, \
.cred_guard_mutex = \
__MUTEX_INITIALIZER(sig.cred_guard_mutex), \
+ INIT_GROUP_RWSEM(sig) \
}
extern struct nsproxy init_nsproxy;
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -754,6 +754,18 @@ struct signal_struct {
unsigned audit_tty_log_passwd;
struct tty_audit_buf *tty_audit_buf;
#endif
+#ifdef CONFIG_CGROUPS
+ /*
+ * group_rwsem prevents new tasks from entering the threadgroup and
+ * member tasks from exiting,a more specifically, setting of
+ * PF_EXITING. fork and exit paths are protected with this rwsem
+ * using threadgroup_change_begin/end(). Users which require
+ * threadgroup to remain stable should use threadgroup_[un]lock()
+ * which also takes care of exec path. Currently, cgroup is the
+ * only user.
+ */
+ struct rw_semaphore group_rwsem;
+#endif
oom_flags_t oom_flags;
short oom_score_adj; /* OOM kill score adjustment */
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -46,7 +46,6 @@
#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/rwsem.h>
-#include <linux/percpu-rwsem.h>
#include <linux/string.h>
#include <linux/sort.h>
#include <linux/kmod.h>
@@ -104,8 +103,6 @@ static DEFINE_SPINLOCK(cgroup_idr_lock);
*/
static DEFINE_SPINLOCK(release_agent_path_lock);
-struct percpu_rw_semaphore cgroup_threadgroup_rwsem;
-
#define cgroup_assert_mutex_or_rcu_locked() \
rcu_lockdep_assert(rcu_read_lock_held() || \
lockdep_is_held(&cgroup_mutex), \
@@ -870,6 +867,48 @@ static struct css_set *find_css_set(stru
return cset;
}
+void cgroup_threadgroup_change_begin(struct task_struct *tsk)
+{
+ down_read(&tsk->signal->group_rwsem);
+}
+
+void cgroup_threadgroup_change_end(struct task_struct *tsk)
+{
+ up_read(&tsk->signal->group_rwsem);
+}
+
+/**
+ * threadgroup_lock - lock threadgroup
+ * @tsk: member task of the threadgroup to lock
+ *
+ * Lock the threadgroup @tsk belongs to. No new task is allowed to enter
+ * and member tasks aren't allowed to exit (as indicated by PF_EXITING) or
+ * change ->group_leader/pid. This is useful for cases where the threadgroup
+ * needs to stay stable across blockable operations.
+ *
+ * fork and exit explicitly call threadgroup_change_{begin|end}() for
+ * synchronization. While held, no new task will be added to threadgroup
+ * and no existing live task will have its PF_EXITING set.
+ *
+ * de_thread() does threadgroup_change_{begin|end}() when a non-leader
+ * sub-thread becomes a new leader.
+ */
+static void threadgroup_lock(struct task_struct *tsk)
+{
+ down_write(&tsk->signal->group_rwsem);
+}
+
+/**
+ * threadgroup_unlock - unlock threadgroup
+ * @tsk: member task of the threadgroup to unlock
+ *
+ * Reverse threadgroup_lock().
+ */
+static inline void threadgroup_unlock(struct task_struct *tsk)
+{
+ up_write(&tsk->signal->group_rwsem);
+}
+
static struct cgroup_root *cgroup_root_from_kf(struct kernfs_root *kf_root)
{
struct cgroup *root_cgrp = kf_root->kn->priv;
@@ -2066,9 +2105,9 @@ static void cgroup_task_migrate(struct c
lockdep_assert_held(&css_set_rwsem);
/*
- * We are synchronized through cgroup_threadgroup_rwsem against
- * PF_EXITING setting such that we can't race against cgroup_exit()
- * changing the css_set to init_css_set and dropping the old one.
+ * We are synchronized through threadgroup_lock() against PF_EXITING
+ * setting such that we can't race against cgroup_exit() changing the
+ * css_set to init_css_set and dropping the old one.
*/
WARN_ON_ONCE(tsk->flags & PF_EXITING);
old_cset = task_css_set(tsk);
@@ -2125,11 +2164,10 @@ static void cgroup_migrate_finish(struct
* @src_cset and add it to @preloaded_csets, which should later be cleaned
* up by cgroup_migrate_finish().
*
- * This function may be called without holding cgroup_threadgroup_rwsem
- * even if the target is a process. Threads may be created and destroyed
- * but as long as cgroup_mutex is not dropped, no new css_set can be put
- * into play and the preloaded css_sets are guaranteed to cover all
- * migrations.
+ * This function may be called without holding threadgroup_lock even if the
+ * target is a process. Threads may be created and destroyed but as long
+ * as cgroup_mutex is not dropped, no new css_set can be put into play and
+ * the preloaded css_sets are guaranteed to cover all migrations.
*/
static void cgroup_migrate_add_src(struct css_set *src_cset,
struct cgroup *dst_cgrp,
@@ -2232,7 +2270,7 @@ err:
* @threadgroup: whether @leader points to the whole process or a single task
*
* Migrate a process or task denoted by @leader to @cgrp. If migrating a
- * process, the caller must be holding cgroup_threadgroup_rwsem. The
+ * process, the caller must be holding threadgroup_lock of @leader. The
* caller is also responsible for invoking cgroup_migrate_add_src() and
* cgroup_migrate_prepare_dst() on the targets before invoking this
* function and following up with cgroup_migrate_finish().
@@ -2360,7 +2398,7 @@ out_release_tset:
* @leader: the task or the leader of the threadgroup to be attached
* @threadgroup: attach the whole threadgroup?
*
- * Call holding cgroup_mutex and cgroup_threadgroup_rwsem.
+ * Call holding cgroup_mutex and threadgroup_lock of @leader.
*/
static int cgroup_attach_task(struct cgroup *dst_cgrp,
struct task_struct *leader, bool threadgroup)
@@ -2482,7 +2520,7 @@ retry_find_task:
get_task_struct(tsk);
rcu_read_unlock();
- percpu_down_write(&cgroup_threadgroup_rwsem);
+ threadgroup_lock(tsk);
if (threadgroup) {
if (!thread_group_leader(tsk)) {
/*
@@ -2492,7 +2530,7 @@ retry_find_task:
* try again; this is
* "double-double-toil-and-trouble-check locking".
*/
- percpu_up_write(&cgroup_threadgroup_rwsem);
+ threadgroup_unlock(tsk);
put_task_struct(tsk);
goto retry_find_task;
}
@@ -2502,7 +2540,7 @@ retry_find_task:
if (!ret)
ret = cgroup_attach_task(cgrp, tsk, threadgroup);
- percpu_up_write(&cgroup_threadgroup_rwsem);
+ threadgroup_unlock(tsk);
put_task_struct(tsk);
out_unlock_cgroup:
@@ -2705,17 +2743,17 @@ static int cgroup_update_dfl_csses(struc
goto out_finish;
last_task = task;
- percpu_down_write(&cgroup_threadgroup_rwsem);
+ threadgroup_lock(task);
/* raced against de_thread() from another thread? */
if (!thread_group_leader(task)) {
- percpu_up_write(&cgroup_threadgroup_rwsem);
+ threadgroup_unlock(task);
put_task_struct(task);
continue;
}
ret = cgroup_migrate(src_cset->dfl_cgrp, task, true);
- percpu_up_write(&cgroup_threadgroup_rwsem);
+ threadgroup_unlock(task);
put_task_struct(task);
if (WARN(ret, "cgroup: failed to update controllers for the default hierarchy (%d), further operations may crash or hang\n", ret))
@@ -5034,7 +5072,6 @@ int __init cgroup_init(void)
unsigned long key;
int ssid, err;
- BUG_ON(percpu_init_rwsem(&cgroup_threadgroup_rwsem));
BUG_ON(cgroup_init_cftypes(NULL, cgroup_dfl_base_files));
BUG_ON(cgroup_init_cftypes(NULL, cgroup_legacy_base_files));
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1146,6 +1146,10 @@ static int copy_signal(unsigned long clo
tty_audit_fork(sig);
sched_autogroup_fork(sig);
+#ifdef CONFIG_CGROUPS
+ init_rwsem(&sig->group_rwsem);
+#endif
+
sig->oom_score_adj = current->signal->oom_score_adj;
sig->oom_score_adj_min = current->signal->oom_score_adj_min;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 080/258] memcg: make mem_cgroup_read_stat() unsigned
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 079/258] Revert "sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem" Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 081/258] spi: Fix documentation of spi_alloc_master() Greg Kroah-Hartman
` (161 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Greg Thelen, Johannes Weiner,
Michal Hocko, Andrew Morton, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Thelen <gthelen@google.com>
commit 484ebb3b8c8b27dd2171696462a3116edb9ff801 upstream.
mem_cgroup_read_stat() returns a page count by summing per cpu page
counters. The summing is racy wrt. updates, so a transient negative
sum is possible. Callers don't want negative values:
- mem_cgroup_wb_stats() doesn't want negative nr_dirty or nr_writeback.
This could confuse dirty throttling.
- oom reports and memory.stat shouldn't show confusing negative usage.
- tree_usage() already avoids negatives.
Avoid returning negative page counts from mem_cgroup_read_stat() and
convert it to unsigned.
[akpm@linux-foundation.org: fix old typo while we're in there]
Signed-off-by: Greg Thelen <gthelen@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memcontrol.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -806,12 +806,14 @@ mem_cgroup_largest_soft_limit_node(struc
}
/*
+ * Return page count for single (non recursive) @memcg.
+ *
* Implementation Note: reading percpu statistics for memcg.
*
* Both of vmstat[] and percpu_counter has threshold and do periodic
* synchronization to implement "quick" read. There are trade-off between
* reading cost and precision of value. Then, we may have a chance to implement
- * a periodic synchronizion of counter in memcg's counter.
+ * a periodic synchronization of counter in memcg's counter.
*
* But this _read() function is used for user interface now. The user accounts
* memory usage by memory cgroup and he _always_ requires exact value because
@@ -821,17 +823,24 @@ mem_cgroup_largest_soft_limit_node(struc
*
* If there are kernel internal actions which can make use of some not-exact
* value, and reading all cpu value can be performance bottleneck in some
- * common workload, threashold and synchonization as vmstat[] should be
+ * common workload, threshold and synchronization as vmstat[] should be
* implemented.
*/
-static long mem_cgroup_read_stat(struct mem_cgroup *memcg,
- enum mem_cgroup_stat_index idx)
+static unsigned long
+mem_cgroup_read_stat(struct mem_cgroup *memcg, enum mem_cgroup_stat_index idx)
{
long val = 0;
int cpu;
+ /* Per-cpu values can be negative, use a signed accumulator */
for_each_possible_cpu(cpu)
val += per_cpu(memcg->stat->count[idx], cpu);
+ /*
+ * Summing races with updates, so val may be negative. Avoid exposing
+ * transient negative values.
+ */
+ if (val < 0)
+ val = 0;
return val;
}
@@ -1498,7 +1507,7 @@ void mem_cgroup_print_oom_info(struct me
for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
continue;
- pr_cont(" %s:%ldKB", mem_cgroup_stat_names[i],
+ pr_cont(" %s:%luKB", mem_cgroup_stat_names[i],
K(mem_cgroup_read_stat(iter, i)));
}
@@ -3119,14 +3128,11 @@ static unsigned long tree_stat(struct me
enum mem_cgroup_stat_index idx)
{
struct mem_cgroup *iter;
- long val = 0;
+ unsigned long val = 0;
- /* Per-cpu values can be negative, use a signed accumulator */
for_each_mem_cgroup_tree(iter, memcg)
val += mem_cgroup_read_stat(iter, idx);
- if (val < 0) /* race ? */
- val = 0;
return val;
}
@@ -3469,7 +3475,7 @@ static int memcg_stat_show(struct seq_fi
for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
continue;
- seq_printf(m, "%s %ld\n", mem_cgroup_stat_names[i],
+ seq_printf(m, "%s %lu\n", mem_cgroup_stat_names[i],
mem_cgroup_read_stat(memcg, i) * PAGE_SIZE);
}
@@ -3494,13 +3500,13 @@ static int memcg_stat_show(struct seq_fi
(u64)memsw * PAGE_SIZE);
for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
- long long val = 0;
+ unsigned long long val = 0;
if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
continue;
for_each_mem_cgroup_tree(mi, memcg)
val += mem_cgroup_read_stat(mi, i) * PAGE_SIZE;
- seq_printf(m, "total_%s %lld\n", mem_cgroup_stat_names[i], val);
+ seq_printf(m, "total_%s %llu\n", mem_cgroup_stat_names[i], val);
}
for (i = 0; i < MEM_CGROUP_EVENTS_NSTATS; i++) {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 081/258] spi: Fix documentation of spi_alloc_master()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 080/258] memcg: make mem_cgroup_read_stat() unsigned Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 082/258] spi: xtensa-xtfpga: fix register endianness Greg Kroah-Hartman
` (160 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Alexey Klimov,
Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
commit a394d635193b641f2c86ead5ada5b115d57c51f8 upstream.
Actually, spi_master_put() after spi_alloc_master() must _not_ be followed
by kfree(). The memory is already freed with the call to spi_master_put()
through spi_master_class, which registers a release function. Calling both
spi_master_put() and kfree() results in often nasty (and delayed) crashes
elsewhere in the kernel, often in the networking stack.
This reverts commit eb4af0f5349235df2e4a5057a72fc8962d00308a.
Link to patch and concerns: https://lkml.org/lkml/2012/9/3/269
or
http://lkml.iu.edu/hypermail/linux/kernel/1209.0/00790.html
Alexey Klimov: This revert becomes valid after
94c69f765f1b4a658d96905ec59928e3e3e07e6a when spi-imx.c
has been fixed and there is no need to call kfree() so comment
for spi_alloc_master() should be fixed.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Alexey Klimov <alexey.klimov@linaro.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -1437,8 +1437,7 @@ static struct class spi_master_class = {
*
* The caller is responsible for assigning the bus number and initializing
* the master's methods before calling spi_register_master(); and (after errors
- * adding the device) calling spi_master_put() and kfree() to prevent a memory
- * leak.
+ * adding the device) calling spi_master_put() to prevent a memory leak.
*/
struct spi_master *spi_alloc_master(struct device *dev, unsigned size)
{
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 082/258] spi: xtensa-xtfpga: fix register endianness
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 081/258] spi: Fix documentation of spi_alloc_master() Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 083/258] spi: bcm2835: BUG: fix wrong use of PAGE_MASK Greg Kroah-Hartman
` (159 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Max Filippov, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Filippov <jcmvbkbc@gmail.com>
commit b0b4855099e301c8603ea37da9a0103a96c2e0b1 upstream.
XTFPGA SPI controller has native endian registers.
Fix register acessors so that they work in big-endian configurations.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-xtensa-xtfpga.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/spi/spi-xtensa-xtfpga.c
+++ b/drivers/spi/spi-xtensa-xtfpga.c
@@ -34,13 +34,13 @@ struct xtfpga_spi {
static inline void xtfpga_spi_write32(const struct xtfpga_spi *spi,
unsigned addr, u32 val)
{
- iowrite32(val, spi->regs + addr);
+ __raw_writel(val, spi->regs + addr);
}
static inline unsigned int xtfpga_spi_read32(const struct xtfpga_spi *spi,
unsigned addr)
{
- return ioread32(spi->regs + addr);
+ return __raw_readl(spi->regs + addr);
}
static inline void xtfpga_spi_wait_busy(struct xtfpga_spi *xspi)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 083/258] spi: bcm2835: BUG: fix wrong use of PAGE_MASK
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 082/258] spi: xtensa-xtfpga: fix register endianness Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 084/258] spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled Greg Kroah-Hartman
` (158 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, robert, Martin Sperl, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Sperl <kernel@martin.sperl.org>
commit 2a3fffd45822070309bcf0b1e1dae624d633824a upstream.
There is a bug in the alignment checking of transfers,
that results in DMA not being used for un-aligned
transfers that do not cross page-boundries, which is valid.
This is due to a missconception of the meaning PAGE_MASK
when implementing that check originally - (PAGE_SIZE - 1)
should have been used instead.
Also fixes a copy/paste error.
Reported-by: <robert@axium.co.nz>
Signed-off-by: Martin Sperl <kernel@martin.sperl.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-bcm2835.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/spi/spi-bcm2835.c
+++ b/drivers/spi/spi-bcm2835.c
@@ -386,14 +386,14 @@ static bool bcm2835_spi_can_dma(struct s
/* otherwise we only allow transfers within the same page
* to avoid wasting time on dma_mapping when it is not practical
*/
- if (((size_t)tfr->tx_buf & PAGE_MASK) + tfr->len > PAGE_SIZE) {
+ if (((size_t)tfr->tx_buf & (PAGE_SIZE - 1)) + tfr->len > PAGE_SIZE) {
dev_warn_once(&spi->dev,
"Unaligned spi tx-transfer bridging page\n");
return false;
}
- if (((size_t)tfr->rx_buf & PAGE_MASK) + tfr->len > PAGE_SIZE) {
+ if (((size_t)tfr->rx_buf & (PAGE_SIZE - 1)) + tfr->len > PAGE_SIZE) {
dev_warn_once(&spi->dev,
- "Unaligned spi tx-transfer bridging page\n");
+ "Unaligned spi rx-transfer bridging page\n");
return false;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 084/258] spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 083/258] spi: bcm2835: BUG: fix wrong use of PAGE_MASK Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 085/258] spi: spidev: fix possible NULL dereference Greg Kroah-Hartman
` (157 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tan, Jui Nee, Jarkko Nikula,
Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Tan, Jui Nee" <jui.nee.tan@intel.com>
commit 02bc933ebb59208f42c2e6305b2c17fd306f695d upstream.
On Intel Baytrail, there is case when interrupt handler get called, no SPI
message is captured. The RX FIFO is indeed empty when RX timeout pending
interrupt (SSSR_TINT) happens.
Use the BIOS version where both HSUART and SPI are on the same IRQ. Both
drivers are using IRQF_SHARED when calling the request_irq function. When
running two separate and independent SPI and HSUART application that
generate data traffic on both components, user will see messages like
below on the console:
pxa2xx-spi pxa2xx-spi.0: bad message state in interrupt handler
This commit will fix this by first checking Receiver Time-out Interrupt,
if it is disabled, ignore the request and return without servicing.
Signed-off-by: Tan, Jui Nee <jui.nee.tan@intel.com>
Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-pxa2xx.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -643,6 +643,10 @@ static irqreturn_t ssp_int(int irq, void
if (!(sccr1_reg & SSCR1_TIE))
mask &= ~SSSR_TFS;
+ /* Ignore RX timeout interrupt if it is disabled */
+ if (!(sccr1_reg & SSCR1_TINTE))
+ mask &= ~SSSR_TINT;
+
if (!(status & mask))
return IRQ_NONE;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 085/258] spi: spidev: fix possible NULL dereference
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 084/258] spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 086/258] mm: migrate: hugetlb: putback destination hugepage to active list Greg Kroah-Hartman
` (156 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sudip Mukherjee, Jarkko Nikula,
Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
commit dd85ebf681ef0ee1fc985c353dd45e8b53b5dc1e upstream.
During the last close we are freeing spidev if spidev->spi is NULL, but
just before checking if spidev->spi is NULL we are dereferencing it.
Lets add a check there to avoid the NULL dereference.
Fixes: 9169051617df ("spi: spidev: Don't mangle max_speed_hz in underlying spi device")
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spidev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/spi/spidev.c
+++ b/drivers/spi/spidev.c
@@ -651,7 +651,8 @@ static int spidev_release(struct inode *
kfree(spidev->rx_buffer);
spidev->rx_buffer = NULL;
- spidev->speed_hz = spidev->spi->max_speed_hz;
+ if (spidev->spi)
+ spidev->speed_hz = spidev->spi->max_speed_hz;
/* ... after we unbound from the underlying device? */
spin_lock_irq(&spidev->spi_lock);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 086/258] mm: migrate: hugetlb: putback destination hugepage to active list
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 085/258] spi: spidev: fix possible NULL dereference Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 087/258] lib/iommu-common.c: do not try to deref a null iommu->lazy_flush() pointer when n < pool->hint Greg Kroah-Hartman
` (155 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naoya Horiguchi, Michal Hocko,
Andi Kleen, Hugh Dickins, Andrew Morton, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
commit 3aaa76e125c1dd58c9b599baa8c6021896874c12 upstream.
Since commit bcc54222309c ("mm: hugetlb: introduce page_huge_active")
each hugetlb page maintains its active flag to avoid a race condition
betwe= en multiple calls of isolate_huge_page(), but current kernel
doesn't set the f= lag on a hugepage allocated by migration because the
proper putback routine isn= 't called. This means that users could
still encounter the race referred to by bcc54222309c in this special
case, so this patch fixes it.
Fixes: bcc54222309c ("mm: hugetlb: introduce page_huge_active")
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/migrate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1068,7 +1068,7 @@ out:
if (rc != MIGRATEPAGE_SUCCESS && put_new_page)
put_new_page(new_hpage, private);
else
- put_page(new_hpage);
+ putback_active_hugepage(new_hpage);
if (result) {
if (rc)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 087/258] lib/iommu-common.c: do not try to deref a null iommu->lazy_flush() pointer when n < pool->hint
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 086/258] mm: migrate: hugetlb: putback destination hugepage to active list Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 088/258] ocfs2/dlm: fix deadlock when dispatch assert master Greg Kroah-Hartman
` (154 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sowmini Varadhan,
Benjamin Herrenschmidt, Guenter Roeck, David S. Miller,
Andrew Morton, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
commit d046b770c9fc36ccb19c27afdb8322220108cbc7 upstream.
The check for invoking iommu->lazy_flush() from iommu_tbl_range_alloc()
has to be refactored so that we only call ->lazy_flush() if it is
non-null.
I had a sparc kernel that was crashing when I was trying to process some
very large perf.data files- the crash happens when the scsi driver calls
into dma_4v_map_sg and thus the iommu_tbl_range_alloc().
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/iommu-common.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/lib/iommu-common.c
+++ b/lib/iommu-common.c
@@ -21,8 +21,7 @@ static DEFINE_PER_CPU(unsigned int, iomm
static inline bool need_flush(struct iommu_map_table *iommu)
{
- return (iommu->lazy_flush != NULL &&
- (iommu->flags & IOMMU_NEED_FLUSH) != 0);
+ return ((iommu->flags & IOMMU_NEED_FLUSH) != 0);
}
static inline void set_flush(struct iommu_map_table *iommu)
@@ -211,7 +210,8 @@ unsigned long iommu_tbl_range_alloc(stru
goto bail;
}
}
- if (n < pool->hint || need_flush(iommu)) {
+ if (iommu->lazy_flush &&
+ (n < pool->hint || need_flush(iommu))) {
clear_flush(iommu);
iommu->lazy_flush(iommu);
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 088/258] ocfs2/dlm: fix deadlock when dispatch assert master
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 087/258] lib/iommu-common.c: do not try to deref a null iommu->lazy_flush() pointer when n < pool->hint Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 089/258] mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault Greg Kroah-Hartman
` (153 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joseph Qi, Joel Becker, Mark Fasheh,
Junxiao Bi, Andrew Morton, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joseph Qi <joseph.qi@huawei.com>
commit 012572d4fc2e4ddd5c8ec8614d51414ec6cae02a upstream.
The order of the following three spinlocks should be:
dlm_domain_lock < dlm_ctxt->spinlock < dlm_lock_resource->spinlock
But dlm_dispatch_assert_master() is called while holding
dlm_ctxt->spinlock and dlm_lock_resource->spinlock, and then it calls
dlm_grab() which will take dlm_domain_lock.
Once another thread (for example, dlm_query_join_handler) has already
taken dlm_domain_lock, and tries to take dlm_ctxt->spinlock deadlock
happens.
Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: "Junxiao Bi" <junxiao.bi@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/dlm/dlmmaster.c | 9 ++++++---
fs/ocfs2/dlm/dlmrecovery.c | 8 ++++++--
2 files changed, 12 insertions(+), 5 deletions(-)
--- a/fs/ocfs2/dlm/dlmmaster.c
+++ b/fs/ocfs2/dlm/dlmmaster.c
@@ -1439,6 +1439,7 @@ int dlm_master_request_handler(struct o2
int found, ret;
int set_maybe;
int dispatch_assert = 0;
+ int dispatched = 0;
if (!dlm_grab(dlm))
return DLM_MASTER_RESP_NO;
@@ -1658,15 +1659,18 @@ send_response:
mlog(ML_ERROR, "failed to dispatch assert master work\n");
response = DLM_MASTER_RESP_ERROR;
dlm_lockres_put(res);
- } else
+ } else {
+ dispatched = 1;
__dlm_lockres_grab_inflight_worker(dlm, res);
+ }
spin_unlock(&res->spinlock);
} else {
if (res)
dlm_lockres_put(res);
}
- dlm_put(dlm);
+ if (!dispatched)
+ dlm_put(dlm);
return response;
}
@@ -2090,7 +2094,6 @@ int dlm_dispatch_assert_master(struct dl
/* queue up work for dlm_assert_master_worker */
- dlm_grab(dlm); /* get an extra ref for the work item */
dlm_init_work_item(dlm, item, dlm_assert_master_worker, NULL);
item->u.am.lockres = res; /* already have a ref */
/* can optionally ignore node numbers higher than this node */
--- a/fs/ocfs2/dlm/dlmrecovery.c
+++ b/fs/ocfs2/dlm/dlmrecovery.c
@@ -1694,6 +1694,7 @@ int dlm_master_requery_handler(struct o2
unsigned int hash;
int master = DLM_LOCK_RES_OWNER_UNKNOWN;
u32 flags = DLM_ASSERT_MASTER_REQUERY;
+ int dispatched = 0;
if (!dlm_grab(dlm)) {
/* since the domain has gone away on this
@@ -1719,8 +1720,10 @@ int dlm_master_requery_handler(struct o2
dlm_put(dlm);
/* sender will take care of this and retry */
return ret;
- } else
+ } else {
+ dispatched = 1;
__dlm_lockres_grab_inflight_worker(dlm, res);
+ }
spin_unlock(&res->spinlock);
} else {
/* put.. incase we are not the master */
@@ -1730,7 +1733,8 @@ int dlm_master_requery_handler(struct o2
}
spin_unlock(&dlm->spinlock);
- dlm_put(dlm);
+ if (!dispatched)
+ dlm_put(dlm);
return master;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 089/258] mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 088/258] ocfs2/dlm: fix deadlock when dispatch assert master Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 090/258] memcg: fix dirty page migration Greg Kroah-Hartman
` (152 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mel Gorman, SunDong, Michal Hocko,
Andrea Arcangeli, Hugh Dickins, Naoya Horiguchi, David Rientjes,
Andrew Morton, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mel Gorman <mgorman@techsingularity.net>
commit 2f84a8990ebbe235c59716896e017c6b2ca1200f upstream.
SunDong reported the following on
https://bugzilla.kernel.org/show_bug.cgi?id=103841
I think I find a linux bug, I have the test cases is constructed. I
can stable recurring problems in fedora22(4.0.4) kernel version,
arch for x86_64. I construct transparent huge page, when the parent
and child process with MAP_SHARE, MAP_PRIVATE way to access the same
huge page area, it has the opportunity to lead to huge page copy on
write failure, and then it will munmap the child corresponding mmap
area, but then the child mmap area with VM_MAYSHARE attributes, child
process munmap this area can trigger VM_BUG_ON in set_vma_resv_flags
functions (vma - > vm_flags & VM_MAYSHARE).
There were a number of problems with the report (e.g. it's hugetlbfs that
triggers this, not transparent huge pages) but it was fundamentally
correct in that a VM_BUG_ON in set_vma_resv_flags() can be triggered that
looks like this
vma ffff8804651fd0d0 start 00007fc474e00000 end 00007fc475e00000
next ffff8804651fd018 prev ffff8804651fd188 mm ffff88046b1b1800
prot 8000000000000027 anon_vma (null) vm_ops ffffffff8182a7a0
pgoff 0 file ffff88106bdb9800 private_data (null)
flags: 0x84400fb(read|write|shared|mayread|maywrite|mayexec|mayshare|dontexpand|hugetlb)
------------
kernel BUG at mm/hugetlb.c:462!
SMP
Modules linked in: xt_pkttype xt_LOG xt_limit [..]
CPU: 38 PID: 26839 Comm: map Not tainted 4.0.4-default #1
Hardware name: Dell Inc. PowerEdge R810/0TT6JF, BIOS 2.7.4 04/26/2012
set_vma_resv_flags+0x2d/0x30
The VM_BUG_ON is correct because private and shared mappings have
different reservation accounting but the warning clearly shows that the
VMA is shared.
When a private COW fails to allocate a new page then only the process
that created the VMA gets the page -- all the children unmap the page.
If the children access that data in the future then they get killed.
The problem is that the same file is mapped shared and private. During
the COW, the allocation fails, the VMAs are traversed to unmap the other
private pages but a shared VMA is found and the bug is triggered. This
patch identifies such VMAs and skips them.
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Reported-by: SunDong <sund_sky@126.com>
Reviewed-by: Michal Hocko <mhocko@suse.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: David Rientjes <rientjes@google.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2974,6 +2974,14 @@ static void unmap_ref_private(struct mm_
continue;
/*
+ * Shared VMAs have their own reserves and do not affect
+ * MAP_PRIVATE accounting but it is possible that a shared
+ * VMA is using the same page so check and skip such VMAs.
+ */
+ if (iter_vma->vm_flags & VM_MAYSHARE)
+ continue;
+
+ /*
* Unmap the page from other VMAs without their own reserves.
* They get marked to be SIGKILLed if they fault in these
* areas. This is because a future no-page fault on this VMA
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 090/258] memcg: fix dirty page migration
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 089/258] mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 091/258] ALSA: hda/tegra - async probe for avoiding module loading deadlock Greg Kroah-Hartman
` (151 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Greg Thelen, Dave Hansen,
Michal Hocko, Johannes Weiner, Andrew Morton, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Thelen <gthelen@google.com>
commit 0610c25daa3e76e38ad5a8fae683a89ff9f71798 upstream.
The problem starts with a file backed dirty page which is charged to a
memcg. Then page migration is used to move oldpage to newpage.
Migration:
- copies the oldpage's data to newpage
- clears oldpage.PG_dirty
- sets newpage.PG_dirty
- uncharges oldpage from memcg
- charges newpage to memcg
Clearing oldpage.PG_dirty decrements the charged memcg's dirty page
count.
However, because newpage is not yet charged, setting newpage.PG_dirty
does not increment the memcg's dirty page count. After migration
completes newpage.PG_dirty is eventually cleared, often in
account_page_cleaned(). At this time newpage is charged to a memcg so
the memcg's dirty page count is decremented which causes underflow
because the count was not previously incremented by migration. This
underflow causes balance_dirty_pages() to see a very large unsigned
number of dirty memcg pages which leads to aggressive throttling of
buffered writes by processes in non root memcg.
This issue:
- can harm performance of non root memcg buffered writes.
- can report too small (even negative) values in
memory.stat[(total_)dirty] counters of all memcg, including the root.
To avoid polluting migrate.c with #ifdef CONFIG_MEMCG checks, introduce
page_memcg() and set_page_memcg() helpers.
Test:
0) setup and enter limited memcg
mkdir /sys/fs/cgroup/test
echo 1G > /sys/fs/cgroup/test/memory.limit_in_bytes
echo $$ > /sys/fs/cgroup/test/cgroup.procs
1) buffered writes baseline
dd if=/dev/zero of=/data/tmp/foo bs=1M count=1k
sync
grep ^dirty /sys/fs/cgroup/test/memory.stat
2) buffered writes with compaction antagonist to induce migration
yes 1 > /proc/sys/vm/compact_memory &
rm -rf /data/tmp/foo
dd if=/dev/zero of=/data/tmp/foo bs=1M count=1k
kill %
sync
grep ^dirty /sys/fs/cgroup/test/memory.stat
3) buffered writes without antagonist, should match baseline
rm -rf /data/tmp/foo
dd if=/dev/zero of=/data/tmp/foo bs=1M count=1k
sync
grep ^dirty /sys/fs/cgroup/test/memory.stat
(speed, dirty residue)
unpatched patched
1) 841 MB/s 0 dirty pages 886 MB/s 0 dirty pages
2) 611 MB/s -33427456 dirty pages 793 MB/s 0 dirty pages
3) 114 MB/s -33427456 dirty pages 891 MB/s 0 dirty pages
Notice that unpatched baseline performance (1) fell after
migration (3): 841 -> 114 MB/s. In the patched kernel, post
migration performance matches baseline.
Fixes: c4843a7593a9 ("memcg: add per cgroup dirty page accounting")
Signed-off-by: Greg Thelen <gthelen@google.com>
Reported-by: Dave Hansen <dave.hansen@intel.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mm.h | 21 +++++++++++++++++++++
mm/migrate.c | 12 +++++++++++-
2 files changed, 32 insertions(+), 1 deletion(-)
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -916,6 +916,27 @@ static inline void set_page_links(struct
#endif
}
+#ifdef CONFIG_MEMCG
+static inline struct mem_cgroup *page_memcg(struct page *page)
+{
+ return page->mem_cgroup;
+}
+
+static inline void set_page_memcg(struct page *page, struct mem_cgroup *memcg)
+{
+ page->mem_cgroup = memcg;
+}
+#else
+static inline struct mem_cgroup *page_memcg(struct page *page)
+{
+ return NULL;
+}
+
+static inline void set_page_memcg(struct page *page, struct mem_cgroup *memcg)
+{
+}
+#endif
+
/*
* Some inline functions in vmstat.h depend on page_zone()
*/
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -734,6 +734,15 @@ static int move_to_new_page(struct page
if (PageSwapBacked(page))
SetPageSwapBacked(newpage);
+ /*
+ * Indirectly called below, migrate_page_copy() copies PG_dirty and thus
+ * needs newpage's memcg set to transfer memcg dirty page accounting.
+ * So perform memcg migration in two steps:
+ * 1. set newpage->mem_cgroup (here)
+ * 2. clear page->mem_cgroup (below)
+ */
+ set_page_memcg(newpage, page_memcg(page));
+
mapping = page_mapping(page);
if (!mapping)
rc = migrate_page(mapping, newpage, page, mode);
@@ -750,9 +759,10 @@ static int move_to_new_page(struct page
rc = fallback_migrate_page(mapping, newpage, page, mode);
if (rc != MIGRATEPAGE_SUCCESS) {
+ set_page_memcg(newpage, NULL);
newpage->mapping = NULL;
} else {
- mem_cgroup_migrate(page, newpage, false);
+ set_page_memcg(page, NULL);
if (page_was_mapped)
remove_migration_ptes(page, newpage);
page->mapping = NULL;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 091/258] ALSA: hda/tegra - async probe for avoiding module loading deadlock
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 090/258] memcg: fix dirty page migration Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 092/258] ALSA: hda - Disable power_save_node for Thinkpads Greg Kroah-Hartman
` (150 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thierry Reding, Takashi Iwai
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 83510441bc08bee201c0ded9d81da6dfd008d69a upstream.
The Tegra HD-audio controller driver causes deadlocks when loaded as a
module since the driver invokes request_module() at binding with the
codec driver. This patch works around it by deferring the probe in a
work like Intel HD-audio controller driver does. Although hovering
the codec probe stuff into udev would be a better solution, it may
cause other regressions, so let's try this band-aid fix until the more
proper solution gets landed.
Reported-by: Thierry Reding <treding@nvidia.com>
Tested-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/hda_tegra.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
--- a/sound/pci/hda/hda_tegra.c
+++ b/sound/pci/hda/hda_tegra.c
@@ -73,6 +73,7 @@ struct hda_tegra {
struct clk *hda2codec_2x_clk;
struct clk *hda2hdmi_clk;
void __iomem *regs;
+ struct work_struct probe_work;
};
#ifdef CONFIG_PM
@@ -294,7 +295,9 @@ static int hda_tegra_dev_disconnect(stru
static int hda_tegra_dev_free(struct snd_device *device)
{
struct azx *chip = device->device_data;
+ struct hda_tegra *hda = container_of(chip, struct hda_tegra, chip);
+ cancel_work_sync(&hda->probe_work);
if (azx_bus(chip)->chip_init) {
azx_stop_all_streams(chip);
azx_stop_chip(chip);
@@ -426,6 +429,9 @@ static int hda_tegra_first_init(struct a
/*
* constructor
*/
+
+static void hda_tegra_probe_work(struct work_struct *work);
+
static int hda_tegra_create(struct snd_card *card,
unsigned int driver_caps,
struct hda_tegra *hda)
@@ -452,6 +458,8 @@ static int hda_tegra_create(struct snd_c
chip->single_cmd = false;
chip->snoop = true;
+ INIT_WORK(&hda->probe_work, hda_tegra_probe_work);
+
err = azx_bus_init(chip, NULL, &hda_tegra_io_ops);
if (err < 0)
return err;
@@ -499,6 +507,21 @@ static int hda_tegra_probe(struct platfo
card->private_data = chip;
dev_set_drvdata(&pdev->dev, card);
+ schedule_work(&hda->probe_work);
+
+ return 0;
+
+out_free:
+ snd_card_free(card);
+ return err;
+}
+
+static void hda_tegra_probe_work(struct work_struct *work)
+{
+ struct hda_tegra *hda = container_of(work, struct hda_tegra, probe_work);
+ struct azx *chip = &hda->chip;
+ struct platform_device *pdev = to_platform_device(hda->dev);
+ int err;
err = hda_tegra_first_init(chip, pdev);
if (err < 0)
@@ -520,11 +543,8 @@ static int hda_tegra_probe(struct platfo
chip->running = 1;
snd_hda_set_power_save(&chip->bus, power_save * 1000);
- return 0;
-
-out_free:
- snd_card_free(card);
- return err;
+ out_free:
+ return; /* no error return from async probe */
}
static int hda_tegra_remove(struct platform_device *pdev)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 092/258] ALSA: hda - Disable power_save_node for Thinkpads
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 091/258] ALSA: hda/tegra - async probe for avoiding module loading deadlock Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 093/258] ALSA: synth: Fix conflicting OSS device registration on AWE32 Greg Kroah-Hartman
` (149 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 7f57d803ee03730d570dc59a9e3e4842b58dd5cc upstream.
Lenovo Thinkpads with recent Realtek codecs seem suffering from click
noises at power transition since the introduction of widget power
saving in 4.1 kernel. Although this might be solved by some delays in
appropriate points, as a quick workaround, just disable the
power_save_node feature for now. The gain it gives is relatively
small, and this makes the situation back to pre 4.1 time.
This patch ended up with a bit more code changes than usual because
the existing fixup for Thinkpads is highly chained. Instead of adding
yet another chain, combine a few of them into a single fixup entry, as
a gratis cleanup.
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=943982
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4188,6 +4188,24 @@ static void alc_fixup_disable_aamix(stru
}
}
+/* fixup for Thinkpad docks: add dock pins, avoid HP parser fixup */
+static void alc_fixup_tpt440_dock(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ static const struct hda_pintbl pincfgs[] = {
+ { 0x16, 0x21211010 }, /* dock headphone */
+ { 0x19, 0x21a11010 }, /* dock mic */
+ { }
+ };
+ struct alc_spec *spec = codec->spec;
+
+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP;
+ codec->power_save_node = 0; /* avoid click noises */
+ snd_hda_apply_pincfgs(codec, pincfgs);
+ }
+}
+
static void alc_shutup_dell_xps13(struct hda_codec *codec)
{
struct alc_spec *spec = codec->spec;
@@ -4562,7 +4580,6 @@ enum {
ALC255_FIXUP_HEADSET_MODE_NO_HP_MIC,
ALC293_FIXUP_DELL1_MIC_NO_PRESENCE,
ALC292_FIXUP_TPT440_DOCK,
- ALC292_FIXUP_TPT440_DOCK2,
ALC283_FIXUP_BXBT2807_MIC,
ALC255_FIXUP_DELL_WMI_MIC_MUTE_LED,
ALC282_FIXUP_ASPIRE_V5_PINS,
@@ -5029,17 +5046,7 @@ static const struct hda_fixup alc269_fix
},
[ALC292_FIXUP_TPT440_DOCK] = {
.type = HDA_FIXUP_FUNC,
- .v.func = alc269_fixup_pincfg_no_hp_to_lineout,
- .chained = true,
- .chain_id = ALC292_FIXUP_TPT440_DOCK2
- },
- [ALC292_FIXUP_TPT440_DOCK2] = {
- .type = HDA_FIXUP_PINS,
- .v.pins = (const struct hda_pintbl[]) {
- { 0x16, 0x21211010 }, /* dock headphone */
- { 0x19, 0x21a11010 }, /* dock mic */
- { }
- },
+ .v.func = alc_fixup_tpt440_dock,
.chained = true,
.chain_id = ALC269_FIXUP_LIMIT_INT_MIC_BOOST
},
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 093/258] ALSA: synth: Fix conflicting OSS device registration on AWE32
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 092/258] ALSA: hda - Disable power_save_node for Thinkpads Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 094/258] ALSA: hda: Add dock support for ThinkPad T550 Greg Kroah-Hartman
` (148 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 225db5762dc1a35b26850477ffa06e5cd0097243 upstream.
When OSS emulation is loaded on ISA SB AWE32 chip, we get now kernel
warnings like:
WARNING: CPU: 0 PID: 2791 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x51/0x80()
sysfs: cannot create duplicate filename '/devices/isa/sbawe.0/sound/card0/seq-oss-0-0'
It's because both emux synth and opl3 drivers try to register their
OSS device object with the same static index number 0. This hasn't
been a big problem until the recent rewrite of device management code
(that exposes sysfs at the same time), but it's been an obvious bug.
This patch works around it just by using a different index number of
emux synth object. There can be a more elegant way to fix, but it's
enough for now, as this code won't be touched so often, in anyway.
Reported-and-tested-by: Michael Shell <list1@michaelshell.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/synth/emux/emux_oss.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/synth/emux/emux_oss.c
+++ b/sound/synth/emux/emux_oss.c
@@ -69,7 +69,8 @@ snd_emux_init_seq_oss(struct snd_emux *e
struct snd_seq_oss_reg *arg;
struct snd_seq_device *dev;
- if (snd_seq_device_new(emu->card, 0, SNDRV_SEQ_DEV_ID_OSS,
+ /* using device#1 here for avoiding conflicts with OPL3 */
+ if (snd_seq_device_new(emu->card, 1, SNDRV_SEQ_DEV_ID_OSS,
sizeof(struct snd_seq_oss_reg), &dev) < 0)
return;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 094/258] ALSA: hda: Add dock support for ThinkPad T550
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 093/258] ALSA: synth: Fix conflicting OSS device registration on AWE32 Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 095/258] ALSA: hda - Apply SPDIF pin ctl to MacBookPro 12,1 Greg Kroah-Hartman
` (147 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Laura Abbott, Takashi Iwai
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laura Abbott <labbott@fedoraproject.org>
commit d05ea7da0e8f6df3c62cfee75538f347cb3d89ef upstream.
Much like all the other Lenovo laptops, add a quirk to make
sound work with docking.
Reported-and-tested-by: lacknerflo@gmail.com
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5306,6 +5306,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x17aa, 0x2212, "Thinkpad T440", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2214, "Thinkpad X240", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2215, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
+ SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 095/258] ALSA: hda - Apply SPDIF pin ctl to MacBookPro 12,1
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 094/258] ALSA: hda: Add dock support for ThinkPad T550 Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 096/258] ALSA: hda - Disable power_save_node for IDT 92HD73xx chips Greg Kroah-Hartman
` (146 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, John Flatness, Takashi Iwai
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Flatness <john@zerocrates.org>
commit e8ff581f7ac2bc3b8886094b7ca635dcc4d1b0e9 upstream.
The MacBookPro 12,1 has the same setup as the 11 for controlling the
status of the optical audio light. Simply apply the existing workaround
to the subsystem ID for the 12,1.
[sorted the fixup entry by tiwai]
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=105401
Signed-off-by: John Flatness <john@zerocrates.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_cirrus.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_cirrus.c
+++ b/sound/pci/hda/patch_cirrus.c
@@ -633,6 +633,7 @@ static const struct snd_pci_quirk cs4208
SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11),
SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
+ SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11),
{} /* terminator */
};
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 096/258] ALSA: hda - Disable power_save_node for IDT 92HD73xx chips
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 095/258] ALSA: hda - Apply SPDIF pin ctl to MacBookPro 12,1 Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 097/258] ASoC: pxa: pxa2xx-ac97: fix dma requestor lines Greg Kroah-Hartman
` (145 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit c7e1008048a97148d3aecae742f66fb2f944644c upstream.
The recent widget power saving introduced some unavoidable click
noises on old IDT 92HD73xx chips while it still seems working on the
compatible new chips. In the bugzilla, we tried lots of tests and
workarounds, but they didn't help much. So, let's disable the feature
for these specific chips as the least (but safest) fix.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=104981
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_sigmatel.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -4520,7 +4520,11 @@ static int patch_stac92hd73xx(struct hda
return err;
spec = codec->spec;
- codec->power_save_node = 1;
+ /* enable power_save_node only for new 92HD89xx chips, as it causes
+ * click noises on old 92HD73xx chips.
+ */
+ if ((codec->core.vendor_id & 0xfffffff0) != 0x111d7670)
+ codec->power_save_node = 1;
spec->linear_tone_beep = 0;
spec->gen.mixer_nid = 0x1d;
spec->have_spdif_mux = 1;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 097/258] ASoC: pxa: pxa2xx-ac97: fix dma requestor lines
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 096/258] ALSA: hda - Disable power_save_node for IDT 92HD73xx chips Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 098/258] ASoC: fix broken pxa SoC support Greg Kroah-Hartman
` (144 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Jarzmik, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robert Jarzmik <robert.jarzmik@free.fr>
commit 8811191fdf7ed02ee07cb8469428158572d355a2 upstream.
PCM receive and transmit DMA requestor lines were reverted, breaking the
PCM playback interface for PXA platforms using the sound/soc/ variant
instead of the sound/arm variant.
The commit below shows the inversion in the requestor lines.
Fixes: d65a14587a9b ("ASoC: pxa: use snd_dmaengine_dai_dma_data")
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/pxa/pxa2xx-ac97.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/soc/pxa/pxa2xx-ac97.c
+++ b/sound/soc/pxa/pxa2xx-ac97.c
@@ -49,7 +49,7 @@ static struct snd_ac97_bus_ops pxa2xx_ac
.reset = pxa2xx_ac97_cold_reset,
};
-static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 12;
+static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 11;
static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_in = {
.addr = __PREG(PCDR),
.addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES,
@@ -57,7 +57,7 @@ static struct snd_dmaengine_dai_dma_data
.filter_data = &pxa2xx_ac97_pcm_stereo_in_req,
};
-static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 11;
+static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 12;
static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_out = {
.addr = __PREG(PCDR),
.addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES,
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 098/258] ASoC: fix broken pxa SoC support
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 097/258] ASoC: pxa: pxa2xx-ac97: fix dma requestor lines Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 099/258] ASoC: dwc: correct irq clear method Greg Kroah-Hartman
` (143 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Jarzmik, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robert Jarzmik <robert.jarzmik@free.fr>
commit 3c8f7710c1c44fb650bc29b6ef78ed8b60cfaa28 upstream.
The previous fix of pxa library support, which was introduced to fix the
library dependency, broke the previous SoC behavior, where a machine
code binding pxa2xx-ac97 with a coded relied on :
- sound/soc/pxa/pxa2xx-ac97.c
- sound/soc/codecs/XXX.c
For example, the mioa701_wm9713.c machine code is currently broken. The
"select ARM" statement wrongly selects the soc/arm/pxa2xx-ac97 for
compilation, as per an unfortunate fate SND_PXA2XX_AC97 is both declared
in sound/arm/Kconfig and sound/soc/pxa/Kconfig.
Fix this by ensuring that SND_PXA2XX_SOC correctly triggers the correct
pxa2xx-ac97 compilation.
Fixes: 846172dfe33c ("ASoC: fix SND_PXA2XX_LIB Kconfig warning")
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/arm/Kconfig | 15 ++++++++-------
sound/soc/pxa/Kconfig | 2 --
2 files changed, 8 insertions(+), 9 deletions(-)
--- a/sound/arm/Kconfig
+++ b/sound/arm/Kconfig
@@ -9,6 +9,14 @@ menuconfig SND_ARM
Drivers that are implemented on ASoC can be found in
"ALSA for SoC audio support" section.
+config SND_PXA2XX_LIB
+ tristate
+ select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97
+ select SND_DMAENGINE_PCM
+
+config SND_PXA2XX_LIB_AC97
+ bool
+
if SND_ARM
config SND_ARMAACI
@@ -21,13 +29,6 @@ config SND_PXA2XX_PCM
tristate
select SND_PCM
-config SND_PXA2XX_LIB
- tristate
- select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97
-
-config SND_PXA2XX_LIB_AC97
- bool
-
config SND_PXA2XX_AC97
tristate "AC97 driver for the Intel PXA2xx chip"
depends on ARCH_PXA
--- a/sound/soc/pxa/Kconfig
+++ b/sound/soc/pxa/Kconfig
@@ -1,7 +1,6 @@
config SND_PXA2XX_SOC
tristate "SoC Audio for the Intel PXA2xx chip"
depends on ARCH_PXA
- select SND_ARM
select SND_PXA2XX_LIB
help
Say Y or M if you want to add support for codecs attached to
@@ -25,7 +24,6 @@ config SND_PXA2XX_AC97
config SND_PXA2XX_SOC_AC97
tristate
select AC97_BUS
- select SND_ARM
select SND_PXA2XX_LIB_AC97
select SND_SOC_AC97_BUS
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 099/258] ASoC: dwc: correct irq clear method
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 098/258] ASoC: fix broken pxa SoC support Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 100/258] ASoC: db1200: Fix DAI link format for db1300 and db1550 Greg Kroah-Hartman
` (142 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yitian Bu, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yitian Bu <buyitian@gmail.com>
commit 4873867e5f2bd90faad861dd94865099fc3140f3 upstream.
from Designware I2S datasheet, tx/rx XRUN irq is cleared by
reading register TOR/ROR, rather than by writing into them.
Signed-off-by: Yitian Bu <yitian.bu@tangramtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/dwc/designware_i2s.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/soc/dwc/designware_i2s.c
+++ b/sound/soc/dwc/designware_i2s.c
@@ -131,10 +131,10 @@ static inline void i2s_clear_irqs(struct
if (stream == SNDRV_PCM_STREAM_PLAYBACK) {
for (i = 0; i < 4; i++)
- i2s_write_reg(dev->i2s_base, TOR(i), 0);
+ i2s_read_reg(dev->i2s_base, TOR(i));
} else {
for (i = 0; i < 4; i++)
- i2s_write_reg(dev->i2s_base, ROR(i), 0);
+ i2s_read_reg(dev->i2s_base, ROR(i));
}
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 100/258] ASoC: db1200: Fix DAI link format for db1300 and db1550
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 099/258] ASoC: dwc: correct irq clear method Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 101/258] ASoC: sgtl5000: fix wrong register MIC_BIAS_VOLTAGE setup on probe Greg Kroah-Hartman
` (141 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manuel Lauss, Lars-Peter Clausen,
Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit e74679b38c9417c1c524081121cdcdb36f82264d upstream.
Commit b4508d0f95fa ("ASoC: db1200: Use static DAI format setup") switched
the db1200 driver over to using static DAI format setup instead of a
callback function. But the commit only added the dai_fmt field to one of
the three DAI links in the driver. This breaks audio on db1300 and db1550.
Add the two missing dai_fmt settings to fix the issue.
Fixes: b4508d0f95fa ("ASoC: db1200: Use static DAI format setup")
Reported-by: Manuel Lauss <manuel.lauss@gmail.com>
Tested-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/au1x/db1200.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/soc/au1x/db1200.c
+++ b/sound/soc/au1x/db1200.c
@@ -129,6 +129,8 @@ static struct snd_soc_dai_link db1300_i2
.cpu_dai_name = "au1xpsc_i2s.2",
.platform_name = "au1xpsc-pcm.2",
.codec_name = "wm8731.0-001b",
+ .dai_fmt = SND_SOC_DAIFMT_LEFT_J | SND_SOC_DAIFMT_NB_NF |
+ SND_SOC_DAIFMT_CBM_CFM,
.ops = &db1200_i2s_wm8731_ops,
};
@@ -146,6 +148,8 @@ static struct snd_soc_dai_link db1550_i2
.cpu_dai_name = "au1xpsc_i2s.3",
.platform_name = "au1xpsc-pcm.3",
.codec_name = "wm8731.0-001b",
+ .dai_fmt = SND_SOC_DAIFMT_LEFT_J | SND_SOC_DAIFMT_NB_NF |
+ SND_SOC_DAIFMT_CBM_CFM,
.ops = &db1200_i2s_wm8731_ops,
};
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 101/258] ASoC: sgtl5000: fix wrong register MIC_BIAS_VOLTAGE setup on probe
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 100/258] ASoC: db1200: Fix DAI link format for db1300 and db1550 Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 102/258] ASoC: tas2552: fix dBscale-min declaration Greg Kroah-Hartman
` (140 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gianluca Renzi, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gianluca Renzi <gianlucarenzi@eurekelettronica.it>
commit e256da84a04ea31c3c215997c847609af224e8f4 upstream.
Signed-off-by: Gianluca Renzi <gianlucarenzi@eurekelettronica.it>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/sgtl5000.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/soc/codecs/sgtl5000.c
+++ b/sound/soc/codecs/sgtl5000.c
@@ -1377,8 +1377,8 @@ static int sgtl5000_probe(struct snd_soc
sgtl5000->micbias_resistor << SGTL5000_BIAS_R_SHIFT);
snd_soc_update_bits(codec, SGTL5000_CHIP_MIC_CTRL,
- SGTL5000_BIAS_R_MASK,
- sgtl5000->micbias_voltage << SGTL5000_BIAS_R_SHIFT);
+ SGTL5000_BIAS_VOLT_MASK,
+ sgtl5000->micbias_voltage << SGTL5000_BIAS_VOLT_SHIFT);
/*
* disable DAP
* TODO:
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 102/258] ASoC: tas2552: fix dBscale-min declaration
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 101/258] ASoC: sgtl5000: fix wrong register MIC_BIAS_VOLTAGE setup on probe Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 103/258] btrfs: skip waiting on ordered range for special files Greg Kroah-Hartman
` (139 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andreas Dannenberg, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Dannenberg <dannenberg@ti.com>
commit e2600460bc3aa14ca1df86318a327cbbabedf9a8 upstream.
The minimum volume level for the TAS2552 (control register value 0x00)
is -7dB however the driver declares it as -0.07dB.
Running amixer before the patch reports:
dBscale-min=-0.07dB,step=1.00dB,mute=0
Running amixer with the patch applied reports:
dBscale-min=-7.00dB,step=1.00dB,mute=0
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/tas2552.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/tas2552.c
+++ b/sound/soc/codecs/tas2552.c
@@ -551,7 +551,7 @@ static struct snd_soc_dai_driver tas2552
/*
* DAC digital volumes. From -7 to 24 dB in 1 dB steps
*/
-static DECLARE_TLV_DB_SCALE(dac_tlv, -7, 100, 0);
+static DECLARE_TLV_DB_SCALE(dac_tlv, -700, 100, 0);
static const char * const tas2552_din_source_select[] = {
"Muted",
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 103/258] btrfs: skip waiting on ordered range for special files
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 102/258] ASoC: tas2552: fix dBscale-min declaration Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 104/258] Btrfs: fix read corruption of compressed and shared extents Greg Kroah-Hartman
` (138 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Biedl, Jeff Mahoney,
Filipe Manana
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
commit a30e577c96f59b1e1678ea5462432b09bf7d5cbc upstream.
In btrfs_evict_inode, we properly truncate the page cache for evicted
inodes but then we call btrfs_wait_ordered_range for every inode as well.
It's the right thing to do for regular files but results in incorrect
behavior for device inodes for block devices.
filemap_fdatawrite_range gets called with inode->i_mapping which gets
resolved to the block device inode before getting passed to
wbc_attach_fdatawrite_inode and ultimately to inode_to_bdi. What happens
next depends on whether there's an open file handle associated with the
inode. If there is, we write to the block device, which is unexpected
behavior. If there isn't, we through normally and inode->i_data is used.
We can also end up racing against open/close which can result in crashes
when i_mapping points to a block device inode that has been closed.
Since there can't be any page cache associated with special file inodes,
it's safe to skip the btrfs_wait_ordered_range call entirely and avoid
the problem.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=100911
Tested-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -5051,7 +5051,8 @@ void btrfs_evict_inode(struct inode *ino
goto no_delete;
}
/* do we really want it for ->i_nlink > 0 and zero btrfs_root_refs? */
- btrfs_wait_ordered_range(inode, 0, (u64)-1);
+ if (!special_file(inode->i_mode))
+ btrfs_wait_ordered_range(inode, 0, (u64)-1);
btrfs_free_io_failure_record(inode, 0, (u64)-1);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 104/258] Btrfs: fix read corruption of compressed and shared extents
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 103/258] btrfs: skip waiting on ordered range for special files Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 105/258] Btrfs: update fix for " Greg Kroah-Hartman
` (137 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Filipe Manana, Qu Wenruo, Liu Bo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 005efedf2c7d0a270ffbe28d8997b03844f3e3e7 upstream.
If a file has a range pointing to a compressed extent, followed by
another range that points to the same compressed extent and a read
operation attempts to read both ranges (either completely or part of
them), the pages that correspond to the second range are incorrectly
filled with zeroes.
Consider the following example:
File layout
[0 - 8K] [8K - 24K]
| |
| |
points to extent X, points to extent X,
offset 4K, length of 8K offset 0, length 16K
[extent X, compressed length = 4K uncompressed length = 16K]
If a readpages() call spans the 2 ranges, a single bio to read the extent
is submitted - extent_io.c:submit_extent_page() would only create a new
bio to cover the second range pointing to the extent if the extent it
points to had a different logical address than the extent associated with
the first range. This has a consequence of the compressed read end io
handler (compression.c:end_compressed_bio_read()) finish once the extent
is decompressed into the pages covering the first range, leaving the
remaining pages (belonging to the second range) filled with zeroes (done
by compression.c:btrfs_clear_biovec_end()).
So fix this by submitting the current bio whenever we find a range
pointing to a compressed extent that was preceded by a range with a
different extent map. This is the simplest solution for this corner
case. Making the end io callback populate both ranges (or more, if we
have multiple pointing to the same extent) is a much more complex
solution since each bio is tightly coupled with a single extent map and
the extent maps associated to the ranges pointing to the shared extent
can have different offsets and lengths.
The following test case for fstests triggers the issue:
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
# real QA test starts here
_need_to_be_root
_supported_fs btrfs
_supported_os Linux
_require_scratch
_require_cloner
rm -f $seqres.full
test_clone_and_read_compressed_extent()
{
local mount_opts=$1
_scratch_mkfs >>$seqres.full 2>&1
_scratch_mount $mount_opts
# Create a test file with a single extent that is compressed (the
# data we write into it is highly compressible no matter which
# compression algorithm is used, zlib or lzo).
$XFS_IO_PROG -f -c "pwrite -S 0xaa 0K 4K" \
-c "pwrite -S 0xbb 4K 8K" \
-c "pwrite -S 0xcc 12K 4K" \
$SCRATCH_MNT/foo | _filter_xfs_io
# Now clone our extent into an adjacent offset.
$CLONER_PROG -s $((4 * 1024)) -d $((16 * 1024)) -l $((8 * 1024)) \
$SCRATCH_MNT/foo $SCRATCH_MNT/foo
# Same as before but for this file we clone the extent into a lower
# file offset.
$XFS_IO_PROG -f -c "pwrite -S 0xaa 8K 4K" \
-c "pwrite -S 0xbb 12K 8K" \
-c "pwrite -S 0xcc 20K 4K" \
$SCRATCH_MNT/bar | _filter_xfs_io
$CLONER_PROG -s $((12 * 1024)) -d 0 -l $((8 * 1024)) \
$SCRATCH_MNT/bar $SCRATCH_MNT/bar
echo "File digests before unmounting filesystem:"
md5sum $SCRATCH_MNT/foo | _filter_scratch
md5sum $SCRATCH_MNT/bar | _filter_scratch
# Evicting the inode or clearing the page cache before reading
# again the file would also trigger the bug - reads were returning
# all bytes in the range corresponding to the second reference to
# the extent with a value of 0, but the correct data was persisted
# (it was a bug exclusively in the read path). The issue happened
# only if the same readpages() call targeted pages belonging to the
# first and second ranges that point to the same compressed extent.
_scratch_remount
echo "File digests after mounting filesystem again:"
# Must match the same digests we got before.
md5sum $SCRATCH_MNT/foo | _filter_scratch
md5sum $SCRATCH_MNT/bar | _filter_scratch
}
echo -e "\nTesting with zlib compression..."
test_clone_and_read_compressed_extent "-o compress=zlib"
_scratch_unmount
echo -e "\nTesting with lzo compression..."
test_clone_and_read_compressed_extent "-o compress=lzo"
status=0
exit
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Qu Wenruo<quwenruo@cn.fujitsu.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.c | 65 ++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 57 insertions(+), 8 deletions(-)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -2798,7 +2798,8 @@ static int submit_extent_page(int rw, st
bio_end_io_t end_io_func,
int mirror_num,
unsigned long prev_bio_flags,
- unsigned long bio_flags)
+ unsigned long bio_flags,
+ bool force_bio_submit)
{
int ret = 0;
struct bio *bio;
@@ -2816,6 +2817,7 @@ static int submit_extent_page(int rw, st
contig = bio_end_sector(bio) == sector;
if (prev_bio_flags != bio_flags || !contig ||
+ force_bio_submit ||
merge_bio(rw, tree, page, offset, page_size, bio, bio_flags) ||
bio_add_page(bio, page, page_size, offset) < page_size) {
ret = submit_one_bio(rw, bio, mirror_num,
@@ -2909,7 +2911,8 @@ static int __do_readpage(struct extent_i
get_extent_t *get_extent,
struct extent_map **em_cached,
struct bio **bio, int mirror_num,
- unsigned long *bio_flags, int rw)
+ unsigned long *bio_flags, int rw,
+ u64 *prev_em_start)
{
struct inode *inode = page->mapping->host;
u64 start = page_offset(page);
@@ -2957,6 +2960,7 @@ static int __do_readpage(struct extent_i
}
while (cur <= end) {
unsigned long pnr = (last_byte >> PAGE_CACHE_SHIFT) + 1;
+ bool force_bio_submit = false;
if (cur >= last_byte) {
char *userpage;
@@ -3007,6 +3011,49 @@ static int __do_readpage(struct extent_i
block_start = em->block_start;
if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags))
block_start = EXTENT_MAP_HOLE;
+
+ /*
+ * If we have a file range that points to a compressed extent
+ * and it's followed by a consecutive file range that points to
+ * to the same compressed extent (possibly with a different
+ * offset and/or length, so it either points to the whole extent
+ * or only part of it), we must make sure we do not submit a
+ * single bio to populate the pages for the 2 ranges because
+ * this makes the compressed extent read zero out the pages
+ * belonging to the 2nd range. Imagine the following scenario:
+ *
+ * File layout
+ * [0 - 8K] [8K - 24K]
+ * | |
+ * | |
+ * points to extent X, points to extent X,
+ * offset 4K, length of 8K offset 0, length 16K
+ *
+ * [extent X, compressed length = 4K uncompressed length = 16K]
+ *
+ * If the bio to read the compressed extent covers both ranges,
+ * it will decompress extent X into the pages belonging to the
+ * first range and then it will stop, zeroing out the remaining
+ * pages that belong to the other range that points to extent X.
+ * So here we make sure we submit 2 bios, one for the first
+ * range and another one for the third range. Both will target
+ * the same physical extent from disk, but we can't currently
+ * make the compressed bio endio callback populate the pages
+ * for both ranges because each compressed bio is tightly
+ * coupled with a single extent map, and each range can have
+ * an extent map with a different offset value relative to the
+ * uncompressed data of our extent and different lengths. This
+ * is a corner case so we prioritize correctness over
+ * non-optimal behavior (submitting 2 bios for the same extent).
+ */
+ if (test_bit(EXTENT_FLAG_COMPRESSED, &em->flags) &&
+ prev_em_start && *prev_em_start != (u64)-1 &&
+ *prev_em_start != em->orig_start)
+ force_bio_submit = true;
+
+ if (prev_em_start)
+ *prev_em_start = em->orig_start;
+
free_extent_map(em);
em = NULL;
@@ -3056,7 +3103,8 @@ static int __do_readpage(struct extent_i
bdev, bio, pnr,
end_bio_extent_readpage, mirror_num,
*bio_flags,
- this_bio_flag);
+ this_bio_flag,
+ force_bio_submit);
if (!ret) {
nr++;
*bio_flags = this_bio_flag;
@@ -3088,6 +3136,7 @@ static inline void __do_contiguous_readp
struct inode *inode;
struct btrfs_ordered_extent *ordered;
int index;
+ u64 prev_em_start = (u64)-1;
inode = pages[0]->mapping->host;
while (1) {
@@ -3103,7 +3152,7 @@ static inline void __do_contiguous_readp
for (index = 0; index < nr_pages; index++) {
__do_readpage(tree, pages[index], get_extent, em_cached, bio,
- mirror_num, bio_flags, rw);
+ mirror_num, bio_flags, rw, &prev_em_start);
page_cache_release(pages[index]);
}
}
@@ -3171,7 +3220,7 @@ static int __extent_read_full_page(struc
}
ret = __do_readpage(tree, page, get_extent, NULL, bio, mirror_num,
- bio_flags, rw);
+ bio_flags, rw, NULL);
return ret;
}
@@ -3197,7 +3246,7 @@ int extent_read_full_page_nolock(struct
int ret;
ret = __do_readpage(tree, page, get_extent, NULL, &bio, mirror_num,
- &bio_flags, READ);
+ &bio_flags, READ, NULL);
if (bio)
ret = submit_one_bio(READ, bio, mirror_num, bio_flags);
return ret;
@@ -3450,7 +3499,7 @@ static noinline_for_stack int __extent_w
sector, iosize, pg_offset,
bdev, &epd->bio, max_nr,
end_bio_extent_writepage,
- 0, 0, 0);
+ 0, 0, 0, false);
if (ret)
SetPageError(page);
}
@@ -3752,7 +3801,7 @@ static noinline_for_stack int write_one_
ret = submit_extent_page(rw, tree, p, offset >> 9,
PAGE_CACHE_SIZE, 0, bdev, &epd->bio,
-1, end_bio_extent_buffer_writepage,
- 0, epd->bio_flags, bio_flags);
+ 0, epd->bio_flags, bio_flags, false);
epd->bio_flags = bio_flags;
if (ret) {
set_btree_ioerr(p);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 105/258] Btrfs: update fix for read corruption of compressed and shared extents
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 104/258] Btrfs: fix read corruption of compressed and shared extents Greg Kroah-Hartman
@ 2015-10-18 1:56 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 107/258] PCI: Fix devfn for VPD access through function 0 Greg Kroah-Hartman
` (136 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:56 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Filipe Manana, Timofey Titovets
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 808f80b46790f27e145c72112189d6a3be2bc884 upstream.
My previous fix in commit 005efedf2c7d ("Btrfs: fix read corruption of
compressed and shared extents") was effective only if the compressed
extents cover a file range with a length that is not a multiple of 16
pages. That's because the detection of when we reached a different range
of the file that shares the same compressed extent as the previously
processed range was done at extent_io.c:__do_contiguous_readpages(),
which covers subranges with a length up to 16 pages, because
extent_readpages() groups the pages in clusters no larger than 16 pages.
So fix this by tracking the start of the previously processed file
range's extent map at extent_readpages().
The following test case for fstests reproduces the issue:
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
# real QA test starts here
_need_to_be_root
_supported_fs btrfs
_supported_os Linux
_require_scratch
_require_cloner
rm -f $seqres.full
test_clone_and_read_compressed_extent()
{
local mount_opts=$1
_scratch_mkfs >>$seqres.full 2>&1
_scratch_mount $mount_opts
# Create our test file with a single extent of 64Kb that is going to
# be compressed no matter which compression algo is used (zlib/lzo).
$XFS_IO_PROG -f -c "pwrite -S 0xaa 0K 64K" \
$SCRATCH_MNT/foo | _filter_xfs_io
# Now clone the compressed extent into an adjacent file offset.
$CLONER_PROG -s 0 -d $((64 * 1024)) -l $((64 * 1024)) \
$SCRATCH_MNT/foo $SCRATCH_MNT/foo
echo "File digest before unmount:"
md5sum $SCRATCH_MNT/foo | _filter_scratch
# Remount the fs or clear the page cache to trigger the bug in
# btrfs. Because the extent has an uncompressed length that is a
# multiple of 16 pages, all the pages belonging to the second range
# of the file (64K to 128K), which points to the same extent as the
# first range (0K to 64K), had their contents full of zeroes instead
# of the byte 0xaa. This was a bug exclusively in the read path of
# compressed extents, the correct data was stored on disk, btrfs
# just failed to fill in the pages correctly.
_scratch_remount
echo "File digest after remount:"
# Must match the digest we got before.
md5sum $SCRATCH_MNT/foo | _filter_scratch
}
echo -e "\nTesting with zlib compression..."
test_clone_and_read_compressed_extent "-o compress=zlib"
_scratch_unmount
echo -e "\nTesting with lzo compression..."
test_clone_and_read_compressed_extent "-o compress=lzo"
status=0
exit
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Tested-by: Timofey Titovets <nefelim4ag@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -3131,12 +3131,12 @@ static inline void __do_contiguous_readp
get_extent_t *get_extent,
struct extent_map **em_cached,
struct bio **bio, int mirror_num,
- unsigned long *bio_flags, int rw)
+ unsigned long *bio_flags, int rw,
+ u64 *prev_em_start)
{
struct inode *inode;
struct btrfs_ordered_extent *ordered;
int index;
- u64 prev_em_start = (u64)-1;
inode = pages[0]->mapping->host;
while (1) {
@@ -3152,7 +3152,7 @@ static inline void __do_contiguous_readp
for (index = 0; index < nr_pages; index++) {
__do_readpage(tree, pages[index], get_extent, em_cached, bio,
- mirror_num, bio_flags, rw, &prev_em_start);
+ mirror_num, bio_flags, rw, prev_em_start);
page_cache_release(pages[index]);
}
}
@@ -3162,7 +3162,8 @@ static void __extent_readpages(struct ex
int nr_pages, get_extent_t *get_extent,
struct extent_map **em_cached,
struct bio **bio, int mirror_num,
- unsigned long *bio_flags, int rw)
+ unsigned long *bio_flags, int rw,
+ u64 *prev_em_start)
{
u64 start = 0;
u64 end = 0;
@@ -3183,7 +3184,7 @@ static void __extent_readpages(struct ex
index - first_index, start,
end, get_extent, em_cached,
bio, mirror_num, bio_flags,
- rw);
+ rw, prev_em_start);
start = page_start;
end = start + PAGE_CACHE_SIZE - 1;
first_index = index;
@@ -3194,7 +3195,8 @@ static void __extent_readpages(struct ex
__do_contiguous_readpages(tree, &pages[first_index],
index - first_index, start,
end, get_extent, em_cached, bio,
- mirror_num, bio_flags, rw);
+ mirror_num, bio_flags, rw,
+ prev_em_start);
}
static int __extent_read_full_page(struct extent_io_tree *tree,
@@ -4205,6 +4207,7 @@ int extent_readpages(struct extent_io_tr
struct page *page;
struct extent_map *em_cached = NULL;
int nr = 0;
+ u64 prev_em_start = (u64)-1;
for (page_idx = 0; page_idx < nr_pages; page_idx++) {
page = list_entry(pages->prev, struct page, lru);
@@ -4221,12 +4224,12 @@ int extent_readpages(struct extent_io_tr
if (nr < ARRAY_SIZE(pagepool))
continue;
__extent_readpages(tree, pagepool, nr, get_extent, &em_cached,
- &bio, 0, &bio_flags, READ);
+ &bio, 0, &bio_flags, READ, &prev_em_start);
nr = 0;
}
if (nr)
__extent_readpages(tree, pagepool, nr, get_extent, &em_cached,
- &bio, 0, &bio_flags, READ);
+ &bio, 0, &bio_flags, READ, &prev_em_start);
if (em_cached)
free_extent_map(em_cached);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 107/258] PCI: Fix devfn for VPD access through function 0
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2015-10-18 1:56 ` [PATCH 4.2 105/258] Btrfs: update fix for " Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 108/258] PCI: Use function 0 VPD for identical functions, regular VPD for others Greg Kroah-Hartman
` (135 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Williamson, Bjorn Helgaas,
Myron Stowe, Mark Rustad
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit 9d9240756e63dd87d6cbf5da8b98ceb8f8192b55 upstream.
Commit 932c435caba8 ("PCI: Add dev_flags bit to access VPD through function
0") passes PCI_SLOT(devfn) for the devfn parameter of pci_get_slot().
Generally this works because we're fairly well guaranteed that a PCIe
device is at slot address 0, but for the general case, including
conventional PCI, it's incorrect. We need to get the slot and then convert
it back into a devfn.
Fixes: 932c435caba8 ("PCI: Add dev_flags bit to access VPD through function 0")
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Bjorn Helgaas <helgaas@kernel.org>
Acked-by: Myron Stowe <myron.stowe@redhat.com>
Acked-by: Mark Rustad <mark.d.rustad@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/access.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/pci/access.c
+++ b/drivers/pci/access.c
@@ -442,7 +442,8 @@ static const struct pci_vpd_ops pci_vpd_
static ssize_t pci_vpd_f0_read(struct pci_dev *dev, loff_t pos, size_t count,
void *arg)
{
- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn));
+ struct pci_dev *tdev = pci_get_slot(dev->bus,
+ PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
ssize_t ret;
if (!tdev)
@@ -456,7 +457,8 @@ static ssize_t pci_vpd_f0_read(struct pc
static ssize_t pci_vpd_f0_write(struct pci_dev *dev, loff_t pos, size_t count,
const void *arg)
{
- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn));
+ struct pci_dev *tdev = pci_get_slot(dev->bus,
+ PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
ssize_t ret;
if (!tdev)
@@ -475,7 +477,8 @@ static const struct pci_vpd_ops pci_vpd_
static int pci_vpd_f0_dev_check(struct pci_dev *dev)
{
- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn));
+ struct pci_dev *tdev = pci_get_slot(dev->bus,
+ PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
int ret = 0;
if (!tdev)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 108/258] PCI: Use function 0 VPD for identical functions, regular VPD for others
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 107/258] PCI: Fix devfn for VPD access through function 0 Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 109/258] PCI: Clear IORESOURCE_UNSET when clipping a bridge window Greg Kroah-Hartman
` (134 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Williamson, Bjorn Helgaas,
Myron Stowe, Mark Rustad
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit da2d03ea27f6ed9d2005a67b20dd021ddacf1e4d upstream.
932c435caba8 ("PCI: Add dev_flags bit to access VPD through function 0")
added PCI_DEV_FLAGS_VPD_REF_F0. Previously, we set the flag on every
non-zero function of quirked devices. If a function turned out to be
different from function 0, i.e., it had a different class, vendor ID, or
device ID, the flag remained set but we didn't make VPD accessible at all.
Flip this around so we only set PCI_DEV_FLAGS_VPD_REF_F0 for functions that
are identical to function 0, and allow regular VPD access for any other
functions.
[bhelgaas: changelog, stable tag]
Fixes: 932c435caba8 ("PCI: Add dev_flags bit to access VPD through function 0")
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Bjorn Helgaas <helgaas@kernel.org>
Acked-by: Myron Stowe <myron.stowe@redhat.com>
Acked-by: Mark Rustad <mark.d.rustad@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/access.c | 22 ----------------------
drivers/pci/quirks.c | 20 ++++++++++++++++++--
2 files changed, 18 insertions(+), 24 deletions(-)
--- a/drivers/pci/access.c
+++ b/drivers/pci/access.c
@@ -475,23 +475,6 @@ static const struct pci_vpd_ops pci_vpd_
.release = pci_vpd_pci22_release,
};
-static int pci_vpd_f0_dev_check(struct pci_dev *dev)
-{
- struct pci_dev *tdev = pci_get_slot(dev->bus,
- PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
- int ret = 0;
-
- if (!tdev)
- return -ENODEV;
- if (!tdev->vpd || !tdev->multifunction ||
- dev->class != tdev->class || dev->vendor != tdev->vendor ||
- dev->device != tdev->device)
- ret = -ENODEV;
-
- pci_dev_put(tdev);
- return ret;
-}
-
int pci_vpd_pci22_init(struct pci_dev *dev)
{
struct pci_vpd_pci22 *vpd;
@@ -500,12 +483,7 @@ int pci_vpd_pci22_init(struct pci_dev *d
cap = pci_find_capability(dev, PCI_CAP_ID_VPD);
if (!cap)
return -ENODEV;
- if (dev->dev_flags & PCI_DEV_FLAGS_VPD_REF_F0) {
- int ret = pci_vpd_f0_dev_check(dev);
- if (ret)
- return ret;
- }
vpd = kzalloc(sizeof(*vpd), GFP_ATOMIC);
if (!vpd)
return -ENOMEM;
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -1906,11 +1906,27 @@ static void quirk_netmos(struct pci_dev
DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_NETMOS, PCI_ANY_ID,
PCI_CLASS_COMMUNICATION_SERIAL, 8, quirk_netmos);
+/*
+ * Quirk non-zero PCI functions to route VPD access through function 0 for
+ * devices that share VPD resources between functions. The functions are
+ * expected to be identical devices.
+ */
static void quirk_f0_vpd_link(struct pci_dev *dev)
{
- if (!dev->multifunction || !PCI_FUNC(dev->devfn))
+ struct pci_dev *f0;
+
+ if (!PCI_FUNC(dev->devfn))
+ return;
+
+ f0 = pci_get_slot(dev->bus, PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
+ if (!f0)
return;
- dev->dev_flags |= PCI_DEV_FLAGS_VPD_REF_F0;
+
+ if (f0->vpd && dev->class == f0->class &&
+ dev->vendor == f0->vendor && dev->device == f0->device)
+ dev->dev_flags |= PCI_DEV_FLAGS_VPD_REF_F0;
+
+ pci_dev_put(f0);
}
DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_INTEL, PCI_ANY_ID,
PCI_CLASS_NETWORK_ETHERNET, 8, quirk_f0_vpd_link);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 109/258] PCI: Clear IORESOURCE_UNSET when clipping a bridge window
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 108/258] PCI: Use function 0 VPD for identical functions, regular VPD for others Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 110/258] dm thin: disable discard support for thin devices if pools is disabled Greg Kroah-Hartman
` (133 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Pieralisi, Bjorn Helgaas,
Yinghai Lu
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Helgaas <bhelgaas@google.com>
commit b838b39e930aa1cfd099ea82ac40ed6d6413af26 upstream.
c770cb4cb505 ("PCI: Mark invalid BARs as unassigned") sets IORESOURCE_UNSET
if we fail to claim a resource. If we tried to claim a bridge window,
failed, clipped the window, and tried to claim the clipped window, we
failed again because of IORESOURCE_UNSET:
pci_bus 0000:00: root bus resource [mem 0xc0000000-0xffffffff window]
pci 0000:00:01.0: can't claim BAR 15 [mem 0xbdf00000-0xddefffff 64bit pref]: no compatible bridge window
pci 0000:00:01.0: [mem size 0x20000000 64bit pref] clipped to [mem size 0x1df00000 64bit pref]
pci 0000:00:01.0: bridge window [mem size 0x1df00000 64bit pref]
pci 0000:00:01.0: can't claim BAR 15 [mem size 0x1df00000 64bit pref]: no address assigned
The 00:01.0 window started as [mem 0xbdf00000-0xddefffff 64bit pref]. That
starts before the host bridge window [mem 0xc0000000-0xffffffff window], so
we clipped the 00:01.0 window to [mem 0xc0000000-0xddefffff 64bit pref].
But we left it marked IORESOURCE_UNSET, so the second claim failed when it
should have succeeded.
This means downstream devices will also fail for lack of resources, e.g.,
in the bugzilla below,
radeon 0000:01:00.0: Fatal error during GPU init
Clear IORESOURCE_UNSET when we clip a bridge window. Also clear
IORESOURCE_UNSET in our copy of the unclipped window so we can see exactly
what the original window was and how it now fits inside the upstream
window.
Fixes: c770cb4cb505 ("PCI: Mark invalid BARs as unassigned")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=85491#c47
Based-on-patch-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Based-on-patch-by: Yinghai Lu <yinghai@kernel.org>
Tested-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/bus.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/bus.c
+++ b/drivers/pci/bus.c
@@ -256,6 +256,8 @@ bool pci_bus_clip_resource(struct pci_de
res->start = start;
res->end = end;
+ res->flags &= ~IORESOURCE_UNSET;
+ orig_res.flags &= ~IORESOURCE_UNSET;
dev_printk(KERN_DEBUG, &dev->dev, "%pR clipped to %pR\n",
&orig_res, res);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 110/258] dm thin: disable discard support for thin devices if pools is disabled
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 109/258] PCI: Clear IORESOURCE_UNSET when clipping a bridge window Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 111/258] dm crypt: constrain crypt devices max_segment_size to PAGE_SIZE Greg Kroah-Hartman
` (132 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mike Snitzer
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Snitzer <snitzer@redhat.com>
commit 216076705d6ac291d42e0f8dd85e6a0da98c0fa3 upstream.
If the pool is configured with 'ignore_discard' its discard support is
disabled. The pool's thin devices should also have queue_limits that
reflect discards are disabled.
Fixes: 34fbcf62 ("dm thin: range discard support")
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-thin.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -4333,6 +4333,10 @@ static void thin_io_hints(struct dm_targ
{
struct thin_c *tc = ti->private;
struct pool *pool = tc->pool;
+ struct queue_limits *pool_limits = dm_get_queue_limits(pool->pool_md);
+
+ if (!pool_limits->discard_granularity)
+ return; /* pool's discard support is disabled */
limits->discard_granularity = pool->sectors_per_block << SECTOR_SHIFT;
limits->max_discard_sectors = 2048 * 1024 * 16; /* 16G */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 111/258] dm crypt: constrain crypt devices max_segment_size to PAGE_SIZE
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 110/258] dm thin: disable discard support for thin devices if pools is disabled Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 112/258] ath10k: fix dma_mapping_error() handling Greg Kroah-Hartman
` (131 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Moyer, Mike Snitzer
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Snitzer <snitzer@redhat.com>
commit 586b286b110e94eb31840ac5afc0c24e0881fe34 upstream.
Setting the dm-crypt device's max_segment_size to PAGE_SIZE is an
unfortunate constraint that is required to avoid the potential for
exceeding dm-crypt's underlying device's max_segments limits -- due to
crypt_alloc_buffer() possibly allocating pages for the encryption bio
that are not as physically contiguous as the original bio.
It is interesting to note that this problem was already fixed back in
2007 via commit 91e106259 ("dm crypt: use bio_add_page"). But Linux 4.0
commit cf2f1abfb ("dm crypt: don't allocate pages for a partial
request") regressed dm-crypt back to _not_ using bio_add_page(). But
given dm-crypt's cpu parallelization changes all depend on commit
cf2f1abfb's abandoning of the more complex io fragments processing that
dm-crypt previously had we cannot easily go back to using
bio_add_page().
So all said the cleanest way to resolve this issue is to fix dm-crypt to
properly constrain the original bios entering dm-crypt so the encryption
bios that dm-crypt generates from the original bios are always
compatible with the underlying device's max_segments queue limits.
It should be noted that technically Linux 4.3 does _not_ need this fix
because of the block core's new late bio-splitting capability. But, it
is reasoned, there is little to be gained by having the block core split
the encrypted bio that is composed of PAGE_SIZE segments. That said, in
the future we may revert this change.
Fixes: cf2f1abfb ("dm crypt: don't allocate pages for a partial request")
Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=104421
Suggested-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-crypt.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -968,7 +968,8 @@ static void crypt_free_buffer_pages(stru
/*
* Generate a new unfragmented bio with the given size
- * This should never violate the device limitations
+ * This should never violate the device limitations (but only because
+ * max_segment_size is being constrained to PAGE_SIZE).
*
* This function may be called concurrently. If we allocate from the mempool
* concurrently, there is a possibility of deadlock. For example, if we have
@@ -2058,9 +2059,20 @@ static int crypt_iterate_devices(struct
return fn(ti, cc->dev, cc->start, ti->len, data);
}
+static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits)
+{
+ /*
+ * Unfortunate constraint that is required to avoid the potential
+ * for exceeding underlying device's max_segments limits -- due to
+ * crypt_alloc_buffer() possibly allocating pages for the encryption
+ * bio that are not as physically contiguous as the original bio.
+ */
+ limits->max_segment_size = PAGE_SIZE;
+}
+
static struct target_type crypt_target = {
.name = "crypt",
- .version = {1, 14, 0},
+ .version = {1, 14, 1},
.module = THIS_MODULE,
.ctr = crypt_ctr,
.dtr = crypt_dtr,
@@ -2072,6 +2084,7 @@ static struct target_type crypt_target =
.message = crypt_message,
.merge = crypt_merge,
.iterate_devices = crypt_iterate_devices,
+ .io_hints = crypt_io_hints,
};
static int __init dm_crypt_init(void)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 112/258] ath10k: fix dma_mapping_error() handling
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 111/258] dm crypt: constrain crypt devices max_segment_size to PAGE_SIZE Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 113/258] svcrdma: Fix send_reply() scatter/gather set-up Greg Kroah-Hartman
` (130 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Michal Kazior,
Kalle Valo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kazior <michal.kazior@tieto.com>
commit 5e55e3cbd1042cffa6249f22c10585e63f8a29bf upstream.
The function returns 1 when DMA mapping fails. The
driver would return bogus values and could
possibly confuse itself if DMA failed.
Fixes: 767d34fc67af ("ath10k: remove DMA mapping wrappers")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/htc.c | 4 +++-
drivers/net/wireless/ath/ath10k/htt_tx.c | 8 ++++++--
drivers/net/wireless/ath/ath10k/pci.c | 8 ++++++--
drivers/net/wireless/ath/ath10k/wmi.c | 1 +
4 files changed, 16 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/ath/ath10k/htc.c
+++ b/drivers/net/wireless/ath/ath10k/htc.c
@@ -145,8 +145,10 @@ int ath10k_htc_send(struct ath10k_htc *h
skb_cb->eid = eid;
skb_cb->paddr = dma_map_single(dev, skb->data, skb->len, DMA_TO_DEVICE);
ret = dma_mapping_error(dev, skb_cb->paddr);
- if (ret)
+ if (ret) {
+ ret = -EIO;
goto err_credits;
+ }
sg_item.transfer_id = ep->eid;
sg_item.transfer_context = skb;
--- a/drivers/net/wireless/ath/ath10k/htt_tx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
@@ -371,8 +371,10 @@ int ath10k_htt_mgmt_tx(struct ath10k_htt
skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
DMA_TO_DEVICE);
res = dma_mapping_error(dev, skb_cb->paddr);
- if (res)
+ if (res) {
+ res = -EIO;
goto err_free_txdesc;
+ }
skb_put(txdesc, len);
cmd = (struct htt_cmd *)txdesc->data;
@@ -456,8 +458,10 @@ int ath10k_htt_tx(struct ath10k_htt *htt
skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
DMA_TO_DEVICE);
res = dma_mapping_error(dev, skb_cb->paddr);
- if (res)
+ if (res) {
+ res = -EIO;
goto err_free_txbuf;
+ }
switch (skb_cb->txmode) {
case ATH10K_HW_TXRX_RAW:
--- a/drivers/net/wireless/ath/ath10k/pci.c
+++ b/drivers/net/wireless/ath/ath10k/pci.c
@@ -1546,8 +1546,10 @@ static int ath10k_pci_hif_exchange_bmi_m
req_paddr = dma_map_single(ar->dev, treq, req_len, DMA_TO_DEVICE);
ret = dma_mapping_error(ar->dev, req_paddr);
- if (ret)
+ if (ret) {
+ ret = -EIO;
goto err_dma;
+ }
if (resp && resp_len) {
tresp = kzalloc(*resp_len, GFP_KERNEL);
@@ -1559,8 +1561,10 @@ static int ath10k_pci_hif_exchange_bmi_m
resp_paddr = dma_map_single(ar->dev, tresp, *resp_len,
DMA_FROM_DEVICE);
ret = dma_mapping_error(ar->dev, resp_paddr);
- if (ret)
+ if (ret) {
+ ret = EIO;
goto err_req;
+ }
xfer.wait_for_resp = true;
xfer.resp_len = 0;
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -2391,6 +2391,7 @@ void ath10k_wmi_event_host_swba(struct a
ath10k_warn(ar, "failed to map beacon: %d\n",
ret);
dev_kfree_skb_any(bcn);
+ ret = -EIO;
goto skip;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 113/258] svcrdma: Fix send_reply() scatter/gather set-up
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 112/258] ath10k: fix dma_mapping_error() handling Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 114/258] staging: ion: fix corruption of ion_import_dma_buf Greg Kroah-Hartman
` (129 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chuck Lever, J. Bruce Fields
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
commit 9d11b51ce7c150a69e761e30518f294fc73d55ff upstream.
The Linux NFS server returns garbage in the data payload of inline
NFS/RDMA READ replies. These are READs of under 1000 bytes or so
where the client has not provided either a reply chunk or a write
list.
The NFS server delivers the data payload for an NFS READ reply to
the transport in an xdr_buf page list. If the NFS client did not
provide a reply chunk or a write list, send_reply() is supposed to
set up a separate sge for the page containing the READ data, and
another sge for XDR padding if needed, then post all of the sges via
a single SEND Work Request.
The problem is send_reply() does not advance through the xdr_buf
when setting up scatter/gather entries for SEND WR. It always calls
dma_map_xdr with xdr_off set to zero. When there's more than one
sge, dma_map_xdr() sets up the SEND sge's so they all point to the
xdr_buf's head.
The current Linux NFS/RDMA client always provides a reply chunk or
a write list when performing an NFS READ over RDMA. Therefore, it
does not exercise this particular case. The Linux server has never
had to use more than one extra sge for building RPC/RDMA replies
with a Linux client.
However, an NFS/RDMA client _is_ allowed to send small NFS READs
without setting up a write list or reply chunk. The NFS READ reply
fits entirely within the inline reply buffer in this case. This is
perhaps a more efficient way of performing NFS READs that the Linux
NFS/RDMA client may some day adopt.
Fixes: b432e6b3d9c1 ('svcrdma: Change DMA mapping logic to . . .')
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=285
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/xprtrdma/svc_rdma_sendto.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
@@ -384,6 +384,7 @@ static int send_reply(struct svcxprt_rdm
int byte_count)
{
struct ib_send_wr send_wr;
+ u32 xdr_off;
int sge_no;
int sge_bytes;
int page_no;
@@ -418,8 +419,8 @@ static int send_reply(struct svcxprt_rdm
ctxt->direction = DMA_TO_DEVICE;
/* Map the payload indicated by 'byte_count' */
+ xdr_off = 0;
for (sge_no = 1; byte_count && sge_no < vec->count; sge_no++) {
- int xdr_off = 0;
sge_bytes = min_t(size_t, vec->sge[sge_no].iov_len, byte_count);
byte_count -= sge_bytes;
ctxt->sge[sge_no].addr =
@@ -457,6 +458,13 @@ static int send_reply(struct svcxprt_rdm
}
rqstp->rq_next_page = rqstp->rq_respages + 1;
+ /* The loop above bumps sc_dma_used for each sge. The
+ * xdr_buf.tail gets a separate sge, but resides in the
+ * same page as xdr_buf.head. Don't count it twice.
+ */
+ if (sge_no > ctxt->count)
+ atomic_dec(&rdma->sc_dma_used);
+
if (sge_no > rdma->sc_max_sge) {
pr_err("svcrdma: Too many sges (%d)\n", sge_no);
goto err;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 114/258] staging: ion: fix corruption of ion_import_dma_buf
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 113/258] svcrdma: Fix send_reply() scatter/gather set-up Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 115/258] USB: option: add ZTE PIDs Greg Kroah-Hartman
` (128 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shawn Lin, Laura Abbott
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shawn Lin <shawn.lin@rock-chips.com>
commit 6fa92e2bcf6390e64895b12761e851c452d87bd8 upstream.
we found this issue but still exit in lastest kernel. Simply
keep ion_handle_create under mutex_lock to avoid this race.
WARNING: CPU: 2 PID: 2648 at drivers/staging/android/ion/ion.c:512 ion_handle_add+0xb4/0xc0()
ion_handle_add: buffer already found.
Modules linked in: iwlmvm iwlwifi mac80211 cfg80211 compat
CPU: 2 PID: 2648 Comm: TimedEventQueue Tainted: G W 3.14.0 #7
00000000 00000000 9a3efd2c 80faf273 9a3efd6c 9a3efd5c 80935dc9 811d7fd3
9a3efd88 00000a58 812208a0 00000200 80e128d4 80e128d4 8d4ae00c a8cd8600
a8cd8094 9a3efd74 80935e0e 00000009 9a3efd6c 811d7fd3 9a3efd88 9a3efd9c
Call Trace:
[<80faf273>] dump_stack+0x48/0x69
[<80935dc9>] warn_slowpath_common+0x79/0x90
[<80e128d4>] ? ion_handle_add+0xb4/0xc0
[<80e128d4>] ? ion_handle_add+0xb4/0xc0
[<80935e0e>] warn_slowpath_fmt+0x2e/0x30
[<80e128d4>] ion_handle_add+0xb4/0xc0
[<80e144cc>] ion_import_dma_buf+0x8c/0x110
[<80c517c4>] reg_init+0x364/0x7d0
[<80993363>] ? futex_wait+0x123/0x210
[<80992e0e>] ? get_futex_key+0x16e/0x1e0
[<8099308f>] ? futex_wake+0x5f/0x120
[<80c51e19>] vpu_service_ioctl+0x1e9/0x500
[<80994aec>] ? do_futex+0xec/0x8e0
[<80971080>] ? prepare_to_wait_event+0xc0/0xc0
[<80c51c30>] ? reg_init+0x7d0/0x7d0
[<80a22562>] do_vfs_ioctl+0x2d2/0x4c0
[<80b198ad>] ? inode_has_perm.isra.41+0x2d/0x40
[<80b199cf>] ? file_has_perm+0x7f/0x90
[<80b1a5f7>] ? selinux_file_ioctl+0x47/0xf0
[<80a227a8>] SyS_ioctl+0x58/0x80
[<80fb45e8>] syscall_call+0x7/0x7
[<80fb0000>] ? mmc_do_calc_max_discard+0xab/0xe4
Fixes: 83271f626 ("ion: hold reference to handle...")
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Reviewed-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/android/ion/ion.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/staging/android/ion/ion.c
+++ b/drivers/staging/android/ion/ion.c
@@ -1179,13 +1179,13 @@ struct ion_handle *ion_import_dma_buf(st
mutex_unlock(&client->lock);
goto end;
}
- mutex_unlock(&client->lock);
handle = ion_handle_create(client, buffer);
- if (IS_ERR(handle))
+ if (IS_ERR(handle)) {
+ mutex_unlock(&client->lock);
goto end;
+ }
- mutex_lock(&client->lock);
ret = ion_handle_add(client, handle);
mutex_unlock(&client->lock);
if (ret) {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 115/258] USB: option: add ZTE PIDs
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 114/258] staging: ion: fix corruption of ion_import_dma_buf Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 116/258] md/raid0: update queue parameter in a safer location Greg Kroah-Hartman
` (127 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liu.Zhao, Johan Hovold
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Liu.Zhao" <lzsos369@163.com>
commit 19ab6bc5674a30fdb6a2436b068d19a3c17dc73e upstream.
This is intended to add ZTE device PIDs on kernel.
Signed-off-by: Liu.Zhao <lzsos369@163.com>
[johan: sort the new entries ]
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -278,6 +278,10 @@ static void option_instat_callback(struc
#define ZTE_PRODUCT_MF622 0x0001
#define ZTE_PRODUCT_MF628 0x0015
#define ZTE_PRODUCT_MF626 0x0031
+#define ZTE_PRODUCT_ZM8620_X 0x0396
+#define ZTE_PRODUCT_ME3620_MBIM 0x0426
+#define ZTE_PRODUCT_ME3620_X 0x1432
+#define ZTE_PRODUCT_ME3620_L 0x1433
#define ZTE_PRODUCT_AC2726 0xfff1
#define ZTE_PRODUCT_MG880 0xfffd
#define ZTE_PRODUCT_CDMA_TECH 0xfffe
@@ -544,6 +548,18 @@ static const struct option_blacklist_inf
.sendsetup = BIT(1) | BIT(2) | BIT(3),
};
+static const struct option_blacklist_info zte_me3620_mbim_blacklist = {
+ .reserved = BIT(2) | BIT(3) | BIT(4),
+};
+
+static const struct option_blacklist_info zte_me3620_xl_blacklist = {
+ .reserved = BIT(3) | BIT(4) | BIT(5),
+};
+
+static const struct option_blacklist_info zte_zm8620_x_blacklist = {
+ .reserved = BIT(3) | BIT(4) | BIT(5),
+};
+
static const struct option_blacklist_info huawei_cdc12_blacklist = {
.reserved = BIT(1) | BIT(2),
};
@@ -1591,6 +1607,14 @@ static const struct usb_device_id option
.driver_info = (kernel_ulong_t)&zte_ad3812_z_blacklist },
{ USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MC2716, 0xff, 0xff, 0xff),
.driver_info = (kernel_ulong_t)&zte_mc2716_z_blacklist },
+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_L),
+ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist },
+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_MBIM),
+ .driver_info = (kernel_ulong_t)&zte_me3620_mbim_blacklist },
+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_X),
+ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist },
+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ZM8620_X),
+ .driver_info = (kernel_ulong_t)&zte_zm8620_x_blacklist },
{ USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x01) },
{ USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x05) },
{ USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x86, 0x10) },
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 116/258] md/raid0: update queue parameter in a safer location.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 115/258] USB: option: add ZTE PIDs Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 117/258] md/raid0: apply base queue limits *before* disk_stack_limits Greg Kroah-Hartman
` (126 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yi Zhang, NeilBrown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.com>
commit 199dc6ed5179251fa6158a461499c24bdd99c836 upstream.
When a (e.g.) RAID5 array is reshaped to RAID0, the updating
of queue parameters (e.g. max number of sectors per bio) is
done in the wrong place.
It should be part of ->run, but it is actually part of ->takeover.
This means it happens before level_store() calls:
blk_set_stacking_limits(&mddev->queue->limits);
and so it ineffective. This can lead to errors from underlying
devices.
So move all the relevant settings out of create_stripe_zones()
and into raid0_run().
As this can lead to a bug-on it is suitable for any -stable
kernel which supports reshape to RAID0. So 2.6.35 or later.
As the bug has been present for five years there is no urgency,
so no need to rush into -stable.
Fixes: 9af204cf720c ("md: Add support for Raid5->Raid0 and Raid10->Raid0 takeover")
Reported-by: Yi Zhang <yizhan@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid0.c | 75 +++++++++++++++++++++++++++--------------------------
1 file changed, 39 insertions(+), 36 deletions(-)
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -83,7 +83,7 @@ static int create_strip_zones(struct mdd
char b[BDEVNAME_SIZE];
char b2[BDEVNAME_SIZE];
struct r0conf *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
- bool discard_supported = false;
+ unsigned short blksize = 512;
if (!conf)
return -ENOMEM;
@@ -98,6 +98,9 @@ static int create_strip_zones(struct mdd
sector_div(sectors, mddev->chunk_sectors);
rdev1->sectors = sectors * mddev->chunk_sectors;
+ blksize = max(blksize, queue_logical_block_size(
+ rdev1->bdev->bd_disk->queue));
+
rdev_for_each(rdev2, mddev) {
pr_debug("md/raid0:%s: comparing %s(%llu)"
" with %s(%llu)\n",
@@ -134,6 +137,18 @@ static int create_strip_zones(struct mdd
}
pr_debug("md/raid0:%s: FINAL %d zones\n",
mdname(mddev), conf->nr_strip_zones);
+ /*
+ * now since we have the hard sector sizes, we can make sure
+ * chunk size is a multiple of that sector size
+ */
+ if ((mddev->chunk_sectors << 9) % blksize) {
+ printk(KERN_ERR "md/raid0:%s: chunk_size of %d not multiple of block size %d\n",
+ mdname(mddev),
+ mddev->chunk_sectors << 9, blksize);
+ err = -EINVAL;
+ goto abort;
+ }
+
err = -ENOMEM;
conf->strip_zone = kzalloc(sizeof(struct strip_zone)*
conf->nr_strip_zones, GFP_KERNEL);
@@ -188,19 +203,12 @@ static int create_strip_zones(struct mdd
}
dev[j] = rdev1;
- if (mddev->queue)
- disk_stack_limits(mddev->gendisk, rdev1->bdev,
- rdev1->data_offset << 9);
-
if (rdev1->bdev->bd_disk->queue->merge_bvec_fn)
conf->has_merge_bvec = 1;
if (!smallest || (rdev1->sectors < smallest->sectors))
smallest = rdev1;
cnt++;
-
- if (blk_queue_discard(bdev_get_queue(rdev1->bdev)))
- discard_supported = true;
}
if (cnt != mddev->raid_disks) {
printk(KERN_ERR "md/raid0:%s: too few disks (%d of %d) - "
@@ -261,28 +269,6 @@ static int create_strip_zones(struct mdd
(unsigned long long)smallest->sectors);
}
- /*
- * now since we have the hard sector sizes, we can make sure
- * chunk size is a multiple of that sector size
- */
- if ((mddev->chunk_sectors << 9) % queue_logical_block_size(mddev->queue)) {
- printk(KERN_ERR "md/raid0:%s: chunk_size of %d not valid\n",
- mdname(mddev),
- mddev->chunk_sectors << 9);
- goto abort;
- }
-
- if (mddev->queue) {
- blk_queue_io_min(mddev->queue, mddev->chunk_sectors << 9);
- blk_queue_io_opt(mddev->queue,
- (mddev->chunk_sectors << 9) * mddev->raid_disks);
-
- if (!discard_supported)
- queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
- else
- queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
- }
-
pr_debug("md/raid0:%s: done.\n", mdname(mddev));
*private_conf = conf;
@@ -433,12 +419,6 @@ static int raid0_run(struct mddev *mddev
if (md_check_no_bitmap(mddev))
return -EINVAL;
- if (mddev->queue) {
- blk_queue_max_hw_sectors(mddev->queue, mddev->chunk_sectors);
- blk_queue_max_write_same_sectors(mddev->queue, mddev->chunk_sectors);
- blk_queue_max_discard_sectors(mddev->queue, mddev->chunk_sectors);
- }
-
/* if private is not null, we are here after takeover */
if (mddev->private == NULL) {
ret = create_strip_zones(mddev, &conf);
@@ -447,6 +427,29 @@ static int raid0_run(struct mddev *mddev
mddev->private = conf;
}
conf = mddev->private;
+ if (mddev->queue) {
+ struct md_rdev *rdev;
+ bool discard_supported = false;
+
+ rdev_for_each(rdev, mddev) {
+ disk_stack_limits(mddev->gendisk, rdev->bdev,
+ rdev->data_offset << 9);
+ if (blk_queue_discard(bdev_get_queue(rdev->bdev)))
+ discard_supported = true;
+ }
+ blk_queue_max_hw_sectors(mddev->queue, mddev->chunk_sectors);
+ blk_queue_max_write_same_sectors(mddev->queue, mddev->chunk_sectors);
+ blk_queue_max_discard_sectors(mddev->queue, mddev->chunk_sectors);
+
+ blk_queue_io_min(mddev->queue, mddev->chunk_sectors << 9);
+ blk_queue_io_opt(mddev->queue,
+ (mddev->chunk_sectors << 9) * mddev->raid_disks);
+
+ if (!discard_supported)
+ queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
+ else
+ queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
+ }
/* calculate array device size */
md_set_array_sectors(mddev, raid0_size(mddev, 0, 0));
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 117/258] md/raid0: apply base queue limits *before* disk_stack_limits
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 116/258] md/raid0: update queue parameter in a safer location Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 118/258] dm raid: fix round up of default region size Greg Kroah-Hartman
` (125 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jes Sorensen, NeilBrown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.com>
commit 66eefe5de11db1e0d8f2edc3880d50e7c36a9d43 upstream.
Calling e.g. blk_queue_max_hw_sectors() after calls to
disk_stack_limits() discards the settings determined by
disk_stack_limits().
So we need to make those calls first.
Fixes: 199dc6ed5179 ("md/raid0: update queue parameter in a safer location.")
Reported-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid0.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -431,12 +431,6 @@ static int raid0_run(struct mddev *mddev
struct md_rdev *rdev;
bool discard_supported = false;
- rdev_for_each(rdev, mddev) {
- disk_stack_limits(mddev->gendisk, rdev->bdev,
- rdev->data_offset << 9);
- if (blk_queue_discard(bdev_get_queue(rdev->bdev)))
- discard_supported = true;
- }
blk_queue_max_hw_sectors(mddev->queue, mddev->chunk_sectors);
blk_queue_max_write_same_sectors(mddev->queue, mddev->chunk_sectors);
blk_queue_max_discard_sectors(mddev->queue, mddev->chunk_sectors);
@@ -445,6 +439,12 @@ static int raid0_run(struct mddev *mddev
blk_queue_io_opt(mddev->queue,
(mddev->chunk_sectors << 9) * mddev->raid_disks);
+ rdev_for_each(rdev, mddev) {
+ disk_stack_limits(mddev->gendisk, rdev->bdev,
+ rdev->data_offset << 9);
+ if (blk_queue_discard(bdev_get_queue(rdev->bdev)))
+ discard_supported = true;
+ }
if (!discard_supported)
queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
else
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 118/258] dm raid: fix round up of default region size
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 117/258] md/raid0: apply base queue limits *before* disk_stack_limits Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 119/258] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n Greg Kroah-Hartman
` (124 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Mike Snitzer
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 042745ee53a0a7c1f5aff191a4a24213c6dcfb52 upstream.
Commit 3a0f9aaee028 ("dm raid: round region_size to power of two")
intended to make sure that the default region size is a power of two.
However, the logic in that commit is incorrect and sets the variable
region_size to 0 or 1, depending on whether min_region_size is a power
of two.
Fix this logic, using roundup_pow_of_two(), so that region_size is
properly rounded up to the next power of two.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: 3a0f9aaee028 ("dm raid: round region_size to power of two")
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-raid.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -329,8 +329,7 @@ static int validate_region_size(struct r
*/
if (min_region_size > (1 << 13)) {
/* If not a power of 2, make it the next power of 2 */
- if (min_region_size & (min_region_size - 1))
- region_size = 1 << fls(region_size);
+ region_size = roundup_pow_of_two(min_region_size);
DMINFO("Choosing default region size of %lu sectors",
region_size);
} else {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 119/258] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 118/258] dm raid: fix round up of default region size Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 120/258] netfilter: nfnetlink: work around wrong endianess in res_id field Greg Kroah-Hartman
` (123 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bernhard Thaler, Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bernhard Thaler <bernhard.thaler@wvnet.at>
commit 18e1db67e93ed75d9dc0d34c8d783ccf10547c2b upstream.
230ac490f7fba introduced a dependency to CONFIG_IPV6 which breaks bridging
of IPv6 packets on a bridge with CONFIG_IPV6=n.
Sysctl entry /proc/sys/net/bridge/bridge-nf-call-ip6tables defaults to 1,
for this reason packets are handled by br_nf_pre_routing_ipv6(). When compiled
with CONFIG_IPV6=n this function returns NF_DROP but should return NF_ACCEPT
to let packets through.
Change CONFIG_IPV6=n br_nf_pre_routing_ipv6() return value to NF_ACCEPT.
Tested with a simple bridge with two interfaces and IPv6 packets trying
to pass from host on left side to host on right side of the bridge.
Fixes: 230ac490f7fba ("netfilter: bridge: split ipv6 code into separated file")
Signed-off-by: Bernhard Thaler <bernhard.thaler@wvnet.at>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/netfilter/br_netfilter.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/net/netfilter/br_netfilter.h
+++ b/include/net/netfilter/br_netfilter.h
@@ -59,7 +59,7 @@ static inline unsigned int
br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return NF_DROP;
+ return NF_ACCEPT;
}
#endif
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 120/258] netfilter: nfnetlink: work around wrong endianess in res_id field
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 119/258] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 121/258] netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg() Greg Kroah-Hartman
` (122 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit a9de9777d613500b089a7416f936bf3ae5f070d2 upstream.
The convention in nfnetlink is to use network byte order in every header field
as well as in the attribute payload. The initial version of the batching
infrastructure assumes that res_id comes in host byte order though.
The only client of the batching infrastructure is nf_tables, so let's add a
workaround to address this inconsistency. We currently have 11 nfnetlink
subsystems according to NFNL_SUBSYS_COUNT, so we can assume that the subsystem
2560, ie. htons(10), will not be allocated anytime soon, so it can be an alias
of nf_tables from the nfnetlink batching path when interpreting the res_id
field.
Based on original patch from Florian Westphal.
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nfnetlink.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -444,6 +444,7 @@ done:
static void nfnetlink_rcv(struct sk_buff *skb)
{
struct nlmsghdr *nlh = nlmsg_hdr(skb);
+ u_int16_t res_id;
int msglen;
if (nlh->nlmsg_len < NLMSG_HDRLEN ||
@@ -468,7 +469,12 @@ static void nfnetlink_rcv(struct sk_buff
nfgenmsg = nlmsg_data(nlh);
skb_pull(skb, msglen);
- nfnetlink_rcv_batch(skb, nlh, nfgenmsg->res_id);
+ /* Work around old nft using host byte order */
+ if (nfgenmsg->res_id == NFNL_SUBSYS_NFTABLES)
+ res_id = NFNL_SUBSYS_NFTABLES;
+ else
+ res_id = ntohs(nfgenmsg->res_id);
+ nfnetlink_rcv_batch(skb, nlh, res_id);
} else {
netlink_rcv_skb(skb, &nfnetlink_rcv_msg);
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 121/258] netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 120/258] netfilter: nfnetlink: work around wrong endianess in res_id field Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 122/258] netfilter: ipset: Out of bound access in hash:net* types fixed Greg Kroah-Hartman
` (121 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Schultz, Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit bf798657eb5ba57552096843c315f096fdf9b715 upstream.
nft_type_to_reg() needs to return the register in the new 32 bit addressing,
otherwise we hit EINVAL when using mappings.
Fixes: 49499c3 ("netfilter: nf_tables: switch registers to 32 bit addressing")
Reported-by: Andreas Schultz <aschultz@tpip.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/netfilter/nf_tables.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -125,7 +125,7 @@ static inline enum nft_data_types nft_dr
static inline enum nft_registers nft_type_to_reg(enum nft_data_types type)
{
- return type == NFT_DATA_VERDICT ? NFT_REG_VERDICT : NFT_REG_1;
+ return type == NFT_DATA_VERDICT ? NFT_REG_VERDICT : NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE;
}
unsigned int nft_parse_register(const struct nlattr *attr);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 122/258] netfilter: ipset: Out of bound access in hash:net* types fixed
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 121/258] netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg() Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 123/258] netfilter: ipset: Fixing unnamed union init Greg Kroah-Hartman
` (120 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jozsef Kadlecsik
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
commit 6fe7ccfd77415a6ba250c10c580eb3f9acf79753 upstream.
Dave Jones reported that KASan detected out of bounds access in hash:net*
types:
[ 23.139532] ==================================================================
[ 23.146130] BUG: KASan: out of bounds access in hash_net4_add_cidr+0x1db/0x220 at addr ffff8800d4844b58
[ 23.152937] Write of size 4 by task ipset/457
[ 23.159742] =============================================================================
[ 23.166672] BUG kmalloc-512 (Not tainted): kasan: bad access detected
[ 23.173641] -----------------------------------------------------------------------------
[ 23.194668] INFO: Allocated in hash_net_create+0x16a/0x470 age=7 cpu=1 pid=456
[ 23.201836] __slab_alloc.constprop.66+0x554/0x620
[ 23.208994] __kmalloc+0x2f2/0x360
[ 23.216105] hash_net_create+0x16a/0x470
[ 23.223238] ip_set_create+0x3e6/0x740
[ 23.230343] nfnetlink_rcv_msg+0x599/0x640
[ 23.237454] netlink_rcv_skb+0x14f/0x190
[ 23.244533] nfnetlink_rcv+0x3f6/0x790
[ 23.251579] netlink_unicast+0x272/0x390
[ 23.258573] netlink_sendmsg+0x5a1/0xa50
[ 23.265485] SYSC_sendto+0x1da/0x2c0
[ 23.272364] SyS_sendto+0xe/0x10
[ 23.279168] entry_SYSCALL_64_fastpath+0x12/0x6f
The bug is fixed in the patch and the testsuite is extended in ipset
to check cidr handling more thoroughly.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_hash_gen.h | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -152,9 +152,13 @@ htable_bits(u32 hashsize)
#define SET_HOST_MASK(family) (family == AF_INET ? 32 : 128)
#ifdef IP_SET_HASH_WITH_NET0
+/* cidr from 0 to SET_HOST_MASK() value and c = cidr + 1 */
#define NLEN(family) (SET_HOST_MASK(family) + 1)
+#define CIDR_POS(c) ((c) - 1)
#else
+/* cidr from 1 to SET_HOST_MASK() value and c = cidr + 1 */
#define NLEN(family) SET_HOST_MASK(family)
+#define CIDR_POS(c) ((c) - 2)
#endif
#else
@@ -305,7 +309,7 @@ mtype_add_cidr(struct htype *h, u8 cidr,
} else if (h->nets[i].cidr[n] < cidr) {
j = i;
} else if (h->nets[i].cidr[n] == cidr) {
- h->nets[cidr - 1].nets[n]++;
+ h->nets[CIDR_POS(cidr)].nets[n]++;
return;
}
}
@@ -314,7 +318,7 @@ mtype_add_cidr(struct htype *h, u8 cidr,
h->nets[i].cidr[n] = h->nets[i - 1].cidr[n];
}
h->nets[i].cidr[n] = cidr;
- h->nets[cidr - 1].nets[n] = 1;
+ h->nets[CIDR_POS(cidr)].nets[n] = 1;
}
static void
@@ -325,8 +329,8 @@ mtype_del_cidr(struct htype *h, u8 cidr,
for (i = 0; i < nets_length; i++) {
if (h->nets[i].cidr[n] != cidr)
continue;
- h->nets[cidr - 1].nets[n]--;
- if (h->nets[cidr - 1].nets[n] > 0)
+ h->nets[CIDR_POS(cidr)].nets[n]--;
+ if (h->nets[CIDR_POS(cidr)].nets[n] > 0)
return;
for (j = i; j < net_end && h->nets[j].cidr[n]; j++)
h->nets[j].cidr[n] = h->nets[j + 1].cidr[n];
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 123/258] netfilter: ipset: Fixing unnamed union init
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 122/258] netfilter: ipset: Out of bound access in hash:net* types fixed Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 124/258] netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths Greg Kroah-Hartman
` (119 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Elad Raz, Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Elad Raz <eladr@mellanox.com>
commit 96be5f2806cd65a2ebced3bfcdf7df0116e6c4a6 upstream.
In continue to proposed Vinson Lee's post [1], this patch fixes compilation
issues founded at gcc 4.4.7. The initialization of .cidr field of unnamed
unions causes compilation error in gcc 4.4.x.
References
Visible links
[1] https://lkml.org/lkml/2015/7/5/74
Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_hash_netnet.c | 20 ++++++++++++++++++--
net/netfilter/ipset/ip_set_hash_netportnet.c | 20 ++++++++++++++++++--
2 files changed, 36 insertions(+), 4 deletions(-)
--- a/net/netfilter/ipset/ip_set_hash_netnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netnet.c
@@ -131,6 +131,13 @@ hash_netnet4_data_next(struct hash_netne
#define HOST_MASK 32
#include "ip_set_hash_gen.h"
+static void
+hash_netnet4_init(struct hash_netnet4_elem *e)
+{
+ e->cidr[0] = HOST_MASK;
+ e->cidr[1] = HOST_MASK;
+}
+
static int
hash_netnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
const struct xt_action_param *par,
@@ -160,7 +167,7 @@ hash_netnet4_uadt(struct ip_set *set, st
{
const struct hash_netnet *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
- struct hash_netnet4_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
+ struct hash_netnet4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 ip = 0, ip_to = 0, last;
u32 ip2 = 0, ip2_from = 0, ip2_to = 0, last2;
@@ -169,6 +176,7 @@ hash_netnet4_uadt(struct ip_set *set, st
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
+ hash_netnet4_init(&e);
if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
return -IPSET_ERR_PROTOCOL;
@@ -357,6 +365,13 @@ hash_netnet6_data_next(struct hash_netne
#define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h"
+static void
+hash_netnet6_init(struct hash_netnet6_elem *e)
+{
+ e->cidr[0] = HOST_MASK;
+ e->cidr[1] = HOST_MASK;
+}
+
static int
hash_netnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
const struct xt_action_param *par,
@@ -385,13 +400,14 @@ hash_netnet6_uadt(struct ip_set *set, st
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{
ipset_adtfn adtfn = set->variant->adt[adt];
- struct hash_netnet6_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
+ struct hash_netnet6_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
int ret;
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
+ hash_netnet6_init(&e);
if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
return -IPSET_ERR_PROTOCOL;
--- a/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -142,6 +142,13 @@ hash_netportnet4_data_next(struct hash_n
#define HOST_MASK 32
#include "ip_set_hash_gen.h"
+static void
+hash_netportnet4_init(struct hash_netportnet4_elem *e)
+{
+ e->cidr[0] = HOST_MASK;
+ e->cidr[1] = HOST_MASK;
+}
+
static int
hash_netportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
const struct xt_action_param *par,
@@ -175,7 +182,7 @@ hash_netportnet4_uadt(struct ip_set *set
{
const struct hash_netportnet *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
- struct hash_netportnet4_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
+ struct hash_netportnet4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 ip = 0, ip_to = 0, ip_last, p = 0, port, port_to;
u32 ip2_from = 0, ip2_to = 0, ip2_last, ip2;
@@ -185,6 +192,7 @@ hash_netportnet4_uadt(struct ip_set *set
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
+ hash_netportnet4_init(&e);
if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
@@ -412,6 +420,13 @@ hash_netportnet6_data_next(struct hash_n
#define IP_SET_EMIT_CREATE
#include "ip_set_hash_gen.h"
+static void
+hash_netportnet6_init(struct hash_netportnet6_elem *e)
+{
+ e->cidr[0] = HOST_MASK;
+ e->cidr[1] = HOST_MASK;
+}
+
static int
hash_netportnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
const struct xt_action_param *par,
@@ -445,7 +460,7 @@ hash_netportnet6_uadt(struct ip_set *set
{
const struct hash_netportnet *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
- struct hash_netportnet6_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
+ struct hash_netportnet6_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 port, port_to;
bool with_ports = false;
@@ -454,6 +469,7 @@ hash_netportnet6_uadt(struct ip_set *set
if (tb[IPSET_ATTR_LINENO])
*lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
+ hash_netportnet6_init(&e);
if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 124/258] netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 123/258] netfilter: ipset: Fixing unnamed union init Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 125/258] netfilter: nf_log: wait for rcu grace after logger unregistration Greg Kroah-Hartman
` (118 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brad Jackson, Daniel Borkmann,
Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <daniel@iogearbox.net>
commit 9cf94eab8b309e8bcc78b41dd1561c75b537dd0b upstream.
Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack
templates") migrated templates to the new allocator api, but forgot to
update error paths for them in CT and synproxy to use nf_ct_tmpl_free()
instead of nf_conntrack_free().
Due to that, memory is being freed into the wrong kmemcache, but also
we drop the per net reference count of ct objects causing an imbalance.
In Brad's case, this leads to a wrap-around of net->ct.count and thus
lets __nf_conntrack_alloc() refuse to create a new ct object:
[ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching
[ 10.810168] nf_conntrack: table full, dropping packet
[ 11.917416] r8169 0000:07:00.0 eth0: link up
[ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 12.815902] nf_conntrack: table full, dropping packet
[ 15.688561] nf_conntrack: table full, dropping packet
[ 15.689365] nf_conntrack: table full, dropping packet
[ 15.690169] nf_conntrack: table full, dropping packet
[ 15.690967] nf_conntrack: table full, dropping packet
[...]
With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs.
nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus,
to fix the problem, export and use nf_ct_tmpl_free() instead.
Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates")
Reported-by: Brad Jackson <bjackson0971@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/netfilter/nf_conntrack.h | 1 +
net/netfilter/nf_conntrack_core.c | 3 ++-
net/netfilter/nf_synproxy_core.c | 2 +-
net/netfilter/xt_CT.c | 2 +-
4 files changed, 5 insertions(+), 3 deletions(-)
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -292,6 +292,7 @@ extern unsigned int nf_conntrack_hash_rn
void init_nf_conntrack_hash_rnd(void);
struct nf_conn *nf_ct_tmpl_alloc(struct net *net, u16 zone, gfp_t flags);
+void nf_ct_tmpl_free(struct nf_conn *tmpl);
#define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
#define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -320,12 +320,13 @@ out_free:
}
EXPORT_SYMBOL_GPL(nf_ct_tmpl_alloc);
-static void nf_ct_tmpl_free(struct nf_conn *tmpl)
+void nf_ct_tmpl_free(struct nf_conn *tmpl)
{
nf_ct_ext_destroy(tmpl);
nf_ct_ext_free(tmpl);
kfree(tmpl);
}
+EXPORT_SYMBOL_GPL(nf_ct_tmpl_free);
static void
destroy_conntrack(struct nf_conntrack *nfct)
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -378,7 +378,7 @@ static int __net_init synproxy_net_init(
err3:
free_percpu(snet->stats);
err2:
- nf_conntrack_free(ct);
+ nf_ct_tmpl_free(ct);
err1:
return err;
}
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -233,7 +233,7 @@ out:
return 0;
err3:
- nf_conntrack_free(ct);
+ nf_ct_tmpl_free(ct);
err2:
nf_ct_l3proto_module_put(par->family);
err1:
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 125/258] netfilter: nf_log: wait for rcu grace after logger unregistration
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 124/258] netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 126/258] netfilter: nft_compat: skip family comparison in case of NFPROTO_UNSPEC Greg Kroah-Hartman
` (117 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit ad5001cc7cdf9aaee5eb213fdee657e4a3c94776 upstream.
The nf_log_unregister() function needs to call synchronize_rcu() to make sure
that the objects are not dereferenced anymore on module removal.
Fixes: 5962815a6a56 ("netfilter: nf_log: use an array of loggers instead of list")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_log.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -113,6 +113,7 @@ void nf_log_unregister(struct nf_logger
for (i = 0; i < NFPROTO_NUMPROTO; i++)
RCU_INIT_POINTER(loggers[i][logger->type], NULL);
mutex_unlock(&nf_log_mutex);
+ synchronize_rcu();
}
EXPORT_SYMBOL(nf_log_unregister);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 126/258] netfilter: nft_compat: skip family comparison in case of NFPROTO_UNSPEC
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 125/258] netfilter: nf_log: wait for rcu grace after logger unregistration Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 127/258] netfilter: nf_log: dont zap all loggers on unregister Greg Kroah-Hartman
` (116 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit ba378ca9c04a5fc1b2cf0f0274a9d02eb3d1bad9 upstream.
Fix lookup of existing match/target structures in the corresponding list
by skipping the family check if NFPROTO_UNSPEC is used.
This is resulting in the allocation and insertion of one match/target
structure for each use of them. So this not only bloats memory
consumption but also severely affects the time to reload the ruleset
from the iptables-compat utility.
After this patch, iptables-compat-restore and iptables-compat take
almost the same time to reload large rulesets.
Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nft_compat.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -619,6 +619,13 @@ struct nft_xt {
static struct nft_expr_type nft_match_type;
+static bool nft_match_cmp(const struct xt_match *match,
+ const char *name, u32 rev, u32 family)
+{
+ return strcmp(match->name, name) == 0 && match->revision == rev &&
+ (match->family == NFPROTO_UNSPEC || match->family == family);
+}
+
static const struct nft_expr_ops *
nft_match_select_ops(const struct nft_ctx *ctx,
const struct nlattr * const tb[])
@@ -626,7 +633,7 @@ nft_match_select_ops(const struct nft_ct
struct nft_xt *nft_match;
struct xt_match *match;
char *mt_name;
- __u32 rev, family;
+ u32 rev, family;
if (tb[NFTA_MATCH_NAME] == NULL ||
tb[NFTA_MATCH_REV] == NULL ||
@@ -641,8 +648,7 @@ nft_match_select_ops(const struct nft_ct
list_for_each_entry(nft_match, &nft_match_list, head) {
struct xt_match *match = nft_match->ops.data;
- if (strcmp(match->name, mt_name) == 0 &&
- match->revision == rev && match->family == family) {
+ if (nft_match_cmp(match, mt_name, rev, family)) {
if (!try_module_get(match->me))
return ERR_PTR(-ENOENT);
@@ -693,6 +699,13 @@ static LIST_HEAD(nft_target_list);
static struct nft_expr_type nft_target_type;
+static bool nft_target_cmp(const struct xt_target *tg,
+ const char *name, u32 rev, u32 family)
+{
+ return strcmp(tg->name, name) == 0 && tg->revision == rev &&
+ (tg->family == NFPROTO_UNSPEC || tg->family == family);
+}
+
static const struct nft_expr_ops *
nft_target_select_ops(const struct nft_ctx *ctx,
const struct nlattr * const tb[])
@@ -700,7 +713,7 @@ nft_target_select_ops(const struct nft_c
struct nft_xt *nft_target;
struct xt_target *target;
char *tg_name;
- __u32 rev, family;
+ u32 rev, family;
if (tb[NFTA_TARGET_NAME] == NULL ||
tb[NFTA_TARGET_REV] == NULL ||
@@ -715,8 +728,7 @@ nft_target_select_ops(const struct nft_c
list_for_each_entry(nft_target, &nft_target_list, head) {
struct xt_target *target = nft_target->ops.data;
- if (strcmp(target->name, tg_name) == 0 &&
- target->revision == rev && target->family == family) {
+ if (nft_target_cmp(target, tg_name, rev, family)) {
if (!try_module_get(target->me))
return ERR_PTR(-ENOENT);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 127/258] netfilter: nf_log: dont zap all loggers on unregister
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 126/258] netfilter: nft_compat: skip family comparison in case of NFPROTO_UNSPEC Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 128/258] regulator: core: Correct return value check in regulator_resolve_supply Greg Kroah-Hartman
` (115 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
commit 205ee117d4dc4a11ac3bd9638bb9b2e839f4de9a upstream.
like nf_log_unset, nf_log_unregister must not reset the list of loggers.
Otherwise, a call to nf_log_unregister() will render loggers of other nf
protocols unusable:
iptables -A INPUT -j LOG
modprobe nf_log_arp ; rmmod nf_log_arp
iptables -A INPUT -j LOG
iptables: No chain/target/match by that name
Fixes: 30e0c6a6be ("netfilter: nf_log: prepare net namespace support for loggers")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_log.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -107,11 +107,15 @@ EXPORT_SYMBOL(nf_log_register);
void nf_log_unregister(struct nf_logger *logger)
{
+ const struct nf_logger *log;
int i;
mutex_lock(&nf_log_mutex);
- for (i = 0; i < NFPROTO_NUMPROTO; i++)
- RCU_INIT_POINTER(loggers[i][logger->type], NULL);
+ for (i = 0; i < NFPROTO_NUMPROTO; i++) {
+ log = nft_log_dereference(loggers[i][logger->type]);
+ if (log == logger)
+ RCU_INIT_POINTER(loggers[i][logger->type], NULL);
+ }
mutex_unlock(&nf_log_mutex);
synchronize_rcu();
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 128/258] regulator: core: Correct return value check in regulator_resolve_supply
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 127/258] netfilter: nf_log: dont zap all loggers on unregister Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 129/258] regulator: axp20x: Fix enable bit indexes for DCDC4 and DCDC5 Greg Kroah-Hartman
` (114 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Charles Keepax, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
commit 23c3f310e897837aeb8ffe8700b803cb58e7b35d upstream.
The ret pointer passed to regulator_dev_lookup is only filled with a
valid error code if regulator_dev_lookup returned NULL. Currently
regulator_resolve_supply checks this ret value before it checks if a
regulator was returned, this can result in valid regulator lookups being
ignored.
Fixes: 6261b06de565 ("regulator: Defer lookup of supply to regulator_get")
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/core.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1376,15 +1376,15 @@ static int regulator_resolve_supply(stru
return 0;
r = regulator_dev_lookup(dev, rdev->supply_name, &ret);
- if (ret == -ENODEV) {
- /*
- * No supply was specified for this regulator and
- * there will never be one.
- */
- return 0;
- }
-
if (!r) {
+ if (ret == -ENODEV) {
+ /*
+ * No supply was specified for this regulator and
+ * there will never be one.
+ */
+ return 0;
+ }
+
if (have_full_constraints()) {
r = dummy_regulator_rdev;
} else {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 129/258] regulator: axp20x: Fix enable bit indexes for DCDC4 and DCDC5
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 128/258] regulator: core: Correct return value check in regulator_resolve_supply Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 130/258] regulator: core: Handle probe deferral from DT when resolving supplies Greg Kroah-Hartman
` (113 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wens@csie.org>
commit 6b3600b4ba0810c84437cf76556d9afbd55c1bfc upstream.
The enable bit indexes for DCDC4 and DCDC5 regulators are off by 1.
We haven't run into any problems with this since either the regulators
aren't defined in the DT and aren't used, or all the DCDC regulators
have the "always-on" property set, as they are almost always used
for system critical loads.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/axp20x-regulator.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/regulator/axp20x-regulator.c
+++ b/drivers/regulator/axp20x-regulator.c
@@ -192,9 +192,9 @@ static const struct regulator_desc axp22
AXP_DESC(AXP22X, DCDC3, "dcdc3", "vin3", 600, 1860, 20,
AXP22X_DCDC3_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(3)),
AXP_DESC(AXP22X, DCDC4, "dcdc4", "vin4", 600, 1540, 20,
- AXP22X_DCDC4_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(3)),
+ AXP22X_DCDC4_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(4)),
AXP_DESC(AXP22X, DCDC5, "dcdc5", "vin5", 1000, 2550, 50,
- AXP22X_DCDC5_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL1, BIT(4)),
+ AXP22X_DCDC5_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL1, BIT(5)),
/* secondary switchable output of DCDC1 */
AXP_DESC_SW(AXP22X, DC1SW, "dc1sw", "dcdc1", 1600, 3400, 100,
AXP22X_DCDC1_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL2, BIT(7)),
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 130/258] regulator: core: Handle probe deferral from DT when resolving supplies
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 129/258] regulator: axp20x: Fix enable bit indexes for DCDC4 and DCDC5 Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 131/258] Bluetooth: Delay check for conn->smp in smp_conn_security() Greg Kroah-Hartman
` (112 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sascha Hauer, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@kernel.org>
commit 06423121d9eba0a56b9341cf82b88479017bce14 upstream.
When resolving regulator-regulator supplies we ignore probe deferral
returns from regulator_dev_lookup() (such as are generated for DT when
we can see a supply is registered) and just fall back to the dummy
regulator if there are full constraints (as is the case for DT). This
means that probe deferral is broken for DT systems, fix that by paying
attention to -EPROBE_DEFER return codes like we do -ENODEV.
A further patch will simplify this further, this is a minimal fix for
the specific issue.
Fixes: 9f7e25edb1575a6d2 (regulator: core: Handle full constraints systems when resolving supplies)
Reported-by: Sascha Hauer <s.hauer@pengutronix.de>
Tested-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Mark Brown <broonnie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/core.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1385,6 +1385,10 @@ static int regulator_resolve_supply(stru
return 0;
}
+ /* Did the lookup explicitly defer for us? */
+ if (ret == -EPROBE_DEFER)
+ return ret;
+
if (have_full_constraints()) {
r = dummy_regulator_rdev;
} else {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 131/258] Bluetooth: Delay check for conn->smp in smp_conn_security()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 130/258] regulator: core: Handle probe deferral from DT when resolving supplies Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 132/258] nfs: fix v4.2 SEEK on files over 2 gigs Greg Kroah-Hartman
` (111 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuck Ebbert, Johan Hedberg,
Marcel Holtmann
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hedberg <johan.hedberg@intel.com>
commit d8949aad3eab5d396f4fefcd581773bf07b9a79e upstream.
There are several actions that smp_conn_security() might make that do
not require a valid SMP context (conn->smp pointer). One of these
actions is to encrypt the link with an existing LTK. If the SMP
context wasn't initialized properly we should still allow the
independent actions to be done, i.e. the check for the context should
only be done at the last possible moment.
Reported-by: Chuck Ebbert <cebbert.lkml@gmail.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/smp.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2311,12 +2311,6 @@ int smp_conn_security(struct hci_conn *h
if (!conn)
return 1;
- chan = conn->smp;
- if (!chan) {
- BT_ERR("SMP security requested but not available");
- return 1;
- }
-
if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
return 1;
@@ -2330,6 +2324,12 @@ int smp_conn_security(struct hci_conn *h
if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
return 0;
+ chan = conn->smp;
+ if (!chan) {
+ BT_ERR("SMP security requested but not available");
+ return 1;
+ }
+
l2cap_chan_lock(chan);
/* If SMP is already in progress ignore this request */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 132/258] nfs: fix v4.2 SEEK on files over 2 gigs
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 131/258] Bluetooth: Delay check for conn->smp in smp_conn_security() Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 133/258] NFS: Do cleanup before resetting pageio read/write to mds Greg Kroah-Hartman
` (110 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, J. Bruce Fields, Anna Schumaker,
Trond Myklebust
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "J. Bruce Fields" <bfields@redhat.com>
commit 306a5549355966e480e0dcacdc6b9321d153e0c0 upstream.
We're incorrectly assigning a loff_t return to an int. If SEEK_HOLE or
SEEK_DATA returns an offset over 2^31 then the application will see a
weird lseek() result (usually -EIO).
Fixes: bdcc2cd14e4e "NFSv4.2: handle NFS-specific llseek errors"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Reviewed-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs42proc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -175,10 +175,12 @@ loff_t nfs42_proc_llseek(struct file *fi
{
struct nfs_server *server = NFS_SERVER(file_inode(filep));
struct nfs4_exception exception = { };
- int err;
+ loff_t err;
do {
err = _nfs42_proc_llseek(filep, offset, whence);
+ if (err >= 0)
+ break;
if (err == -ENOTSUPP)
return -EOPNOTSUPP;
err = nfs4_handle_exception(server, err, &exception);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 133/258] NFS: Do cleanup before resetting pageio read/write to mds
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 132/258] nfs: fix v4.2 SEEK on files over 2 gigs Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 134/258] NFSv4: Recovery of recalled read delegations is broken Greg Kroah-Hartman
` (109 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kinglong Mee, Trond Myklebust
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kinglong Mee <kinglongmee@gmail.com>
commit 6f29b9bba7b08c6b1d6f2cc4cf750b342fc1946c upstream.
There is a reference leak of layout segment after resetting
pageio read/write to mds.
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/read.c | 3 +++
fs/nfs/write.c | 3 +++
2 files changed, 6 insertions(+)
--- a/fs/nfs/read.c
+++ b/fs/nfs/read.c
@@ -72,6 +72,9 @@ void nfs_pageio_reset_read_mds(struct nf
{
struct nfs_pgio_mirror *mirror;
+ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup)
+ pgio->pg_ops->pg_cleanup(pgio);
+
pgio->pg_ops = &nfs_pgio_rw_ops;
/* read path should never have more than one mirror */
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1351,6 +1351,9 @@ void nfs_pageio_reset_write_mds(struct n
{
struct nfs_pgio_mirror *mirror;
+ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup)
+ pgio->pg_ops->pg_cleanup(pgio);
+
pgio->pg_ops = &nfs_pgio_rw_ops;
nfs_pageio_stop_mirroring(pgio);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 134/258] NFSv4: Recovery of recalled read delegations is broken
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 133/258] NFS: Do cleanup before resetting pageio read/write to mds Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 135/258] nfs: fix pg_test page count calculation Greg Kroah-Hartman
` (108 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kinglong Mee, NeilBrown,
Trond Myklebust
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trond.myklebust@primarydata.com>
commit 24311f884189d42d40354a6f38ca218eb9aeb811 upstream.
When a read delegation is being recalled, and we're reclaiming the
cached opens, we need to make sure that we only reclaim read-only
modes.
A previous attempt to do this, relied on retrieving the delegation
type from the nfs4_opendata structure. Unfortunately, as Kinglong
pointed out, this field can only be set when performing reboot recovery.
Furthermore, if we call nfs4_open_recover(), then we end up clobbering
the state->flags for all modes that we're not recovering...
The fix is to have the delegation recall code pass this information
to the recovery call, and then refactor the recovery code so that
nfs4_open_delegation_recall() does not need to call nfs4_open_recover().
Reported-by: Kinglong Mee <kinglongmee@gmail.com>
Fixes: 39f897fdbd46 ("NFSv4: When returning a delegation, don't...")
Tested-by: Kinglong Mee <kinglongmee@gmail.com>
Cc: NeilBrown <neilb@suse.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/delegation.c | 8 +++--
fs/nfs/delegation.h | 2 -
fs/nfs/nfs4proc.c | 81 ++++++++++++++++++++++++++++++----------------------
3 files changed, 53 insertions(+), 38 deletions(-)
--- a/fs/nfs/delegation.c
+++ b/fs/nfs/delegation.c
@@ -113,7 +113,8 @@ out:
return status;
}
-static int nfs_delegation_claim_opens(struct inode *inode, const nfs4_stateid *stateid)
+static int nfs_delegation_claim_opens(struct inode *inode,
+ const nfs4_stateid *stateid, fmode_t type)
{
struct nfs_inode *nfsi = NFS_I(inode);
struct nfs_open_context *ctx;
@@ -140,7 +141,7 @@ again:
/* Block nfs4_proc_unlck */
mutex_lock(&sp->so_delegreturn_mutex);
seq = raw_seqcount_begin(&sp->so_reclaim_seqcount);
- err = nfs4_open_delegation_recall(ctx, state, stateid);
+ err = nfs4_open_delegation_recall(ctx, state, stateid, type);
if (!err)
err = nfs_delegation_claim_locks(ctx, state, stateid);
if (!err && read_seqcount_retry(&sp->so_reclaim_seqcount, seq))
@@ -411,7 +412,8 @@ static int nfs_end_delegation_return(str
do {
if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags))
break;
- err = nfs_delegation_claim_opens(inode, &delegation->stateid);
+ err = nfs_delegation_claim_opens(inode, &delegation->stateid,
+ delegation->type);
if (!issync || err != -EAGAIN)
break;
/*
--- a/fs/nfs/delegation.h
+++ b/fs/nfs/delegation.h
@@ -54,7 +54,7 @@ void nfs_delegation_reap_unclaimed(struc
/* NFSv4 delegation-related procedures */
int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync);
-int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid);
+int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid, fmode_t type);
int nfs4_lock_delegation_recall(struct file_lock *fl, struct nfs4_state *state, const nfs4_stateid *stateid);
bool nfs4_copy_delegation_stateid(nfs4_stateid *dst, struct inode *inode, fmode_t flags);
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -1127,6 +1127,21 @@ static int nfs4_wait_for_completion_rpc_
return ret;
}
+static bool nfs4_mode_match_open_stateid(struct nfs4_state *state,
+ fmode_t fmode)
+{
+ switch(fmode & (FMODE_READ|FMODE_WRITE)) {
+ case FMODE_READ|FMODE_WRITE:
+ return state->n_rdwr != 0;
+ case FMODE_WRITE:
+ return state->n_wronly != 0;
+ case FMODE_READ:
+ return state->n_rdonly != 0;
+ }
+ WARN_ON_ONCE(1);
+ return false;
+}
+
static int can_open_cached(struct nfs4_state *state, fmode_t mode, int open_mode)
{
int ret = 0;
@@ -1561,17 +1576,13 @@ static struct nfs4_opendata *nfs4_open_r
return opendata;
}
-static int nfs4_open_recover_helper(struct nfs4_opendata *opendata, fmode_t fmode, struct nfs4_state **res)
+static int nfs4_open_recover_helper(struct nfs4_opendata *opendata,
+ fmode_t fmode)
{
struct nfs4_state *newstate;
int ret;
- if ((opendata->o_arg.claim == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
- opendata->o_arg.claim == NFS4_OPEN_CLAIM_DELEG_CUR_FH) &&
- (opendata->o_arg.u.delegation_type & fmode) != fmode)
- /* This mode can't have been delegated, so we must have
- * a valid open_stateid to cover it - not need to reclaim.
- */
+ if (!nfs4_mode_match_open_stateid(opendata->state, fmode))
return 0;
opendata->o_arg.open_flags = 0;
opendata->o_arg.fmode = fmode;
@@ -1587,14 +1598,14 @@ static int nfs4_open_recover_helper(stru
newstate = nfs4_opendata_to_nfs4_state(opendata);
if (IS_ERR(newstate))
return PTR_ERR(newstate);
+ if (newstate != opendata->state)
+ ret = -ESTALE;
nfs4_close_state(newstate, fmode);
- *res = newstate;
- return 0;
+ return ret;
}
static int nfs4_open_recover(struct nfs4_opendata *opendata, struct nfs4_state *state)
{
- struct nfs4_state *newstate;
int ret;
/* Don't trigger recovery in nfs_test_and_clear_all_open_stateid */
@@ -1605,27 +1616,15 @@ static int nfs4_open_recover(struct nfs4
clear_bit(NFS_DELEGATED_STATE, &state->flags);
clear_bit(NFS_OPEN_STATE, &state->flags);
smp_rmb();
- if (state->n_rdwr != 0) {
- ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE, &newstate);
- if (ret != 0)
- return ret;
- if (newstate != state)
- return -ESTALE;
- }
- if (state->n_wronly != 0) {
- ret = nfs4_open_recover_helper(opendata, FMODE_WRITE, &newstate);
- if (ret != 0)
- return ret;
- if (newstate != state)
- return -ESTALE;
- }
- if (state->n_rdonly != 0) {
- ret = nfs4_open_recover_helper(opendata, FMODE_READ, &newstate);
- if (ret != 0)
- return ret;
- if (newstate != state)
- return -ESTALE;
- }
+ ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE);
+ if (ret != 0)
+ return ret;
+ ret = nfs4_open_recover_helper(opendata, FMODE_WRITE);
+ if (ret != 0)
+ return ret;
+ ret = nfs4_open_recover_helper(opendata, FMODE_READ);
+ if (ret != 0)
+ return ret;
/*
* We may have performed cached opens for all three recoveries.
* Check if we need to update the current stateid.
@@ -1749,18 +1748,32 @@ static int nfs4_handle_delegation_recall
return err;
}
-int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
+int nfs4_open_delegation_recall(struct nfs_open_context *ctx,
+ struct nfs4_state *state, const nfs4_stateid *stateid,
+ fmode_t type)
{
struct nfs_server *server = NFS_SERVER(state->inode);
struct nfs4_opendata *opendata;
- int err;
+ int err = 0;
opendata = nfs4_open_recoverdata_alloc(ctx, state,
NFS4_OPEN_CLAIM_DELEG_CUR_FH);
if (IS_ERR(opendata))
return PTR_ERR(opendata);
nfs4_stateid_copy(&opendata->o_arg.u.delegation, stateid);
- err = nfs4_open_recover(opendata, state);
+ clear_bit(NFS_DELEGATED_STATE, &state->flags);
+ switch (type & (FMODE_READ|FMODE_WRITE)) {
+ case FMODE_READ|FMODE_WRITE:
+ case FMODE_WRITE:
+ err = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE);
+ if (err)
+ break;
+ err = nfs4_open_recover_helper(opendata, FMODE_WRITE);
+ if (err)
+ break;
+ case FMODE_READ:
+ err = nfs4_open_recover_helper(opendata, FMODE_READ);
+ }
nfs4_opendata_put(opendata);
return nfs4_handle_delegation_recall_error(server, state, stateid, err);
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 135/258] nfs: fix pg_test page count calculation
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 134/258] NFSv4: Recovery of recalled read delegations is broken Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 136/258] NFS: Fix a write performance regression Greg Kroah-Hartman
` (107 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Peng Tao,
Trond Myklebust
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peng Tao <tao.peng@primarydata.com>
commit 048883e0b934d9a5103d40e209cb14b7f33d2933 upstream.
We really want sizeof(struct page *) instead. Otherwise we limit
maximum IO size to 64 pages rather than 512 pages on a 64bit system.
Fixes 2e11f829(nfs: cap request size to fit a kmalloced page array).
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Peng Tao <tao.peng@primarydata.com>
Fixes: 2e11f8296d22 ("nfs: cap request size to fit a kmalloced page array")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/pagelist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -508,7 +508,7 @@ size_t nfs_generic_pg_test(struct nfs_pa
* for it without upsetting the slab allocator.
*/
if (((mirror->pg_count + req->wb_bytes) >> PAGE_SHIFT) *
- sizeof(struct page) > PAGE_SIZE)
+ sizeof(struct page *) > PAGE_SIZE)
return 0;
return min(mirror->pg_bsize - mirror->pg_count, (size_t)req->wb_bytes);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 136/258] NFS: Fix a write performance regression
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 135/258] nfs: fix pg_test page count calculation Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 137/258] [SMB3] Fix sec=krb5 on smb3 mounts Greg Kroah-Hartman
` (106 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Layton, Trond Myklebust
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trond.myklebust@primarydata.com>
commit 8fa4592a14ebb3c22a21d846d1e4f65dab7d1a7c upstream.
If all other conditions in nfs_can_extend_write() are met, and there
are no locks, then we should be able to assume close-to-open semantics
and the ability to extend our write to cover the whole page.
With this patch, the xfstests generic/074 test completes in 242s instead
of >1400s on my test rig.
Fixes: bd61e0a9c852 ("locks: convert posix locks to file_lock_context")
Cc: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/write.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1223,7 +1223,7 @@ static int nfs_can_extend_write(struct f
return 1;
if (!flctx || (list_empty_careful(&flctx->flc_flock) &&
list_empty_careful(&flctx->flc_posix)))
- return 0;
+ return 1;
/* Check to see if there are whole file write locks */
ret = 0;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 137/258] [SMB3] Fix sec=krb5 on smb3 mounts
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 136/258] NFS: Fix a write performance regression Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 138/258] disabling oplocks/leases via module parm enable_oplocks broken for SMB3 Greg Kroah-Hartman
` (105 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noel Power, Jim McDonough,
Steve French
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <smfrench@gmail.com>
commit ceb1b0b9b4d1089e9f2731a314689ae17784c861 upstream.
Kerberos, which is very important for security, was only enabled for
CIFS not SMB2/SMB3 mounts (e.g. vers=3.0)
Patch based on the information detailed in
http://thread.gmane.org/gmane.linux.kernel.cifs/10081/focus=10307
to enable Kerberized SMB2/SMB3
a) SMB2_negotiate: enable/use decode_negTokenInit in SMB2_negotiate
b) SMB2_sess_setup: handle Kerberos sectype and replicate Kerberos
SMB1 processing done in sess_auth_kerberos
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: Jim McDonough <jmcd@samba.org>
Signed-off-by: Steve French <steve.french@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 76 +++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 61 insertions(+), 15 deletions(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -46,6 +46,7 @@
#include "smb2status.h"
#include "smb2glob.h"
#include "cifspdu.h"
+#include "cifs_spnego.h"
/*
* The following table defines the expected "StructureSize" of SMB2 requests
@@ -486,19 +487,15 @@ SMB2_negotiate(const unsigned int xid, s
cifs_dbg(FYI, "missing security blob on negprot\n");
rc = cifs_enable_signing(server, ses->sign);
-#ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */
if (rc)
goto neg_exit;
- if (blob_length)
+ if (blob_length) {
rc = decode_negTokenInit(security_blob, blob_length, server);
- if (rc == 1)
- rc = 0;
- else if (rc == 0) {
- rc = -EIO;
- goto neg_exit;
+ if (rc == 1)
+ rc = 0;
+ else if (rc == 0)
+ rc = -EIO;
}
-#endif
-
neg_exit:
free_rsp_buf(resp_buftype, rsp);
return rc;
@@ -592,7 +589,8 @@ SMB2_sess_setup(const unsigned int xid,
__le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
struct TCP_Server_Info *server = ses->server;
u16 blob_length = 0;
- char *security_blob;
+ struct key *spnego_key = NULL;
+ char *security_blob = NULL;
char *ntlmssp_blob = NULL;
bool use_spnego = false; /* else use raw ntlmssp */
@@ -620,7 +618,8 @@ SMB2_sess_setup(const unsigned int xid,
ses->ntlmssp->sesskey_per_smbsess = true;
/* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */
- ses->sectype = RawNTLMSSP;
+ if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP)
+ ses->sectype = RawNTLMSSP;
ssetup_ntlmssp_authenticate:
if (phase == NtLmChallenge)
@@ -649,7 +648,48 @@ ssetup_ntlmssp_authenticate:
iov[0].iov_base = (char *)req;
/* 4 for rfc1002 length field and 1 for pad */
iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
- if (phase == NtLmNegotiate) {
+
+ if (ses->sectype == Kerberos) {
+#ifdef CONFIG_CIFS_UPCALL
+ struct cifs_spnego_msg *msg;
+
+ spnego_key = cifs_get_spnego_key(ses);
+ if (IS_ERR(spnego_key)) {
+ rc = PTR_ERR(spnego_key);
+ spnego_key = NULL;
+ goto ssetup_exit;
+ }
+
+ msg = spnego_key->payload.data;
+ /*
+ * check version field to make sure that cifs.upcall is
+ * sending us a response in an expected form
+ */
+ if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
+ cifs_dbg(VFS,
+ "bad cifs.upcall version. Expected %d got %d",
+ CIFS_SPNEGO_UPCALL_VERSION, msg->version);
+ rc = -EKEYREJECTED;
+ goto ssetup_exit;
+ }
+ ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
+ GFP_KERNEL);
+ if (!ses->auth_key.response) {
+ cifs_dbg(VFS,
+ "Kerberos can't allocate (%u bytes) memory",
+ msg->sesskey_len);
+ rc = -ENOMEM;
+ goto ssetup_exit;
+ }
+ ses->auth_key.len = msg->sesskey_len;
+ blob_length = msg->secblob_len;
+ iov[1].iov_base = msg->data + msg->sesskey_len;
+ iov[1].iov_len = blob_length;
+#else
+ rc = -EOPNOTSUPP;
+ goto ssetup_exit;
+#endif /* CONFIG_CIFS_UPCALL */
+ } else if (phase == NtLmNegotiate) { /* if not krb5 must be ntlmssp */
ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE),
GFP_KERNEL);
if (ntlmssp_blob == NULL) {
@@ -672,6 +712,8 @@ ssetup_ntlmssp_authenticate:
/* with raw NTLMSSP we don't encapsulate in SPNEGO */
security_blob = ntlmssp_blob;
}
+ iov[1].iov_base = security_blob;
+ iov[1].iov_len = blob_length;
} else if (phase == NtLmAuthenticate) {
req->hdr.SessionId = ses->Suid;
ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500,
@@ -699,6 +741,8 @@ ssetup_ntlmssp_authenticate:
} else {
security_blob = ntlmssp_blob;
}
+ iov[1].iov_base = security_blob;
+ iov[1].iov_len = blob_length;
} else {
cifs_dbg(VFS, "illegal ntlmssp phase\n");
rc = -EIO;
@@ -710,8 +754,6 @@ ssetup_ntlmssp_authenticate:
cpu_to_le16(sizeof(struct smb2_sess_setup_req) -
1 /* pad */ - 4 /* rfc1001 len */);
req->SecurityBufferLength = cpu_to_le16(blob_length);
- iov[1].iov_base = security_blob;
- iov[1].iov_len = blob_length;
inc_rfc1001_len(req, blob_length - 1 /* pad */);
@@ -722,6 +764,7 @@ ssetup_ntlmssp_authenticate:
kfree(security_blob);
rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base;
+ ses->Suid = rsp->hdr.SessionId;
if (resp_buftype != CIFS_NO_BUFFER &&
rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) {
if (phase != NtLmNegotiate) {
@@ -739,7 +782,6 @@ ssetup_ntlmssp_authenticate:
/* NTLMSSP Negotiate sent now processing challenge (response) */
phase = NtLmChallenge; /* process ntlmssp challenge */
rc = 0; /* MORE_PROCESSING is not an error here but expected */
- ses->Suid = rsp->hdr.SessionId;
rc = decode_ntlmssp_challenge(rsp->Buffer,
le16_to_cpu(rsp->SecurityBufferLength), ses);
}
@@ -796,6 +838,10 @@ keygen_exit:
kfree(ses->auth_key.response);
ses->auth_key.response = NULL;
}
+ if (spnego_key) {
+ key_invalidate(spnego_key);
+ key_put(spnego_key);
+ }
kfree(ses->ntlmssp);
return rc;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 138/258] disabling oplocks/leases via module parm enable_oplocks broken for SMB3
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 137/258] [SMB3] Fix sec=krb5 on smb3 mounts Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 139/258] [SMB3] Do not fall back to SMBWriteX in set_file_size error cases Greg Kroah-Hartman
` (104 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steve French, Chandrika Srinivasan
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <smfrench@gmail.com>
commit e0ddde9d44e37fbc21ce893553094ecf1a633ab5 upstream.
leases (oplocks) were always requested for SMB2/SMB3 even when oplocks
disabled in the cifs.ko module.
Signed-off-by: Steve French <steve.french@primarydata.com>
Reviewed-by: Chandrika Srinivasan <chandrika.srinivasan@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -50,9 +50,13 @@ change_conf(struct TCP_Server_Info *serv
break;
default:
server->echoes = true;
- server->oplocks = true;
+ if (enable_oplocks) {
+ server->oplocks = true;
+ server->oplock_credits = 1;
+ } else
+ server->oplocks = false;
+
server->echo_credits = 1;
- server->oplock_credits = 1;
}
server->credits -= server->echo_credits + server->oplock_credits;
return 0;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 139/258] [SMB3] Do not fall back to SMBWriteX in set_file_size error cases
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 138/258] disabling oplocks/leases via module parm enable_oplocks broken for SMB3 Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 140/258] drm/qxl: only report first monitor as connected if we have no state Greg Kroah-Hartman
` (103 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steve French, PaX Team, Emese Revfy,
Brad Spengler
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <smfrench@gmail.com>
commit 646200a041203f440fb6fcf9cacd9efeda9de74c upstream.
The error paths in set_file_size for cifs and smb3 are incorrect.
In the unlikely event that a server did not support set file info
of the file size, the code incorrectly falls back to trying SMBWriteX
(note that only the original core SMB Write, used for example by DOS,
can set the file size this way - this actually does not work for the more
recent SMBWriteX). The idea was since the old DOS SMB Write could set
the file size if you write zero bytes at that offset then use that if
server rejects the normal set file info call.
Fortunately the SMBWriteX will never be sent on the wire (except when
file size is zero) since the length and offset fields were reversed
in the two places in this function that call SMBWriteX causing
the fall back path to return an error. It is also important to never call
an SMB request from an SMB2/sMB3 session (which theoretically would
be possible, and can cause a brief session drop, although the client
recovers) so this should be fixed. In practice this path does not happen
with modern servers but the error fall back to SMBWriteX is clearly wrong.
Removing the calls to SMBWriteX in the error paths in cifs_set_file_size
Pointed out by PaX/grsecurity team
Signed-off-by: Steve French <steve.french@primarydata.com>
Reported-by: PaX Team <pageexec@freemail.hu>
CC: Emese Revfy <re.emese@gmail.com>
CC: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/inode.c | 36 +-----------------------------------
1 file changed, 1 insertion(+), 35 deletions(-)
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -2034,7 +2034,6 @@ cifs_set_file_size(struct inode *inode,
struct tcon_link *tlink = NULL;
struct cifs_tcon *tcon = NULL;
struct TCP_Server_Info *server;
- struct cifs_io_parms io_parms;
/*
* To avoid spurious oplock breaks from server, in the case of
@@ -2056,18 +2055,6 @@ cifs_set_file_size(struct inode *inode,
rc = -ENOSYS;
cifsFileInfo_put(open_file);
cifs_dbg(FYI, "SetFSize for attrs rc = %d\n", rc);
- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) {
- unsigned int bytes_written;
-
- io_parms.netfid = open_file->fid.netfid;
- io_parms.pid = open_file->pid;
- io_parms.tcon = tcon;
- io_parms.offset = 0;
- io_parms.length = attrs->ia_size;
- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written,
- NULL, NULL, 1);
- cifs_dbg(FYI, "Wrt seteof rc %d\n", rc);
- }
} else
rc = -EINVAL;
@@ -2093,28 +2080,7 @@ cifs_set_file_size(struct inode *inode,
else
rc = -ENOSYS;
cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc);
- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) {
- __u16 netfid;
- int oplock = 0;
-
- rc = SMBLegacyOpen(xid, tcon, full_path, FILE_OPEN,
- GENERIC_WRITE, CREATE_NOT_DIR, &netfid,
- &oplock, NULL, cifs_sb->local_nls,
- cifs_remap(cifs_sb));
- if (rc == 0) {
- unsigned int bytes_written;
-
- io_parms.netfid = netfid;
- io_parms.pid = current->tgid;
- io_parms.tcon = tcon;
- io_parms.offset = 0;
- io_parms.length = attrs->ia_size;
- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written, NULL,
- NULL, 1);
- cifs_dbg(FYI, "wrt seteof rc %d\n", rc);
- CIFSSMBClose(xid, tcon, netfid);
- }
- }
+
if (tlink)
cifs_put_tlink(tlink);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 140/258] drm/qxl: only report first monitor as connected if we have no state
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 139/258] [SMB3] Do not fall back to SMBWriteX in set_file_size error cases Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 147/258] drm/amdgpu: Restore LCD backlight level on resume Greg Kroah-Hartman
` (102 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dave Airlie
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Airlie <airlied@redhat.com>
commit 69e5d3f893e19613486f300fd6e631810338aa4b upstream.
If the server isn't new enough to give us state, report the first
monitor as always connected, otherwise believe the server side.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/qxl/qxl_display.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/qxl/qxl_display.c
+++ b/drivers/gpu/drm/qxl/qxl_display.c
@@ -886,13 +886,15 @@ static enum drm_connector_status qxl_con
drm_connector_to_qxl_output(connector);
struct drm_device *ddev = connector->dev;
struct qxl_device *qdev = ddev->dev_private;
- int connected;
+ bool connected = false;
/* The first monitor is always connected */
- connected = (output->index == 0) ||
- (qdev->client_monitors_config &&
- qdev->client_monitors_config->count > output->index &&
- qxl_head_enabled(&qdev->client_monitors_config->heads[output->index]));
+ if (!qdev->client_monitors_config) {
+ if (output->index == 0)
+ connected = true;
+ } else
+ connected = qdev->client_monitors_config->count > output->index &&
+ qxl_head_enabled(&qdev->client_monitors_config->heads[output->index]);
DRM_DEBUG("#%d connected: %d\n", output->index, connected);
if (!connected)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 147/258] drm/amdgpu: Restore LCD backlight level on resume
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 140/258] drm/qxl: only report first monitor as connected if we have no state Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 148/258] drm/i915/bios: handle MIPI Sequence Block v3+ gracefully Greg Kroah-Hartman
` (101 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 74b3112e95073b351e3b0b9799795bc76f8415fa upstream.
Instead of only enabling the backlight (which seems to set it to max
brightness), just re-set the current backlight level, which also takes
care of enabling the backlight if necessary.
Port of radeon commit:
drm/radeon: Restore LCD backlight level on resume (>= R5xx)
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
+++ b/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
@@ -1279,8 +1279,7 @@ amdgpu_atombios_encoder_setup_dig(struct
amdgpu_atombios_encoder_setup_dig_encoder(encoder, ATOM_ENCODER_CMD_DP_VIDEO_ON, 0);
}
if (amdgpu_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT))
- amdgpu_atombios_encoder_setup_dig_transmitter(encoder,
- ATOM_TRANSMITTER_ACTION_LCD_BLON, 0, 0);
+ amdgpu_atombios_encoder_set_backlight_level(amdgpu_encoder, dig->backlight_level);
if (ext_encoder)
amdgpu_atombios_encoder_setup_external_encoder(encoder, ext_encoder, ATOM_ENABLE);
} else {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 148/258] drm/i915/bios: handle MIPI Sequence Block v3+ gracefully
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 147/258] drm/amdgpu: Restore LCD backlight level on resume Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 149/258] drm: Reject DRI1 hw lock ioctl functions for kms drivers Greg Kroah-Hartman
` (100 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Deepak M, Jani Nikula
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
commit cd67d226ebd909d239d2c6e5a6abd6e2a338d1cd upstream.
The VBT MIPI Sequence Block version 3 has forward incompatible changes:
First, the block size in the header has been specified reserved, and the
actual size is a separate 32-bit value within the block. The current
find_section() function to will only look at the size in the block
header, and, depending on what's in that now reserved size field,
continue looking for other sections in the wrong place.
Fix this by taking the new block size field into account. This will
ensure that the lookups for other sections will work properly, as long
as the new 32-bit size does not go beyond the opregion VBT mailbox size.
Second, the contents of the block have been completely
changed. Gracefully refuse parsing the yet unknown data version.
Cc: Deepak M <m.deepak@intel.com>
Reviewed-by: Deepak M <m.deepak@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_bios.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/i915/intel_bios.c
+++ b/drivers/gpu/drm/i915/intel_bios.c
@@ -42,7 +42,7 @@ find_section(const void *_bdb, int secti
const struct bdb_header *bdb = _bdb;
const u8 *base = _bdb;
int index = 0;
- u16 total, current_size;
+ u32 total, current_size;
u8 current_id;
/* skip to first section */
@@ -57,6 +57,10 @@ find_section(const void *_bdb, int secti
current_size = *((const u16 *)(base + index));
index += 2;
+ /* The MIPI Sequence Block v3+ has a separate size field. */
+ if (current_id == BDB_MIPI_SEQUENCE && *(base + index) >= 3)
+ current_size = *((const u32 *)(base + index + 1));
+
if (index + current_size > total)
return NULL;
@@ -859,6 +863,12 @@ parse_mipi(struct drm_i915_private *dev_
return;
}
+ /* Fail gracefully for forward incompatible sequence block. */
+ if (sequence->version >= 3) {
+ DRM_ERROR("Unable to parse MIPI Sequence Block v3+\n");
+ return;
+ }
+
DRM_DEBUG_DRIVER("Found MIPI sequence block\n");
block_size = get_blocksize(sequence);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 149/258] drm: Reject DRI1 hw lock ioctl functions for kms drivers
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 148/258] drm/i915/bios: handle MIPI Sequence Block v3+ gracefully Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 151/258] drm/dp/mst: fixup handling hotplug on port removal Greg Kroah-Hartman
` (99 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Peter Antoine, Daniel Vetter
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Vetter <daniel.vetter@ffwll.ch>
commit da168d81b44898404d281d5dbe70154ab5f117c1 upstream.
I've done some extensive history digging across libdrm, mesa and
xf86-video-{intel,nouveau,ati}. The only potential user of this with
kms drivers I could find was ttmtest, which once used drmGetLock
still. But that mistake was quickly fixed up. Even the intel xvmc
library (which otherwise was really good with using dri1 stuff in kms
mode) managed to never take the hw lock for dri2 (and hence kms).
Hence it should be save to unconditionally disallow this.
Cc: Peter Antoine <peter.antoine@intel.com>
Reviewed-by: Peter Antoine <peter.antoine@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_lock.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/gpu/drm/drm_lock.c
+++ b/drivers/gpu/drm/drm_lock.c
@@ -61,6 +61,9 @@ int drm_legacy_lock(struct drm_device *d
struct drm_master *master = file_priv->master;
int ret = 0;
+ if (drm_core_check_feature(dev, DRIVER_MODESET))
+ return -EINVAL;
+
++file_priv->lock_count;
if (lock->context == DRM_KERNEL_CONTEXT) {
@@ -153,6 +156,9 @@ int drm_legacy_unlock(struct drm_device
struct drm_lock *lock = data;
struct drm_master *master = file_priv->master;
+ if (drm_core_check_feature(dev, DRIVER_MODESET))
+ return -EINVAL;
+
if (lock->context == DRM_KERNEL_CONTEXT) {
DRM_ERROR("Process %d using kernel context %d\n",
task_pid_nr(current), lock->context);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 151/258] drm/dp/mst: fixup handling hotplug on port removal.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 149/258] drm: Reject DRI1 hw lock ioctl functions for kms drivers Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 152/258] drm/dp/mst: drop cancel work sync in the mstb destroy path (v2) Greg Kroah-Hartman
` (98 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Vetter, Dave Airlie
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Airlie <airlied@redhat.com>
commit df4839fdc9b3c922586b945f062f38cbbda022bb upstream.
output ports should always have a connector, unless
in the rare case connector allocation fails in the
driver.
In this case we only need to teardown the pdt,
and free the struct, and there is no need to
send a hotplug msg.
In the case were we add the port to the destroy
list we need to send a hotplug if we destroy
any connectors, so userspace knows to reprobe
stuff.
this patch also handles port->connector allocation
failing which should be a rare event, but makes
the code consistent.
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_dp_mst_topology.c | 36 ++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
--- a/drivers/gpu/drm/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
@@ -863,29 +863,33 @@ static void drm_dp_destroy_port(struct k
{
struct drm_dp_mst_port *port = container_of(kref, struct drm_dp_mst_port, kref);
struct drm_dp_mst_topology_mgr *mgr = port->mgr;
+
if (!port->input) {
port->vcpi.num_slots = 0;
kfree(port->cached_edid);
- /* we can't destroy the connector here, as
- we might be holding the mode_config.mutex
- from an EDID retrieval */
+ /*
+ * The only time we don't have a connector
+ * on an output port is if the connector init
+ * fails.
+ */
if (port->connector) {
+ /* we can't destroy the connector here, as
+ * we might be holding the mode_config.mutex
+ * from an EDID retrieval */
+
mutex_lock(&mgr->destroy_connector_lock);
list_add(&port->next, &mgr->destroy_connector_list);
mutex_unlock(&mgr->destroy_connector_lock);
schedule_work(&mgr->destroy_connector_work);
return;
}
+ /* no need to clean up vcpi
+ * as if we have no connector we never setup a vcpi */
drm_dp_port_teardown_pdt(port, port->pdt);
-
- if (!port->input && port->vcpi.vcpi > 0)
- drm_dp_mst_put_payload_id(mgr, port->vcpi.vcpi);
}
kfree(port);
-
- (*mgr->cbs->hotplug)(mgr);
}
static void drm_dp_put_port(struct drm_dp_mst_port *port)
@@ -1115,12 +1119,21 @@ static void drm_dp_add_port(struct drm_d
char proppath[255];
build_mst_prop_path(port, mstb, proppath, sizeof(proppath));
port->connector = (*mstb->mgr->cbs->add_connector)(mstb->mgr, port, proppath);
-
+ if (!port->connector) {
+ /* remove it from the port list */
+ mutex_lock(&mstb->mgr->lock);
+ list_del(&port->next);
+ mutex_unlock(&mstb->mgr->lock);
+ /* drop port list reference */
+ drm_dp_put_port(port);
+ goto out;
+ }
if (port->port_num >= 8) {
port->cached_edid = drm_get_edid(port->connector, &port->aux.ddc);
}
}
+out:
/* put reference to this port */
drm_dp_put_port(port);
}
@@ -2661,7 +2674,7 @@ static void drm_dp_destroy_connector_wor
{
struct drm_dp_mst_topology_mgr *mgr = container_of(work, struct drm_dp_mst_topology_mgr, destroy_connector_work);
struct drm_dp_mst_port *port;
-
+ bool send_hotplug = false;
/*
* Not a regular list traverse as we have to drop the destroy
* connector lock before destroying the connector, to avoid AB->BA
@@ -2684,7 +2697,10 @@ static void drm_dp_destroy_connector_wor
if (!port->input && port->vcpi.vcpi > 0)
drm_dp_mst_put_payload_id(mgr, port->vcpi.vcpi);
kfree(port);
+ send_hotplug = true;
}
+ if (send_hotplug)
+ (*mgr->cbs->hotplug)(mgr);
}
/**
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 152/258] drm/dp/mst: drop cancel work sync in the mstb destroy path (v2)
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 151/258] drm/dp/mst: fixup handling hotplug on port removal Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 153/258] USB: whiteheat: fix potential null-deref at probe Greg Kroah-Hartman
` (97 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Vetter, Dave Airlie
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Airlie <airlied@redhat.com>
commit 274d83524895fe41ca8debae4eec60ede7252bb5 upstream.
Since 9eb1e57f564d4e6e10991402726cc83fe0b9172f
drm/dp/mst: make sure mst_primary mstb is valid in work function
we validate the mstb structs in the work function, and doing
that takes a reference. So we should never get here with the
work function running using the mstb device, only if the work
function hasn't run yet or is running for another mstb.
So we don't need to sync the work here, this was causing
lockdep spew as below.
[ +0.000160] =============================================
[ +0.000001] [ INFO: possible recursive locking detected ]
[ +0.000002] 3.10.0-320.el7.rhel72.stable.backport.3.x86_64.debug #1 Tainted: G W ------------
[ +0.000001] ---------------------------------------------
[ +0.000001] kworker/4:2/1262 is trying to acquire lock:
[ +0.000001] ((&mgr->work)){+.+.+.}, at: [<ffffffff810b29a5>] flush_work+0x5/0x2e0
[ +0.000007]
but task is already holding lock:
[ +0.000001] ((&mgr->work)){+.+.+.}, at: [<ffffffff810b57e4>] process_one_work+0x1b4/0x710
[ +0.000004]
other info that might help us debug this:
[ +0.000001] Possible unsafe locking scenario:
[ +0.000002] CPU0
[ +0.000000] ----
[ +0.000001] lock((&mgr->work));
[ +0.000002] lock((&mgr->work));
[ +0.000001]
*** DEADLOCK ***
[ +0.000001] May be due to missing lock nesting notation
[ +0.000002] 2 locks held by kworker/4:2/1262:
[ +0.000001] #0: (events_long){.+.+.+}, at: [<ffffffff810b57e4>] process_one_work+0x1b4/0x710
[ +0.000004] #1: ((&mgr->work)){+.+.+.}, at: [<ffffffff810b57e4>] process_one_work+0x1b4/0x710
[ +0.000003]
stack backtrace:
[ +0.000003] CPU: 4 PID: 1262 Comm: kworker/4:2 Tainted: G W ------------ 3.10.0-320.el7.rhel72.stable.backport.3.x86_64.debug #1
[ +0.000001] Hardware name: LENOVO 20EGS0R600/20EGS0R600, BIOS GNET71WW (2.19 ) 02/05/2015
[ +0.000008] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper]
[ +0.000001] ffffffff82c26c90 00000000a527b914 ffff88046399bae8 ffffffff816fe04d
[ +0.000004] ffff88046399bb58 ffffffff8110f47f ffff880461438000 0001009b840fc003
[ +0.000002] ffff880461438a98 0000000000000000 0000000804dc26e1 ffffffff824a2c00
[ +0.000003] Call Trace:
[ +0.000004] [<ffffffff816fe04d>] dump_stack+0x19/0x1b
[ +0.000004] [<ffffffff8110f47f>] __lock_acquire+0x115f/0x1250
[ +0.000002] [<ffffffff8110fd49>] lock_acquire+0x99/0x1e0
[ +0.000002] [<ffffffff810b29a5>] ? flush_work+0x5/0x2e0
[ +0.000002] [<ffffffff810b29ee>] flush_work+0x4e/0x2e0
[ +0.000002] [<ffffffff810b29a5>] ? flush_work+0x5/0x2e0
[ +0.000004] [<ffffffff81025905>] ? native_sched_clock+0x35/0x80
[ +0.000002] [<ffffffff81025959>] ? sched_clock+0x9/0x10
[ +0.000002] [<ffffffff810da1f5>] ? local_clock+0x25/0x30
[ +0.000002] [<ffffffff8110dca9>] ? mark_held_locks+0xb9/0x140
[ +0.000003] [<ffffffff810b4ed5>] ? __cancel_work_timer+0x95/0x160
[ +0.000002] [<ffffffff810b4ee8>] __cancel_work_timer+0xa8/0x160
[ +0.000002] [<ffffffff810b4fb0>] cancel_work_sync+0x10/0x20
[ +0.000007] [<ffffffffa0160d17>] drm_dp_destroy_mst_branch_device+0x27/0x120 [drm_kms_helper]
[ +0.000006] [<ffffffffa0163968>] drm_dp_mst_link_probe_work+0x78/0xa0 [drm_kms_helper]
[ +0.000002] [<ffffffff810b5850>] process_one_work+0x220/0x710
[ +0.000002] [<ffffffff810b57e4>] ? process_one_work+0x1b4/0x710
[ +0.000005] [<ffffffff810b5e5b>] worker_thread+0x11b/0x3a0
[ +0.000003] [<ffffffff810b5d40>] ? process_one_work+0x710/0x710
[ +0.000002] [<ffffffff810beced>] kthread+0xed/0x100
[ +0.000003] [<ffffffff810bec00>] ? insert_kthread_work+0x80/0x80
[ +0.000003] [<ffffffff817121d8>] ret_from_fork+0x58/0x90
v2: add flush_work.
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_dp_mst_topology.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
@@ -804,8 +804,6 @@ static void drm_dp_destroy_mst_branch_de
struct drm_dp_mst_port *port, *tmp;
bool wake_tx = false;
- cancel_work_sync(&mstb->mgr->work);
-
/*
* destroy all ports - don't need lock
* as there are no more references to the mst branch
@@ -1991,6 +1989,8 @@ void drm_dp_mst_topology_mgr_suspend(str
drm_dp_dpcd_writeb(mgr->aux, DP_MSTM_CTRL,
DP_MST_EN | DP_UPSTREAM_IS_SRC);
mutex_unlock(&mgr->lock);
+ flush_work(&mgr->work);
+ flush_work(&mgr->destroy_connector_work);
}
EXPORT_SYMBOL(drm_dp_mst_topology_mgr_suspend);
@@ -2753,6 +2753,7 @@ EXPORT_SYMBOL(drm_dp_mst_topology_mgr_in
*/
void drm_dp_mst_topology_mgr_destroy(struct drm_dp_mst_topology_mgr *mgr)
{
+ flush_work(&mgr->work);
flush_work(&mgr->destroy_connector_work);
mutex_lock(&mgr->payload_lock);
kfree(mgr->payloads);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 153/258] USB: whiteheat: fix potential null-deref at probe
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 152/258] drm/dp/mst: drop cancel work sync in the mstb destroy path (v2) Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 154/258] xhci: give command abortion one more chance before killing xhci Greg Kroah-Hartman
` (96 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Moein Ghasemzadeh, Johan Hovold
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit cbb4be652d374f64661137756b8f357a1827d6a4 upstream.
Fix potential null-pointer dereference at probe by making sure that the
required endpoints are present.
The whiteheat driver assumes there are at least five pairs of bulk
endpoints, of which the final pair is used for the "command port". An
attempt to bind to an interface with fewer bulk endpoints would
currently lead to an oops.
Fixes CVE-2015-5257.
Reported-by: Moein Ghasemzadeh <moein@istuary.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/whiteheat.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
--- a/drivers/usb/serial/whiteheat.c
+++ b/drivers/usb/serial/whiteheat.c
@@ -80,6 +80,8 @@ static int whiteheat_firmware_download(
static int whiteheat_firmware_attach(struct usb_serial *serial);
/* function prototypes for the Connect Tech WhiteHEAT serial converter */
+static int whiteheat_probe(struct usb_serial *serial,
+ const struct usb_device_id *id);
static int whiteheat_attach(struct usb_serial *serial);
static void whiteheat_release(struct usb_serial *serial);
static int whiteheat_port_probe(struct usb_serial_port *port);
@@ -116,6 +118,7 @@ static struct usb_serial_driver whitehea
.description = "Connect Tech - WhiteHEAT",
.id_table = id_table_std,
.num_ports = 4,
+ .probe = whiteheat_probe,
.attach = whiteheat_attach,
.release = whiteheat_release,
.port_probe = whiteheat_port_probe,
@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(str
/*****************************************************************************
* Connect Tech's White Heat serial driver functions
*****************************************************************************/
+
+static int whiteheat_probe(struct usb_serial *serial,
+ const struct usb_device_id *id)
+{
+ struct usb_host_interface *iface_desc;
+ struct usb_endpoint_descriptor *endpoint;
+ size_t num_bulk_in = 0;
+ size_t num_bulk_out = 0;
+ size_t min_num_bulk;
+ unsigned int i;
+
+ iface_desc = serial->interface->cur_altsetting;
+
+ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
+ endpoint = &iface_desc->endpoint[i].desc;
+ if (usb_endpoint_is_bulk_in(endpoint))
+ ++num_bulk_in;
+ if (usb_endpoint_is_bulk_out(endpoint))
+ ++num_bulk_out;
+ }
+
+ min_num_bulk = COMMAND_PORT + 1;
+ if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
+ return -ENODEV;
+
+ return 0;
+}
+
static int whiteheat_attach(struct usb_serial *serial)
{
struct usb_serial_port *command_port;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 154/258] xhci: give command abortion one more chance before killing xhci
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 153/258] USB: whiteheat: fix potential null-deref at probe Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 155/258] xhci: Move xhci_pme_quirk() behind #ifdef CONFIG_PM Greg Kroah-Hartman
` (95 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vincent Pelletier, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit a6809ffd1687b3a8c192960e69add559b9d32649 upstream.
We want to give the command abortion an additional try to stop
the command ring before we completely hose xhci.
Tested-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -302,6 +302,15 @@ static int xhci_abort_cmd_ring(struct xh
ret = xhci_handshake(&xhci->op_regs->cmd_ring,
CMD_RING_RUNNING, 0, 5 * 1000 * 1000);
if (ret < 0) {
+ /* we are about to kill xhci, give it one more chance */
+ xhci_write_64(xhci, temp_64 | CMD_RING_ABORT,
+ &xhci->op_regs->cmd_ring);
+ udelay(1000);
+ ret = xhci_handshake(&xhci->op_regs->cmd_ring,
+ CMD_RING_RUNNING, 0, 3 * 1000 * 1000);
+ if (ret == 0)
+ return 0;
+
xhci_err(xhci, "Stopped the command ring failed, "
"maybe the host is dead\n");
xhci->xhc_state |= XHCI_STATE_DYING;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 155/258] xhci: Move xhci_pme_quirk() behind #ifdef CONFIG_PM
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 154/258] xhci: give command abortion one more chance before killing xhci Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 156/258] usb: xhci: lock mutex on xhci_stop Greg Kroah-Hartman
` (94 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tomer Barletz, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomer Barletz <barletz@gmail.com>
commit 2b7627b73e81e5d23d5ae1490fe8e690af86e053 upstream.
xhci_pme_quirk() is only used when CONFIG_PM is defined.
Compiling a kernel without PM complains about this function
[reworded commit message -Mathias]
Signed-off-by: Tomer Barletz <barletz@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 90 ++++++++++++++++++++++----------------------
1 file changed, 45 insertions(+), 45 deletions(-)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -180,51 +180,6 @@ static void xhci_pci_quirks(struct devic
"QUIRK: Resetting on resume");
}
-/*
- * In some Intel xHCI controllers, in order to get D3 working,
- * through a vendor specific SSIC CONFIG register at offset 0x883c,
- * SSIC PORT need to be marked as "unused" before putting xHCI
- * into D3. After D3 exit, the SSIC port need to be marked as "used".
- * Without this change, xHCI might not enter D3 state.
- * Make sure PME works on some Intel xHCI controllers by writing 1 to clear
- * the Internal PME flag bit in vendor specific PMCTRL register at offset 0x80a4
- */
-static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend)
-{
- struct xhci_hcd *xhci = hcd_to_xhci(hcd);
- struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
- u32 val;
- void __iomem *reg;
-
- if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
- pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) {
-
- reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2;
-
- /* Notify SSIC that SSIC profile programming is not done */
- val = readl(reg) & ~PROG_DONE;
- writel(val, reg);
-
- /* Mark SSIC port as unused(suspend) or used(resume) */
- val = readl(reg);
- if (suspend)
- val |= SSIC_PORT_UNUSED;
- else
- val &= ~SSIC_PORT_UNUSED;
- writel(val, reg);
-
- /* Notify SSIC that SSIC profile programming is done */
- val = readl(reg) | PROG_DONE;
- writel(val, reg);
- readl(reg);
- }
-
- reg = (void __iomem *) xhci->cap_regs + 0x80a4;
- val = readl(reg);
- writel(val | BIT(28), reg);
- readl(reg);
-}
-
#ifdef CONFIG_ACPI
static void xhci_pme_acpi_rtd3_enable(struct pci_dev *dev)
{
@@ -345,6 +300,51 @@ static void xhci_pci_remove(struct pci_d
}
#ifdef CONFIG_PM
+/*
+ * In some Intel xHCI controllers, in order to get D3 working,
+ * through a vendor specific SSIC CONFIG register at offset 0x883c,
+ * SSIC PORT need to be marked as "unused" before putting xHCI
+ * into D3. After D3 exit, the SSIC port need to be marked as "used".
+ * Without this change, xHCI might not enter D3 state.
+ * Make sure PME works on some Intel xHCI controllers by writing 1 to clear
+ * the Internal PME flag bit in vendor specific PMCTRL register at offset 0x80a4
+ */
+static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend)
+{
+ struct xhci_hcd *xhci = hcd_to_xhci(hcd);
+ struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
+ u32 val;
+ void __iomem *reg;
+
+ if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
+ pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) {
+
+ reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2;
+
+ /* Notify SSIC that SSIC profile programming is not done */
+ val = readl(reg) & ~PROG_DONE;
+ writel(val, reg);
+
+ /* Mark SSIC port as unused(suspend) or used(resume) */
+ val = readl(reg);
+ if (suspend)
+ val |= SSIC_PORT_UNUSED;
+ else
+ val &= ~SSIC_PORT_UNUSED;
+ writel(val, reg);
+
+ /* Notify SSIC that SSIC profile programming is done */
+ val = readl(reg) | PROG_DONE;
+ writel(val, reg);
+ readl(reg);
+ }
+
+ reg = (void __iomem *) xhci->cap_regs + 0x80a4;
+ val = readl(reg);
+ writel(val | BIT(28), reg);
+ readl(reg);
+}
+
static int xhci_pci_suspend(struct usb_hcd *hcd, bool do_wakeup)
{
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 156/258] usb: xhci: lock mutex on xhci_stop
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 155/258] xhci: Move xhci_pme_quirk() behind #ifdef CONFIG_PM Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 157/258] usb: xhci: Clear XHCI_STATE_DYING on start Greg Kroah-Hartman
` (93 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roger Quadros, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit 85ac90f8953a58f6a057b727bc9db97721e3fb8e upstream.
Else it races with xhci_setup_device
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -677,8 +677,11 @@ void xhci_stop(struct usb_hcd *hcd)
u32 temp;
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
+ mutex_lock(&xhci->mutex);
+
if (!usb_hcd_is_primary_hcd(hcd)) {
xhci_only_stop_hcd(xhci->shared_hcd);
+ mutex_unlock(&xhci->mutex);
return;
}
@@ -717,6 +720,7 @@ void xhci_stop(struct usb_hcd *hcd)
xhci_dbg_trace(xhci, trace_xhci_dbg_init,
"xhci_stop completed - status = %x",
readl(&xhci->op_regs->status));
+ mutex_unlock(&xhci->mutex);
}
/*
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 157/258] usb: xhci: Clear XHCI_STATE_DYING on start
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 156/258] usb: xhci: lock mutex on xhci_stop Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 158/258] usb: xhci: stop everything on the first call to xhci_stop Greg Kroah-Hartman
` (92 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roger Quadros, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit e5bfeab0ad515b4f6df39fe716603e9dc6d3dfd0 upstream.
For whatever reason if XHCI died in the previous instant
then it will never recover on the next xhci_start unless we
clear the DYING flag.
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -146,7 +146,8 @@ static int xhci_start(struct xhci_hcd *x
"waited %u microseconds.\n",
XHCI_MAX_HALT_USEC);
if (!ret)
- xhci->xhc_state &= ~XHCI_STATE_HALTED;
+ xhci->xhc_state &= ~(XHCI_STATE_HALTED | XHCI_STATE_DYING);
+
return ret;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 158/258] usb: xhci: stop everything on the first call to xhci_stop
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 157/258] usb: xhci: Clear XHCI_STATE_DYING on start Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 159/258] usb: xhci: exit early in xhci_setup_device() if were halted or dying Greg Kroah-Hartman
` (91 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roger Quadros, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit 8c24d6d7b09deee3036ddc4f2b81b53b28c8f877 upstream.
xhci_stop will be called twice, once for the shared hcd
and again for the primary hcd.
We stop the XHCI controller in any case so clean up
everything on the first call else we can timeout
waiting for pending requests to complete.
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -655,15 +655,6 @@ int xhci_run(struct usb_hcd *hcd)
}
EXPORT_SYMBOL_GPL(xhci_run);
-static void xhci_only_stop_hcd(struct usb_hcd *hcd)
-{
- struct xhci_hcd *xhci = hcd_to_xhci(hcd);
-
- spin_lock_irq(&xhci->lock);
- xhci_halt(xhci);
- spin_unlock_irq(&xhci->lock);
-}
-
/*
* Stop xHCI driver.
*
@@ -678,15 +669,14 @@ void xhci_stop(struct usb_hcd *hcd)
u32 temp;
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
- mutex_lock(&xhci->mutex);
-
- if (!usb_hcd_is_primary_hcd(hcd)) {
- xhci_only_stop_hcd(xhci->shared_hcd);
- mutex_unlock(&xhci->mutex);
+ if (xhci->xhc_state & XHCI_STATE_HALTED)
return;
- }
+ mutex_lock(&xhci->mutex);
spin_lock_irq(&xhci->lock);
+ xhci->xhc_state |= XHCI_STATE_HALTED;
+ xhci->cmd_ring_state = CMD_RING_STATE_STOPPED;
+
/* Make sure the xHC is halted for a USB3 roothub
* (xhci_stop() could be called as part of failed init).
*/
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 159/258] usb: xhci: exit early in xhci_setup_device() if were halted or dying
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 158/258] usb: xhci: stop everything on the first call to xhci_stop Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 160/258] xhci: change xhci 1.0 only restrictions to support xhci 1.1 Greg Kroah-Hartman
` (90 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roger Quadros, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit 448116bfa856d3c076fa7178ed96661a008a5d45 upstream.
During quick plug/removal of OTG adapter during dual-role testing
it can happen that xhci_alloc_device() is called for the newly
detected device after the DRD library has called xhci_stop to
remove the HCD.
If that is the case, just fail early to prevent the following warning.
[ 154.732649] hub 4-0:1.0: USB hub found
[ 154.742204] hub 4-0:1.0: 1 port detected
[ 154.824458] hub 3-0:1.0: state 7 ports 1 chg 0002 evt 0000
[ 154.854609] hub 4-0:1.0: state 7 ports 1 chg 0000 evt 0000
[ 154.944430] usb 3-1: new high-speed USB device number 2 using xhci-hcd
[ 154.951009] xhci-hcd xhci-hcd.0.auto: xhci_setup_device
[ 155.038191] xhci-hcd xhci-hcd.0.auto: remove, state 4
[ 155.043315] usb usb4: USB disconnect, device number 1
[ 155.055270] xhci-hcd xhci-hcd.0.auto: xhci_stop
[ 155.060094] xhci-hcd xhci-hcd.0.auto: USB bus 4 deregistered
[ 155.066576] xhci-hcd xhci-hcd.0.auto: remove, state 1
[ 155.071710] usb usb3: USB disconnect, device number 1
[ 155.077124] xhci-hcd xhci-hcd.0.auto: xhci_setup_device
[ 155.082389] ------------[ cut here ]------------
[ 155.087690] WARNING: CPU: 0 PID: 72 at drivers/usb/host/xhci.c:3800 xhci_setup_device+0x410/0x484 [xhci_hcd]()
[ 155.097861] Modules linked in: sd_mod usb_storage scsi_mod usb_f_ss_lb g_zero libcomposite ipv6 xhci_plat_hcd xhci_hcd usbcore dwc3 udc_core evdev ti_am335x_adc joydev kfifo_buf industrialio snd_soc_simple_cc
[ 155.146734] CPU: 0 PID: 72 Comm: kworker/0:3 Tainted: G W 4.1.4-00834-gcd9380b-dirty #50
[ 155.156073] Hardware name: Generic AM43 (Flattened Device Tree)
[ 155.162117] Workqueue: usb_hub_wq hub_event [usbcore]
[ 155.167249] Backtrace:
[ 155.169751] [<c0012af0>] (dump_backtrace) from [<c0012c8c>] (show_stack+0x18/0x1c)
[ 155.177390] r6:c089d4a4 r5:ffffffff r4:00000000 r3:ee46c000
[ 155.183137] [<c0012c74>] (show_stack) from [<c05f7c14>] (dump_stack+0x84/0xd0)
[ 155.190446] [<c05f7b90>] (dump_stack) from [<c00439ac>] (warn_slowpath_common+0x80/0xbc)
[ 155.198605] r7:00000009 r6:00000ed8 r5:bf27eb70 r4:00000000
[ 155.204348] [<c004392c>] (warn_slowpath_common) from [<c0043a0c>] (warn_slowpath_null+0x24/0x2c)
[ 155.213202] r8:ee49f000 r7:ee7c0004 r6:00000000 r5:ee7c0158 r4:ee7c0000
[ 155.220051] [<c00439e8>] (warn_slowpath_null) from [<bf27eb70>] (xhci_setup_device+0x410/0x484 [xhci_hcd])
[ 155.229816] [<bf27e760>] (xhci_setup_device [xhci_hcd]) from [<bf27ec10>] (xhci_address_device+0x14/0x18 [xhci_hcd])
[ 155.240415] r10:ee598200 r9:00000001 r8:00000002 r7:00000001 r6:00000003 r5:00000002
[ 155.248363] r4:ee49f000
[ 155.250978] [<bf27ebfc>] (xhci_address_device [xhci_hcd]) from [<bf20cb94>] (hub_port_init+0x1b8/0xa9c [usbcore])
[ 155.261403] [<bf20c9dc>] (hub_port_init [usbcore]) from [<bf2101e0>] (hub_event+0x738/0x1020 [usbcore])
[ 155.270874] r10:ee598200 r9:ee7c0000 r8:ee7c0038 r7:ee518800 r6:ee49f000 r5:00000001
[ 155.278822] r4:00000000
[ 155.281426] [<bf20faa8>] (hub_event [usbcore]) from [<c005754c>] (process_one_work+0x128/0x340)
[ 155.290196] r10:00000000 r9:00000003 r8:00000000 r7:fedfa000 r6:eeec5400 r5:ee598314
[ 155.298151] r4:ee434380
[ 155.300718] [<c0057424>] (process_one_work) from [<c00578f8>] (worker_thread+0x158/0x49c)
[ 155.308963] r10:ee434380 r9:00000003 r8:eeec5400 r7:00000008 r6:ee434398 r5:eeec5400
[ 155.316913] r4:eeec5414
[ 155.319482] [<c00577a0>] (worker_thread) from [<c005cc40>] (kthread+0xdc/0xf8)
[ 155.326765] r10:00000000 r9:00000000 r8:00000000 r7:c00577a0 r6:ee434380 r5:ee4441c0
[ 155.334713] r4:00000000 r3:00000000
[ 155.338341] [<c005cb64>] (kthread) from [<c000fc08>] (ret_from_fork+0x14/0x2c)
[ 155.345626] r7:00000000 r6:00000000 r5:c005cb64 r4:ee4441c0
[ 155.356108] ---[ end trace a58d34c223b190e6 ]---
[ 155.360783] xhci-hcd xhci-hcd.0.auto: Virt dev invalid for slot_id 0x1!
[ 155.574404] xhci-hcd xhci-hcd.0.auto: xhci_setup_device
[ 155.579667] ------------[ cut here ]------------
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3783,6 +3783,9 @@ static int xhci_setup_device(struct usb_
mutex_lock(&xhci->mutex);
+ if (xhci->xhc_state) /* dying or halted */
+ goto out;
+
if (!udev->slot_id) {
xhci_dbg_trace(xhci, trace_xhci_dbg_address,
"Bad Slot ID %d", udev->slot_id);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 160/258] xhci: change xhci 1.0 only restrictions to support xhci 1.1
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 159/258] usb: xhci: exit early in xhci_setup_device() if were halted or dying Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 161/258] xhci: init command timeout timer earlier to avoid deleting it uninitialized Greg Kroah-Hartman
` (89 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit dca7794539eff04b786fb6907186989e5eaaa9c2 upstream.
Some changes between xhci 0.96 and xhci 1.0 specifications forced us to
check the hci version in code, some of these checks were implemented as
hci_version == 1.0, which will not work with new xhci 1.1 controllers.
xhci 1.1 behaves similar to xhci 1.0 in these cases, so change these
checks to hci_version >= 1.0
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-mem.c | 6 +++---
drivers/usb/host/xhci-ring.c | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -1498,10 +1498,10 @@ int xhci_endpoint_init(struct xhci_hcd *
* use Event Data TRBs, and we don't chain in a link TRB on short
* transfers, we're basically dividing by 1.
*
- * xHCI 1.0 specification indicates that the Average TRB Length should
- * be set to 8 for control endpoints.
+ * xHCI 1.0 and 1.1 specification indicates that the Average TRB Length
+ * should be set to 8 for control endpoints.
*/
- if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version == 0x100)
+ if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version >= 0x100)
ep_ctx->tx_info |= cpu_to_le32(AVG_TRB_LENGTH_FOR_EP(8));
else
ep_ctx->tx_info |=
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -3394,8 +3394,8 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *
if (start_cycle == 0)
field |= 0x1;
- /* xHCI 1.0 6.4.1.2.1: Transfer Type field */
- if (xhci->hci_version == 0x100) {
+ /* xHCI 1.0/1.1 6.4.1.2.1: Transfer Type field */
+ if (xhci->hci_version >= 0x100) {
if (urb->transfer_buffer_length > 0) {
if (setup->bRequestType & USB_DIR_IN)
field |= TRB_TX_TYPE(TRB_DATA_IN);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 161/258] xhci: init command timeout timer earlier to avoid deleting it uninitialized
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 160/258] xhci: change xhci 1.0 only restrictions to support xhci 1.1 Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 162/258] usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers Greg Kroah-Hartman
` (88 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oliver Neukum, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit cc8e4fc0c3b5e8340bc8358990515d116a3c274c upstream.
Don't check if timer is running with a timer_pending() before
deleting it with del_timer_sync(), this defies the whole point of
the sync part and can cause a possible race.
Instead we just want to make sure the timer is initialized early enough
before we have a chance to delete it.
Reported-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-mem.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -1792,8 +1792,7 @@ void xhci_mem_cleanup(struct xhci_hcd *x
int size;
int i, j, num_ports;
- if (timer_pending(&xhci->cmd_timer))
- del_timer_sync(&xhci->cmd_timer);
+ del_timer_sync(&xhci->cmd_timer);
/* Free the Event Ring Segment Table and the actual Event Ring */
size = sizeof(struct xhci_erst_entry)*(xhci->erst.num_entries);
@@ -2321,6 +2320,10 @@ int xhci_mem_init(struct xhci_hcd *xhci,
INIT_LIST_HEAD(&xhci->cmd_list);
+ /* init command timeout timer */
+ setup_timer(&xhci->cmd_timer, xhci_handle_command_timeout,
+ (unsigned long)xhci);
+
page_size = readl(&xhci->op_regs->page_size);
xhci_dbg_trace(xhci, trace_xhci_dbg_init,
"Supported page size register = 0x%x", page_size);
@@ -2505,10 +2508,6 @@ int xhci_mem_init(struct xhci_hcd *xhci,
"Wrote ERST address to ir_set 0.");
xhci_print_ir_set(xhci, 0);
- /* init command timeout timer */
- setup_timer(&xhci->cmd_timer, xhci_handle_command_timeout,
- (unsigned long)xhci);
-
/*
* XXX: Might need to set the Interrupter Moderation Register to
* something other than the default (~1ms minimum between interrupts).
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 162/258] usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 161/258] xhci: init command timeout timer earlier to avoid deleting it uninitialized Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 163/258] Initialize msg/shm IPC objects before doing ipc_addid() Greg Kroah-Hartman
` (87 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Reyad Attiyat, Mathias Nyman,
Oliver Neukum
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Reyad Attiyat <reyad.attiyat@gmail.com>
commit 4758dcd19a7d9ba9610b38fecb93f65f56f86346 upstream.
This commit checks for the URB_ZERO_PACKET flag and creates an extra
zero-length td if the urb transfer length is a multiple of the endpoint's
max packet length.
Signed-off-by: Reyad Attiyat <reyad.attiyat@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 66 +++++++++++++++++++++++++++++++++----------
drivers/usb/host/xhci.c | 5 +++
2 files changed, 57 insertions(+), 14 deletions(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -3050,9 +3050,11 @@ static int queue_bulk_sg_tx(struct xhci_
struct xhci_td *td;
struct scatterlist *sg;
int num_sgs;
- int trb_buff_len, this_sg_len, running_total;
+ int trb_buff_len, this_sg_len, running_total, ret;
unsigned int total_packet_count;
+ bool zero_length_needed;
bool first_trb;
+ int last_trb_num;
u64 addr;
bool more_trbs_coming;
@@ -3068,13 +3070,27 @@ static int queue_bulk_sg_tx(struct xhci_
total_packet_count = DIV_ROUND_UP(urb->transfer_buffer_length,
usb_endpoint_maxp(&urb->ep->desc));
- trb_buff_len = prepare_transfer(xhci, xhci->devs[slot_id],
+ ret = prepare_transfer(xhci, xhci->devs[slot_id],
ep_index, urb->stream_id,
num_trbs, urb, 0, mem_flags);
- if (trb_buff_len < 0)
- return trb_buff_len;
+ if (ret < 0)
+ return ret;
urb_priv = urb->hcpriv;
+
+ /* Deal with URB_ZERO_PACKET - need one more td/trb */
+ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET &&
+ urb_priv->length == 2;
+ if (zero_length_needed) {
+ num_trbs++;
+ xhci_dbg(xhci, "Creating zero length td.\n");
+ ret = prepare_transfer(xhci, xhci->devs[slot_id],
+ ep_index, urb->stream_id,
+ 1, urb, 1, mem_flags);
+ if (ret < 0)
+ return ret;
+ }
+
td = urb_priv->td[0];
/*
@@ -3104,6 +3120,7 @@ static int queue_bulk_sg_tx(struct xhci_
trb_buff_len = urb->transfer_buffer_length;
first_trb = true;
+ last_trb_num = zero_length_needed ? 2 : 1;
/* Queue the first TRB, even if it's zero-length */
do {
u32 field = 0;
@@ -3121,12 +3138,15 @@ static int queue_bulk_sg_tx(struct xhci_
/* Chain all the TRBs together; clear the chain bit in the last
* TRB to indicate it's the last TRB in the chain.
*/
- if (num_trbs > 1) {
+ if (num_trbs > last_trb_num) {
field |= TRB_CHAIN;
- } else {
- /* FIXME - add check for ZERO_PACKET flag before this */
+ } else if (num_trbs == last_trb_num) {
td->last_trb = ep_ring->enqueue;
field |= TRB_IOC;
+ } else if (zero_length_needed && num_trbs == 1) {
+ trb_buff_len = 0;
+ urb_priv->td[1]->last_trb = ep_ring->enqueue;
+ field |= TRB_IOC;
}
/* Only set interrupt on short packet for IN endpoints */
@@ -3188,7 +3208,7 @@ static int queue_bulk_sg_tx(struct xhci_
if (running_total + trb_buff_len > urb->transfer_buffer_length)
trb_buff_len =
urb->transfer_buffer_length - running_total;
- } while (running_total < urb->transfer_buffer_length);
+ } while (num_trbs > 0);
check_trb_math(urb, num_trbs, running_total);
giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id,
@@ -3206,7 +3226,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
int num_trbs;
struct xhci_generic_trb *start_trb;
bool first_trb;
+ int last_trb_num;
bool more_trbs_coming;
+ bool zero_length_needed;
int start_cycle;
u32 field, length_field;
@@ -3237,7 +3259,6 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
num_trbs++;
running_total += TRB_MAX_BUFF_SIZE;
}
- /* FIXME: this doesn't deal with URB_ZERO_PACKET - need one more */
ret = prepare_transfer(xhci, xhci->devs[slot_id],
ep_index, urb->stream_id,
@@ -3246,6 +3267,20 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
return ret;
urb_priv = urb->hcpriv;
+
+ /* Deal with URB_ZERO_PACKET - need one more td/trb */
+ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET &&
+ urb_priv->length == 2;
+ if (zero_length_needed) {
+ num_trbs++;
+ xhci_dbg(xhci, "Creating zero length td.\n");
+ ret = prepare_transfer(xhci, xhci->devs[slot_id],
+ ep_index, urb->stream_id,
+ 1, urb, 1, mem_flags);
+ if (ret < 0)
+ return ret;
+ }
+
td = urb_priv->td[0];
/*
@@ -3267,7 +3302,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
trb_buff_len = urb->transfer_buffer_length;
first_trb = true;
-
+ last_trb_num = zero_length_needed ? 2 : 1;
/* Queue the first TRB, even if it's zero-length */
do {
u32 remainder = 0;
@@ -3284,12 +3319,15 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
/* Chain all the TRBs together; clear the chain bit in the last
* TRB to indicate it's the last TRB in the chain.
*/
- if (num_trbs > 1) {
+ if (num_trbs > last_trb_num) {
field |= TRB_CHAIN;
- } else {
- /* FIXME - add check for ZERO_PACKET flag before this */
+ } else if (num_trbs == last_trb_num) {
td->last_trb = ep_ring->enqueue;
field |= TRB_IOC;
+ } else if (zero_length_needed && num_trbs == 1) {
+ trb_buff_len = 0;
+ urb_priv->td[1]->last_trb = ep_ring->enqueue;
+ field |= TRB_IOC;
}
/* Only set interrupt on short packet for IN endpoints */
@@ -3327,7 +3365,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
trb_buff_len = urb->transfer_buffer_length - running_total;
if (trb_buff_len > TRB_MAX_BUFF_SIZE)
trb_buff_len = TRB_MAX_BUFF_SIZE;
- } while (running_total < urb->transfer_buffer_length);
+ } while (num_trbs > 0);
check_trb_math(urb, num_trbs, running_total);
giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id,
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1335,6 +1335,11 @@ int xhci_urb_enqueue(struct usb_hcd *hcd
if (usb_endpoint_xfer_isoc(&urb->ep->desc))
size = urb->number_of_packets;
+ else if (usb_endpoint_is_bulk_out(&urb->ep->desc) &&
+ urb->transfer_buffer_length > 0 &&
+ urb->transfer_flags & URB_ZERO_PACKET &&
+ !(urb->transfer_buffer_length % usb_endpoint_maxp(&urb->ep->desc)))
+ size = 2;
else
size = 1;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 163/258] Initialize msg/shm IPC objects before doing ipc_addid()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 162/258] usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 165/258] thermal: cpu_cooling: dont call kcalloc() under rcu_read_lock Greg Kroah-Hartman
` (86 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Vyukov, Manfred Spraul,
Davidlohr Bueso, Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Torvalds <torvalds@linux-foundation.org>
commit b9a532277938798b53178d5a66af6e2915cb27cf upstream.
As reported by Dmitry Vyukov, we really shouldn't do ipc_addid() before
having initialized the IPC object state. Yes, we initialize the IPC
object in a locked state, but with all the lockless RCU lookup work,
that IPC object lock no longer means that the state cannot be seen.
We already did this for the IPC semaphore code (see commit e8577d1f0329:
"ipc/sem.c: fully initialize sem_array before making it visible") but we
clearly forgot about msg and shm.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
ipc/msg.c | 14 +++++++-------
ipc/shm.c | 13 +++++++------
ipc/util.c | 8 ++++----
3 files changed, 18 insertions(+), 17 deletions(-)
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *
return retval;
}
- /* ipc_addid() locks msq upon success. */
- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
- if (id < 0) {
- ipc_rcu_putref(msq, msg_rcu_free);
- return id;
- }
-
msq->q_stime = msq->q_rtime = 0;
msq->q_ctime = get_seconds();
msq->q_cbytes = msq->q_qnum = 0;
@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *
INIT_LIST_HEAD(&msq->q_receivers);
INIT_LIST_HEAD(&msq->q_senders);
+ /* ipc_addid() locks msq upon success. */
+ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
+ if (id < 0) {
+ ipc_rcu_putref(msq, msg_rcu_free);
+ return id;
+ }
+
ipc_unlock_object(&msq->q_perm);
rcu_read_unlock();
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -551,12 +551,6 @@ static int newseg(struct ipc_namespace *
if (IS_ERR(file))
goto no_file;
- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
- if (id < 0) {
- error = id;
- goto no_id;
- }
-
shp->shm_cprid = task_tgid_vnr(current);
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
@@ -565,6 +559,13 @@ static int newseg(struct ipc_namespace *
shp->shm_nattch = 0;
shp->shm_file = file;
shp->shm_creator = current;
+
+ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
+ if (id < 0) {
+ error = id;
+ goto no_id;
+ }
+
list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist);
/*
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -237,6 +237,10 @@ int ipc_addid(struct ipc_ids *ids, struc
rcu_read_lock();
spin_lock(&new->lock);
+ current_euid_egid(&euid, &egid);
+ new->cuid = new->uid = euid;
+ new->gid = new->cgid = egid;
+
id = idr_alloc(&ids->ipcs_idr, new,
(next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
GFP_NOWAIT);
@@ -249,10 +253,6 @@ int ipc_addid(struct ipc_ids *ids, struc
ids->in_use++;
- current_euid_egid(&euid, &egid);
- new->cuid = new->uid = euid;
- new->gid = new->cgid = egid;
-
if (next_id < 0) {
new->seq = ids->seq++;
if (ids->seq > IPCID_SEQ_MAX)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 165/258] thermal: cpu_cooling: dont call kcalloc() under rcu_read_lock
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 163/258] Initialize msg/shm IPC objects before doing ipc_addid() Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 166/258] thermal: cpu_cooling: free power table on error or when unregistering Greg Kroah-Hartman
` (85 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Rui, Eduardo Valentin,
Javi Merino
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javi Merino <javi.merino@arm.com>
commit 459ac37506d195713b5e82271a2ac44a777e47df upstream.
build_dyn_power_table() allocates the power table while holding
rcu_read_lock. kcalloc using GFP_KERNEL may sleep, so it can't be
called in an RCU read-side path.
Move the rcu protection to the part of the function that really needs
it: the part that handles the dev_pm_opp pointer received from
dev_pm_opp_find_freq_ceil(). In the unlikely case that there is an OPP
added to the cpu while this function is running, return -EAGAIN.
Fixes: c36cf0717631 ("thermal: cpu_cooling: implement the power cooling device API")
Cc: Zhang Rui <rui.zhang@intel.com>
Cc: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Javi Merino <javi.merino@arm.com>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/cpu_cooling.c | 47 ++++++++++++++++++++----------------------
1 file changed, 23 insertions(+), 24 deletions(-)
--- a/drivers/thermal/cpu_cooling.c
+++ b/drivers/thermal/cpu_cooling.c
@@ -262,7 +262,9 @@ static int cpufreq_thermal_notifier(stru
* efficiently. Power is stored in mW, frequency in KHz. The
* resulting table is in ascending order.
*
- * Return: 0 on success, -E* on error.
+ * Return: 0 on success, -EINVAL if there are no OPPs for any CPUs,
+ * -ENOMEM if we run out of memory or -EAGAIN if an OPP was
+ * added/enabled while the function was executing.
*/
static int build_dyn_power_table(struct cpufreq_cooling_device *cpufreq_device,
u32 capacitance)
@@ -270,11 +272,9 @@ static int build_dyn_power_table(struct
struct power_table *power_table;
struct dev_pm_opp *opp;
struct device *dev = NULL;
- int num_opps = 0, cpu, i, ret = 0;
+ int num_opps = 0, cpu, i;
unsigned long freq;
- rcu_read_lock();
-
for_each_cpu(cpu, &cpufreq_device->allowed_cpus) {
dev = get_cpu_device(cpu);
if (!dev) {
@@ -284,24 +284,20 @@ static int build_dyn_power_table(struct
}
num_opps = dev_pm_opp_get_opp_count(dev);
- if (num_opps > 0) {
+ if (num_opps > 0)
break;
- } else if (num_opps < 0) {
- ret = num_opps;
- goto unlock;
- }
+ else if (num_opps < 0)
+ return num_opps;
}
- if (num_opps == 0) {
- ret = -EINVAL;
- goto unlock;
- }
+ if (num_opps == 0)
+ return -EINVAL;
power_table = kcalloc(num_opps, sizeof(*power_table), GFP_KERNEL);
- if (!power_table) {
- ret = -ENOMEM;
- goto unlock;
- }
+ if (!power_table)
+ return -ENOMEM;
+
+ rcu_read_lock();
for (freq = 0, i = 0;
opp = dev_pm_opp_find_freq_ceil(dev, &freq), !IS_ERR(opp);
@@ -309,6 +305,11 @@ static int build_dyn_power_table(struct
u32 freq_mhz, voltage_mv;
u64 power;
+ if (i >= num_opps) {
+ rcu_read_unlock();
+ return -EAGAIN;
+ }
+
freq_mhz = freq / 1000000;
voltage_mv = dev_pm_opp_get_voltage(opp) / 1000;
@@ -326,18 +327,16 @@ static int build_dyn_power_table(struct
power_table[i].power = power;
}
- if (i == 0) {
- ret = PTR_ERR(opp);
- goto unlock;
- }
+ rcu_read_unlock();
+
+ if (i != num_opps)
+ return PTR_ERR(opp);
cpufreq_device->cpu_dev = dev;
cpufreq_device->dyn_power_table = power_table;
cpufreq_device->dyn_power_table_entries = i;
-unlock:
- rcu_read_unlock();
- return ret;
+ return 0;
}
static u32 cpu_freq_to_power(struct cpufreq_cooling_device *cpufreq_device,
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 166/258] thermal: cpu_cooling: free power table on error or when unregistering
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (152 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 165/258] thermal: cpu_cooling: dont call kcalloc() under rcu_read_lock Greg Kroah-Hartman
@ 2015-10-18 1:57 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 167/258] hv: util: checking the wrong variable Greg Kroah-Hartman
` (84 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Rui, Eduardo Valentin,
Javi Merino
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javi Merino <javi.merino@arm.com>
commit eba4f88d5af84e0fcaa5d6eb4fe35a75c47203cb upstream.
The power table is not being freed on error from cpufreq_cooling
register or when unregistering. Free it.
Fixes: c36cf0717631 ("thermal: cpu_cooling: implement the power cooling device API")
Cc: Zhang Rui <rui.zhang@intel.com>
Cc: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Javi Merino <javi.merino@arm.com>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/cpu_cooling.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--- a/drivers/thermal/cpu_cooling.c
+++ b/drivers/thermal/cpu_cooling.c
@@ -272,7 +272,7 @@ static int build_dyn_power_table(struct
struct power_table *power_table;
struct dev_pm_opp *opp;
struct device *dev = NULL;
- int num_opps = 0, cpu, i;
+ int num_opps = 0, cpu, i, ret = 0;
unsigned long freq;
for_each_cpu(cpu, &cpufreq_device->allowed_cpus) {
@@ -307,7 +307,8 @@ static int build_dyn_power_table(struct
if (i >= num_opps) {
rcu_read_unlock();
- return -EAGAIN;
+ ret = -EAGAIN;
+ goto free_power_table;
}
freq_mhz = freq / 1000000;
@@ -329,14 +330,21 @@ static int build_dyn_power_table(struct
rcu_read_unlock();
- if (i != num_opps)
- return PTR_ERR(opp);
+ if (i != num_opps) {
+ ret = PTR_ERR(opp);
+ goto free_power_table;
+ }
cpufreq_device->cpu_dev = dev;
cpufreq_device->dyn_power_table = power_table;
cpufreq_device->dyn_power_table_entries = i;
return 0;
+
+free_power_table:
+ kfree(power_table);
+
+ return ret;
}
static u32 cpu_freq_to_power(struct cpufreq_cooling_device *cpufreq_device,
@@ -846,7 +854,7 @@ __cpufreq_cooling_register(struct device
ret = get_idr(&cpufreq_idr, &cpufreq_dev->id);
if (ret) {
cool_dev = ERR_PTR(ret);
- goto free_table;
+ goto free_power_table;
}
snprintf(dev_name, sizeof(dev_name), "thermal-cpufreq-%d",
@@ -888,6 +896,8 @@ __cpufreq_cooling_register(struct device
remove_idr:
release_idr(&cpufreq_idr, cpufreq_dev->id);
+free_power_table:
+ kfree(cpufreq_dev->dyn_power_table);
free_table:
kfree(cpufreq_dev->freq_table);
free_time_in_idle_timestamp:
@@ -1038,6 +1048,7 @@ void cpufreq_cooling_unregister(struct t
thermal_cooling_device_unregister(cpufreq_dev->cool_dev);
release_idr(&cpufreq_idr, cpufreq_dev->id);
+ kfree(cpufreq_dev->dyn_power_table);
kfree(cpufreq_dev->time_in_idle_timestamp);
kfree(cpufreq_dev->time_in_idle);
kfree(cpufreq_dev->freq_table);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 167/258] hv: util: checking the wrong variable
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (153 preceding siblings ...)
2015-10-18 1:57 ` [PATCH 4.2 166/258] thermal: cpu_cooling: free power table on error or when unregistering Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 168/258] mmc: dw_mmc: handle data blocks > than 4kB if IDMAC is used Greg Kroah-Hartman
` (83 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Vitaly Kuznetsov,
K. Y. Srinivasan
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 9dd6a06430c94299651d74b9ed5ca8396ab8ff1f upstream.
We don't catch this allocation failure because there is a typo and we
check the wrong variable.
Fixes: 14b50f80c32d ('Drivers: hv: util: introduce hv_utils_transport abstraction')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hv/hv_utils_transport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/hv/hv_utils_transport.c
+++ b/drivers/hv/hv_utils_transport.c
@@ -186,7 +186,7 @@ int hvutil_transport_send(struct hvutil_
return -EINVAL;
} else if (hvt->mode == HVUTIL_TRANSPORT_NETLINK) {
cn_msg = kzalloc(sizeof(*cn_msg) + len, GFP_ATOMIC);
- if (!msg)
+ if (!cn_msg)
return -ENOMEM;
cn_msg->id.idx = hvt->cn_id.idx;
cn_msg->id.val = hvt->cn_id.val;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 168/258] mmc: dw_mmc: handle data blocks > than 4kB if IDMAC is used
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (154 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 167/258] hv: util: checking the wrong variable Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 169/258] usb: chipidea: imx: fix a typo for imx6sx Greg Kroah-Hartman
` (82 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Brodkin, Seungwon Jeon,
Jaehoon Chung, Ulf Hansson, arc-linux-dev
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
commit 5959b32e3636f9bfe3f869d1e440bc4a4d660965 upstream.
As per DW MobileStorage databook "each descriptor can transfer up to 4kB
of data in chained mode", moreover buffer size that is put in "des1" is
limited to 13 bits, i.e. for example on attempt to
IDMAC_SET_BUFFER1_SIZE(desc, 8192) size value that's effectively written
will be 0.
On the platform with 8kB PAGE_SIZE I see dw_mmc gets data blocks in
SG-list of 8kB size and that leads to unpredictable behavior of the
SD/MMC controller.
In particular on write to FAT partition of SD-card the controller will
stuck in the middle of DMA transaction.
Solution to the problem is simple - we need to pass large (> 4kB) data
buffers to the controller via multiple descriptors. And that's what
that change does.
What's interesting I did try original driver on same platform but
configured with 4kB PAGE_SIZE and may confirm that data blocks passed
in SG-list to dw_mmc never exeed 4kB limit - that explains why nobody
ever faced a problem I did.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Seungwon Jeon <tgih.jun@samsung.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Ulf Hansson <ulf.hansson@linaro.org>
Cc: arc-linux-dev@synopsys.com
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/dw_mmc.c | 109 +++++++++++++++++++++++++++++-----------------
1 file changed, 71 insertions(+), 38 deletions(-)
--- a/drivers/mmc/host/dw_mmc.c
+++ b/drivers/mmc/host/dw_mmc.c
@@ -99,6 +99,9 @@ struct idmac_desc {
__le32 des3; /* buffer 2 physical address */
};
+
+/* Each descriptor can transfer up to 4KB of data in chained mode */
+#define DW_MCI_DESC_DATA_LENGTH 0x1000
#endif /* CONFIG_MMC_DW_IDMAC */
static bool dw_mci_reset(struct dw_mci *host);
@@ -462,66 +465,96 @@ static void dw_mci_idmac_complete_dma(st
static void dw_mci_translate_sglist(struct dw_mci *host, struct mmc_data *data,
unsigned int sg_len)
{
+ unsigned int desc_len;
int i;
if (host->dma_64bit_address == 1) {
- struct idmac_desc_64addr *desc = host->sg_cpu;
+ struct idmac_desc_64addr *desc_first, *desc_last, *desc;
+
+ desc_first = desc_last = desc = host->sg_cpu;
- for (i = 0; i < sg_len; i++, desc++) {
+ for (i = 0; i < sg_len; i++) {
unsigned int length = sg_dma_len(&data->sg[i]);
u64 mem_addr = sg_dma_address(&data->sg[i]);
- /*
- * Set the OWN bit and disable interrupts for this
- * descriptor
- */
- desc->des0 = IDMAC_DES0_OWN | IDMAC_DES0_DIC |
- IDMAC_DES0_CH;
- /* Buffer length */
- IDMAC_64ADDR_SET_BUFFER1_SIZE(desc, length);
-
- /* Physical address to DMA to/from */
- desc->des4 = mem_addr & 0xffffffff;
- desc->des5 = mem_addr >> 32;
+ for ( ; length ; desc++) {
+ desc_len = (length <= DW_MCI_DESC_DATA_LENGTH) ?
+ length : DW_MCI_DESC_DATA_LENGTH;
+
+ length -= desc_len;
+
+ /*
+ * Set the OWN bit and disable interrupts
+ * for this descriptor
+ */
+ desc->des0 = IDMAC_DES0_OWN | IDMAC_DES0_DIC |
+ IDMAC_DES0_CH;
+
+ /* Buffer length */
+ IDMAC_64ADDR_SET_BUFFER1_SIZE(desc, desc_len);
+
+ /* Physical address to DMA to/from */
+ desc->des4 = mem_addr & 0xffffffff;
+ desc->des5 = mem_addr >> 32;
+
+ /* Update physical address for the next desc */
+ mem_addr += desc_len;
+
+ /* Save pointer to the last descriptor */
+ desc_last = desc;
+ }
}
/* Set first descriptor */
- desc = host->sg_cpu;
- desc->des0 |= IDMAC_DES0_FD;
+ desc_first->des0 |= IDMAC_DES0_FD;
/* Set last descriptor */
- desc = host->sg_cpu + (i - 1) *
- sizeof(struct idmac_desc_64addr);
- desc->des0 &= ~(IDMAC_DES0_CH | IDMAC_DES0_DIC);
- desc->des0 |= IDMAC_DES0_LD;
+ desc_last->des0 &= ~(IDMAC_DES0_CH | IDMAC_DES0_DIC);
+ desc_last->des0 |= IDMAC_DES0_LD;
} else {
- struct idmac_desc *desc = host->sg_cpu;
+ struct idmac_desc *desc_first, *desc_last, *desc;
+
+ desc_first = desc_last = desc = host->sg_cpu;
- for (i = 0; i < sg_len; i++, desc++) {
+ for (i = 0; i < sg_len; i++) {
unsigned int length = sg_dma_len(&data->sg[i]);
u32 mem_addr = sg_dma_address(&data->sg[i]);
- /*
- * Set the OWN bit and disable interrupts for this
- * descriptor
- */
- desc->des0 = cpu_to_le32(IDMAC_DES0_OWN |
- IDMAC_DES0_DIC | IDMAC_DES0_CH);
- /* Buffer length */
- IDMAC_SET_BUFFER1_SIZE(desc, length);
+ for ( ; length ; desc++) {
+ desc_len = (length <= DW_MCI_DESC_DATA_LENGTH) ?
+ length : DW_MCI_DESC_DATA_LENGTH;
+
+ length -= desc_len;
+
+ /*
+ * Set the OWN bit and disable interrupts
+ * for this descriptor
+ */
+ desc->des0 = cpu_to_le32(IDMAC_DES0_OWN |
+ IDMAC_DES0_DIC |
+ IDMAC_DES0_CH);
+
+ /* Buffer length */
+ IDMAC_SET_BUFFER1_SIZE(desc, desc_len);
- /* Physical address to DMA to/from */
- desc->des2 = cpu_to_le32(mem_addr);
+ /* Physical address to DMA to/from */
+ desc->des2 = cpu_to_le32(mem_addr);
+
+ /* Update physical address for the next desc */
+ mem_addr += desc_len;
+
+ /* Save pointer to the last descriptor */
+ desc_last = desc;
+ }
}
/* Set first descriptor */
- desc = host->sg_cpu;
- desc->des0 |= cpu_to_le32(IDMAC_DES0_FD);
+ desc_first->des0 |= cpu_to_le32(IDMAC_DES0_FD);
/* Set last descriptor */
- desc = host->sg_cpu + (i - 1) * sizeof(struct idmac_desc);
- desc->des0 &= cpu_to_le32(~(IDMAC_DES0_CH | IDMAC_DES0_DIC));
- desc->des0 |= cpu_to_le32(IDMAC_DES0_LD);
+ desc_last->des0 &= cpu_to_le32(~(IDMAC_DES0_CH |
+ IDMAC_DES0_DIC));
+ desc_last->des0 |= cpu_to_le32(IDMAC_DES0_LD);
}
wmb();
@@ -2394,7 +2427,7 @@ static int dw_mci_init_slot(struct dw_mc
#ifdef CONFIG_MMC_DW_IDMAC
mmc->max_segs = host->ring_size;
mmc->max_blk_size = 65536;
- mmc->max_seg_size = 0x1000;
+ mmc->max_seg_size = DW_MCI_DESC_DATA_LENGTH;
mmc->max_req_size = mmc->max_seg_size * host->ring_size;
mmc->max_blk_count = mmc->max_req_size / 512;
#else
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 169/258] usb: chipidea: imx: fix a typo for imx6sx
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (155 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 168/258] mmc: dw_mmc: handle data blocks > than 4kB if IDMAC is used Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 170/258] cifs: use server timestamp for ntlmv2 authentication Greg Kroah-Hartman
` (81 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Li Jun, Peter Chen
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Jun <jun.li@freescale.com>
commit 8315b77d72c5f0b18ceb513303d845e73166133c upstream.
Use imx6sx instead of imx6sl's platform flags for imx6sx.
Fixes: e14db48dfcf3 ("usb: chipidea: imx: add runtime power management support")
Signed-off-by: Li Jun <jun.li@freescale.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/chipidea/ci_hdrc_imx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/chipidea/ci_hdrc_imx.c
+++ b/drivers/usb/chipidea/ci_hdrc_imx.c
@@ -56,7 +56,7 @@ static const struct of_device_id ci_hdrc
{ .compatible = "fsl,imx27-usb", .data = &imx27_usb_data},
{ .compatible = "fsl,imx6q-usb", .data = &imx6q_usb_data},
{ .compatible = "fsl,imx6sl-usb", .data = &imx6sl_usb_data},
- { .compatible = "fsl,imx6sx-usb", .data = &imx6sl_usb_data},
+ { .compatible = "fsl,imx6sx-usb", .data = &imx6sx_usb_data},
{ /* sentinel */ }
};
MODULE_DEVICE_TABLE(of, ci_hdrc_imx_dt_ids);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 170/258] cifs: use server timestamp for ntlmv2 authentication
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (156 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 169/258] usb: chipidea: imx: fix a typo for imx6sx Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 171/258] irqchip/atmel-aic5: Use per chip mask caches in mask/unmask() Greg Kroah-Hartman
` (80 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Namjae Jeon, Peter Seiderer,
Steve French
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Seiderer <ps.report@gmx.net>
commit 98ce94c8df762d413b3ecb849e2b966b21606d04 upstream.
Linux cifs mount with ntlmssp against an Mac OS X (Yosemite
10.10.5) share fails in case the clocks differ more than +/-2h:
digest-service: digest-request: od failed with 2 proto=ntlmv2
digest-service: digest-request: kdc failed with -1561745592 proto=ntlmv2
Fix this by (re-)using the given server timestamp for the
ntlmv2 authentication (as Windows 7 does).
A related problem was also reported earlier by Namjae Jaen (see below):
Windows machine has extended security feature which refuse to allow
authentication when there is time difference between server time and
client time when ntlmv2 negotiation is used. This problem is prevalent
in embedded enviornment where system time is set to default 1970.
Modern servers send the server timestamp in the TargetInfo Av_Pair
structure in the challenge message [see MS-NLMP 2.2.2.1]
In [MS-NLMP 3.1.5.1.2] it is explicitly mentioned that the client must
use the server provided timestamp if present OR current time if it is
not
Reported-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsencrypt.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 51 insertions(+), 2 deletions(-)
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -444,6 +444,48 @@ find_domain_name(struct cifs_ses *ses, c
return 0;
}
+/* Server has provided av pairs/target info in the type 2 challenge
+ * packet and we have plucked it and stored within smb session.
+ * We parse that blob here to find the server given timestamp
+ * as part of ntlmv2 authentication (or local current time as
+ * default in case of failure)
+ */
+static __le64
+find_timestamp(struct cifs_ses *ses)
+{
+ unsigned int attrsize;
+ unsigned int type;
+ unsigned int onesize = sizeof(struct ntlmssp2_name);
+ unsigned char *blobptr;
+ unsigned char *blobend;
+ struct ntlmssp2_name *attrptr;
+
+ if (!ses->auth_key.len || !ses->auth_key.response)
+ return 0;
+
+ blobptr = ses->auth_key.response;
+ blobend = blobptr + ses->auth_key.len;
+
+ while (blobptr + onesize < blobend) {
+ attrptr = (struct ntlmssp2_name *) blobptr;
+ type = le16_to_cpu(attrptr->type);
+ if (type == NTLMSSP_AV_EOL)
+ break;
+ blobptr += 2; /* advance attr type */
+ attrsize = le16_to_cpu(attrptr->length);
+ blobptr += 2; /* advance attr size */
+ if (blobptr + attrsize > blobend)
+ break;
+ if (type == NTLMSSP_AV_TIMESTAMP) {
+ if (attrsize == sizeof(u64))
+ return *((__le64 *)blobptr);
+ }
+ blobptr += attrsize; /* advance attr value */
+ }
+
+ return cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
+}
+
static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
const struct nls_table *nls_cp)
{
@@ -641,6 +683,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, c
struct ntlmv2_resp *ntlmv2;
char ntlmv2_hash[16];
unsigned char *tiblob = NULL; /* target info blob */
+ __le64 rsp_timestamp;
if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
if (!ses->domainName) {
@@ -659,6 +702,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, c
}
}
+ /* Must be within 5 minutes of the server (or in range +/-2h
+ * in case of Mac OS X), so simply carry over server timestamp
+ * (as Windows 7 does)
+ */
+ rsp_timestamp = find_timestamp(ses);
+
baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp);
tilen = ses->auth_key.len;
tiblob = ses->auth_key.response;
@@ -675,8 +724,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, c
(ses->auth_key.response + CIFS_SESS_KEY_SIZE);
ntlmv2->blob_signature = cpu_to_le32(0x00000101);
ntlmv2->reserved = 0;
- /* Must be within 5 minutes of the server */
- ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
+ ntlmv2->time = rsp_timestamp;
+
get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
ntlmv2->reserved2 = 0;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 171/258] irqchip/atmel-aic5: Use per chip mask caches in mask/unmask()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (157 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 170/258] cifs: use server timestamp for ntlmv2 authentication Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 172/258] irqchip/gic-v3-its: Add missing cache flushes Greg Kroah-Hartman
` (79 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ludovic Desroches, sasha.levin,
linux-arm-kernel, nicolas.ferre, alexandre.belloni,
boris.brezillon, Wenyou.Yang, jason, marc.zyngier,
Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ludovic Desroches <ludovic.desroches@atmel.com>
commit d32dc9aa10c739363c775baf4499416b2e0dc11f upstream.
When masking/unmasking interrupts, mask_cache is updated and used later
for suspend/resume. Unfortunately, it always was the mask_cache
associated with the first irq chip which was updated. So when performing
resume, only irqs 0-31 could be enabled.
Fixes: b1479ebb7720 ("irqchip: atmel-aic: Add atmel AIC/AIC5 drivers")
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Cc: <sasha.levin@oracle.com>
Cc: <linux-arm-kernel@lists.infradead.org>
Cc: <nicolas.ferre@atmel.com>
Cc: <alexandre.belloni@free-electrons.com>
Cc: <boris.brezillon@free-electrons.com>
Cc: <Wenyou.Yang@atmel.com>
Cc: <jason@lakedaemon.net>
Cc: <marc.zyngier@arm.com>
Link: http://lkml.kernel.org/r/1442843173-2390-1-git-send-email-ludovic.desroches@atmel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-atmel-aic5.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
--- a/drivers/irqchip/irq-atmel-aic5.c
+++ b/drivers/irqchip/irq-atmel-aic5.c
@@ -88,28 +88,36 @@ static void aic5_mask(struct irq_data *d
{
struct irq_domain *domain = d->domain;
struct irq_domain_chip_generic *dgc = domain->gc;
- struct irq_chip_generic *gc = dgc->gc[0];
+ struct irq_chip_generic *bgc = dgc->gc[0];
+ struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
- /* Disable interrupt on AIC5 */
- irq_gc_lock(gc);
+ /*
+ * Disable interrupt on AIC5. We always take the lock of the
+ * first irq chip as all chips share the same registers.
+ */
+ irq_gc_lock(bgc);
irq_reg_writel(gc, d->hwirq, AT91_AIC5_SSR);
irq_reg_writel(gc, 1, AT91_AIC5_IDCR);
gc->mask_cache &= ~d->mask;
- irq_gc_unlock(gc);
+ irq_gc_unlock(bgc);
}
static void aic5_unmask(struct irq_data *d)
{
struct irq_domain *domain = d->domain;
struct irq_domain_chip_generic *dgc = domain->gc;
- struct irq_chip_generic *gc = dgc->gc[0];
+ struct irq_chip_generic *bgc = dgc->gc[0];
+ struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
- /* Enable interrupt on AIC5 */
- irq_gc_lock(gc);
+ /*
+ * Enable interrupt on AIC5. We always take the lock of the
+ * first irq chip as all chips share the same registers.
+ */
+ irq_gc_lock(bgc);
irq_reg_writel(gc, d->hwirq, AT91_AIC5_SSR);
irq_reg_writel(gc, 1, AT91_AIC5_IECR);
gc->mask_cache |= d->mask;
- irq_gc_unlock(gc);
+ irq_gc_unlock(bgc);
}
static int aic5_retrigger(struct irq_data *d)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 172/258] irqchip/gic-v3-its: Add missing cache flushes
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (158 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 171/258] irqchip/atmel-aic5: Use per chip mask caches in mask/unmask() Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 173/258] docs: update HOWTO for 3.x -> 4.x versioning Greg Kroah-Hartman
` (78 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, linux-arm-kernel,
Pavel Fedin, Jason Cooper, Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <marc.zyngier@arm.com>
commit 5a9a8915c8888b615521b17d70a4342187eae60b upstream.
When the ITS is configured for non-cacheable transactions, make sure
that the allocated, zeroed memory is flushed to the Point of
Coherency, allowing the ITS to observe the zeros instead of random
garbage (or even get its own data overwritten by zeros being evicted
from the cache...).
Fixes: 241a386c7dbb "irqchip: gicv3-its: Use non-cacheable accesses when no shareability"
Reported-and-tested-by: Stuart Yoder <stuart.yoder@freescale.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Pavel Fedin <p.fedin@samsung.com>
Cc: Jason Cooper <jason@lakedaemon.net>
Link: http://lkml.kernel.org/r/1442142873-20213-3-git-send-email-marc.zyngier@arm.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-gic-v3-its.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -921,8 +921,10 @@ retry_baser:
* non-cacheable as well.
*/
shr = tmp & GITS_BASER_SHAREABILITY_MASK;
- if (!shr)
+ if (!shr) {
cache = GITS_BASER_nC;
+ __flush_dcache_area(base, alloc_size);
+ }
goto retry_baser;
}
@@ -1163,6 +1165,8 @@ static struct its_device *its_create_dev
return NULL;
}
+ __flush_dcache_area(itt, sz);
+
dev->its = its;
dev->itt = itt;
dev->nr_ites = nr_ites;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 173/258] docs: update HOWTO for 3.x -> 4.x versioning
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (159 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 172/258] irqchip/gic-v3-its: Add missing cache flushes Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 174/258] extcon: Fix signedness bugs about break error handling Greg Kroah-Hartman
` (77 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mario Carrillo, Jonathan Corbet
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Carrillo <mario.alfredo.c.arevalo@intel.com>
commit e4144fe5d47c91c92d36cdbd5f31ed8d6e3a57ab upstream.
The HOWTO document needed updating for the new kernel versioning.
Signed-off-by: Mario Carrillo <mario.alfredo.c.arevalo@intel.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/HOWTO | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
--- a/Documentation/HOWTO
+++ b/Documentation/HOWTO
@@ -218,16 +218,16 @@ The development process
Linux kernel development process currently consists of a few different
main kernel "branches" and lots of different subsystem-specific kernel
branches. These different branches are:
- - main 3.x kernel tree
- - 3.x.y -stable kernel tree
- - 3.x -git kernel patches
+ - main 4.x kernel tree
+ - 4.x.y -stable kernel tree
+ - 4.x -git kernel patches
- subsystem specific kernel trees and patches
- - the 3.x -next kernel tree for integration tests
+ - the 4.x -next kernel tree for integration tests
-3.x kernel tree
+4.x kernel tree
-----------------
-3.x kernels are maintained by Linus Torvalds, and can be found on
-kernel.org in the pub/linux/kernel/v3.x/ directory. Its development
+4.x kernels are maintained by Linus Torvalds, and can be found on
+kernel.org in the pub/linux/kernel/v4.x/ directory. Its development
process is as follows:
- As soon as a new kernel is released a two weeks window is open,
during this period of time maintainers can submit big diffs to
@@ -262,20 +262,20 @@ mailing list about kernel releases:
released according to perceived bug status, not according to a
preconceived timeline."
-3.x.y -stable kernel tree
+4.x.y -stable kernel tree
---------------------------
Kernels with 3-part versions are -stable kernels. They contain
relatively small and critical fixes for security problems or significant
-regressions discovered in a given 3.x kernel.
+regressions discovered in a given 4.x kernel.
This is the recommended branch for users who want the most recent stable
kernel and are not interested in helping test development/experimental
versions.
-If no 3.x.y kernel is available, then the highest numbered 3.x
+If no 4.x.y kernel is available, then the highest numbered 4.x
kernel is the current stable kernel.
-3.x.y are maintained by the "stable" team <stable@vger.kernel.org>, and
+4.x.y are maintained by the "stable" team <stable@vger.kernel.org>, and
are released as needs dictate. The normal release period is approximately
two weeks, but it can be longer if there are no pressing problems. A
security-related problem, instead, can cause a release to happen almost
@@ -285,7 +285,7 @@ The file Documentation/stable_kernel_rul
documents what kinds of changes are acceptable for the -stable tree, and
how the release process works.
-3.x -git patches
+4.x -git patches
------------------
These are daily snapshots of Linus' kernel tree which are managed in a
git repository (hence the name.) These patches are usually released
@@ -317,9 +317,9 @@ revisions to it, and maintainers can mar
accepted, or rejected. Most of these patchwork sites are listed at
http://patchwork.kernel.org/.
-3.x -next kernel tree for integration tests
+4.x -next kernel tree for integration tests
---------------------------------------------
-Before updates from subsystem trees are merged into the mainline 3.x
+Before updates from subsystem trees are merged into the mainline 4.x
tree, they need to be integration-tested. For this purpose, a special
testing repository exists into which virtually all subsystem trees are
pulled on an almost daily basis:
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 174/258] extcon: Fix signedness bugs about break error handling
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (160 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 173/258] docs: update HOWTO for 3.x -> 4.x versioning Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 175/258] extcon: Fix attached value returned by is_extcon_changed Greg Kroah-Hartman
` (76 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Roger Quadros,
Chanwoo Choi
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit a598af7f0279195abffbfb9bf2070457e9c89ff3 upstream.
Unsigned is never less than zero so this error handling won't work.
Fixes: be052cc87745 ('extcon: Fix hang and extcon_get/set_cable_state().')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Roger Quadros <rogerq@ti.com>
[cw00.choi: Change the patch title and fix signedness bug of find_cable_index_by_id() ]
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/extcon/extcon.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -126,7 +126,7 @@ static int find_cable_index_by_id(struct
static int find_cable_id_by_name(struct extcon_dev *edev, const char *name)
{
- unsigned int id = -EINVAL;
+ int id = -EINVAL;
int i = 0;
/* Find the id of extcon cable */
@@ -143,7 +143,7 @@ static int find_cable_id_by_name(struct
static int find_cable_index_by_name(struct extcon_dev *edev, const char *name)
{
- unsigned int id;
+ int id;
if (edev->max_supported == 0)
return -EINVAL;
@@ -378,7 +378,7 @@ EXPORT_SYMBOL_GPL(extcon_get_cable_state
*/
int extcon_get_cable_state(struct extcon_dev *edev, const char *cable_name)
{
- unsigned int id;
+ int id;
id = find_cable_id_by_name(edev, cable_name);
if (id < 0)
@@ -426,7 +426,7 @@ EXPORT_SYMBOL_GPL(extcon_set_cable_state
int extcon_set_cable_state(struct extcon_dev *edev,
const char *cable_name, bool cable_state)
{
- unsigned int id;
+ int id;
id = find_cable_id_by_name(edev, cable_name);
if (id < 0)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 175/258] extcon: Fix attached value returned by is_extcon_changed
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (161 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 174/258] extcon: Fix signedness bugs about break error handling Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 176/258] mtd: pxa3xx_nand: add a default chunk size Greg Kroah-Hartman
` (75 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Chanwoo Choi
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit f4513b065f7dbd37224226ef6e44b09eff742776 upstream.
is_extcon_changed should only check the idx-th bit of new, not
the entirety of new when setting attached.
This fixes extcon sending notifications that a cable was inserted when
it gets removed while another cable is still connected.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/extcon/extcon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -159,7 +159,7 @@ static int find_cable_index_by_name(stru
static bool is_extcon_changed(u32 prev, u32 new, int idx, bool *attached)
{
if (((prev >> idx) & 0x1) != ((new >> idx) & 0x1)) {
- *attached = new ? true : false;
+ *attached = ((new >> idx) & 0x1) ? true : false;
return true;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 176/258] mtd: pxa3xx_nand: add a default chunk size
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (162 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 175/258] extcon: Fix attached value returned by is_extcon_changed Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 177/258] mtd: nand: sunxi: fix sunxi_nand_chips_cleanup() Greg Kroah-Hartman
` (74 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Antoine Tenart, Brian Norris
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Antoine=20T=C3=A9nart?= <antoine.tenart@free-electrons.com>
commit bc3e00f04cc1fe033a289c2fc2e5c73c0168d360 upstream.
When keeping the configuration set by the bootloader (by using
the marvell,nand-keep-config property), the pxa3xx_nand_detect_config()
function is called and set the chunk size to 512 as a default value if
NDCR_PAGE_SZ is not set.
In the other case, when not keeping the bootloader configuration, no
chunk size is set. Fix this by adding a default chunk size of 512.
Fixes: 70ed85232a93 ("mtd: nand: pxa3xx: Introduce multiple page I/O
support")
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Acked-by: Robert Jarzmik <robert.jarzmik@free>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/pxa3xx_nand.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/mtd/nand/pxa3xx_nand.c
+++ b/drivers/mtd/nand/pxa3xx_nand.c
@@ -1473,6 +1473,9 @@ static int pxa3xx_nand_scan(struct mtd_i
if (pdata->keep_config && !pxa3xx_nand_detect_config(info))
goto KEEP_CONFIG;
+ /* Set a default chunk size */
+ info->chunk_size = 512;
+
ret = pxa3xx_nand_sensing(info);
if (ret) {
dev_info(&info->pdev->dev, "There is no chip on cs %d!\n",
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 177/258] mtd: nand: sunxi: fix sunxi_nand_chips_cleanup()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (163 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 176/258] mtd: pxa3xx_nand: add a default chunk size Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 178/258] mtd: nand: sunxi: fix OOB handling in ->write_xxx() functions Greg Kroah-Hartman
` (73 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Priit Laes, Boris Brezillon,
Brian Norris
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris BREZILLON <boris.brezillon@free-electrons.com>
commit 8e375ccda31ccc73b087134e263c48d2114534f4 upstream.
The sunxi_nand_chips_cleanup() function is missing a call to list_del()
which generates a double free error.
Reported-by: Priit Laes <plaes@plaes.org>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Fixes: 1fef62c1423b ("mtd: nand: add sunxi NAND flash controller support")
Tested-by: Priit Laes <plaes@plaes.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/sunxi_nand.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/nand/sunxi_nand.c
+++ b/drivers/mtd/nand/sunxi_nand.c
@@ -1312,6 +1312,7 @@ static void sunxi_nand_chips_cleanup(str
node);
nand_release(&chip->mtd);
sunxi_nand_ecc_cleanup(&chip->nand.ecc);
+ list_del(&chip->node);
}
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 178/258] mtd: nand: sunxi: fix OOB handling in ->write_xxx() functions
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (164 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 177/258] mtd: nand: sunxi: fix sunxi_nand_chips_cleanup() Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 179/258] hpsa: fix an sprintf() overflow in the reset handler Greg Kroah-Hartman
` (72 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Boris Brezillon, Brian Norris
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris BREZILLON <boris.brezillon@free-electrons.com>
commit 03a0e8a7c5ea29b5c4e72dfd64900b47a8fb6f2d upstream.
The USER_DATA register cannot be accessed using byte accessors on A13
SoCs, thus triggering a bug when using memcpy_toio on this register.
Declare an helper macros to convert an OOB buffer into a suitable
USER_DATA value and vice-versa.
This patch also fixes an error in the oob_required logic (some OOB data
are not written even if the user required it) by removing the
oob_required condition, which is perfectly valid since the core already
fill ->oob_poi with FFs when oob_required is false.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Fixes: 1fef62c1423b ("mtd: nand: add sunxi NAND flash controller support")
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/sunxi_nand.c | 26 +++++++++-----------------
1 file changed, 9 insertions(+), 17 deletions(-)
--- a/drivers/mtd/nand/sunxi_nand.c
+++ b/drivers/mtd/nand/sunxi_nand.c
@@ -138,6 +138,10 @@
#define NFC_ECC_MODE GENMASK(15, 12)
#define NFC_RANDOM_SEED GENMASK(30, 16)
+/* NFC_USER_DATA helper macros */
+#define NFC_BUF_TO_USER_DATA(buf) ((buf)[0] | ((buf)[1] << 8) | \
+ ((buf)[2] << 16) | ((buf)[3] << 24))
+
#define NFC_DEFAULT_TIMEOUT_MS 1000
#define NFC_SRAM_SIZE 1024
@@ -632,15 +636,9 @@ static int sunxi_nfc_hw_ecc_write_page(s
offset = layout->eccpos[i * ecc->bytes] - 4 + mtd->writesize;
/* Fill OOB data in */
- if (oob_required) {
- tmp = 0xffffffff;
- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, &tmp,
- 4);
- } else {
- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE,
- chip->oob_poi + offset - mtd->writesize,
- 4);
- }
+ writel(NFC_BUF_TO_USER_DATA(chip->oob_poi +
+ layout->oobfree[i].offset),
+ nfc->regs + NFC_REG_USER_DATA_BASE);
chip->cmdfunc(mtd, NAND_CMD_RNDIN, offset, -1);
@@ -770,14 +768,8 @@ static int sunxi_nfc_hw_syndrome_ecc_wri
offset += ecc->size;
/* Fill OOB data in */
- if (oob_required) {
- tmp = 0xffffffff;
- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, &tmp,
- 4);
- } else {
- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, oob,
- 4);
- }
+ writel(NFC_BUF_TO_USER_DATA(oob),
+ nfc->regs + NFC_REG_USER_DATA_BASE);
tmp = NFC_DATA_TRANS | NFC_DATA_SWAP_METHOD | NFC_ACCESS_DIR |
(1 << 30);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 179/258] hpsa: fix an sprintf() overflow in the reset handler
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (165 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 178/258] mtd: nand: sunxi: fix OOB handling in ->write_xxx() functions Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 180/258] PM / AVS: rockchip-io: depend on CONFIG_POWER_AVS Greg Kroah-Hartman
` (71 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Don Brace,
James Bottomley
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 2dc127bb299d1c7436a08e79193bd0251068356e upstream.
The string "cmd %d RESET FAILED, new lockup detected" is not quite
large enough so the sprintf() will overflow. I have increased the size
of the buffer and also changed the sprintf calls to snprintf.
Fixes: 73153fe533bc ('hpsa: use block layer tag for command allocation')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Don Brace <don.brace@pmcs.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/hpsa.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -5104,7 +5104,7 @@ static int hpsa_eh_device_reset_handler(
int rc;
struct ctlr_info *h;
struct hpsa_scsi_dev_t *dev;
- char msg[40];
+ char msg[48];
/* find the controller to which the command to be aborted was sent */
h = sdev_to_hba(scsicmd->device);
@@ -5122,16 +5122,18 @@ static int hpsa_eh_device_reset_handler(
/* if controller locked up, we can guarantee command won't complete */
if (lockup_detected(h)) {
- sprintf(msg, "cmd %d RESET FAILED, lockup detected",
- hpsa_get_cmd_index(scsicmd));
+ snprintf(msg, sizeof(msg),
+ "cmd %d RESET FAILED, lockup detected",
+ hpsa_get_cmd_index(scsicmd));
hpsa_show_dev_msg(KERN_WARNING, h, dev, msg);
return FAILED;
}
/* this reset request might be the result of a lockup; check */
if (detect_controller_lockup(h)) {
- sprintf(msg, "cmd %d RESET FAILED, new lockup detected",
- hpsa_get_cmd_index(scsicmd));
+ snprintf(msg, sizeof(msg),
+ "cmd %d RESET FAILED, new lockup detected",
+ hpsa_get_cmd_index(scsicmd));
hpsa_show_dev_msg(KERN_WARNING, h, dev, msg);
return FAILED;
}
@@ -5145,7 +5147,8 @@ static int hpsa_eh_device_reset_handler(
/* send a reset to the SCSI LUN which the command was sent to */
rc = hpsa_do_reset(h, dev, dev->scsi3addr, HPSA_RESET_TYPE_LUN,
DEFAULT_REPLY_QUEUE);
- sprintf(msg, "reset %s", rc == 0 ? "completed successfully" : "failed");
+ snprintf(msg, sizeof(msg), "reset %s",
+ rc == 0 ? "completed successfully" : "failed");
hpsa_show_dev_msg(KERN_WARNING, h, dev, msg);
return rc == 0 ? SUCCESS : FAILED;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 180/258] PM / AVS: rockchip-io: depend on CONFIG_POWER_AVS
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (166 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 179/258] hpsa: fix an sprintf() overflow in the reset handler Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 181/258] device property: fix potential NULL pointer dereference Greg Kroah-Hartman
` (70 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiko Stuebner, Kevin Hilman,
Rafael J. Wysocki
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heiko Stuebner <heiko@sntech.de>
commit 28c1f1628ee4b163e615eefe1b6463e3d229a873 upstream.
The rockchip io-domain driver currently only depends on ARCH_ROCKCHIP
itself. This makes it possible to select the power-domain driver, but
not the POWER_AVS class and results in the iodomain-driver not getting
build in this case.
So add the additional dependency, which also results in the driver
config option now being placed nicely into the AVS submenu.
Fixes: 662a958638bd ("PM / AVS: rockchip-io: add driver handling Rockchip io domains")
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Acked-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/power/avs/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/power/avs/Kconfig
+++ b/drivers/power/avs/Kconfig
@@ -13,7 +13,7 @@ menuconfig POWER_AVS
config ROCKCHIP_IODOMAIN
tristate "Rockchip IO domain support"
- depends on ARCH_ROCKCHIP && OF
+ depends on POWER_AVS && ARCH_ROCKCHIP && OF
help
Say y here to enable support io domains on Rockchip SoCs. It is
necessary for the io domain setting of the SoC to match the
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 181/258] device property: fix potential NULL pointer dereference
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (167 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 180/258] PM / AVS: rockchip-io: depend on CONFIG_POWER_AVS Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 182/258] ath10k: fix per-vif queue locking Greg Kroah-Hartman
` (69 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Rafael J. Wysocki
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit ecc87eed7beeb50c0be0b73322d62135277ea2b0 upstream.
In device_add_property_set() we check pset parameter for a NULL, but few lines
later we do a pointer arithmetic without check that will crash kernel in the
set_secondary_fwnode().
Here we check if pset parameter is NULL and return immediately.
Fixes: 16ba08d5c9ec (device property: Introduce firmware node type for platform data)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/property.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/base/property.c
+++ b/drivers/base/property.c
@@ -27,9 +27,10 @@
*/
void device_add_property_set(struct device *dev, struct property_set *pset)
{
- if (pset)
- pset->fwnode.type = FWNODE_PDATA;
+ if (!pset)
+ return;
+ pset->fwnode.type = FWNODE_PDATA;
set_secondary_fwnode(dev, &pset->fwnode);
}
EXPORT_SYMBOL_GPL(device_add_property_set);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 182/258] ath10k: fix per-vif queue locking
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (168 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 181/258] device property: fix potential NULL pointer dereference Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 183/258] ath10k: reject 11b tx fragmentation configuration Greg Kroah-Hartman
` (68 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michal Kazior, Kalle Valo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kazior <michal.kazior@tieto.com>
commit acd0b27bb13a09dd0a56d4562d3eb4137a7318b2 upstream.
Whenever any vdev was supposed to be paused all Tx
queues were stopped (except offchannel) instead of
only these associated with the given vdev.
This caused subtle issues with
multi-channel/multi-vif scenarios, e.g.
authentication of station vif could sometimes fail
depending on fw tx pause request timing.
Fixes: b4aa539dd8f2 ("ath10k: implement tx pause wmi event")
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 47 ++++++++----------------------
drivers/net/wireless/ath/ath10k/mac.h | 6 +--
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 32 +++++++++++++++++---
3 files changed, 44 insertions(+), 41 deletions(-)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -3034,38 +3034,16 @@ static void ath10k_mac_vif_handle_tx_pau
lockdep_assert_held(&ar->htt.tx_lock);
- switch (pause_id) {
- case WMI_TLV_TX_PAUSE_ID_MCC:
- case WMI_TLV_TX_PAUSE_ID_P2P_CLI_NOA:
- case WMI_TLV_TX_PAUSE_ID_P2P_GO_PS:
- case WMI_TLV_TX_PAUSE_ID_AP_PS:
- case WMI_TLV_TX_PAUSE_ID_IBSS_PS:
- switch (action) {
- case WMI_TLV_TX_PAUSE_ACTION_STOP:
- ath10k_mac_vif_tx_lock(arvif, pause_id);
- break;
- case WMI_TLV_TX_PAUSE_ACTION_WAKE:
- ath10k_mac_vif_tx_unlock(arvif, pause_id);
- break;
- default:
- ath10k_warn(ar, "received unknown tx pause action %d on vdev %i, ignoring\n",
- action, arvif->vdev_id);
- break;
- }
+ switch (action) {
+ case WMI_TLV_TX_PAUSE_ACTION_STOP:
+ ath10k_mac_vif_tx_lock(arvif, pause_id);
+ break;
+ case WMI_TLV_TX_PAUSE_ACTION_WAKE:
+ ath10k_mac_vif_tx_unlock(arvif, pause_id);
break;
- case WMI_TLV_TX_PAUSE_ID_AP_PEER_PS:
- case WMI_TLV_TX_PAUSE_ID_AP_PEER_UAPSD:
- case WMI_TLV_TX_PAUSE_ID_STA_ADD_BA:
- case WMI_TLV_TX_PAUSE_ID_HOST:
default:
- /* FIXME: Some pause_ids aren't vdev specific. Instead they
- * target peer_id and tid. Implementing these could improve
- * traffic scheduling fairness across multiple connected
- * stations in AP/IBSS modes.
- */
- ath10k_dbg(ar, ATH10K_DBG_MAC,
- "mac ignoring unsupported tx pause vdev %i id %d\n",
- arvif->vdev_id, pause_id);
+ ath10k_warn(ar, "received unknown tx pause action %d on vdev %i, ignoring\n",
+ action, arvif->vdev_id);
break;
}
}
@@ -3082,12 +3060,15 @@ static void ath10k_mac_handle_tx_pause_i
struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
struct ath10k_mac_tx_pause *arg = data;
+ if (arvif->vdev_id != arg->vdev_id)
+ return;
+
ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
}
-void ath10k_mac_handle_tx_pause(struct ath10k *ar, u32 vdev_id,
- enum wmi_tlv_tx_pause_id pause_id,
- enum wmi_tlv_tx_pause_action action)
+void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
+ enum wmi_tlv_tx_pause_id pause_id,
+ enum wmi_tlv_tx_pause_action action)
{
struct ath10k_mac_tx_pause arg = {
.vdev_id = vdev_id,
--- a/drivers/net/wireless/ath/ath10k/mac.h
+++ b/drivers/net/wireless/ath/ath10k/mac.h
@@ -61,9 +61,9 @@ int ath10k_mac_vif_chan(struct ieee80211
void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb);
void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id);
-void ath10k_mac_handle_tx_pause(struct ath10k *ar, u32 vdev_id,
- enum wmi_tlv_tx_pause_id pause_id,
- enum wmi_tlv_tx_pause_action action);
+void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
+ enum wmi_tlv_tx_pause_id pause_id,
+ enum wmi_tlv_tx_pause_action action);
u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
u8 hw_rate);
--- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
@@ -377,12 +377,34 @@ static int ath10k_wmi_tlv_event_tx_pause
"wmi tlv tx pause pause_id %u action %u vdev_map 0x%08x peer_id %u tid_map 0x%08x\n",
pause_id, action, vdev_map, peer_id, tid_map);
- for (vdev_id = 0; vdev_map; vdev_id++) {
- if (!(vdev_map & BIT(vdev_id)))
- continue;
+ switch (pause_id) {
+ case WMI_TLV_TX_PAUSE_ID_MCC:
+ case WMI_TLV_TX_PAUSE_ID_P2P_CLI_NOA:
+ case WMI_TLV_TX_PAUSE_ID_P2P_GO_PS:
+ case WMI_TLV_TX_PAUSE_ID_AP_PS:
+ case WMI_TLV_TX_PAUSE_ID_IBSS_PS:
+ for (vdev_id = 0; vdev_map; vdev_id++) {
+ if (!(vdev_map & BIT(vdev_id)))
+ continue;
- vdev_map &= ~BIT(vdev_id);
- ath10k_mac_handle_tx_pause(ar, vdev_id, pause_id, action);
+ vdev_map &= ~BIT(vdev_id);
+ ath10k_mac_handle_tx_pause_vdev(ar, vdev_id, pause_id,
+ action);
+ }
+ break;
+ case WMI_TLV_TX_PAUSE_ID_AP_PEER_PS:
+ case WMI_TLV_TX_PAUSE_ID_AP_PEER_UAPSD:
+ case WMI_TLV_TX_PAUSE_ID_STA_ADD_BA:
+ case WMI_TLV_TX_PAUSE_ID_HOST:
+ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac ignoring unsupported tx pause id %d\n",
+ pause_id);
+ break;
+ default:
+ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac ignoring unknown tx pause vdev %d\n",
+ pause_id);
+ break;
}
kfree(tb);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 183/258] ath10k: reject 11b tx fragmentation configuration
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (169 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 182/258] ath10k: fix per-vif queue locking Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 184/258] ath10k: fix peer limit enforcement Greg Kroah-Hartman
` (67 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michal Kazior, Kalle Valo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kazior <michal.kazior@tieto.com>
commit 92092fe528e79c9bd25784ca0ef341d5a1d1b642 upstream.
Even though there's a WMI enum for fragmentation
threshold no known firmware actually implements
it. Moreover it is not possible to rely frame
fragmentation to mac80211 because firmware clears
the "more fragments" bit in frame control making
it impossible for remote devices to reassemble
frames.
Hence implement a dummy callback just to say
fragmentation isn't supported. This effectively
prevents mac80211 from doing frame fragmentation
in software.
This fixes Tx becoming broken after setting
fragmentation threshold.
Fixes: 1010ba4c5d1c ("ath10k: unregister and remove frag_threshold callback")
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -5542,6 +5542,21 @@ static int ath10k_set_rts_threshold(stru
return ret;
}
+static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
+{
+ /* Even though there's a WMI enum for fragmentation threshold no known
+ * firmware actually implements it. Moreover it is not possible to rely
+ * frame fragmentation to mac80211 because firmware clears the "more
+ * fragments" bit in frame control making it impossible for remote
+ * devices to reassemble frames.
+ *
+ * Hence implement a dummy callback just to say fragmentation isn't
+ * supported. This effectively prevents mac80211 from doing frame
+ * fragmentation in software.
+ */
+ return -EOPNOTSUPP;
+}
+
static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
u32 queues, bool drop)
{
@@ -6376,6 +6391,7 @@ static const struct ieee80211_ops ath10k
.remain_on_channel = ath10k_remain_on_channel,
.cancel_remain_on_channel = ath10k_cancel_remain_on_channel,
.set_rts_threshold = ath10k_set_rts_threshold,
+ .set_frag_threshold = ath10k_mac_op_set_frag_threshold,
.flush = ath10k_flush,
.tx_last_beacon = ath10k_tx_last_beacon,
.set_antenna = ath10k_set_antenna,
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 184/258] ath10k: fix peer limit enforcement
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (170 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 183/258] ath10k: reject 11b tx fragmentation configuration Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 185/258] ath10k: wake up offchannel queue properly Greg Kroah-Hartman
` (66 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michal Kazior, Kalle Valo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kazior <michal.kazior@tieto.com>
commit e04cafbc38c70af2aad3810ce24ab0eba8114779 upstream.
Firmware peer entries are involved in internal
firmware vdev structures. This was not accounted
for and could lead firmware to crash due to asking
it to do more than it could.
Fixes: 039a0051ec1a ("ath10k: allocate fw resources for iface combinations")
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -591,11 +591,19 @@ ath10k_mac_get_any_chandef_iter(struct i
static int ath10k_peer_create(struct ath10k *ar, u32 vdev_id, const u8 *addr,
enum wmi_peer_type peer_type)
{
+ struct ath10k_vif *arvif;
+ int num_peers = 0;
int ret;
lockdep_assert_held(&ar->conf_mutex);
- if (ar->num_peers >= ar->max_num_peers)
+ num_peers = ar->num_peers;
+
+ /* Each vdev consumes a peer entry as well */
+ list_for_each_entry(arvif, &ar->arvifs, list)
+ num_peers++;
+
+ if (num_peers >= ar->max_num_peers)
return -ENOBUFS;
ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
@@ -4061,6 +4069,11 @@ static int ath10k_add_interface(struct i
sizeof(arvif->bitrate_mask.control[i].vht_mcs));
}
+ if (ar->num_peers >= ar->max_num_peers) {
+ ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
+ return -ENOBUFS;
+ }
+
if (ar->free_vdev_map == 0) {
ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
ret = -EBUSY;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 185/258] ath10k: wake up offchannel queue properly
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (171 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 184/258] ath10k: fix peer limit enforcement Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 186/258] ath10k: wake up queue upon vif creation Greg Kroah-Hartman
` (65 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michal Kazior, Kalle Valo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kazior <michal.kazior@tieto.com>
commit 3a73d1a6f22bf13044056543ad43b2a304ee0022 upstream.
Once HTT Tx queue got full offchannel queue was
stopped and never woken up again. This broke, e.g.
P2P. This could be reproduced after running a lot
of traffic enough to saturate 100% of the driver
Tx queue and then trying to send offchannel
traffic.
Fixes: 96d828d45e16 ("ath10k: rework tx queue locking")
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -3003,6 +3003,8 @@ void ath10k_mac_tx_unlock(struct ath10k
IEEE80211_IFACE_ITER_RESUME_ALL,
ath10k_mac_tx_unlock_iter,
ar);
+
+ ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
}
void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 186/258] ath10k: wake up queue upon vif creation
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (172 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 185/258] ath10k: wake up offchannel queue properly Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 187/258] pcmcia: sa11x0: fix missing clk_put() in sa11x0 socket drivers Greg Kroah-Hartman
` (64 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michal Kazior, Kalle Valo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kazior <michal.kazior@tieto.com>
commit 6d2d51ecfff13f5f6ffc476dccf4d5b2668072eb upstream.
Vif's vdev_id is used as queue number. However due
to the tx pausing design in ath10k it was possible
for a new interface to be created with its tx
queue stopped (via ieee80211_stop_queues). This
could in turn leave the interface inoperable until
ath10k_mac_tx_unlock() was called.
This problem only affected multi-vif scenarios when
new interfaces were created some time later after
other interfaces have been running for some time
and had Tx queue full at some point prior.
Possible manifestation of the bug was
authentication timeout for a client vif.
Fixes: 96d828d45e16 ("ath10k: rework tx queue locking")
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -4283,6 +4283,11 @@ static int ath10k_add_interface(struct i
}
}
+ spin_lock_bh(&ar->htt.tx_lock);
+ if (!ar->tx_paused)
+ ieee80211_wake_queue(ar->hw, arvif->vdev_id);
+ spin_unlock_bh(&ar->htt.tx_lock);
+
mutex_unlock(&ar->conf_mutex);
return 0;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 187/258] pcmcia: sa11x0: fix missing clk_put() in sa11x0 socket drivers
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (173 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 186/258] ath10k: wake up queue upon vif creation Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 188/258] ipr: Enable SIS pipe commands for SIS-32 devices Greg Kroah-Hartman
` (63 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Russell King
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell King <rmk+kernel@arm.linux.org.uk>
commit 72010aca55264cfe6516a955066c846d3885b0c6 upstream.
Fix the lack of clk_put() in sa11xx_base.c's error cleanup paths by
converting the driver to the devm_* API.
Fixes: 86d88bfca475 ("ARM: 8247/2: pcmcia: sa1100: make use of device clock")
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pcmcia/sa1100_generic.c | 1 -
drivers/pcmcia/sa11xx_base.c | 3 +--
2 files changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/pcmcia/sa1100_generic.c
+++ b/drivers/pcmcia/sa1100_generic.c
@@ -93,7 +93,6 @@ static int sa11x0_drv_pcmcia_remove(stru
for (i = 0; i < sinfo->nskt; i++)
soc_pcmcia_remove_one(&sinfo->skt[i]);
- clk_put(sinfo->clk);
kfree(sinfo);
return 0;
}
--- a/drivers/pcmcia/sa11xx_base.c
+++ b/drivers/pcmcia/sa11xx_base.c
@@ -222,7 +222,7 @@ int sa11xx_drv_pcmcia_probe(struct devic
int i, ret = 0;
struct clk *clk;
- clk = clk_get(dev, NULL);
+ clk = devm_clk_get(dev, NULL);
if (IS_ERR(clk))
return PTR_ERR(clk);
@@ -251,7 +251,6 @@ int sa11xx_drv_pcmcia_probe(struct devic
if (ret) {
while (--i >= 0)
soc_pcmcia_remove_one(&sinfo->skt[i]);
- clk_put(clk);
kfree(sinfo);
} else {
dev_set_drvdata(dev, sinfo);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 188/258] ipr: Enable SIS pipe commands for SIS-32 devices.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (174 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 187/258] pcmcia: sa11x0: fix missing clk_put() in sa11x0 socket drivers Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 189/258] regmap: debugfs: Ensure we dont underflow when printing access masks Greg Kroah-Hartman
` (62 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gabriel Krisman Bertazi, Wen Xiong,
Brian King, James Bottomley
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
commit e35d7f27fbd51a09a41a5439e39f22a3d102c00b upstream.
Remove unnecessary check that disabled SIS pipe commands for SIS-32
devices. This change was sufficient to enable raw mode and send SIS
pipe commands for a 57B3 device.
Fixes: f8ee25d7d239 ("ipr: AF DASD raw mode implementation in ipr driver")
Signed-off-by: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
Reviewed-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Acked-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/ipr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
@@ -4554,7 +4554,7 @@ static ssize_t ipr_store_raw_mode(struct
spin_lock_irqsave(ioa_cfg->host->host_lock, lock_flags);
res = (struct ipr_resource_entry *)sdev->hostdata;
if (res) {
- if (ioa_cfg->sis64 && ipr_is_af_dasd_device(res)) {
+ if (ipr_is_af_dasd_device(res)) {
res->raw_mode = simple_strtoul(buf, NULL, 10);
len = strlen(buf);
if (res->sdev)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 189/258] regmap: debugfs: Ensure we dont underflow when printing access masks
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (175 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 188/258] ipr: Enable SIS pipe commands for SIS-32 devices Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 190/258] regmap: debugfs: Dont bother actually printing when calculating max length Greg Kroah-Hartman
` (61 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rasmus Villemoes, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@kernel.org>
commit b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 upstream.
If a read is attempted which is smaller than the line length then we may
underflow the subtraction we're doing with the unsigned size_t type so
move some of the calculation to be additions on the right hand side
instead in order to avoid this.
Reported-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/regmap/regmap-debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/base/regmap/regmap-debugfs.c
+++ b/drivers/base/regmap/regmap-debugfs.c
@@ -432,7 +432,7 @@ static ssize_t regmap_access_read_file(s
/* If we're in the region the user is trying to read */
if (p >= *ppos) {
/* ...but not beyond it */
- if (buf_pos >= count - 1 - tot_len)
+ if (buf_pos + tot_len + 1 >= count)
break;
/* Format the register */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 190/258] regmap: debugfs: Dont bother actually printing when calculating max length
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (176 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 189/258] regmap: debugfs: Ensure we dont underflow when printing access masks Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 191/258] security: fix typo in security_task_prctl Greg Kroah-Hartman
` (60 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rasmus Villemoes, Mark Brown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@kernel.org>
commit 176fc2d5770a0990eebff903ba680d2edd32e718 upstream.
The in kernel snprintf() will conveniently return the actual length of
the printed string even if not given an output beffer at all so just do
that rather than relying on the user to pass in a suitable buffer,
ensuring that we don't need to worry if the buffer was truncated due to
the size of the buffer passed in.
Reported-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/regmap/regmap-debugfs.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/base/regmap/regmap-debugfs.c
+++ b/drivers/base/regmap/regmap-debugfs.c
@@ -32,8 +32,7 @@ static DEFINE_MUTEX(regmap_debugfs_early
/* Calculate the length of a fixed format */
static size_t regmap_calc_reg_len(int max_val, char *buf, size_t buf_size)
{
- snprintf(buf, buf_size, "%x", max_val);
- return strlen(buf);
+ return snprintf(NULL, 0, "%x", max_val);
}
static ssize_t regmap_name_read_file(struct file *file,
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 191/258] security: fix typo in security_task_prctl
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (177 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 190/258] regmap: debugfs: Dont bother actually printing when calculating max length Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 192/258] usb: musb: dsps: fix polling in device-only mode Greg Kroah-Hartman
` (59 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jann Horn, Andy Lutomirski,
Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jann@thejh.net>
commit b7f76ea2ef6739ee484a165ffbac98deb855d3d3 upstream.
Signed-off-by: Jann Horn <jann@thejh.net>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/security.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -946,7 +946,7 @@ static inline int security_task_prctl(in
unsigned long arg4,
unsigned long arg5)
{
- return cap_task_prctl(option, arg2, arg3, arg3, arg5);
+ return cap_task_prctl(option, arg2, arg3, arg4, arg5);
}
static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 192/258] usb: musb: dsps: fix polling in device-only mode
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (178 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 191/258] security: fix typo in security_task_prctl Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 193/258] usb: chipidea: udc: using the correct stall implementation Greg Kroah-Hartman
` (58 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bin Liu, Felipe Balbi
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bin Liu <b-liu@ti.com>
commit b8239dcc03afbd0886c1d9b91ba8fee7c6c9a6cb upstream.
Fix the regression caused by commit ad78c918602 ("usb: musb: dsps: just
start polling already") which causes polling the ID pin status even in
device-only mode.
Fixes: ad78c918602c ("usb: musb: dsps: just start polling already")
Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_dsps.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/usb/musb/musb_dsps.c
+++ b/drivers/usb/musb/musb_dsps.c
@@ -225,8 +225,11 @@ static void dsps_musb_enable(struct musb
dsps_writel(reg_base, wrp->epintr_set, epmask);
dsps_writel(reg_base, wrp->coreintr_set, coremask);
- /* start polling for ID change. */
- mod_timer(&glue->timer, jiffies + msecs_to_jiffies(wrp->poll_timeout));
+ /* start polling for ID change in dual-role idle mode */
+ if (musb->xceiv->otg->state == OTG_STATE_B_IDLE &&
+ musb->port_mode == MUSB_PORT_MODE_DUAL_ROLE)
+ mod_timer(&glue->timer, jiffies +
+ msecs_to_jiffies(wrp->poll_timeout));
dsps_musb_try_idle(musb, 0);
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 193/258] usb: chipidea: udc: using the correct stall implementation
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (179 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 192/258] usb: musb: dsps: fix polling in device-only mode Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 194/258] usb: Use the USB_SS_MULT() macro to get the burst multiplier Greg Kroah-Hartman
` (57 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Felipe Balbi, Peter Chen
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Chen <peter.chen@freescale.com>
commit 56ffa1d154c7e12af16273f0cdc42690dd05caf5 upstream.
According to spec, there are functional and protocol stalls.
For functional stall, it is for bulk and interrupt endpoints,
below are cases for it:
- Host sends SET_FEATURE request for Set-Halt, the udc driver
needs to set stall, and return true unconditionally.
- The gadget driver may call usb_ep_set_halt to stall certain
endpoints, if there is a transfer in pending, the udc driver
should not set stall, and return -EAGAIN accordingly.
These two kinds of stall need to be cleared by host using CLEAR_FEATURE
request (Clear-Halt).
For protocol stall, it is for control endpoint, this stall will
be set if the control request has failed. This stall will be
cleared by next setup request (hardware will do it).
It fixed usbtest (drivers/usb/misc/usbtest.c) Test 13 "set/clear halt"
test failure, meanwhile, this change has been verified by
USB2 CV Compliance Test and MSC Tests.
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Felipe Balbi <balbi@ti.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/chipidea/udc.c | 84 +++++++++++++++++++++++----------------------
1 file changed, 44 insertions(+), 40 deletions(-)
--- a/drivers/usb/chipidea/udc.c
+++ b/drivers/usb/chipidea/udc.c
@@ -656,6 +656,44 @@ __acquires(hwep->lock)
return 0;
}
+static int _ep_set_halt(struct usb_ep *ep, int value, bool check_transfer)
+{
+ struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
+ int direction, retval = 0;
+ unsigned long flags;
+
+ if (ep == NULL || hwep->ep.desc == NULL)
+ return -EINVAL;
+
+ if (usb_endpoint_xfer_isoc(hwep->ep.desc))
+ return -EOPNOTSUPP;
+
+ spin_lock_irqsave(hwep->lock, flags);
+
+ if (value && hwep->dir == TX && check_transfer &&
+ !list_empty(&hwep->qh.queue) &&
+ !usb_endpoint_xfer_control(hwep->ep.desc)) {
+ spin_unlock_irqrestore(hwep->lock, flags);
+ return -EAGAIN;
+ }
+
+ direction = hwep->dir;
+ do {
+ retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value);
+
+ if (!value)
+ hwep->wedge = 0;
+
+ if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
+ hwep->dir = (hwep->dir == TX) ? RX : TX;
+
+ } while (hwep->dir != direction);
+
+ spin_unlock_irqrestore(hwep->lock, flags);
+ return retval;
+}
+
+
/**
* _gadget_stop_activity: stops all USB activity, flushes & disables all endpts
* @gadget: gadget
@@ -1051,7 +1089,7 @@ __acquires(ci->lock)
num += ci->hw_ep_max / 2;
spin_unlock(&ci->lock);
- err = usb_ep_set_halt(&ci->ci_hw_ep[num].ep);
+ err = _ep_set_halt(&ci->ci_hw_ep[num].ep, 1, false);
spin_lock(&ci->lock);
if (!err)
isr_setup_status_phase(ci);
@@ -1110,8 +1148,8 @@ delegate:
if (err < 0) {
spin_unlock(&ci->lock);
- if (usb_ep_set_halt(&hwep->ep))
- dev_err(ci->dev, "error: ep_set_halt\n");
+ if (_ep_set_halt(&hwep->ep, 1, false))
+ dev_err(ci->dev, "error: _ep_set_halt\n");
spin_lock(&ci->lock);
}
}
@@ -1142,9 +1180,9 @@ __acquires(ci->lock)
err = isr_setup_status_phase(ci);
if (err < 0) {
spin_unlock(&ci->lock);
- if (usb_ep_set_halt(&hwep->ep))
+ if (_ep_set_halt(&hwep->ep, 1, false))
dev_err(ci->dev,
- "error: ep_set_halt\n");
+ "error: _ep_set_halt\n");
spin_lock(&ci->lock);
}
}
@@ -1390,41 +1428,7 @@ static int ep_dequeue(struct usb_ep *ep,
*/
static int ep_set_halt(struct usb_ep *ep, int value)
{
- struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
- int direction, retval = 0;
- unsigned long flags;
-
- if (ep == NULL || hwep->ep.desc == NULL)
- return -EINVAL;
-
- if (usb_endpoint_xfer_isoc(hwep->ep.desc))
- return -EOPNOTSUPP;
-
- spin_lock_irqsave(hwep->lock, flags);
-
-#ifndef STALL_IN
- /* g_file_storage MS compliant but g_zero fails chapter 9 compliance */
- if (value && hwep->type == USB_ENDPOINT_XFER_BULK && hwep->dir == TX &&
- !list_empty(&hwep->qh.queue)) {
- spin_unlock_irqrestore(hwep->lock, flags);
- return -EAGAIN;
- }
-#endif
-
- direction = hwep->dir;
- do {
- retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value);
-
- if (!value)
- hwep->wedge = 0;
-
- if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
- hwep->dir = (hwep->dir == TX) ? RX : TX;
-
- } while (hwep->dir != direction);
-
- spin_unlock_irqrestore(hwep->lock, flags);
- return retval;
+ return _ep_set_halt(ep, value, true);
}
/**
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 194/258] usb: Use the USB_SS_MULT() macro to get the burst multiplier.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (180 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 193/258] usb: chipidea: udc: using the correct stall implementation Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 195/258] usb: phy: phy-generic: Fix reset behaviour on legacy boot Greg Kroah-Hartman
` (56 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathias Nyman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit ff30cbc8da425754e8ab96904db1d295bd034f27 upstream.
Bits 1:0 of the bmAttributes are used for the burst multiplier.
The rest of the bits used to be reserved (zero), but USB3.1 takes bit 7
into use.
Use the existing USB_SS_MULT() macro instead to make sure the mult value
and hence max packet calculations are correct for USB3.1 devices.
Note that burst multiplier in bmAttributes is zero based and that
the USB_SS_MULT() macro adds one.
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/config.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -112,7 +112,7 @@ static void usb_parse_ss_endpoint_compan
cfgno, inum, asnum, ep->desc.bEndpointAddress);
ep->ss_ep_comp.bmAttributes = 16;
} else if (usb_endpoint_xfer_isoc(&ep->desc) &&
- desc->bmAttributes > 2) {
+ USB_SS_MULT(desc->bmAttributes) > 3) {
dev_warn(ddev, "Isoc endpoint has Mult of %d in "
"config %d interface %d altsetting %d ep %d: "
"setting to 3\n", desc->bmAttributes + 1,
@@ -121,7 +121,8 @@ static void usb_parse_ss_endpoint_compan
}
if (usb_endpoint_xfer_isoc(&ep->desc))
- max_tx = (desc->bMaxBurst + 1) * (desc->bmAttributes + 1) *
+ max_tx = (desc->bMaxBurst + 1) *
+ (USB_SS_MULT(desc->bmAttributes)) *
usb_endpoint_maxp(&ep->desc);
else if (usb_endpoint_xfer_int(&ep->desc))
max_tx = usb_endpoint_maxp(&ep->desc) *
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 195/258] usb: phy: phy-generic: Fix reset behaviour on legacy boot
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (181 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 194/258] usb: Use the USB_SS_MULT() macro to get the burst multiplier Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 196/258] usb: musb: cppi41: allow it to work again Greg Kroah-Hartman
` (55 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Roger Quadros,
Felipe Balbi
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit 762982db33b23029e98c844611e2e8beeb75bc0d upstream.
The gpio-desc migration done in v4.0 caused a regression
with legacy boots due to reversed reset logic.
e.g. omap3-beagle USB host breaks on legacy boot.
Request the reset GPIO with GPIOF_ACTIVE_LOW flag so that
it matches the driver logic and pin behaviour.
Fixes: e9f2cefb0cdc ("usb: phy: generic: migrate to gpio_desc")
Tested-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/phy/phy-generic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/phy/phy-generic.c
+++ b/drivers/usb/phy/phy-generic.c
@@ -230,7 +230,8 @@ int usb_phy_gen_create_phy(struct device
clk_rate = pdata->clk_rate;
needs_vcc = pdata->needs_vcc;
if (gpio_is_valid(pdata->gpio_reset)) {
- err = devm_gpio_request_one(dev, pdata->gpio_reset, 0,
+ err = devm_gpio_request_one(dev, pdata->gpio_reset,
+ GPIOF_ACTIVE_LOW,
dev_name(dev));
if (!err)
nop->gpiod_reset =
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 196/258] usb: musb: cppi41: allow it to work again
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (182 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 195/258] usb: phy: phy-generic: Fix reset behaviour on legacy boot Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 197/258] USB: chaoskey read offset bug Greg Kroah-Hartman
` (54 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felipe Balbi
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felipe Balbi <balbi@ti.com>
commit b0a688ddcc5015eb26000c63841db7c46cfb380a upstream.
since commit 33c300cb90a6 ("usb: musb: dsps:
don't fake of_node to musb core") we have been
preventing CPPI 4.1 from probing due to NULL
of_node. We can't revert said commit otherwise
a different regression would show up, so the fix
is to look for the parent device's (glue layer's)
of_node instead, since that's the thing which
is actually described in DTS.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_cppi41.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/musb/musb_cppi41.c
+++ b/drivers/usb/musb/musb_cppi41.c
@@ -614,7 +614,7 @@ static int cppi41_dma_controller_start(s
{
struct musb *musb = controller->musb;
struct device *dev = musb->controller;
- struct device_node *np = dev->of_node;
+ struct device_node *np = dev->parent->of_node;
struct cppi41_dma_channel *cppi41_channel;
int count;
int i;
@@ -664,7 +664,7 @@ static int cppi41_dma_controller_start(s
musb_dma->status = MUSB_DMA_STATUS_FREE;
musb_dma->max_len = SZ_4M;
- dc = dma_request_slave_channel(dev, str);
+ dc = dma_request_slave_channel(dev->parent, str);
if (!dc) {
dev_err(dev, "Failed to request %s.\n", str);
ret = -EPROBE_DEFER;
@@ -695,7 +695,7 @@ cppi41_dma_controller_create(struct musb
struct cppi41_dma_controller *controller;
int ret = 0;
- if (!musb->controller->of_node) {
+ if (!musb->controller->parent->of_node) {
dev_err(musb->controller, "Need DT for the DMA engine.\n");
return NULL;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 197/258] USB: chaoskey read offset bug
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (183 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 196/258] usb: musb: cppi41: allow it to work again Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 198/258] usb: Add device quirk for Logitech PTZ cameras Greg Kroah-Hartman
` (53 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Inyukhin
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Inyukhin <shurick@sectorb.msk.ru>
commit 1d5c47f555c5ae050fad22e4a99f88856cae5d05 upstream.
Rng reads in chaoskey driver could return the same data under
the certain conditions.
Signed-off-by: Alexander Inyukhin <shurick@sectorb.msk.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/misc/chaoskey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/misc/chaoskey.c
+++ b/drivers/usb/misc/chaoskey.c
@@ -472,7 +472,7 @@ static int chaoskey_rng_read(struct hwrn
if (this_time > max)
this_time = max;
- memcpy(data, dev->buf, this_time);
+ memcpy(data, dev->buf + dev->used, this_time);
dev->used += this_time;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 198/258] usb: Add device quirk for Logitech PTZ cameras
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (184 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 197/258] USB: chaoskey read offset bug Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 199/258] USB: Add reset-resume quirk for two Plantronics usb headphones Greg Kroah-Hartman
` (52 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vincent Palatin
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vincent Palatin <vpalatin@chromium.org>
commit 72194739f54607bbf8cfded159627a2015381557 upstream.
Add a device quirk for the Logitech PTZ Pro Camera and its sibling the
ConferenceCam CC3000e Camera.
This fixes the failed camera enumeration on some boot, particularly on
machines with fast CPU.
Tested by connecting a Logitech PTZ Pro Camera to a machine with a
Haswell Core i7-4600U CPU @ 2.10GHz, and doing thousands of reboot cycles
while recording the kernel logs and taking camera picture after each boot.
Before the patch, more than 7% of the boots show some enumeration transfer
failures and in a few of them, the kernel is giving up before actually
enumerating the webcam. After the patch, the enumeration has been correct
on every reboot.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -54,6 +54,13 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT },
{ USB_DEVICE(0x046d, 0x0843), .driver_info = USB_QUIRK_DELAY_INIT },
+ /* Logitech ConferenceCam CC3000e */
+ { USB_DEVICE(0x046d, 0x0847), .driver_info = USB_QUIRK_DELAY_INIT },
+ { USB_DEVICE(0x046d, 0x0848), .driver_info = USB_QUIRK_DELAY_INIT },
+
+ /* Logitech PTZ Pro Camera */
+ { USB_DEVICE(0x046d, 0x0853), .driver_info = USB_QUIRK_DELAY_INIT },
+
/* Logitech Quickcam Fusion */
{ USB_DEVICE(0x046d, 0x08c1), .driver_info = USB_QUIRK_RESET_RESUME },
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 199/258] USB: Add reset-resume quirk for two Plantronics usb headphones.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (185 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 198/258] usb: Add device quirk for Logitech PTZ cameras Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 200/258] crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests Greg Kroah-Hartman
` (51 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yao-Wen Mao
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yao-Wen Mao <yaowen@google.com>
commit 8484bf2981b3d006426ac052a3642c9ce1d8d980 upstream.
These two headphones need a reset-resume quirk to properly resume to
original volume level.
Signed-off-by: Yao-Wen Mao <yaowen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -85,6 +85,12 @@ static const struct usb_device_id usb_qu
/* Philips PSC805 audio device */
{ USB_DEVICE(0x0471, 0x0155), .driver_info = USB_QUIRK_RESET_RESUME },
+ /* Plantronic Audio 655 DSP */
+ { USB_DEVICE(0x047f, 0xc008), .driver_info = USB_QUIRK_RESET_RESUME },
+
+ /* Plantronic Audio 648 USB */
+ { USB_DEVICE(0x047f, 0xc013), .driver_info = USB_QUIRK_RESET_RESUME },
+
/* Artisman Watchdog Dongle */
{ USB_DEVICE(0x04b4, 0x0526), .driver_info =
USB_QUIRK_CONFIG_INTF_STRINGS },
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 200/258] crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (186 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 199/258] USB: Add reset-resume quirk for two Plantronics usb headphones Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 202/258] cpufreq: dt: Tolerance applies on both sides of target voltage Greg Kroah-Hartman
` (50 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Donnefort, Thomas Petazzoni,
Boris Brezillon, Herbert Xu
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
commit cfcd2271a9076a9891014bc8e18d4fd48acccffe upstream.
The mv_cesa_queue_req() function calls crypto_enqueue_request() to
enqueue a request. In the normal case (i.e the queue isn't full), this
function returns -EINPROGRESS. The current Marvell CESA crypto driver
takes this into account and cleans up the request only if an error
occured, i.e if the return value is not -EINPROGRESS.
Unfortunately this causes problems with
CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests. When such a request is
passed to crypto_enqueue_request() and the queue is full,
crypto_enqueue_request() will return -EBUSY, but will keep the request
enqueued nonetheless. This situation was not properly handled by the
Marvell CESA driver, which was anyway cleaning up the request in such
a situation. When later on the request was taken out of the backlog
and actually processed, a kernel crash occured due to the internal
driver data structures for this structure having been cleaned up.
To avoid this situation, this commit adds a
mv_cesa_req_needs_cleanup() helper function which indicates if the
request needs to be cleaned up or not after a call to
crypto_enqueue_request(). This helper allows to do the cleanup only in
the appropriate cases, and all call sites of mv_cesa_queue_req() are
fixed to use this new helper function.
Reported-by: Vincent Donnefort <vdonnefort@gmail.com>
Fixes: db509a45339fd ("crypto: marvell/cesa - add TDMA support")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Tested-by: Vincent Donnefort <vdonnefort@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/marvell/cesa.h | 27 +++++++++++++++++++++++++++
drivers/crypto/marvell/cipher.c | 7 +++----
drivers/crypto/marvell/hash.c | 8 +++-----
3 files changed, 33 insertions(+), 9 deletions(-)
--- a/drivers/crypto/marvell/cesa.h
+++ b/drivers/crypto/marvell/cesa.h
@@ -687,6 +687,33 @@ static inline u32 mv_cesa_get_int_mask(s
int mv_cesa_queue_req(struct crypto_async_request *req);
+/*
+ * Helper function that indicates whether a crypto request needs to be
+ * cleaned up or not after being enqueued using mv_cesa_queue_req().
+ */
+static inline int mv_cesa_req_needs_cleanup(struct crypto_async_request *req,
+ int ret)
+{
+ /*
+ * The queue still had some space, the request was queued
+ * normally, so there's no need to clean it up.
+ */
+ if (ret == -EINPROGRESS)
+ return false;
+
+ /*
+ * The queue had not space left, but since the request is
+ * flagged with CRYPTO_TFM_REQ_MAY_BACKLOG, it was added to
+ * the backlog and will be processed later. There's no need to
+ * clean it up.
+ */
+ if (ret == -EBUSY && req->flags & CRYPTO_TFM_REQ_MAY_BACKLOG)
+ return false;
+
+ /* Request wasn't queued, we need to clean it up */
+ return true;
+}
+
/* TDMA functions */
static inline void mv_cesa_req_dma_iter_init(struct mv_cesa_dma_iter *iter,
--- a/drivers/crypto/marvell/cipher.c
+++ b/drivers/crypto/marvell/cipher.c
@@ -189,7 +189,6 @@ static inline void mv_cesa_ablkcipher_pr
{
struct ablkcipher_request *ablkreq = ablkcipher_request_cast(req);
struct mv_cesa_ablkcipher_req *creq = ablkcipher_request_ctx(ablkreq);
-
creq->req.base.engine = engine;
if (creq->req.base.type == CESA_DMA_REQ)
@@ -431,7 +430,7 @@ static int mv_cesa_des_op(struct ablkcip
return ret;
ret = mv_cesa_queue_req(&req->base);
- if (ret && ret != -EINPROGRESS)
+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
mv_cesa_ablkcipher_cleanup(req);
return ret;
@@ -551,7 +550,7 @@ static int mv_cesa_des3_op(struct ablkci
return ret;
ret = mv_cesa_queue_req(&req->base);
- if (ret && ret != -EINPROGRESS)
+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
mv_cesa_ablkcipher_cleanup(req);
return ret;
@@ -693,7 +692,7 @@ static int mv_cesa_aes_op(struct ablkcip
return ret;
ret = mv_cesa_queue_req(&req->base);
- if (ret && ret != -EINPROGRESS)
+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
mv_cesa_ablkcipher_cleanup(req);
return ret;
--- a/drivers/crypto/marvell/hash.c
+++ b/drivers/crypto/marvell/hash.c
@@ -739,10 +739,8 @@ static int mv_cesa_ahash_update(struct a
return 0;
ret = mv_cesa_queue_req(&req->base);
- if (ret && ret != -EINPROGRESS) {
+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
mv_cesa_ahash_cleanup(req);
- return ret;
- }
return ret;
}
@@ -766,7 +764,7 @@ static int mv_cesa_ahash_final(struct ah
return 0;
ret = mv_cesa_queue_req(&req->base);
- if (ret && ret != -EINPROGRESS)
+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
mv_cesa_ahash_cleanup(req);
return ret;
@@ -791,7 +789,7 @@ static int mv_cesa_ahash_finup(struct ah
return 0;
ret = mv_cesa_queue_req(&req->base);
- if (ret && ret != -EINPROGRESS)
+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
mv_cesa_ahash_cleanup(req);
return ret;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 202/258] cpufreq: dt: Tolerance applies on both sides of target voltage
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (187 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 200/258] crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 203/258] MIPS: Fix console output for Fulong2e system Greg Kroah-Hartman
` (49 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Viresh Kumar,
Rafael J. Wysocki
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
commit a2022001cebd0825b96aa0f3345ea3ad44ae79d4 upstream.
Tolerance applies on both sides of the target voltage, i.e. both min and
max sides. But while checking if a voltage is supported by the regulator
or not, we haven't taken care of tolerance on the lower side. Fix that.
Cc: Lucas Stach <l.stach@pengutronix.de>
Fixes: 045ee45c4ff2 ("cpufreq: cpufreq-dt: disable unsupported OPPs")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/cpufreq-dt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/cpufreq/cpufreq-dt.c
+++ b/drivers/cpufreq/cpufreq-dt.c
@@ -255,7 +255,8 @@ static int cpufreq_init(struct cpufreq_p
rcu_read_unlock();
tol_uV = opp_uV * priv->voltage_tolerance / 100;
- if (regulator_is_supported_voltage(cpu_reg, opp_uV,
+ if (regulator_is_supported_voltage(cpu_reg,
+ opp_uV - tol_uV,
opp_uV + tol_uV)) {
if (opp_uV < min_uV)
min_uV = opp_uV;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 203/258] MIPS: Fix console output for Fulong2e system
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (188 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 202/258] cpufreq: dt: Tolerance applies on both sides of target voltage Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 204/258] MIPS: bootmem: Fix mapstart calculation for contiguous maps Greg Kroah-Hartman
` (48 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huacai Chen, Guenter Roeck,
Markos Chandras, linux-mips, Ralf Baechle
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
commit fc2ca674470bbfe11d72a20a3f19fd3dc43bfca0 upstream.
Commit 3adeb2566b9b ("MIPS: Loongson: Improve LEFI firmware interface")
made the number of UARTs dynamic if LEFI_FIRMWARE_INTERFACE is configured.
Unfortunately, it did not initialize the number of UARTs if
LEFI_FIRMWARE_INTERFACE is not configured. As a result, the Fulong2e
system has no console.
Fixes: 3adeb2566b9b ("MIPS: Loongson: Improve LEFI firmware interface")
Acked-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/11076/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/loongson64/common/env.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/mips/loongson64/common/env.c
+++ b/arch/mips/loongson64/common/env.c
@@ -64,6 +64,9 @@ void __init prom_init_env(void)
}
if (memsize == 0)
memsize = 256;
+
+ loongson_sysconf.nr_uarts = 1;
+
pr_info("memsize=%u, highmemsize=%u\n", memsize, highmemsize);
#else
struct boot_params *boot_p;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 204/258] MIPS: bootmem: Fix mapstart calculation for contiguous maps
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (189 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 203/258] MIPS: Fix console output for Fulong2e system Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 205/258] MIPS: BPF: Avoid unreachable code on little endian Greg Kroah-Hartman
` (47 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Sverdlin, Tony Wu,
David Daney, Zubair Lutfullah Kakakhel, Huacai Chen, Joe Perches,
Steven J. Hill, Aaro Koskinen, linux-mips, Ralf Baechle
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Sverdlin <alexander.sverdlin@gmail.com>
commit 88d3426942d748b90b051b7ef2d5d765f5f3054c upstream.
Commit a6335fa1 fixed the case with gap between initrd and next usable PFN zone,
but broken the case when initrd is combined with usable memory into one region
(in add_memory_region()). Restore the fixup initially brought in by f9a7febd.
---- error message ----
Unpacking initramfs...
Initramfs unpacking failed: junk in compressed archive
BUG: Bad page state in process swapper pfn:00261
page:81004c20 count:0 mapcount:-127 mapping: (null) index:0x2
flags: 0x0()
page dumped because: nonzero mapcount
CPU: 0 PID: 1 Comm: swapper Not tainted 4.2.0+ #1782
-----------------------
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Reported-by: Tony Wu <tung7970@gmail.com>
Tested-by: Tony Wu <tung7970@gmail.com>
Cc: David Daney <david.daney@cavium.com>
Cc: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Cc: Huacai Chen <chenhc@lemote.com>
Cc: Joe Perches <joe@perches.com>
Cc: Steven J. Hill <Steven.Hill@imgtec.com>
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/11086/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/setup.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/arch/mips/kernel/setup.c
+++ b/arch/mips/kernel/setup.c
@@ -338,7 +338,7 @@ static void __init bootmem_init(void)
if (end <= reserved_end)
continue;
#ifdef CONFIG_BLK_DEV_INITRD
- /* mapstart should be after initrd_end */
+ /* Skip zones before initrd and initrd itself */
if (initrd_end && end <= (unsigned long)PFN_UP(__pa(initrd_end)))
continue;
#endif
@@ -371,6 +371,14 @@ static void __init bootmem_init(void)
max_low_pfn = PFN_DOWN(HIGHMEM_START);
}
+#ifdef CONFIG_BLK_DEV_INITRD
+ /*
+ * mapstart should be after initrd_end
+ */
+ if (initrd_end)
+ mapstart = max(mapstart, (unsigned long)PFN_UP(__pa(initrd_end)));
+#endif
+
/*
* Initialize the boot-time allocator with low memory only.
*/
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 205/258] MIPS: BPF: Avoid unreachable code on little endian
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (190 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 204/258] MIPS: bootmem: Fix mapstart calculation for contiguous maps Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 206/258] MIPS: BPF: Fix build on pre-R2 little endian CPUs Greg Kroah-Hartman
` (46 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aurelien Jarno, Markos Chandras,
linux-mips, Ralf Baechle
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aurelien Jarno <aurelien@aurel32.net>
commit faa9724a674e5e52316bb0d173aed16bd17d536c upstream.
On little endian, avoid generating the big endian version of the code
by using #else in addition to #ifdef #endif. Also fix one alignment
issue wrt delay slot.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/11097/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/net/bpf_jit_asm.S | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/arch/mips/net/bpf_jit_asm.S
+++ b/arch/mips/net/bpf_jit_asm.S
@@ -151,9 +151,10 @@ NESTED(bpf_slow_path_word, (6 * SZREG),
wsbh t0, $r_s0
jr $r_ra
rotr $r_A, t0, 16
-#endif
+#else
jr $r_ra
- move $r_A, $r_s0
+ move $r_A, $r_s0
+#endif
END(bpf_slow_path_word)
@@ -162,9 +163,10 @@ NESTED(bpf_slow_path_half, (6 * SZREG),
#ifdef CONFIG_CPU_LITTLE_ENDIAN
jr $r_ra
wsbh $r_A, $r_s0
-#endif
+#else
jr $r_ra
move $r_A, $r_s0
+#endif
END(bpf_slow_path_half)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 206/258] MIPS: BPF: Fix build on pre-R2 little endian CPUs
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (191 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 205/258] MIPS: BPF: Avoid unreachable code on little endian Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 207/258] MIPS: dma-default: Fix 32-bit fall back to GFP_DMA Greg Kroah-Hartman
` (45 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aurelien Jarno, Markos Chandras,
linux-mips, Ralf Baechle
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aurelien Jarno <aurelien@aurel32.net>
commit b259e51f2e29390518021f9b8df55a3de42f371b upstream.
The rotr, seh and wsbh instructions have been introduced with the R2
ISA. Thus the current BPF code fails to build on pre-R2 little endian
CPUs:
CC arch/mips/net/bpf_jit.o
AS arch/mips/net/bpf_jit_asm.o
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S: Assembler messages:
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S:67: Error: opcode not supported on this processor: mips32 (mips32) `wsbh $8,$19'
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S:68: Error: opcode not supported on this processor: mips32 (mips32) `rotr $19,$8,16'
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S:83: Error: opcode not supported on this processor: mips32 (mips32) `wsbh $8,$19'
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S:84: Error: opcode not supported on this processor: mips32 (mips32) `seh $19,$8'
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S:151: Error: opcode not supported on this processor: mips32 (mips32) `wsbh $8,$12'
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S:153: Error: opcode not supported on this processor: mips32 (mips32) `rotr $19,$8,16'
/home/aurel32/linux-4.2/arch/mips/net/bpf_jit_asm.S:164: Error: opcode not supported on this processor: mips32 (mips32) `wsbh $19,$12'
/home/aurel32/linux-4.2/scripts/Makefile.build:294: recipe for target 'arch/mips/net/bpf_jit_asm.o' failed
Fix that by providing equivalent code for these CPUs.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/11098/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/net/bpf_jit_asm.S | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
--- a/arch/mips/net/bpf_jit_asm.S
+++ b/arch/mips/net/bpf_jit_asm.S
@@ -64,8 +64,20 @@ sk_load_word_positive:
PTR_ADDU t1, $r_skb_data, offset
lw $r_A, 0(t1)
#ifdef CONFIG_CPU_LITTLE_ENDIAN
+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
wsbh t0, $r_A
rotr $r_A, t0, 16
+# else
+ sll t0, $r_A, 24
+ srl t1, $r_A, 24
+ srl t2, $r_A, 8
+ or t0, t0, t1
+ andi t2, t2, 0xff00
+ andi t1, $r_A, 0xff00
+ or t0, t0, t2
+ sll t1, t1, 8
+ or $r_A, t0, t1
+# endif
#endif
jr $r_ra
move $r_ret, zero
@@ -80,8 +92,16 @@ sk_load_half_positive:
PTR_ADDU t1, $r_skb_data, offset
lh $r_A, 0(t1)
#ifdef CONFIG_CPU_LITTLE_ENDIAN
+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
wsbh t0, $r_A
seh $r_A, t0
+# else
+ sll t0, $r_A, 24
+ andi t1, $r_A, 0xff00
+ sra t0, t0, 16
+ srl t1, t1, 8
+ or $r_A, t0, t1
+# endif
#endif
jr $r_ra
move $r_ret, zero
@@ -148,9 +168,22 @@ sk_load_byte_positive:
NESTED(bpf_slow_path_word, (6 * SZREG), $r_sp)
bpf_slow_path_common(4)
#ifdef CONFIG_CPU_LITTLE_ENDIAN
+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
wsbh t0, $r_s0
jr $r_ra
rotr $r_A, t0, 16
+# else
+ sll t0, $r_s0, 24
+ srl t1, $r_s0, 24
+ srl t2, $r_s0, 8
+ or t0, t0, t1
+ andi t2, t2, 0xff00
+ andi t1, $r_s0, 0xff00
+ or t0, t0, t2
+ sll t1, t1, 8
+ jr $r_ra
+ or $r_A, t0, t1
+# endif
#else
jr $r_ra
move $r_A, $r_s0
@@ -161,8 +194,17 @@ NESTED(bpf_slow_path_word, (6 * SZREG),
NESTED(bpf_slow_path_half, (6 * SZREG), $r_sp)
bpf_slow_path_common(2)
#ifdef CONFIG_CPU_LITTLE_ENDIAN
+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
jr $r_ra
wsbh $r_A, $r_s0
+# else
+ sll t0, $r_s0, 8
+ andi t1, $r_s0, 0xff00
+ andi t0, t0, 0xff00
+ srl t1, t1, 8
+ jr $r_ra
+ or $r_A, t0, t1
+# endif
#else
jr $r_ra
move $r_A, $r_s0
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 207/258] MIPS: dma-default: Fix 32-bit fall back to GFP_DMA
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (192 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 206/258] MIPS: BPF: Fix build on pre-R2 little endian CPUs Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 208/258] MIPS: CPS: Stop dangling delay slot from has_mt Greg Kroah-Hartman
` (44 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hogan, Ralf Baechle, linux-mips
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Hogan <james.hogan@imgtec.com>
commit 53960059d56ecef67d4ddd546731623641a3d2d1 upstream.
If there is a DMA zone (usually 24bit = 16MB I believe), but no DMA32
zone, as is the case for some 32-bit kernels, then massage_gfp_flags()
will cause DMA memory allocated for devices with a 32..63-bit
coherent_dma_mask to fall back to using __GFP_DMA, even though there may
only be 32-bits of physical address available anyway.
Correct that case to compare against a mask the size of phys_addr_t
instead of always using a 64-bit mask.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Fixes: a2e715a86c6d ("MIPS: DMA: Fix computation of DMA flags from device's coherent_dma_mask.")
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9610/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/mm/dma-default.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/mm/dma-default.c
+++ b/arch/mips/mm/dma-default.c
@@ -100,7 +100,7 @@ static gfp_t massage_gfp_flags(const str
else
#endif
#if defined(CONFIG_ZONE_DMA) && !defined(CONFIG_ZONE_DMA32)
- if (dev->coherent_dma_mask < DMA_BIT_MASK(64))
+ if (dev->coherent_dma_mask < DMA_BIT_MASK(sizeof(phys_addr_t) * 8))
dma_flag = __GFP_DMA;
else
#endif
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 208/258] MIPS: CPS: Stop dangling delay slot from has_mt.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (193 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 207/258] MIPS: dma-default: Fix 32-bit fall back to GFP_DMA Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 209/258] MIPS: CPS: Dont include MT code in non-MT kernels Greg Kroah-Hartman
` (43 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Burton, Markos Chandras,
James Hogan, linux-mips, Ralf Baechle
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Burton <paul.burton@imgtec.com>
commit 1e5fb282f8eda889776ee83f9214d5df9edaa26d upstream.
The has_mt macro ended with a branch, leaving its callers with a delay
slot that would be executed if Config3.MT is not set. However it would
not be executed if Config3 (or earlier Config registers) don't exist
which makes it somewhat inconsistent at best. Fill the delay slot in the
macro & fix the mips_cps_boot_vpes caller appropriately.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/10865/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/cps-vec.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/mips/kernel/cps-vec.S
+++ b/arch/mips/kernel/cps-vec.S
@@ -39,6 +39,7 @@
mfc0 \dest, CP0_CONFIG, 3
andi \dest, \dest, MIPS_CONF3_MT
beqz \dest, \nomt
+ nop
.endm
.section .text.cps-vec
@@ -226,7 +227,6 @@ LEAF(mips_cps_core_init)
#ifdef CONFIG_MIPS_MT
/* Check that the core implements the MT ASE */
has_mt t0, 3f
- nop
.set push
.set mips64r2
@@ -310,8 +310,8 @@ LEAF(mips_cps_boot_vpes)
PTR_ADDU t0, t0, t1
/* Calculate this VPEs ID. If the core doesn't support MT use 0 */
+ li t9, 0
has_mt ta2, 1f
- li t9, 0
/* Find the number of VPEs present in the core */
mfc0 t1, CP0_MVPCONF0
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 209/258] MIPS: CPS: Dont include MT code in non-MT kernels.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (194 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 208/258] MIPS: CPS: Stop dangling delay slot from has_mt Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 210/258] MIPS: CPS: #ifdef on CONFIG_MIPS_MT_SMP rather than CONFIG_MIPS_MT Greg Kroah-Hartman
` (42 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Burton, Markos Chandras,
James Hogan, linux-mips, Ralf Baechle
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Burton <paul.burton@imgtec.com>
commit a5b0f6db0e6cf6224e50f6585e9c8f0c2d38a8f8 upstream.
The MT-specific code in mips_cps_boot_vpes can safely be omitted from
kernels which don't support MT, with the default VPE==0 case being used
as it would be after the has_mt (Config3.MT) check failed at runtime.
Discarding the code entirely will save us a few bytes & allow cleaner
handling of MT ASE instructions by later patches.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/10866/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/cps-vec.S | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/mips/kernel/cps-vec.S
+++ b/arch/mips/kernel/cps-vec.S
@@ -311,6 +311,7 @@ LEAF(mips_cps_boot_vpes)
/* Calculate this VPEs ID. If the core doesn't support MT use 0 */
li t9, 0
+#ifdef CONFIG_MIPS_MT
has_mt ta2, 1f
/* Find the number of VPEs present in the core */
@@ -330,6 +331,7 @@ LEAF(mips_cps_boot_vpes)
/* Retrieve the VPE ID from EBase.CPUNum */
mfc0 t9, $15, 1
and t9, t9, t1
+#endif
1: /* Calculate a pointer to this VPEs struct vpe_boot_config */
li t1, VPEBOOTCFG_SIZE
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 210/258] MIPS: CPS: #ifdef on CONFIG_MIPS_MT_SMP rather than CONFIG_MIPS_MT
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (195 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 209/258] MIPS: CPS: Dont include MT code in non-MT kernels Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 216/258] tools lib traceevent: Fix string handling in heterogeneous arch environments Greg Kroah-Hartman
` (41 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Burton, Markos Chandras,
James Hogan, linux-mips, Ralf Baechle
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Burton <paul.burton@imgtec.com>
commit 7a63076d9a31a6c2073da45021eeb4f89d2a8b56 upstream.
The CONFIG_MIPS_MT symbol can be selected by CONFIG_MIPS_VPE_LOADER in
addition to CONFIG_MIPS_MT_SMP. We only want MT code in the CPS SMP boot
vector if we're using MT for SMP. Thus switch the config symbol we ifdef
against to CONFIG_MIPS_MT_SMP.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/10867/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/cps-vec.S | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/mips/kernel/cps-vec.S
+++ b/arch/mips/kernel/cps-vec.S
@@ -224,7 +224,7 @@ LEAF(excep_ejtag)
END(excep_ejtag)
LEAF(mips_cps_core_init)
-#ifdef CONFIG_MIPS_MT
+#ifdef CONFIG_MIPS_MT_SMP
/* Check that the core implements the MT ASE */
has_mt t0, 3f
@@ -311,7 +311,7 @@ LEAF(mips_cps_boot_vpes)
/* Calculate this VPEs ID. If the core doesn't support MT use 0 */
li t9, 0
-#ifdef CONFIG_MIPS_MT
+#ifdef CONFIG_MIPS_MT_SMP
has_mt ta2, 1f
/* Find the number of VPEs present in the core */
@@ -339,7 +339,7 @@ LEAF(mips_cps_boot_vpes)
PTR_L ta3, COREBOOTCFG_VPECONFIG(t0)
PTR_ADDU v0, v0, ta3
-#ifdef CONFIG_MIPS_MT
+#ifdef CONFIG_MIPS_MT_SMP
/* If the core doesn't support MT then return */
bnez ta2, 1f
@@ -453,7 +453,7 @@ LEAF(mips_cps_boot_vpes)
2: .set pop
-#endif /* CONFIG_MIPS_MT */
+#endif /* CONFIG_MIPS_MT_SMP */
/* Return */
jr ra
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 216/258] tools lib traceevent: Fix string handling in heterogeneous arch environments
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (196 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 210/258] MIPS: CPS: #ifdef on CONFIG_MIPS_MT_SMP rather than CONFIG_MIPS_MT Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 217/258] powerpc/MSI: Fix race condition in tearing down MSI interrupts Greg Kroah-Hartman
` (40 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juri Lelli, Kapileshwar Singh,
Steven Rostedt, David Ahern, Javi Merino, Jiri Olsa, Namhyung Kim,
Arnaldo Carvalho de Melo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kapileshwar Singh <kapileshwar.singh@arm.com>
commit c2e4b24ff848bb180f9b9cd873a38327cd219ad2 upstream.
When a trace recorded on a 32-bit device is processed with a 64-bit
binary, the higher 32-bits of the address need to ignored.
The lack of this results in the output of the 64-bit pointer
value to the trace as the 32-bit address lookup fails in find_printk().
Before:
burn-1778 [003] 548.600305: bputs: 0xc0046db2s: 2cec5c058d98c
After:
burn-1778 [003] 548.600305: bputs: 0xc0046db2s: RT throttling activated
The problem occurs in PRINT_FIELD when the field is recognized as a
pointer to a string (of the type const char *)
Heterogeneous architectures cases below can arise and should be handled:
* Traces recorded using 32-bit addresses processed on a 64-bit machine
* Traces recorded using 64-bit addresses processed on a 32-bit machine
Reported-by: Juri Lelli <juri.lelli@arm.com>
Signed-off-by: Kapileshwar Singh <kapileshwar.singh@arm.com>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: David Ahern <dsahern@gmail.com>
Cc: Javi Merino <javi.merino@arm.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: http://lkml.kernel.org/r/1442928123-13824-1-git-send-email-kapileshwar.singh@arm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/lib/traceevent/event-parse.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
--- a/tools/lib/traceevent/event-parse.c
+++ b/tools/lib/traceevent/event-parse.c
@@ -3721,7 +3721,7 @@ static void print_str_arg(struct trace_s
struct format_field *field;
struct printk_map *printk;
long long val, fval;
- unsigned long addr;
+ unsigned long long addr;
char *str;
unsigned char *hex;
int print;
@@ -3754,13 +3754,30 @@ static void print_str_arg(struct trace_s
*/
if (!(field->flags & FIELD_IS_ARRAY) &&
field->size == pevent->long_size) {
- addr = *(unsigned long *)(data + field->offset);
+
+ /* Handle heterogeneous recording and processing
+ * architectures
+ *
+ * CASE I:
+ * Traces recorded on 32-bit devices (32-bit
+ * addressing) and processed on 64-bit devices:
+ * In this case, only 32 bits should be read.
+ *
+ * CASE II:
+ * Traces recorded on 64 bit devices and processed
+ * on 32-bit devices:
+ * In this case, 64 bits must be read.
+ */
+ addr = (pevent->long_size == 8) ?
+ *(unsigned long long *)(data + field->offset) :
+ (unsigned long long)*(unsigned int *)(data + field->offset);
+
/* Check if it matches a print format */
printk = find_printk(pevent, addr);
if (printk)
trace_seq_puts(s, printk->printk);
else
- trace_seq_printf(s, "%lx", addr);
+ trace_seq_printf(s, "%llx", addr);
break;
}
str = malloc(len + 1);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 217/258] powerpc/MSI: Fix race condition in tearing down MSI interrupts
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (197 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 216/258] tools lib traceevent: Fix string handling in heterogeneous arch environments Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 218/258] rsi: Fix possible leak when loading firmware Greg Kroah-Hartman
` (39 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Kardashevskiy, Paul Mackerras,
Michael Ellerman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Mackerras <paulus@ozlabs.org>
commit e297c939b745e420ef0b9dc989cb87bda617b399 upstream.
This fixes a race which can result in the same virtual IRQ number
being assigned to two different MSI interrupts. The most visible
consequence of that is usually a warning and stack trace from the
sysfs code about an attempt to create a duplicate entry in sysfs.
The race happens when one CPU (say CPU 0) is disposing of an MSI
while another CPU (say CPU 1) is setting up an MSI. CPU 0 calls
(for example) pnv_teardown_msi_irqs(), which calls
msi_bitmap_free_hwirqs() to indicate that the MSI (i.e. its
hardware IRQ number) is no longer in use. Then, before CPU 0 gets
to calling irq_dispose_mapping() to free up the virtal IRQ number,
CPU 1 comes in and calls msi_bitmap_alloc_hwirqs() to allocate an
MSI, and gets the same hardware IRQ number that CPU 0 just freed.
CPU 1 then calls irq_create_mapping() to get a virtual IRQ number,
which sees that there is currently a mapping for that hardware IRQ
number and returns the corresponding virtual IRQ number (which is
the same virtual IRQ number that CPU 0 was using). CPU 0 then
calls irq_dispose_mapping() and frees that virtual IRQ number.
Now, if another CPU comes along and calls irq_create_mapping(), it
is likely to get the virtual IRQ number that was just freed,
resulting in the same virtual IRQ number apparently being used for
two different hardware interrupts.
To fix this race, we just move the call to msi_bitmap_free_hwirqs()
to after the call to irq_dispose_mapping(). Since virq_to_hw()
doesn't work for the virtual IRQ number after irq_dispose_mapping()
has been called, we need to call it before irq_dispose_mapping() and
remember the result for the msi_bitmap_free_hwirqs() call.
The pattern of calling msi_bitmap_free_hwirqs() before
irq_dispose_mapping() appears in 5 places under arch/powerpc, and
appears to have originated in commit 05af7bd2d75e ("[POWERPC] MPIC
U3/U4 MSI backend") from 2007.
Fixes: 05af7bd2d75e ("[POWERPC] MPIC U3/U4 MSI backend")
Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pasemi/msi.c | 5 +++--
arch/powerpc/platforms/powernv/pci.c | 5 +++--
arch/powerpc/sysdev/fsl_msi.c | 5 +++--
arch/powerpc/sysdev/mpic_u3msi.c | 5 +++--
arch/powerpc/sysdev/ppc4xx_msi.c | 5 +++--
5 files changed, 15 insertions(+), 10 deletions(-)
--- a/arch/powerpc/platforms/pasemi/msi.c
+++ b/arch/powerpc/platforms/pasemi/msi.c
@@ -63,6 +63,7 @@ static struct irq_chip mpic_pasemi_msi_c
static void pasemi_msi_teardown_msi_irqs(struct pci_dev *pdev)
{
struct msi_desc *entry;
+ irq_hw_number_t hwirq;
pr_debug("pasemi_msi_teardown_msi_irqs, pdev %p\n", pdev);
@@ -70,10 +71,10 @@ static void pasemi_msi_teardown_msi_irqs
if (entry->irq == NO_IRQ)
continue;
+ hwirq = virq_to_hw(entry->irq);
irq_set_msi_desc(entry->irq, NULL);
- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap,
- virq_to_hw(entry->irq), ALLOC_CHUNK);
irq_dispose_mapping(entry->irq);
+ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, hwirq, ALLOC_CHUNK);
}
return;
--- a/arch/powerpc/platforms/powernv/pci.c
+++ b/arch/powerpc/platforms/powernv/pci.c
@@ -99,6 +99,7 @@ void pnv_teardown_msi_irqs(struct pci_de
struct pci_controller *hose = pci_bus_to_host(pdev->bus);
struct pnv_phb *phb = hose->private_data;
struct msi_desc *entry;
+ irq_hw_number_t hwirq;
if (WARN_ON(!phb))
return;
@@ -106,10 +107,10 @@ void pnv_teardown_msi_irqs(struct pci_de
list_for_each_entry(entry, &pdev->msi_list, list) {
if (entry->irq == NO_IRQ)
continue;
+ hwirq = virq_to_hw(entry->irq);
irq_set_msi_desc(entry->irq, NULL);
- msi_bitmap_free_hwirqs(&phb->msi_bmp,
- virq_to_hw(entry->irq) - phb->msi_base, 1);
irq_dispose_mapping(entry->irq);
+ msi_bitmap_free_hwirqs(&phb->msi_bmp, hwirq - phb->msi_base, 1);
}
}
#endif /* CONFIG_PCI_MSI */
--- a/arch/powerpc/sysdev/fsl_msi.c
+++ b/arch/powerpc/sysdev/fsl_msi.c
@@ -128,15 +128,16 @@ static void fsl_teardown_msi_irqs(struct
{
struct msi_desc *entry;
struct fsl_msi *msi_data;
+ irq_hw_number_t hwirq;
list_for_each_entry(entry, &pdev->msi_list, list) {
if (entry->irq == NO_IRQ)
continue;
+ hwirq = virq_to_hw(entry->irq);
msi_data = irq_get_chip_data(entry->irq);
irq_set_msi_desc(entry->irq, NULL);
- msi_bitmap_free_hwirqs(&msi_data->bitmap,
- virq_to_hw(entry->irq), 1);
irq_dispose_mapping(entry->irq);
+ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1);
}
return;
--- a/arch/powerpc/sysdev/mpic_u3msi.c
+++ b/arch/powerpc/sysdev/mpic_u3msi.c
@@ -107,15 +107,16 @@ static u64 find_u4_magic_addr(struct pci
static void u3msi_teardown_msi_irqs(struct pci_dev *pdev)
{
struct msi_desc *entry;
+ irq_hw_number_t hwirq;
list_for_each_entry(entry, &pdev->msi_list, list) {
if (entry->irq == NO_IRQ)
continue;
+ hwirq = virq_to_hw(entry->irq);
irq_set_msi_desc(entry->irq, NULL);
- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap,
- virq_to_hw(entry->irq), 1);
irq_dispose_mapping(entry->irq);
+ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, hwirq, 1);
}
return;
--- a/arch/powerpc/sysdev/ppc4xx_msi.c
+++ b/arch/powerpc/sysdev/ppc4xx_msi.c
@@ -124,16 +124,17 @@ void ppc4xx_teardown_msi_irqs(struct pci
{
struct msi_desc *entry;
struct ppc4xx_msi *msi_data = &ppc4xx_msi;
+ irq_hw_number_t hwirq;
dev_dbg(&dev->dev, "PCIE-MSI: tearing down msi irqs\n");
list_for_each_entry(entry, &dev->msi_list, list) {
if (entry->irq == NO_IRQ)
continue;
+ hwirq = virq_to_hw(entry->irq);
irq_set_msi_desc(entry->irq, NULL);
- msi_bitmap_free_hwirqs(&msi_data->bitmap,
- virq_to_hw(entry->irq), 1);
irq_dispose_mapping(entry->irq);
+ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1);
}
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 218/258] rsi: Fix possible leak when loading firmware
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (198 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 217/258] powerpc/MSI: Fix race condition in tearing down MSI interrupts Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 219/258] UBIFS: Kill unneeded locking in ubifs_init_security Greg Kroah-Hartman
` (38 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christian Engelmayer, Kalle Valo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Engelmayer <cengelma@gmx.at>
commit a8b9774571d46506a0774b1ced3493b1245cf893 upstream.
Commit 5d5cd85ff441 ("rsi: Fix failure to load firmware after memory
leak fix and fix the leak") also added a check on the allocation of
DMA-accessible memory that may directly return. In that case the
already allocated firmware data is leaked. Make sure the data is
always freed correctly. Detected by Coverity CID 1316519.
Fixes: 5d5cd85ff441 ("rsi: Fix failure to load firmware after memory leak fix and fix the leak")
Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/rsi/rsi_91x_sdio_ops.c | 8 ++++++--
drivers/net/wireless/rsi/rsi_91x_usb_ops.c | 8 ++++++--
2 files changed, 12 insertions(+), 4 deletions(-)
--- a/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
+++ b/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
@@ -203,8 +203,10 @@ static int rsi_load_ta_instructions(stru
/* Copy firmware into DMA-accessible memory */
fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
- if (!fw)
- return -ENOMEM;
+ if (!fw) {
+ status = -ENOMEM;
+ goto out;
+ }
len = fw_entry->size;
if (len % 4)
@@ -217,6 +219,8 @@ static int rsi_load_ta_instructions(stru
status = rsi_copy_to_card(common, fw, len, num_blocks);
kfree(fw);
+
+out:
release_firmware(fw_entry);
return status;
}
--- a/drivers/net/wireless/rsi/rsi_91x_usb_ops.c
+++ b/drivers/net/wireless/rsi/rsi_91x_usb_ops.c
@@ -148,8 +148,10 @@ static int rsi_load_ta_instructions(stru
/* Copy firmware into DMA-accessible memory */
fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
- if (!fw)
- return -ENOMEM;
+ if (!fw) {
+ status = -ENOMEM;
+ goto out;
+ }
len = fw_entry->size;
if (len % 4)
@@ -162,6 +164,8 @@ static int rsi_load_ta_instructions(stru
status = rsi_copy_to_card(common, fw, len, num_blocks);
kfree(fw);
+
+out:
release_firmware(fw_entry);
return status;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 219/258] UBIFS: Kill unneeded locking in ubifs_init_security
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (199 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 218/258] rsi: Fix possible leak when loading firmware Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 220/258] UBI: Validate data_size Greg Kroah-Hartman
` (37 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Richard Weinberger, dedekind1
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Weinberger <richard@nod.at>
commit cf6f54e3f133229f02a90c04fe0ff9dd9d3264b4 upstream.
Fixes the following lockdep splat:
[ 1.244527] =============================================
[ 1.245193] [ INFO: possible recursive locking detected ]
[ 1.245193] 4.2.0-rc1+ #37 Not tainted
[ 1.245193] ---------------------------------------------
[ 1.245193] cp/742 is trying to acquire lock:
[ 1.245193] (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff812b3f69>] ubifs_init_security+0x29/0xb0
[ 1.245193]
[ 1.245193] but task is already holding lock:
[ 1.245193] (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81198e7f>] path_openat+0x3af/0x1280
[ 1.245193]
[ 1.245193] other info that might help us debug this:
[ 1.245193] Possible unsafe locking scenario:
[ 1.245193]
[ 1.245193] CPU0
[ 1.245193] ----
[ 1.245193] lock(&sb->s_type->i_mutex_key#9);
[ 1.245193] lock(&sb->s_type->i_mutex_key#9);
[ 1.245193]
[ 1.245193] *** DEADLOCK ***
[ 1.245193]
[ 1.245193] May be due to missing lock nesting notation
[ 1.245193]
[ 1.245193] 2 locks held by cp/742:
[ 1.245193] #0: (sb_writers#5){.+.+.+}, at: [<ffffffff811ad37f>] mnt_want_write+0x1f/0x50
[ 1.245193] #1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81198e7f>] path_openat+0x3af/0x1280
[ 1.245193]
[ 1.245193] stack backtrace:
[ 1.245193] CPU: 2 PID: 742 Comm: cp Not tainted 4.2.0-rc1+ #37
[ 1.245193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140816_022509-build35 04/01/2014
[ 1.245193] ffffffff8252d530 ffff88007b023a38 ffffffff814f6f49 ffffffff810b56c5
[ 1.245193] ffff88007c30cc80 ffff88007b023af8 ffffffff810a150d ffff88007b023a68
[ 1.245193] 000000008101302a ffff880000000000 00000008f447e23f ffffffff8252d500
[ 1.245193] Call Trace:
[ 1.245193] [<ffffffff814f6f49>] dump_stack+0x4c/0x65
[ 1.245193] [<ffffffff810b56c5>] ? console_unlock+0x1c5/0x510
[ 1.245193] [<ffffffff810a150d>] __lock_acquire+0x1a6d/0x1ea0
[ 1.245193] [<ffffffff8109fa78>] ? __lock_is_held+0x58/0x80
[ 1.245193] [<ffffffff810a1a93>] lock_acquire+0xd3/0x270
[ 1.245193] [<ffffffff812b3f69>] ? ubifs_init_security+0x29/0xb0
[ 1.245193] [<ffffffff814fc83b>] mutex_lock_nested+0x6b/0x3a0
[ 1.245193] [<ffffffff812b3f69>] ? ubifs_init_security+0x29/0xb0
[ 1.245193] [<ffffffff812b3f69>] ? ubifs_init_security+0x29/0xb0
[ 1.245193] [<ffffffff812b3f69>] ubifs_init_security+0x29/0xb0
[ 1.245193] [<ffffffff8128e286>] ubifs_create+0xa6/0x1f0
[ 1.245193] [<ffffffff81198e7f>] ? path_openat+0x3af/0x1280
[ 1.245193] [<ffffffff81195d15>] vfs_create+0x95/0xc0
[ 1.245193] [<ffffffff8119929c>] path_openat+0x7cc/0x1280
[ 1.245193] [<ffffffff8109ffe3>] ? __lock_acquire+0x543/0x1ea0
[ 1.245193] [<ffffffff81088f20>] ? sched_clock_cpu+0x90/0xc0
[ 1.245193] [<ffffffff81088c00>] ? calc_global_load_tick+0x60/0x90
[ 1.245193] [<ffffffff81088f20>] ? sched_clock_cpu+0x90/0xc0
[ 1.245193] [<ffffffff811a9cef>] ? __alloc_fd+0xaf/0x180
[ 1.245193] [<ffffffff8119ac55>] do_filp_open+0x75/0xd0
[ 1.245193] [<ffffffff814ffd86>] ? _raw_spin_unlock+0x26/0x40
[ 1.245193] [<ffffffff811a9cef>] ? __alloc_fd+0xaf/0x180
[ 1.245193] [<ffffffff81189bd9>] do_sys_open+0x129/0x200
[ 1.245193] [<ffffffff81189cc9>] SyS_open+0x19/0x20
[ 1.245193] [<ffffffff81500717>] entry_SYSCALL_64_fastpath+0x12/0x6f
While the lockdep splat is a false positive, becuase path_openat holds i_mutex
of the parent directory and ubifs_init_security() tries to acquire i_mutex
of a new inode, it reveals that taking i_mutex in ubifs_init_security() is
in vain because it is only being called in the inode allocation path
and therefore nobody else can see the inode yet.
Reported-and-tested-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-and-tested-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: dedekind1@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/xattr.c | 3 ---
1 file changed, 3 deletions(-)
--- a/fs/ubifs/xattr.c
+++ b/fs/ubifs/xattr.c
@@ -652,11 +652,8 @@ int ubifs_init_security(struct inode *de
{
int err;
- mutex_lock(&inode->i_mutex);
err = security_inode_init_security(inode, dentry, qstr,
&init_xattrs, 0);
- mutex_unlock(&inode->i_mutex);
-
if (err) {
struct ubifs_info *c = dentry->i_sb->s_fs_info;
ubifs_err(c, "cannot initialize security for inode %lu, error %d",
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 220/258] UBI: Validate data_size
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (200 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 219/258] UBIFS: Kill unneeded locking in ubifs_init_security Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 221/258] UBI: return ENOSPC if no enough space available Greg Kroah-Hartman
` (36 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Richard Weinberger, David Gstir
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Weinberger <richard@nod.at>
commit 281fda27673f833a01d516658a64d22a32c8e072 upstream.
Make sure that data_size is less than LEB size.
Otherwise a handcrafted UBI image is able to trigger
an out of bounds memory access in ubi_compare_lebs().
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: David Gstir <david@sigma-star.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/io.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/mtd/ubi/io.c
+++ b/drivers/mtd/ubi/io.c
@@ -926,6 +926,11 @@ static int validate_vid_hdr(const struct
goto bad;
}
+ if (data_size > ubi->leb_size) {
+ ubi_err(ubi, "bad data_size");
+ goto bad;
+ }
+
if (vol_type == UBI_VID_STATIC) {
/*
* Although from high-level point of view static volumes may
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 221/258] UBI: return ENOSPC if no enough space available
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (201 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 220/258] UBI: Validate data_size Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 222/258] net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected Greg Kroah-Hartman
` (35 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sheng Yong, Richard Weinberger,
David Gstir
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: shengyong <shengyong1@huawei.com>
commit 7c7feb2ebfc9c0552c51f0c050db1d1a004faac5 upstream.
UBI: attaching mtd1 to ubi0
UBI: scanning is finished
UBI error: init_volumes: not enough PEBs, required 706, available 686
UBI error: ubi_wl_init: no enough physical eraseblocks (-20, need 1)
UBI error: ubi_attach_mtd_dev: failed to attach mtd1, error -12 <= NOT ENOMEM
UBI error: ubi_init: cannot attach mtd1
If available PEBs are not enough when initializing volumes, return -ENOSPC
directly. If available PEBs are not enough when initializing WL, return
-ENOSPC instead of -ENOMEM.
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: David Gstir <david@sigma-star.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/vtbl.c | 1 +
drivers/mtd/ubi/wl.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/mtd/ubi/vtbl.c
+++ b/drivers/mtd/ubi/vtbl.c
@@ -649,6 +649,7 @@ static int init_volumes(struct ubi_devic
if (ubi->corr_peb_count)
ubi_err(ubi, "%d PEBs are corrupted and not used",
ubi->corr_peb_count);
+ return -ENOSPC;
}
ubi->rsvd_pebs += reserved_pebs;
ubi->avail_pebs -= reserved_pebs;
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -1601,6 +1601,7 @@ int ubi_wl_init(struct ubi_device *ubi,
if (ubi->corr_peb_count)
ubi_err(ubi, "%d PEBs are corrupted and not used",
ubi->corr_peb_count);
+ err = -ENOSPC;
goto out_free;
}
ubi->avail_pebs -= reserved_pebs;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 222/258] net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (202 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 221/258] UBI: return ENOSPC if no enough space available Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 224/258] mmc: core: Dont return an error for CD/WP GPIOs when GPIOLIB is unset Greg Kroah-Hartman
` (34 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sudip Mukherjee, David S. Miller
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
commit 21343ac21ec7d871e94e98e288f3398a4207d9c0 upstream.
The builds of allmodconfig of avr32 is failing with:
drivers/net/ethernet/via/via-rhine.c:1098:2: error: implicit declaration
of function 'pci_iomap' [-Werror=implicit-function-declaration]
drivers/net/ethernet/via/via-rhine.c:1119:2: error: implicit declaration
of function 'pci_iounmap' [-Werror=implicit-function-declaration]
The generic empty pci_iomap and pci_iounmap is used only if CONFIG_PCI
is not defined and CONFIG_GENERIC_PCI_IOMAP is defined.
Add GENERIC_PCI_IOMAP in the dependency list for VIA_RHINE as we are
getting build failure when CONFIG_PCI and CONFIG_GENERIC_PCI_IOMAP both
are not defined.
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/via/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/via/Kconfig
+++ b/drivers/net/ethernet/via/Kconfig
@@ -17,7 +17,7 @@ if NET_VENDOR_VIA
config VIA_RHINE
tristate "VIA Rhine support"
- depends on (PCI || OF_IRQ)
+ depends on PCI || (OF_IRQ && GENERIC_PCI_IOMAP)
depends on HAS_DMA
select CRC32
select MII
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 224/258] mmc: core: Dont return an error for CD/WP GPIOs when GPIOLIB is unset
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (203 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 222/258] net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 225/258] mmc: core: fix dead loop of mmc_retune Greg Kroah-Hartman
` (33 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Simek, Ulf Hansson,
Venu Byravarasu
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulf Hansson <ulf.hansson@linaro.org>
commit 43934ece2ea72c1dd279c0b0478c1a036d5d77ee upstream.
When CONFIG_GPIOLIB is unset, its stubs will return -ENOSYS. That means
when the mmc core parses DT for CD/WP GPIOs via mmc_of_parse(), -ENOSYS
becomes propagated to the caller. Typically this means that the mmc host
driver fails to probe.
As the CD/WP GPIOs are already treated as optional, let's extend that to
cover the case when CONFIG_GPIOLIB is unset.
Reported-by: Michal Simek <michal.simek@xilinx.com>
Fixes: 16b23787fc70 ("mmc: sdhci-of-arasan: Call OF parsing for MMC")
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Venu Byravarasu <vbyravarasu@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/host.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/mmc/core/host.c
+++ b/drivers/mmc/core/host.c
@@ -457,7 +457,7 @@ int mmc_of_parse(struct mmc_host *host)
0, &cd_gpio_invert);
if (!ret)
dev_info(host->parent, "Got CD GPIO\n");
- else if (ret != -ENOENT)
+ else if (ret != -ENOENT && ret != -ENOSYS)
return ret;
/*
@@ -481,7 +481,7 @@ int mmc_of_parse(struct mmc_host *host)
ret = mmc_gpiod_request_ro(host, "wp", 0, false, 0, &ro_gpio_invert);
if (!ret)
dev_info(host->parent, "Got WP GPIO\n");
- else if (ret != -ENOENT)
+ else if (ret != -ENOENT && ret != -ENOSYS)
return ret;
if (of_property_read_bool(np, "disable-wp"))
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 225/258] mmc: core: fix dead loop of mmc_retune
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (204 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 224/258] mmc: core: Dont return an error for CD/WP GPIOs when GPIOLIB is unset Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 226/258] dcache: Handle escaped paths in prepend_path Greg Kroah-Hartman
` (32 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chaotian Jing, Adrian Hunter,
Ulf Hansson
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chaotian Jing <chaotian.jing@mediatek.com>
commit 031277d4d33d33f0174fbb569ca8f68238175617 upstream.
When get a CRC error, start the mmc_retune, it will issue CMD19/CMD21
to do tune, assume there were 10 clock phase need to try, phase 0 to
phase 6 is ok, phase 7 to phase 9 is NG, we try it from 0 to 9, so
the last CMD19/CMD21 will get CRC error, host->need_retune was set and
cause mmc_retune was called, then dead loop of mmc_retune
Signed-off-by: Chaotian Jing <chaotian.jing@mediatek.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Fixes: bd11e8bd03ca ("mmc: core: Flag re-tuning is needed on CRC errors")
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -134,9 +134,11 @@ void mmc_request_done(struct mmc_host *h
int err = cmd->error;
/* Flag re-tuning needed on CRC errors */
- if (err == -EILSEQ || (mrq->sbc && mrq->sbc->error == -EILSEQ) ||
+ if ((cmd->opcode != MMC_SEND_TUNING_BLOCK &&
+ cmd->opcode != MMC_SEND_TUNING_BLOCK_HS200) &&
+ (err == -EILSEQ || (mrq->sbc && mrq->sbc->error == -EILSEQ) ||
(mrq->data && mrq->data->error == -EILSEQ) ||
- (mrq->stop && mrq->stop->error == -EILSEQ))
+ (mrq->stop && mrq->stop->error == -EILSEQ)))
mmc_retune_needed(host);
if (err && cmd->retries && mmc_host_is_spi(host)) {
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 226/258] dcache: Handle escaped paths in prepend_path
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (205 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 225/258] mmc: core: fix dead loop of mmc_retune Greg Kroah-Hartman
@ 2015-10-18 1:58 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 227/258] vfs: Test for and handle paths that are unreachable from their mnt_root Greg Kroah-Hartman
` (31 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric W. Biederman, Al Viro
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit cde93be45a8a90d8c264c776fab63487b5038a65 upstream.
A rename can result in a dentry that by walking up d_parent
will never reach it's mnt_root. For lack of a better term
I call this an escaped path.
prepend_path is called by four different functions __d_path,
d_absolute_path, d_path, and getcwd.
__d_path only wants to see paths are connected to the root it passes
in. So __d_path needs prepend_path to return an error.
d_absolute_path similarly wants to see paths that are connected to
some root. Escaped paths are not connected to any mnt_root so
d_absolute_path needs prepend_path to return an error greater
than 1. So escaped paths will be treated like paths on lazily
unmounted mounts.
getcwd needs to prepend "(unreachable)" so getcwd also needs
prepend_path to return an error.
d_path is the interesting hold out. d_path just wants to print
something, and does not care about the weird cases. Which raises
the question what should be printed?
Given that <escaped_path>/<anything> should result in -ENOENT I
believe it is desirable for escaped paths to be printed as empty
paths. As there are not really any meaninful path components when
considered from the perspective of a mount tree.
So tweak prepend_path to return an empty path with an new error
code of 3 when it encounters an escaped path.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2926,6 +2926,13 @@ restart:
if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
struct mount *parent = ACCESS_ONCE(mnt->mnt_parent);
+ /* Escaped? */
+ if (dentry != vfsmnt->mnt_root) {
+ bptr = *buffer;
+ blen = *buflen;
+ error = 3;
+ break;
+ }
/* Global root? */
if (mnt != parent) {
dentry = ACCESS_ONCE(mnt->mnt_mountpoint);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 227/258] vfs: Test for and handle paths that are unreachable from their mnt_root
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (206 preceding siblings ...)
2015-10-18 1:58 ` [PATCH 4.2 226/258] dcache: Handle escaped paths in prepend_path Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 228/258] arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions Greg Kroah-Hartman
` (30 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric W. Biederman, Al Viro
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit 397d425dc26da728396e66d392d5dcb8dac30c37 upstream.
In rare cases a directory can be renamed out from under a bind mount.
In those cases without special handling it becomes possible to walk up
the directory tree to the root dentry of the filesystem and down
from the root dentry to every other file or directory on the filesystem.
Like division by zero .. from an unconnected path can not be given
a useful semantic as there is no predicting at which path component
the code will realize it is unconnected. We certainly can not match
the current behavior as the current behavior is a security hole.
Therefore when encounting .. when following an unconnected path
return -ENOENT.
- Add a function path_connected to verify path->dentry is reachable
from path->mnt.mnt_root. AKA to validate that rename did not do
something nasty to the bind mount.
To avoid races path_connected must be called after following a path
component to it's next path component.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namei.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -560,6 +560,24 @@ static int __nd_alloc_stack(struct namei
return 0;
}
+/**
+ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
+ * @path: nameidate to verify
+ *
+ * Rename can sometimes move a file or directory outside of a bind
+ * mount, path_connected allows those cases to be detected.
+ */
+static bool path_connected(const struct path *path)
+{
+ struct vfsmount *mnt = path->mnt;
+
+ /* Only bind mounts can have disconnected paths */
+ if (mnt->mnt_root == mnt->mnt_sb->s_root)
+ return true;
+
+ return is_subdir(path->dentry, mnt->mnt_root);
+}
+
static inline int nd_alloc_stack(struct nameidata *nd)
{
if (likely(nd->depth != EMBEDDED_LEVELS))
@@ -1296,6 +1314,8 @@ static int follow_dotdot_rcu(struct name
return -ECHILD;
nd->path.dentry = parent;
nd->seq = seq;
+ if (unlikely(!path_connected(&nd->path)))
+ return -ENOENT;
break;
} else {
struct mount *mnt = real_mount(nd->path.mnt);
@@ -1396,7 +1416,7 @@ static void follow_mount(struct path *pa
}
}
-static void follow_dotdot(struct nameidata *nd)
+static int follow_dotdot(struct nameidata *nd)
{
if (!nd->root.mnt)
set_root(nd);
@@ -1412,6 +1432,8 @@ static void follow_dotdot(struct nameida
/* rare case of legitimate dget_parent()... */
nd->path.dentry = dget_parent(nd->path.dentry);
dput(old);
+ if (unlikely(!path_connected(&nd->path)))
+ return -ENOENT;
break;
}
if (!follow_up(&nd->path))
@@ -1419,6 +1441,7 @@ static void follow_dotdot(struct nameida
}
follow_mount(&nd->path);
nd->inode = nd->path.dentry->d_inode;
+ return 0;
}
/*
@@ -1634,7 +1657,7 @@ static inline int handle_dots(struct nam
if (nd->flags & LOOKUP_RCU) {
return follow_dotdot_rcu(nd);
} else
- follow_dotdot(nd);
+ return follow_dotdot(nd);
}
return 0;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 228/258] arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (207 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 227/258] vfs: Test for and handle paths that are unreachable from their mnt_root Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 229/258] arm64: ftrace: fix function_graph tracer panic Greg Kroah-Hartman
` (29 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Salter, Ard Biesheuvel,
Matt Fleming, Mark Rutland, Catalin Marinas, Leif Lindholm,
Linus Torvalds, Mike Galbraith, Peter Zijlstra, Thomas Gleixner,
Will Deacon, Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 0ce3cc008ec04258b6a6314b09f1a6012810881a upstream.
The new Properties Table feature introduced in UEFIv2.5 may
split memory regions that cover PE/COFF memory images into
separate code and data regions. Since these regions only differ
in the type (runtime code vs runtime data) and the permission
bits, but not in the memory type attributes (UC/WC/WT/WB), the
spec does not require them to be aligned to 64 KB.
Since the relative offset of PE/COFF .text and .data segments
cannot be changed on the fly, this means that we can no longer
pad out those regions to be mappable using 64 KB pages.
Unfortunately, there is no annotation in the UEFI memory map
that identifies data regions that were split off from a code
region, so we must apply this logic to all adjacent runtime
regions whose attributes only differ in the permission bits.
So instead of rounding each memory region to 64 KB alignment at
both ends, only round down regions that are not directly
preceded by another runtime region with the same type
attributes. Since the UEFI spec does not mandate that the memory
map be sorted, this means we also need to sort it first.
Note that this change will result in all EFI_MEMORY_RUNTIME
regions whose start addresses are not aligned to the OS page
size to be mapped with executable permissions (i.e., on kernels
compiled with 64 KB pages). However, since these mappings are
only active during the time that UEFI Runtime Services are being
invoked, the window for abuse is rather small.
Tested-by: Mark Salter <msalter@redhat.com>
Tested-by: Mark Rutland <mark.rutland@arm.com> [UEFI 2.4 only]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Reviewed-by: Mark Salter <msalter@redhat.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-kernel@vger.kernel.org
Link: http://lkml.kernel.org/r/1443218539-7610-3-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/efi.c | 3 -
drivers/firmware/efi/libstub/arm-stub.c | 86 ++++++++++++++++++++++++++------
2 files changed, 74 insertions(+), 15 deletions(-)
--- a/arch/arm64/kernel/efi.c
+++ b/arch/arm64/kernel/efi.c
@@ -258,7 +258,8 @@ static bool __init efi_virtmap_init(void
*/
if (!is_normal_ram(md))
prot = __pgprot(PROT_DEVICE_nGnRE);
- else if (md->type == EFI_RUNTIME_SERVICES_CODE)
+ else if (md->type == EFI_RUNTIME_SERVICES_CODE ||
+ !PAGE_ALIGNED(md->phys_addr))
prot = PAGE_KERNEL_EXEC;
else
prot = PAGE_KERNEL;
--- a/drivers/firmware/efi/libstub/arm-stub.c
+++ b/drivers/firmware/efi/libstub/arm-stub.c
@@ -13,6 +13,7 @@
*/
#include <linux/efi.h>
+#include <linux/sort.h>
#include <asm/efi.h>
#include "efistub.h"
@@ -305,6 +306,44 @@ fail:
*/
#define EFI_RT_VIRTUAL_BASE 0x40000000
+static int cmp_mem_desc(const void *l, const void *r)
+{
+ const efi_memory_desc_t *left = l, *right = r;
+
+ return (left->phys_addr > right->phys_addr) ? 1 : -1;
+}
+
+/*
+ * Returns whether region @left ends exactly where region @right starts,
+ * or false if either argument is NULL.
+ */
+static bool regions_are_adjacent(efi_memory_desc_t *left,
+ efi_memory_desc_t *right)
+{
+ u64 left_end;
+
+ if (left == NULL || right == NULL)
+ return false;
+
+ left_end = left->phys_addr + left->num_pages * EFI_PAGE_SIZE;
+
+ return left_end == right->phys_addr;
+}
+
+/*
+ * Returns whether region @left and region @right have compatible memory type
+ * mapping attributes, and are both EFI_MEMORY_RUNTIME regions.
+ */
+static bool regions_have_compatible_memory_type_attrs(efi_memory_desc_t *left,
+ efi_memory_desc_t *right)
+{
+ static const u64 mem_type_mask = EFI_MEMORY_WB | EFI_MEMORY_WT |
+ EFI_MEMORY_WC | EFI_MEMORY_UC |
+ EFI_MEMORY_RUNTIME;
+
+ return ((left->attribute ^ right->attribute) & mem_type_mask) == 0;
+}
+
/*
* efi_get_virtmap() - create a virtual mapping for the EFI memory map
*
@@ -317,33 +356,52 @@ void efi_get_virtmap(efi_memory_desc_t *
int *count)
{
u64 efi_virt_base = EFI_RT_VIRTUAL_BASE;
- efi_memory_desc_t *out = runtime_map;
+ efi_memory_desc_t *in, *prev = NULL, *out = runtime_map;
int l;
- for (l = 0; l < map_size; l += desc_size) {
- efi_memory_desc_t *in = (void *)memory_map + l;
+ /*
+ * To work around potential issues with the Properties Table feature
+ * introduced in UEFI 2.5, which may split PE/COFF executable images
+ * in memory into several RuntimeServicesCode and RuntimeServicesData
+ * regions, we need to preserve the relative offsets between adjacent
+ * EFI_MEMORY_RUNTIME regions with the same memory type attributes.
+ * The easiest way to find adjacent regions is to sort the memory map
+ * before traversing it.
+ */
+ sort(memory_map, map_size / desc_size, desc_size, cmp_mem_desc, NULL);
+
+ for (l = 0; l < map_size; l += desc_size, prev = in) {
u64 paddr, size;
+ in = (void *)memory_map + l;
if (!(in->attribute & EFI_MEMORY_RUNTIME))
continue;
+ paddr = in->phys_addr;
+ size = in->num_pages * EFI_PAGE_SIZE;
+
/*
* Make the mapping compatible with 64k pages: this allows
* a 4k page size kernel to kexec a 64k page size kernel and
* vice versa.
*/
- paddr = round_down(in->phys_addr, SZ_64K);
- size = round_up(in->num_pages * EFI_PAGE_SIZE +
- in->phys_addr - paddr, SZ_64K);
+ if (!regions_are_adjacent(prev, in) ||
+ !regions_have_compatible_memory_type_attrs(prev, in)) {
- /*
- * Avoid wasting memory on PTEs by choosing a virtual base that
- * is compatible with section mappings if this region has the
- * appropriate size and physical alignment. (Sections are 2 MB
- * on 4k granule kernels)
- */
- if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M)
- efi_virt_base = round_up(efi_virt_base, SZ_2M);
+ paddr = round_down(in->phys_addr, SZ_64K);
+ size += in->phys_addr - paddr;
+
+ /*
+ * Avoid wasting memory on PTEs by choosing a virtual
+ * base that is compatible with section mappings if this
+ * region has the appropriate size and physical
+ * alignment. (Sections are 2 MB on 4k granule kernels)
+ */
+ if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M)
+ efi_virt_base = round_up(efi_virt_base, SZ_2M);
+ else
+ efi_virt_base = round_up(efi_virt_base, SZ_64K);
+ }
in->virt_addr = efi_virt_base + in->phys_addr - paddr;
efi_virt_base += size;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 229/258] arm64: ftrace: fix function_graph tracer panic
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (208 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 228/258] arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 230/258] arm64: readahead: fault retry breaks mmap file read random detection Greg Kroah-Hartman
` (28 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Bin, AKASHI Takahiro,
Catalin Marinas
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Bin <huawei.libin@huawei.com>
commit ee556d00cf20012e889344a0adbbf809ab5015a3 upstream.
When function graph tracer is enabled, the following operation
will trigger panic:
mount -t debugfs nodev /sys/kernel
echo next_tgid > /sys/kernel/tracing/set_ftrace_filter
echo function_graph > /sys/kernel/tracing/current_tracer
ls /proc/
------------[ cut here ]------------
[ 198.501417] Unable to handle kernel paging request at virtual address cb88537fdc8ba316
[ 198.506126] pgd = ffffffc008f79000
[ 198.509363] [cb88537fdc8ba316] *pgd=00000000488c6003, *pud=00000000488c6003, *pmd=0000000000000000
[ 198.517726] Internal error: Oops: 94000005 [#1] SMP
[ 198.518798] Modules linked in:
[ 198.520582] CPU: 1 PID: 1388 Comm: ls Tainted: G
[ 198.521800] Hardware name: linux,dummy-virt (DT)
[ 198.522852] task: ffffffc0fa9e8000 ti: ffffffc0f9ab0000 task.ti: ffffffc0f9ab0000
[ 198.524306] PC is at next_tgid+0x30/0x100
[ 198.525205] LR is at return_to_handler+0x0/0x20
[ 198.526090] pc : [<ffffffc0002a1070>] lr : [<ffffffc0000907c0>] pstate: 60000145
[ 198.527392] sp : ffffffc0f9ab3d40
[ 198.528084] x29: ffffffc0f9ab3d40 x28: ffffffc0f9ab0000
[ 198.529406] x27: ffffffc000d6a000 x26: ffffffc000b786e8
[ 198.530659] x25: ffffffc0002a1900 x24: ffffffc0faf16c00
[ 198.531942] x23: ffffffc0f9ab3ea0 x22: 0000000000000002
[ 198.533202] x21: ffffffc000d85050 x20: 0000000000000002
[ 198.534446] x19: 0000000000000002 x18: 0000000000000000
[ 198.535719] x17: 000000000049fa08 x16: ffffffc000242efc
[ 198.537030] x15: 0000007fa472b54c x14: ffffffffff000000
[ 198.538347] x13: ffffffc0fada84a0 x12: 0000000000000001
[ 198.539634] x11: ffffffc0f9ab3d70 x10: ffffffc0f9ab3d70
[ 198.540915] x9 : ffffffc0000907c0 x8 : ffffffc0f9ab3d40
[ 198.542215] x7 : 0000002e330f08f0 x6 : 0000000000000015
[ 198.543508] x5 : 0000000000000f08 x4 : ffffffc0f9835ec0
[ 198.544792] x3 : cb88537fdc8ba316 x2 : cb88537fdc8ba306
[ 198.546108] x1 : 0000000000000002 x0 : ffffffc000d85050
[ 198.547432]
[ 198.547920] Process ls (pid: 1388, stack limit = 0xffffffc0f9ab0020)
[ 198.549170] Stack: (0xffffffc0f9ab3d40 to 0xffffffc0f9ab4000)
[ 198.582568] Call trace:
[ 198.583313] [<ffffffc0002a1070>] next_tgid+0x30/0x100
[ 198.584359] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
[ 198.585503] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
[ 198.586574] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
[ 198.587660] [<ffffffc0000907bc>] ftrace_graph_caller+0x6c/0x70
[ 198.588896] Code: aa0003f5 2a0103f4 b4000102 91004043 (885f7c60)
[ 198.591092] ---[ end trace 6a346f8f20949ac8 ]---
This is because when using function graph tracer, if the traced
function return value is in multi regs ([x0-x7]), return_to_handler
may corrupt them. So in return_to_handler, the parameter regs should
be protected properly.
Signed-off-by: Li Bin <huawei.libin@huawei.com>
Acked-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/entry-ftrace.S | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
--- a/arch/arm64/kernel/entry-ftrace.S
+++ b/arch/arm64/kernel/entry-ftrace.S
@@ -178,6 +178,24 @@ ENTRY(ftrace_stub)
ENDPROC(ftrace_stub)
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+ /* save return value regs*/
+ .macro save_return_regs
+ sub sp, sp, #64
+ stp x0, x1, [sp]
+ stp x2, x3, [sp, #16]
+ stp x4, x5, [sp, #32]
+ stp x6, x7, [sp, #48]
+ .endm
+
+ /* restore return value regs*/
+ .macro restore_return_regs
+ ldp x0, x1, [sp]
+ ldp x2, x3, [sp, #16]
+ ldp x4, x5, [sp, #32]
+ ldp x6, x7, [sp, #48]
+ add sp, sp, #64
+ .endm
+
/*
* void ftrace_graph_caller(void)
*
@@ -204,11 +222,11 @@ ENDPROC(ftrace_graph_caller)
* only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled.
*/
ENTRY(return_to_handler)
- str x0, [sp, #-16]!
+ save_return_regs
mov x0, x29 // parent's fp
bl ftrace_return_to_handler// addr = ftrace_return_to_hander(fp);
mov x30, x0 // restore the original return address
- ldr x0, [sp], #16
+ restore_return_regs
ret
END(return_to_handler)
#endif /* CONFIG_FUNCTION_GRAPH_TRACER */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 230/258] arm64: readahead: fault retry breaks mmap file read random detection
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (209 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 229/258] arm64: ftrace: fix function_graph tracer panic Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 231/258] m68k: Define asmlinkage_protect Greg Kroah-Hartman
` (27 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaohua Li, Rik van Riel,
Wu Fengguang, Mark Salyzyn, Riley Andrews, Will Deacon
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Salyzyn <salyzyn@android.com>
commit 569ba74a7ba69f46ce2950bf085b37fea2408385 upstream.
This is the arm64 portion of commit 45cac65b0fcd ("readahead: fault
retry breaks mmap file read random detection"), which was absent from
the initial port and has since gone unnoticed. The original commit says:
> .fault now can retry. The retry can break state machine of .fault. In
> filemap_fault, if page is miss, ra->mmap_miss is increased. In the second
> try, since the page is in page cache now, ra->mmap_miss is decreased. And
> these are done in one fault, so we can't detect random mmap file access.
>
> Add a new flag to indicate .fault is tried once. In the second try, skip
> ra->mmap_miss decreasing. The filemap_fault state machine is ok with it.
With this change, Mark reports that:
> Random read improves by 250%, sequential read improves by 40%, and
> random write by 400% to an eMMC device with dm crypto wrapped around it.
Cc: Shaohua Li <shli@kernel.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Signed-off-by: Riley Andrews <riandrews@android.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/mm/fault.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -278,6 +278,7 @@ retry:
* starvation.
*/
mm_flags &= ~FAULT_FLAG_ALLOW_RETRY;
+ mm_flags |= FAULT_FLAG_TRIED;
goto retry;
}
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 231/258] m68k: Define asmlinkage_protect
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (210 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 230/258] arm64: readahead: fault retry breaks mmap file read random detection Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 233/258] net/xen-netfront: only napi_synchronize() if running Greg Kroah-Hartman
` (26 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Schwab, Geert Uytterhoeven
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Schwab <schwab@linux-m68k.org>
commit 8474ba74193d302e8340dddd1e16c85cc4b98caf upstream.
Make sure the compiler does not modify arguments of syscall functions.
This can happen if the compiler generates a tailcall to another
function. For example, without asmlinkage_protect sys_openat is compiled
into this function:
sys_openat:
clr.l %d0
move.w 18(%sp),%d0
move.l %d0,16(%sp)
jbra do_sys_open
Note how the fourth argument is modified in place, modifying the register
%d4 that gets restored from this stack slot when the function returns to
user-space. The caller may expect the register to be unmodified across
system calls.
Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/m68k/include/asm/linkage.h | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
--- a/arch/m68k/include/asm/linkage.h
+++ b/arch/m68k/include/asm/linkage.h
@@ -4,4 +4,34 @@
#define __ALIGN .align 4
#define __ALIGN_STR ".align 4"
+/*
+ * Make sure the compiler doesn't do anything stupid with the
+ * arguments on the stack - they are owned by the *caller*, not
+ * the callee. This just fools gcc into not spilling into them,
+ * and keeps it from doing tailcall recursion and/or using the
+ * stack slots for temporaries, since they are live and "used"
+ * all the way to the end of the function.
+ */
+#define asmlinkage_protect(n, ret, args...) \
+ __asmlinkage_protect##n(ret, ##args)
+#define __asmlinkage_protect_n(ret, args...) \
+ __asm__ __volatile__ ("" : "=r" (ret) : "0" (ret), ##args)
+#define __asmlinkage_protect0(ret) \
+ __asmlinkage_protect_n(ret)
+#define __asmlinkage_protect1(ret, arg1) \
+ __asmlinkage_protect_n(ret, "m" (arg1))
+#define __asmlinkage_protect2(ret, arg1, arg2) \
+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2))
+#define __asmlinkage_protect3(ret, arg1, arg2, arg3) \
+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3))
+#define __asmlinkage_protect4(ret, arg1, arg2, arg3, arg4) \
+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
+ "m" (arg4))
+#define __asmlinkage_protect5(ret, arg1, arg2, arg3, arg4, arg5) \
+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
+ "m" (arg4), "m" (arg5))
+#define __asmlinkage_protect6(ret, arg1, arg2, arg3, arg4, arg5, arg6) \
+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
+ "m" (arg4), "m" (arg5), "m" (arg6))
+
#endif
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 233/258] net/xen-netfront: only napi_synchronize() if running
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (211 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 231/258] m68k: Define asmlinkage_protect Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 234/258] igb: do not re-init SR-IOV during probe Greg Kroah-Hartman
` (25 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chas Williams, David S. Miller,
Kamata, Munehisa
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chas Williams <3chas3@gmail.com>
commit 274b045509175db0405c784be85e8cce116e6f7d upstream.
If an interface isn't running napi_synchronize() will hang forever.
[ 392.248403] rmmod R running task 0 359 343 0x00000000
[ 392.257671] ffff88003760fc88 ffff880037193b40 ffff880037193160 ffff88003760fc88
[ 392.267644] ffff880037610000 ffff88003760fcd8 0000000100014c22 ffffffff81f75c40
[ 392.277524] 0000000000bc7010 ffff88003760fca8 ffffffff81796927 ffffffff81f75c40
[ 392.287323] Call Trace:
[ 392.291599] [<ffffffff81796927>] schedule+0x37/0x90
[ 392.298553] [<ffffffff8179985b>] schedule_timeout+0x14b/0x280
[ 392.306421] [<ffffffff810f91b9>] ? irq_free_descs+0x69/0x80
[ 392.314006] [<ffffffff811084d0>] ? internal_add_timer+0xb0/0xb0
[ 392.322125] [<ffffffff81109d07>] msleep+0x37/0x50
[ 392.329037] [<ffffffffa00ec79a>] xennet_disconnect_backend.isra.24+0xda/0x390 [xen_netfront]
[ 392.339658] [<ffffffffa00ecadc>] xennet_remove+0x2c/0x80 [xen_netfront]
[ 392.348516] [<ffffffff81481c69>] xenbus_dev_remove+0x59/0xc0
[ 392.356257] [<ffffffff814e7217>] __device_release_driver+0x87/0x120
[ 392.364645] [<ffffffff814e7cf8>] driver_detach+0xb8/0xc0
[ 392.371989] [<ffffffff814e6e69>] bus_remove_driver+0x59/0xe0
[ 392.379883] [<ffffffff814e84f0>] driver_unregister+0x30/0x70
[ 392.387495] [<ffffffff814814b2>] xenbus_unregister_driver+0x12/0x20
[ 392.395908] [<ffffffffa00ed89b>] netif_exit+0x10/0x775 [xen_netfront]
[ 392.404877] [<ffffffff81124e08>] SyS_delete_module+0x1d8/0x230
[ 392.412804] [<ffffffff8179a8ee>] system_call_fastpath+0x12/0x71
Signed-off-by: Chas Williams <3chas3@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: "Kamata, Munehisa" <kamatam@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/xen-netfront.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1348,7 +1348,8 @@ static void xennet_disconnect_backend(st
queue->tx_evtchn = queue->rx_evtchn = 0;
queue->tx_irq = queue->rx_irq = 0;
- napi_synchronize(&queue->napi);
+ if (netif_running(info->netdev))
+ napi_synchronize(&queue->napi);
xennet_release_tx_bufs(queue);
xennet_release_rx_bufs(queue);
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 234/258] igb: do not re-init SR-IOV during probe
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (212 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 233/258] net/xen-netfront: only napi_synchronize() if running Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 235/258] genirq: Fix race in register_irq_proc() Greg Kroah-Hartman
` (24 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Assmann, Aaron Brown,
Jeff Kirsher, Daniel J Blueman
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Assmann <sassmann@kpanic.de>
commit 6423fc34160939142d72ffeaa2db6408317f54df upstream.
During driver probing the following code path is triggered.
igb_probe
->igb_sw_init
->igb_probe_vfs
->igb_pci_enable_sriov
->igb_sriov_reinit
Doing the SR-IOV re-init is not necessary during probing since we're
starting from scratch. Here we can call igb_enable_sriov() right away.
Running igb_sriov_reinit() during igb_probe() also seems to cause
occasional packet loss on some onboard 82576 NICs. Reproduced on
Dell and HP servers with onboard 82576 NICs.
Example:
Intel Corporation 82576 Gigabit Network Connection [8086:10c9] (rev 01)
Subsystem: Dell Device [1028:0481]
Signed-off-by: Stefan Assmann <sassmann@kpanic.de>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: Daniel J Blueman <daniel@numascale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -2851,7 +2851,7 @@ static void igb_probe_vfs(struct igb_ada
return;
pci_sriov_set_totalvfs(pdev, 7);
- igb_pci_enable_sriov(pdev, max_vfs);
+ igb_enable_sriov(pdev, max_vfs);
#endif /* CONFIG_PCI_IOV */
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 235/258] genirq: Fix race in register_irq_proc()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (213 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 234/258] igb: do not re-init SR-IOV during probe Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 236/258] clocksource: Fix abs() usage w/ 64bit values Greg Kroah-Hartman
` (23 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Hutchings, Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 95c2b17534654829db428f11bcf4297c059a2a7e upstream.
Per-IRQ directories in procfs are created only when a handler is first
added to the irqdesc, not when the irqdesc is created. In the case of
a shared IRQ, multiple tasks can race to create a directory. This
race condition seems to have been present forever, but is easier to
hit with async probing.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Link: http://lkml.kernel.org/r/1443266636.2004.2.camel@decadent.org.uk
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/irq/proc.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
--- a/kernel/irq/proc.c
+++ b/kernel/irq/proc.c
@@ -12,6 +12,7 @@
#include <linux/seq_file.h>
#include <linux/interrupt.h>
#include <linux/kernel_stat.h>
+#include <linux/mutex.h>
#include "internals.h"
@@ -323,18 +324,29 @@ void register_handler_proc(unsigned int
void register_irq_proc(unsigned int irq, struct irq_desc *desc)
{
+ static DEFINE_MUTEX(register_lock);
char name [MAX_NAMELEN];
- if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip) || desc->dir)
+ if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip))
return;
+ /*
+ * irq directories are registered only when a handler is
+ * added, not when the descriptor is created, so multiple
+ * tasks might try to register at the same time.
+ */
+ mutex_lock(®ister_lock);
+
+ if (desc->dir)
+ goto out_unlock;
+
memset(name, 0, MAX_NAMELEN);
sprintf(name, "%d", irq);
/* create /proc/irq/1234 */
desc->dir = proc_mkdir(name, root_irq_dir);
if (!desc->dir)
- return;
+ goto out_unlock;
#ifdef CONFIG_SMP
/* create /proc/irq/<irq>/smp_affinity */
@@ -355,6 +367,9 @@ void register_irq_proc(unsigned int irq,
proc_create_data("spurious", 0444, desc->dir,
&irq_spurious_proc_fops, (void *)(long)irq);
+
+out_unlock:
+ mutex_unlock(®ister_lock);
}
void unregister_irq_proc(unsigned int irq, struct irq_desc *desc)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 236/258] clocksource: Fix abs() usage w/ 64bit values
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (214 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 235/258] genirq: Fix race in register_irq_proc() Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 237/258] md/bitmap: dont pass -1 to bitmap_storage_alloc Greg Kroah-Hartman
` (22 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Stultz, Prarit Bhargava,
Richard Cochran, Ingo Molnar, Thomas Gleixner
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Stultz <john.stultz@linaro.org>
commit 67dfae0cd72fec5cd158b6e5fb1647b7dbe0834c upstream.
This patch fixes one cases where abs() was being used with 64-bit
nanosecond values, where the result may be capped at 32-bits.
This potentially could cause watchdog false negatives on 32-bit
systems, so this patch addresses the issue by using abs64().
Signed-off-by: John Stultz <john.stultz@linaro.org>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Ingo Molnar <mingo@kernel.org>
Link: http://lkml.kernel.org/r/1442279124-7309-2-git-send-email-john.stultz@linaro.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/time/clocksource.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/time/clocksource.c
+++ b/kernel/time/clocksource.c
@@ -217,7 +217,7 @@ static void clocksource_watchdog(unsigne
continue;
/* Check the deviation from the watchdog clocksource. */
- if ((abs(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD)) {
+ if (abs64(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD) {
pr_warn("timekeeping watchdog: Marking clocksource '%s' as unstable because the skew is too large:\n",
cs->name);
pr_warn(" '%s' wd_now: %llx wd_last: %llx mask: %llx\n",
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 237/258] md/bitmap: dont pass -1 to bitmap_storage_alloc.
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (215 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 236/258] clocksource: Fix abs() usage w/ 64bit values Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 238/258] nfs/filelayout: Fix NULL reference caused by double freeing of fh_array Greg Kroah-Hartman
` (21 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.com>
commit da6fb7a9e5bd6f04f7e15070f630bdf1ea502841 upstream.
Passing -1 to bitmap_storage_alloc() causes page->index to be set to
-1, which is quite problematic.
So only pass ->cluster_slot if mddev_is_clustered().
Fixes: b97e92574c0b ("Use separate bitmaps for each nodes in the cluster")
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bitmap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/md/bitmap.c
+++ b/drivers/md/bitmap.c
@@ -1997,7 +1997,8 @@ int bitmap_resize(struct bitmap *bitmap,
if (bitmap->mddev->bitmap_info.offset || bitmap->mddev->bitmap_info.file)
ret = bitmap_storage_alloc(&store, chunks,
!bitmap->mddev->bitmap_info.external,
- bitmap->cluster_slot);
+ mddev_is_clustered(bitmap->mddev)
+ ? bitmap->cluster_slot : 0);
if (ret)
goto err;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 238/258] nfs/filelayout: Fix NULL reference caused by double freeing of fh_array
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (216 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 237/258] md/bitmap: dont pass -1 to bitmap_storage_alloc Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 239/258] mmc: sdhci-pxav3: remove broken clock base quirk for Armada 38x sdhci driver Greg Kroah-Hartman
` (20 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kinglong Mee, Trond Myklebust,
William Dauchy
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kinglong Mee <kinglongmee@gmail.com>
commit 3ec0c97959abff33a42db9081c22132bcff5b4f2 upstream.
If filelayout_decode_layout fail, _filelayout_free_lseg will causes
a double freeing of fh_array.
[ 1179.279800] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 1179.280198] IP: [<ffffffffa027222d>] filelayout_free_fh_array.isra.11+0x1d/0x70 [nfs_layout_nfsv41_files]
[ 1179.281010] PGD 0
[ 1179.281443] Oops: 0000 [#1]
[ 1179.281831] Modules linked in: nfs_layout_nfsv41_files(OE) nfsv4(OE) nfs(OE) fscache(E) xfs libcrc32c coretemp nfsd crct10dif_pclmul ppdev crc32_pclmul crc32c_intel auth_rpcgss ghash_clmulni_intel nfs_acl lockd vmw_balloon grace sunrpc parport_pc vmw_vmci parport shpchp i2c_piix4 vmwgfx drm_kms_helper ttm drm serio_raw mptspi scsi_transport_spi mptscsih e1000 mptbase ata_generic pata_acpi [last unloaded: fscache]
[ 1179.283891] CPU: 0 PID: 13336 Comm: cat Tainted: G OE 4.3.0-rc1-pnfs+ #244
[ 1179.284323] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
[ 1179.285206] task: ffff8800501d48c0 ti: ffff88003e3c4000 task.ti: ffff88003e3c4000
[ 1179.285668] RIP: 0010:[<ffffffffa027222d>] [<ffffffffa027222d>] filelayout_free_fh_array.isra.11+0x1d/0x70 [nfs_layout_nfsv41_files]
[ 1179.286612] RSP: 0018:ffff88003e3c77f8 EFLAGS: 00010202
[ 1179.287092] RAX: 0000000000000000 RBX: ffff88001fe78900 RCX: 0000000000000000
[ 1179.287731] RDX: ffffea0000f40760 RSI: ffff88001fe789c8 RDI: ffff88001fe789c0
[ 1179.288383] RBP: ffff88003e3c7810 R08: ffffea0000f40760 R09: 0000000000000000
[ 1179.289170] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88001fe789c8
[ 1179.289959] R13: ffff88001fe789c0 R14: ffff88004ec05a80 R15: ffff88004f935b88
[ 1179.290791] FS: 00007f4e66bb5700(0000) GS:ffffffff81c29000(0000) knlGS:0000000000000000
[ 1179.291580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1179.292209] CR2: 0000000000000000 CR3: 00000000203f8000 CR4: 00000000001406f0
[ 1179.292731] Stack:
[ 1179.293195] ffff88001fe78900 00000000000000d0 ffff88001fe78178 ffff88003e3c7868
[ 1179.293676] ffffffffa0272737 0000000000000001 0000000000000001 ffff88001fe78800
[ 1179.294151] 00000000614fffce ffffffff81727671 ffff88001fe78100 ffff88001fe78100
[ 1179.294623] Call Trace:
[ 1179.295092] [<ffffffffa0272737>] filelayout_alloc_lseg+0xa7/0x2d0 [nfs_layout_nfsv41_files]
[ 1179.295625] [<ffffffff81727671>] ? out_of_line_wait_on_bit+0x81/0xb0
[ 1179.296133] [<ffffffffa040407e>] pnfs_layout_process+0xae/0x320 [nfsv4]
[ 1179.296632] [<ffffffffa03e0a01>] nfs4_proc_layoutget+0x2b1/0x360 [nfsv4]
[ 1179.297134] [<ffffffffa0402983>] pnfs_update_layout+0x853/0xb30 [nfsv4]
[ 1179.297632] [<ffffffffa039db24>] ? nfs_get_lock_context+0x74/0x170 [nfs]
[ 1179.298158] [<ffffffffa0271807>] filelayout_pg_init_read+0x37/0x50 [nfs_layout_nfsv41_files]
[ 1179.298834] [<ffffffffa03a72d9>] __nfs_pageio_add_request+0x119/0x460 [nfs]
[ 1179.299385] [<ffffffffa03a6bd7>] ? nfs_create_request.part.9+0x37/0x2e0 [nfs]
[ 1179.299872] [<ffffffffa03a7cc3>] nfs_pageio_add_request+0xa3/0x1b0 [nfs]
[ 1179.300362] [<ffffffffa03a8635>] readpage_async_filler+0x85/0x260 [nfs]
[ 1179.300907] [<ffffffff81180cb1>] read_cache_pages+0x91/0xd0
[ 1179.301391] [<ffffffffa03a85b0>] ? nfs_read_completion+0x220/0x220 [nfs]
[ 1179.301867] [<ffffffffa03a8dc8>] nfs_readpages+0x128/0x200 [nfs]
[ 1179.302330] [<ffffffff81180ef3>] __do_page_cache_readahead+0x203/0x280
[ 1179.302784] [<ffffffff81180dc8>] ? __do_page_cache_readahead+0xd8/0x280
[ 1179.303413] [<ffffffff81181116>] ondemand_readahead+0x1a6/0x2f0
[ 1179.303855] [<ffffffff81181371>] page_cache_sync_readahead+0x31/0x50
[ 1179.304286] [<ffffffff811750a6>] generic_file_read_iter+0x4a6/0x5c0
[ 1179.304711] [<ffffffffa03a0316>] ? __nfs_revalidate_mapping+0x1f6/0x240 [nfs]
[ 1179.305132] [<ffffffffa039ccf2>] nfs_file_read+0x52/0xa0 [nfs]
[ 1179.305540] [<ffffffff811e343c>] __vfs_read+0xcc/0x100
[ 1179.305936] [<ffffffff811e3d15>] vfs_read+0x85/0x130
[ 1179.306326] [<ffffffff811e4a98>] SyS_read+0x58/0xd0
[ 1179.306708] [<ffffffff8172caaf>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 1179.307094] Code: c4 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 8b 07 49 89 f4 85 c0 74 47 48 8b 06 49 89 fd <48> 8b 38 48 85 ff 74 22 31 db eb 0c 48 63 d3 48 8b 3c d0 48 85
[ 1179.308357] RIP [<ffffffffa027222d>] filelayout_free_fh_array.isra.11+0x1d/0x70 [nfs_layout_nfsv41_files]
[ 1179.309177] RSP <ffff88003e3c77f8>
[ 1179.309582] CR2: 0000000000000000
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: William Dauchy <william@gandi.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/filelayout/filelayout.c | 31 ++++++++++++-------------------
1 file changed, 12 insertions(+), 19 deletions(-)
--- a/fs/nfs/filelayout/filelayout.c
+++ b/fs/nfs/filelayout/filelayout.c
@@ -629,23 +629,18 @@ out_put:
goto out;
}
-static void filelayout_free_fh_array(struct nfs4_filelayout_segment *fl)
+static void _filelayout_free_lseg(struct nfs4_filelayout_segment *fl)
{
int i;
- for (i = 0; i < fl->num_fh; i++) {
- if (!fl->fh_array[i])
- break;
- kfree(fl->fh_array[i]);
+ if (fl->fh_array) {
+ for (i = 0; i < fl->num_fh; i++) {
+ if (!fl->fh_array[i])
+ break;
+ kfree(fl->fh_array[i]);
+ }
+ kfree(fl->fh_array);
}
- kfree(fl->fh_array);
- fl->fh_array = NULL;
-}
-
-static void
-_filelayout_free_lseg(struct nfs4_filelayout_segment *fl)
-{
- filelayout_free_fh_array(fl);
kfree(fl);
}
@@ -716,21 +711,21 @@ filelayout_decode_layout(struct pnfs_lay
/* Do we want to use a mempool here? */
fl->fh_array[i] = kmalloc(sizeof(struct nfs_fh), gfp_flags);
if (!fl->fh_array[i])
- goto out_err_free;
+ goto out_err;
p = xdr_inline_decode(&stream, 4);
if (unlikely(!p))
- goto out_err_free;
+ goto out_err;
fl->fh_array[i]->size = be32_to_cpup(p++);
if (sizeof(struct nfs_fh) < fl->fh_array[i]->size) {
printk(KERN_ERR "NFS: Too big fh %d received %d\n",
i, fl->fh_array[i]->size);
- goto out_err_free;
+ goto out_err;
}
p = xdr_inline_decode(&stream, fl->fh_array[i]->size);
if (unlikely(!p))
- goto out_err_free;
+ goto out_err;
memcpy(fl->fh_array[i]->data, p, fl->fh_array[i]->size);
dprintk("DEBUG: %s: fh len %d\n", __func__,
fl->fh_array[i]->size);
@@ -739,8 +734,6 @@ filelayout_decode_layout(struct pnfs_lay
__free_page(scratch);
return 0;
-out_err_free:
- filelayout_free_fh_array(fl);
out_err:
__free_page(scratch);
return -EIO;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 239/258] mmc: sdhci-pxav3: remove broken clock base quirk for Armada 38x sdhci driver
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (217 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 238/258] nfs/filelayout: Fix NULL reference caused by double freeing of fh_array Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 240/258] mmc: sdhci-pxav3: disable clock inversion for HS MMC cards Greg Kroah-Hartman
` (19 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nadav Haklai, Marcin Wojtas,
Gregory CLEMENT, Ulf Hansson
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Haklai <nadavh@marvell.com>
commit 5de76bfcb1e5ac66c57b99e8e193dacac7416f0e upstream.
shci-pxav3 driver is enabling by default the
SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN quirk. However this quirk is not
required for Armada 38x and leads to wrong clock setting in the divider.
Signed-off-by: Nadav Haklai <nadavh@marvell.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pxav3.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mmc/host/sdhci-pxav3.c
+++ b/drivers/mmc/host/sdhci-pxav3.c
@@ -135,6 +135,7 @@ static int armada_38x_quirks(struct plat
struct sdhci_pxa *pxa = pltfm_host->priv;
struct resource *res;
+ host->quirks &= ~SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN;
host->quirks |= SDHCI_QUIRK_MISSING_CAPS;
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
"conf-sdio3");
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 240/258] mmc: sdhci-pxav3: disable clock inversion for HS MMC cards
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (218 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 239/258] mmc: sdhci-pxav3: remove broken clock base quirk for Armada 38x sdhci driver Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 241/258] mmc: sdhci-pxav3: fix error handling of armada_38x_quirks Greg Kroah-Hartman
` (18 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nadav Haklai, Gregory CLEMENT,
Ulf Hansson
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Haklai <nadavh@marvell.com>
commit fa7964147da57b2d40c2db2b6ed98fb7dc934bff upstream.
According to 'FE-2946959' erratum the clock inversion option is
needed to support slow frequencies when the card input hold time
requirement is high. This setting is not required for high speed
MMC and might cause timing violation.
Signed-off-by: Nadav Haklai <nadavh@marvell.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c
index 976cddd6d157..89a9e49e2ea8 100644
--- a/drivers/mmc/host/sdhci-pxav3.c
+++ b/drivers/mmc/host/sdhci-pxav3.c
@@ -291,6 +291,9 @@ static void pxav3_set_uhs_signaling(struct sdhci_host *host, unsigned int uhs)
uhs == MMC_TIMING_UHS_DDR50) {
reg_val &= ~SDIO3_CONF_CLK_INV;
reg_val |= SDIO3_CONF_SD_FB_CLK;
+ } else if (uhs == MMC_TIMING_MMC_HS) {
+ reg_val &= ~SDIO3_CONF_CLK_INV;
+ reg_val &= ~SDIO3_CONF_SD_FB_CLK;
} else {
reg_val |= SDIO3_CONF_CLK_INV;
reg_val &= ~SDIO3_CONF_SD_FB_CLK;
^ permalink raw reply related [flat|nested] 246+ messages in thread
* [PATCH 4.2 241/258] mmc: sdhci-pxav3: fix error handling of armada_38x_quirks
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (219 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 240/258] mmc: sdhci-pxav3: disable clock inversion for HS MMC cards Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 242/258] cpufreq: acpi_cpufreq: prevent crash on reading freqdomain_cpus Greg Kroah-Hartman
` (17 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marcin Wojtas, Gregory CLEMENT,
Ulf Hansson
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcin Wojtas <mw@semihalf.com>
commit 2162d9f41e7c4778b96b8e3b97adcedbadc861f1 upstream.
In case of armada_38x_quirks error, all clocks should be cleaned-up, same
as after mv_conf_mbus_windows failure.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c
index 89a9e49e2ea8..f5edf9d3a18a 100644
--- a/drivers/mmc/host/sdhci-pxav3.c
+++ b/drivers/mmc/host/sdhci-pxav3.c
@@ -402,7 +402,7 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
if (of_device_is_compatible(np, "marvell,armada-380-sdhci")) {
ret = armada_38x_quirks(pdev, host);
if (ret < 0)
- goto err_clk_get;
+ goto err_mbus_win;
ret = mv_conf_mbus_windows(pdev, mv_mbus_dram_info());
if (ret < 0)
goto err_mbus_win;
^ permalink raw reply related [flat|nested] 246+ messages in thread
* [PATCH 4.2 242/258] cpufreq: acpi_cpufreq: prevent crash on reading freqdomain_cpus
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (220 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 241/258] mmc: sdhci-pxav3: fix error handling of armada_38x_quirks Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 243/258] clk: ti: fix dual-registration of uart4_ick Greg Kroah-Hartman
` (16 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Pandruvada, Viresh Kumar,
Rafael J. Wysocki
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
commit e25303676e18a7947185a34e26dd08cf0c0ea573 upstream.
When freqdomain_cpus attribute is read from an offlined cpu, it will
cause crash. This change prevents calling cpufreq_show_cpus when
policy driver_data is NULL.
Crash info:
[ 170.814949] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[ 170.814990] IP: [<ffffffff813b2490>] _find_next_bit.part.0+0x10/0x70
[ 170.815021] PGD 227d30067 PUD 229e56067 PMD 0
[ 170.815043] Oops: 0000 [#2] SMP
[ 170.816022] CPU: 3 PID: 3121 Comm: cat Tainted: G D OE 4.3.0-rc3+ #33
...
...
[ 170.816657] Call Trace:
[ 170.816672] [<ffffffff813b2505>] ? find_next_bit+0x15/0x20
[ 170.816696] [<ffffffff8160e47c>] cpufreq_show_cpus+0x5c/0xd0
[ 170.816722] [<ffffffffa031a409>] show_freqdomain_cpus+0x19/0x20 [acpi_cpufreq]
[ 170.816749] [<ffffffff8160e65b>] show+0x3b/0x60
[ 170.816769] [<ffffffff8129b31c>] sysfs_kf_seq_show+0xbc/0x130
[ 170.816793] [<ffffffff81299be3>] kernfs_seq_show+0x23/0x30
[ 170.816816] [<ffffffff81240f2c>] seq_read+0xec/0x390
[ 170.816837] [<ffffffff8129a64a>] kernfs_fop_read+0x10a/0x160
[ 170.816861] [<ffffffff8121d9b7>] __vfs_read+0x37/0x100
[ 170.816883] [<ffffffff813217c0>] ? security_file_permission+0xa0/0xc0
[ 170.816909] [<ffffffff8121e2e3>] vfs_read+0x83/0x130
[ 170.816930] [<ffffffff8121f035>] SyS_read+0x55/0xc0
...
...
[ 170.817185] ---[ end trace bc6eadf82b2b965a ]---
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/acpi-cpufreq.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/cpufreq/acpi-cpufreq.c
+++ b/drivers/cpufreq/acpi-cpufreq.c
@@ -146,6 +146,9 @@ static ssize_t show_freqdomain_cpus(stru
{
struct acpi_cpufreq_data *data = per_cpu(acfreq_data, policy->cpu);
+ if (unlikely(!data))
+ return -ENODEV;
+
return cpufreq_show_cpus(data->freqdomain_cpus, buf);
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 243/258] clk: ti: fix dual-registration of uart4_ick
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (221 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 242/258] cpufreq: acpi_cpufreq: prevent crash on reading freqdomain_cpus Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 244/258] clk: ti: clk-7xx: Remove hardwired ABE clock configuration Greg Kroah-Hartman
` (15 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, mturquette, sboyd, linux-clk,
linux-omap, linux-kernel, Ben Dooks, Tero Kristo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Dooks <ben.dooks@codethink.co.uk>
commit 19e79687de22f23bcfb5e79cce3daba20af228d1 upstream.
On the OMAP AM3517 platform the uart4_ick gets registered
twice, causing any power management to /dev/ttyO3 to fail
when trying to wake the device up.
This solves the following oops:
[] Unhandled fault: external abort on non-linefetch (0x1028) at 0xfa09e008
[] PC is at serial_omap_pm+0x48/0x15c
[] LR is at _raw_spin_unlock_irqrestore+0x30/0x5c
Fixes: aafd900cab87 ("CLK: TI: add omap3 clock init file")
Cc: mturquette@baylibre.com
Cc: sboyd@codeaurora.org
Cc: linux-clk@vger.kernel.org
Cc: linux-omap@vger.kernel.org
Cc: linux-kernel@lists.codethink.co.uk
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/ti/clk-3xxx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/ti/clk-3xxx.c
+++ b/drivers/clk/ti/clk-3xxx.c
@@ -163,7 +163,6 @@ static struct ti_dt_clk omap3xxx_clks[]
DT_CLK(NULL, "gpio2_ick", "gpio2_ick"),
DT_CLK(NULL, "wdt3_ick", "wdt3_ick"),
DT_CLK(NULL, "uart3_ick", "uart3_ick"),
- DT_CLK(NULL, "uart4_ick", "uart4_ick"),
DT_CLK(NULL, "gpt9_ick", "gpt9_ick"),
DT_CLK(NULL, "gpt8_ick", "gpt8_ick"),
DT_CLK(NULL, "gpt7_ick", "gpt7_ick"),
@@ -308,6 +307,7 @@ static struct ti_dt_clk am35xx_clks[] =
static struct ti_dt_clk omap36xx_clks[] = {
DT_CLK(NULL, "omap_192m_alwon_fck", "omap_192m_alwon_fck"),
DT_CLK(NULL, "uart4_fck", "uart4_fck"),
+ DT_CLK(NULL, "uart4_ick", "uart4_ick"),
{ .node_name = NULL },
};
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 244/258] clk: ti: clk-7xx: Remove hardwired ABE clock configuration
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (222 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 243/258] clk: ti: fix dual-registration of uart4_ick Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 245/258] clk: samsung: fix cpu clocks flags checking Greg Kroah-Hartman
` (14 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Peter Ujfalusi, Tero Kristo
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Ujfalusi <peter.ujfalusi@ti.com>
commit 4b3061b39132cba0c31b0eb767a9faeedf9437fc upstream.
The ABE related clocks should be configured via DT and not have it wired
inside of the kernel.
Fixes: a74c52def9ab ("clk: ti: clk-7xx: Correct ABE DPLL configuration")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/ti/clk-7xx.c | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
--- a/drivers/clk/ti/clk-7xx.c
+++ b/drivers/clk/ti/clk-7xx.c
@@ -16,7 +16,6 @@
#include <linux/clkdev.h>
#include <linux/clk/ti.h>
-#define DRA7_DPLL_ABE_DEFFREQ 180633600
#define DRA7_DPLL_GMAC_DEFFREQ 1000000000
#define DRA7_DPLL_USB_DEFFREQ 960000000
@@ -312,27 +311,12 @@ static struct ti_dt_clk dra7xx_clks[] =
int __init dra7xx_dt_clk_init(void)
{
int rc;
- struct clk *abe_dpll_mux, *sys_clkin2, *dpll_ck, *hdcp_ck;
+ struct clk *dpll_ck, *hdcp_ck;
ti_dt_clocks_register(dra7xx_clks);
omap2_clk_disable_autoidle_all();
- abe_dpll_mux = clk_get_sys(NULL, "abe_dpll_sys_clk_mux");
- sys_clkin2 = clk_get_sys(NULL, "sys_clkin2");
- dpll_ck = clk_get_sys(NULL, "dpll_abe_ck");
-
- rc = clk_set_parent(abe_dpll_mux, sys_clkin2);
- if (!rc)
- rc = clk_set_rate(dpll_ck, DRA7_DPLL_ABE_DEFFREQ);
- if (rc)
- pr_err("%s: failed to configure ABE DPLL!\n", __func__);
-
- dpll_ck = clk_get_sys(NULL, "dpll_abe_m2x2_ck");
- rc = clk_set_rate(dpll_ck, DRA7_DPLL_ABE_DEFFREQ * 2);
- if (rc)
- pr_err("%s: failed to configure ABE DPLL m2x2!\n", __func__);
-
dpll_ck = clk_get_sys(NULL, "dpll_gmac_ck");
rc = clk_set_rate(dpll_ck, DRA7_DPLL_GMAC_DEFFREQ);
if (rc)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 245/258] clk: samsung: fix cpu clocks flags checking
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (223 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 244/258] clk: ti: clk-7xx: Remove hardwired ABE clock configuration Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 246/258] namei: results of d_is_negative() should be checked after dentry revalidation Greg Kroah-Hartman
` (13 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomasz Figa, Michael Turquette,
Thomas Abraham, Dan Carpenter, Krzysztof Kozlowski,
Javier Martinez Canillas, Sylwester Nawrocki,
Bartlomiej Zolnierkiewicz, Stephen Boyd
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
commit 9e294bf88a583825a413df408b9fe9e658fb93ac upstream.
CLK_CPU_HAS_DIV1 and CLK_CPU_NEEDS_DEBUG_ALT_DIV masks were
incorrectly used as a bit numbers. Fix it.
Tested on Exynos4210 based Origen board and on Exynos5250 based
Arndale board.
Cc: Tomasz Figa <tomasz.figa@gmail.com>
Cc: Michael Turquette <mturquette@baylibre.com>
Cc: Thomas Abraham <thomas.ab@samsung.com>
Fixes: ddeac8d96 ("clk: samsung: add infrastructure to register cpu clocks")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reviewed-by: Javier Martinez Canillas <javier@dowhile0.org>
Acked-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/samsung/clk-cpu.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/clk/samsung/clk-cpu.c
+++ b/drivers/clk/samsung/clk-cpu.c
@@ -161,7 +161,7 @@ static int exynos_cpuclk_pre_rate_change
* the values for DIV_COPY and DIV_HPM dividers need not be set.
*/
div0 = cfg_data->div0;
- if (test_bit(CLK_CPU_HAS_DIV1, &cpuclk->flags)) {
+ if (cpuclk->flags & CLK_CPU_HAS_DIV1) {
div1 = cfg_data->div1;
if (readl(base + E4210_SRC_CPU) & E4210_MUX_HPM_MASK)
div1 = readl(base + E4210_DIV_CPU1) &
@@ -182,7 +182,7 @@ static int exynos_cpuclk_pre_rate_change
alt_div = DIV_ROUND_UP(alt_prate, tmp_rate) - 1;
WARN_ON(alt_div >= MAX_DIV);
- if (test_bit(CLK_CPU_NEEDS_DEBUG_ALT_DIV, &cpuclk->flags)) {
+ if (cpuclk->flags & CLK_CPU_NEEDS_DEBUG_ALT_DIV) {
/*
* In Exynos4210, ATB clock parent is also mout_core. So
* ATB clock also needs to be mantained at safe speed.
@@ -203,7 +203,7 @@ static int exynos_cpuclk_pre_rate_change
writel(div0, base + E4210_DIV_CPU0);
wait_until_divider_stable(base + E4210_DIV_STAT_CPU0, DIV_MASK_ALL);
- if (test_bit(CLK_CPU_HAS_DIV1, &cpuclk->flags)) {
+ if (cpuclk->flags & CLK_CPU_HAS_DIV1) {
writel(div1, base + E4210_DIV_CPU1);
wait_until_divider_stable(base + E4210_DIV_STAT_CPU1,
DIV_MASK_ALL);
@@ -222,7 +222,7 @@ static int exynos_cpuclk_post_rate_chang
unsigned long mux_reg;
/* find out the divider values to use for clock data */
- if (test_bit(CLK_CPU_NEEDS_DEBUG_ALT_DIV, &cpuclk->flags)) {
+ if (cpuclk->flags & CLK_CPU_NEEDS_DEBUG_ALT_DIV) {
while ((cfg_data->prate * 1000) != ndata->new_rate) {
if (cfg_data->prate == 0)
return -EINVAL;
@@ -237,7 +237,7 @@ static int exynos_cpuclk_post_rate_chang
writel(mux_reg & ~(1 << 16), base + E4210_SRC_CPU);
wait_until_mux_stable(base + E4210_STAT_CPU, 16, 1);
- if (test_bit(CLK_CPU_NEEDS_DEBUG_ALT_DIV, &cpuclk->flags)) {
+ if (cpuclk->flags & CLK_CPU_NEEDS_DEBUG_ALT_DIV) {
div |= (cfg_data->div0 & E4210_DIV0_ATB_MASK);
div_mask |= E4210_DIV0_ATB_MASK;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 246/258] namei: results of d_is_negative() should be checked after dentry revalidation
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (224 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 245/258] clk: samsung: fix cpu clocks flags checking Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 247/258] dm: fix AB-BA deadlock in __dm_destroy() Greg Kroah-Hartman
` (12 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leandro Awa, Trond Myklebust, Al Viro,
Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trond.myklebust@primarydata.com>
commit daf3761c9fcde0f4ca64321cbed6c1c86d304193 upstream.
Leandro Awa writes:
"After switching to version 4.1.6, our parallelized and distributed
workflows now fail consistently with errors of the form:
T34: ./regex.c:39:22: error: config.h: No such file or directory
From our 'git bisect' testing, the following commit appears to be the
possible cause of the behavior we've been seeing: commit 766c4cbfacd8"
Al Viro says:
"What happens is that 766c4cbfacd8 got the things subtly wrong.
We used to treat d_is_negative() after lookup_fast() as "fall with
ENOENT". That was wrong - checking ->d_flags outside of ->d_seq
protection is unreliable and failing with hard error on what should've
fallen back to non-RCU pathname resolution is a bug.
Unfortunately, we'd pulled the test too far up and ran afoul of
another kind of staleness. The dentry might have been absolutely
stable from the RCU point of view (and we might be on UP, etc), but
stale from the remote fs point of view. If ->d_revalidate() returns
"it's actually stale", dentry gets thrown away and the original code
wouldn't even have looked at its ->d_flags.
What we need is to check ->d_flags where 766c4cbfacd8 does (prior to
->d_seq validation) but only use the result in cases where we do not
discard this dentry outright"
Reported-by: Leandro Awa <lawa@nvidia.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=104911
Fixes: 766c4cbfacd8 ("namei: d_is_negative() should be checked...")
Tested-by: Leandro Awa <lawa@nvidia.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namei.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1558,8 +1558,6 @@ static int lookup_fast(struct nameidata
negative = d_is_negative(dentry);
if (read_seqcount_retry(&dentry->d_seq, seq))
return -ECHILD;
- if (negative)
- return -ENOENT;
/*
* This sequence count validates that the parent had no
@@ -1580,6 +1578,12 @@ static int lookup_fast(struct nameidata
goto unlazy;
}
}
+ /*
+ * Note: do negative dentry check after revalidation in
+ * case that drops it.
+ */
+ if (negative)
+ return -ENOENT;
path->mnt = mnt;
path->dentry = dentry;
if (likely(__follow_mount_rcu(nd, path, inode, seqp)))
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 247/258] dm: fix AB-BA deadlock in __dm_destroy()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (225 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 246/258] namei: results of d_is_negative() should be checked after dentry revalidation Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 248/258] dm cache: fix NULL pointer when switching from cleaner policy Greg Kroah-Hartman
` (11 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Junichi Nomura, Mikulas Patocka,
Mike Snitzer
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Junichi Nomura <j-nomura@ce.jp.nec.com>
commit 2a708cff93f1845b9239bc7d6310aef54e716c6a upstream.
__dm_destroy() takes io_barrier SRCU lock (dm_get_live_table) and
suspend_lock in reverse order. Doing so can cause AB-BA deadlock:
__dm_destroy dm_swap_table
---------------------------------------------------
mutex_lock(suspend_lock)
dm_get_live_table()
srcu_read_lock(io_barrier)
dm_sync_table()
synchronize_srcu(io_barrier)
.. waiting for dm_put_live_table()
mutex_lock(suspend_lock)
.. waiting for suspend_lock
Fix this by taking the locks in proper order.
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Fixes: ab7c7bb6f4ab ("dm: hold suspend_lock while suspending device during device deletion")
Acked-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -2952,8 +2952,6 @@ static void __dm_destroy(struct mapped_d
might_sleep();
- map = dm_get_live_table(md, &srcu_idx);
-
spin_lock(&_minor_lock);
idr_replace(&_minor_idr, MINOR_ALLOCED, MINOR(disk_devt(dm_disk(md))));
set_bit(DMF_FREEING, &md->flags);
@@ -2967,14 +2965,14 @@ static void __dm_destroy(struct mapped_d
* do not race with internal suspend.
*/
mutex_lock(&md->suspend_lock);
+ map = dm_get_live_table(md, &srcu_idx);
if (!dm_suspended_md(md)) {
dm_table_presuspend_targets(map);
dm_table_postsuspend_targets(map);
}
- mutex_unlock(&md->suspend_lock);
-
/* dm_put_live_table must be before msleep, otherwise deadlock is possible */
dm_put_live_table(md, srcu_idx);
+ mutex_unlock(&md->suspend_lock);
/*
* Rare, but there may be I/O requests still going to complete,
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 248/258] dm cache: fix NULL pointer when switching from cleaner policy
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (226 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 247/258] dm: fix AB-BA deadlock in __dm_destroy() Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 249/258] staging: speakup: fix speakup-r regression Greg Kroah-Hartman
` (10 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Joe Thornber, Mike Snitzer
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Thornber <ejt@redhat.com>
commit 2bffa1503c5c06192eb1459180fac4416575a966 upstream.
The cleaner policy doesn't make use of the per cache block hint space in
the metadata (unlike the other policies). When switching from the
cleaner policy to mq or smq a NULL pointer crash (in dm_tm_new_block)
was observed. The crash was caused by bugs in dm-cache-metadata.c
when trying to skip creation of the hint btree.
The minimal fix is to change hint size for the cleaner policy to 4 bytes
(only hint size supported).
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-cache-policy-cleaner.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-cache-policy-cleaner.c
+++ b/drivers/md/dm-cache-policy-cleaner.c
@@ -436,7 +436,7 @@ static struct dm_cache_policy *wb_create
static struct dm_cache_policy_type wb_policy_type = {
.name = "cleaner",
.version = {1, 0, 0},
- .hint_size = 0,
+ .hint_size = 4,
.owner = THIS_MODULE,
.create = wb_create
};
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 249/258] staging: speakup: fix speakup-r regression
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (227 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 248/258] dm cache: fix NULL pointer when switching from cleaner policy Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 250/258] tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c Greg Kroah-Hartman
` (9 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Samuel Thibault, John Covici
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: "covici@ccs.covici.com" <covici@ccs.covici.com>
commit b1d562acc78f0af46de0dfe447410bc40bdb7ece upstream.
Here is a patch to make speakup-r work again.
It broke in 3.6 due to commit 4369c64c79a22b98d3b7eff9d089196cd878a10a
"Input: Send events one packet at a time)
The problem was that the fakekey.c routine to fake a down arrow no
longer functioned properly and putting the input_sync fixed it.
Fixes: 4369c64c79a22b98d3b7eff9d089196cd878a10a
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: John Covici <covici@ccs.covici.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/speakup/fakekey.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/staging/speakup/fakekey.c
+++ b/drivers/staging/speakup/fakekey.c
@@ -81,6 +81,7 @@ void speakup_fake_down_arrow(void)
__this_cpu_write(reporting_keystroke, true);
input_report_key(virt_keyboard, KEY_DOWN, PRESSED);
input_report_key(virt_keyboard, KEY_DOWN, RELEASED);
+ input_sync(virt_keyboard);
__this_cpu_write(reporting_keystroke, false);
/* reenable preemption */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 250/258] tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (228 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 249/258] staging: speakup: fix speakup-r regression Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 251/258] drivers/tty: require read access for controlling terminal Greg Kroah-Hartman
` (8 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kosuke Tatsukawa
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
commit e81107d4c6bd098878af9796b24edc8d4a9524fd upstream.
My colleague ran into a program stall on a x86_64 server, where
n_tty_read() was waiting for data even if there was data in the buffer
in the pty. kernel stack for the stuck process looks like below.
#0 [ffff88303d107b58] __schedule at ffffffff815c4b20
#1 [ffff88303d107bd0] schedule at ffffffff815c513e
#2 [ffff88303d107bf0] schedule_timeout at ffffffff815c7818
#3 [ffff88303d107ca0] wait_woken at ffffffff81096bd2
#4 [ffff88303d107ce0] n_tty_read at ffffffff8136fa23
#5 [ffff88303d107dd0] tty_read at ffffffff81368013
#6 [ffff88303d107e20] __vfs_read at ffffffff811a3704
#7 [ffff88303d107ec0] vfs_read at ffffffff811a3a57
#8 [ffff88303d107f00] sys_read at ffffffff811a4306
#9 [ffff88303d107f50] entry_SYSCALL_64_fastpath at ffffffff815c86d7
There seems to be two problems causing this issue.
First, in drivers/tty/n_tty.c, __receive_buf() stores the data and
updates ldata->commit_head using smp_store_release() and then checks
the wait queue using waitqueue_active(). However, since there is no
memory barrier, __receive_buf() could return without calling
wake_up_interactive_poll(), and at the same time, n_tty_read() could
start to wait in wait_woken() as in the following chart.
__receive_buf() n_tty_read()
------------------------------------------------------------------------
if (waitqueue_active(&tty->read_wait))
/* Memory operations issued after the
RELEASE may be completed before the
RELEASE operation has completed */
add_wait_queue(&tty->read_wait, &wait);
...
if (!input_available_p(tty, 0)) {
smp_store_release(&ldata->commit_head,
ldata->read_head);
...
timeout = wait_woken(&wait,
TASK_INTERRUPTIBLE, timeout);
------------------------------------------------------------------------
The second problem is that n_tty_read() also lacks a memory barrier
call and could also cause __receive_buf() to return without calling
wake_up_interactive_poll(), and n_tty_read() to wait in wait_woken()
as in the chart below.
__receive_buf() n_tty_read()
------------------------------------------------------------------------
spin_lock_irqsave(&q->lock, flags);
/* from add_wait_queue() */
...
if (!input_available_p(tty, 0)) {
/* Memory operations issued after the
RELEASE may be completed before the
RELEASE operation has completed */
smp_store_release(&ldata->commit_head,
ldata->read_head);
if (waitqueue_active(&tty->read_wait))
__add_wait_queue(q, wait);
spin_unlock_irqrestore(&q->lock,flags);
/* from add_wait_queue() */
...
timeout = wait_woken(&wait,
TASK_INTERRUPTIBLE, timeout);
------------------------------------------------------------------------
There are also other places in drivers/tty/n_tty.c which have similar
calls to waitqueue_active(), so instead of adding many memory barrier
calls, this patch simply removes the call to waitqueue_active(),
leaving just wake_up*() behind.
This fixes both problems because, even though the memory access before
or after the spinlocks in both wake_up*() and add_wait_queue() can
sneak into the critical section, it cannot go past it and the critical
section assures that they will be serialized (please see "INTER-CPU
ACQUIRING BARRIER EFFECTS" in Documentation/memory-barriers.txt for a
better explanation). Moreover, the resulting code is much simpler.
Latency measurement using a ping-pong test over a pty doesn't show any
visible performance drop.
Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/n_tty.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -343,8 +343,7 @@ static void n_tty_packet_mode_flush(stru
spin_lock_irqsave(&tty->ctrl_lock, flags);
tty->ctrl_status |= TIOCPKT_FLUSHREAD;
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
- if (waitqueue_active(&tty->link->read_wait))
- wake_up_interruptible(&tty->link->read_wait);
+ wake_up_interruptible(&tty->link->read_wait);
}
}
@@ -1382,8 +1381,7 @@ handle_newline:
put_tty_queue(c, ldata);
smp_store_release(&ldata->canon_head, ldata->read_head);
kill_fasync(&tty->fasync, SIGIO, POLL_IN);
- if (waitqueue_active(&tty->read_wait))
- wake_up_interruptible_poll(&tty->read_wait, POLLIN);
+ wake_up_interruptible_poll(&tty->read_wait, POLLIN);
return 0;
}
}
@@ -1667,8 +1665,7 @@ static void __receive_buf(struct tty_str
if ((read_cnt(ldata) >= ldata->minimum_to_wake) || L_EXTPROC(tty)) {
kill_fasync(&tty->fasync, SIGIO, POLL_IN);
- if (waitqueue_active(&tty->read_wait))
- wake_up_interruptible_poll(&tty->read_wait, POLLIN);
+ wake_up_interruptible_poll(&tty->read_wait, POLLIN);
}
}
@@ -1887,10 +1884,8 @@ static void n_tty_set_termios(struct tty
}
/* The termios change make the tty ready for I/O */
- if (waitqueue_active(&tty->write_wait))
- wake_up_interruptible(&tty->write_wait);
- if (waitqueue_active(&tty->read_wait))
- wake_up_interruptible(&tty->read_wait);
+ wake_up_interruptible(&tty->write_wait);
+ wake_up_interruptible(&tty->read_wait);
}
/**
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 251/258] drivers/tty: require read access for controlling terminal
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (229 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 250/258] tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 252/258] serial: 8250: add uart_config entry for PORT_RT2880 Greg Kroah-Hartman
` (7 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jann Horn
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jann@thejh.net>
commit 0c55627167870255158db1cde0d28366f91c8872 upstream.
This is mostly a hardening fix, given that write-only access to other
users' ttys is usually only given through setgid tty executables.
Signed-off-by: Jann Horn <jann@thejh.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/tty_io.c | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -2136,8 +2136,24 @@ retry_open:
if (!noctty &&
current->signal->leader &&
!current->signal->tty &&
- tty->session == NULL)
- __proc_set_tty(tty);
+ tty->session == NULL) {
+ /*
+ * Don't let a process that only has write access to the tty
+ * obtain the privileges associated with having a tty as
+ * controlling terminal (being able to reopen it with full
+ * access through /dev/tty, being able to perform pushback).
+ * Many distributions set the group of all ttys to "tty" and
+ * grant write-only access to all terminals for setgid tty
+ * binaries, which should not imply full privileges on all ttys.
+ *
+ * This could theoretically break old code that performs open()
+ * on a write-only file descriptor. In that case, it might be
+ * necessary to also permit this if
+ * inode_permission(inode, MAY_READ) == 0.
+ */
+ if (filp->f_mode & FMODE_READ)
+ __proc_set_tty(tty);
+ }
spin_unlock_irq(¤t->sighand->siglock);
read_unlock(&tasklist_lock);
tty_unlock(tty);
@@ -2426,7 +2442,7 @@ static int fionbio(struct file *file, in
* Takes ->siglock() when updating signal->tty
*/
-static int tiocsctty(struct tty_struct *tty, int arg)
+static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
{
int ret = 0;
@@ -2460,6 +2476,13 @@ static int tiocsctty(struct tty_struct *
goto unlock;
}
}
+
+ /* See the comment in tty_open(). */
+ if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
+ ret = -EPERM;
+ goto unlock;
+ }
+
proc_set_tty(tty);
unlock:
read_unlock(&tasklist_lock);
@@ -2852,7 +2875,7 @@ long tty_ioctl(struct file *file, unsign
no_tty();
return 0;
case TIOCSCTTY:
- return tiocsctty(tty, arg);
+ return tiocsctty(tty, file, arg);
case TIOCGPGRP:
return tiocgpgrp(tty, real_tty, p);
case TIOCSPGRP:
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 252/258] serial: 8250: add uart_config entry for PORT_RT2880
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (230 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 251/258] drivers/tty: require read access for controlling terminal Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 254/258] e1000e: Fix tight loop implementation of systime read algorithm Greg Kroah-Hartman
` (6 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mans Rullgard
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mans Rullgard <mans@mansr.com>
commit 3c5a0357fdb3a9116a48dbdb0abb91fd23fbff80 upstream.
This adds an entry to the uart_config table for PORT_RT2880
enabling rx/tx FIFOs. The UART is actually a Palmchip BK-3103
which is found in several devices from Alchemy/RMI, Ralink, and
Sigma Designs.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_core.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -326,6 +326,14 @@ configured less than Maximum supported f
UART_FCR7_64BYTE,
.flags = UART_CAP_FIFO,
},
+ [PORT_RT2880] = {
+ .name = "Palmchip BK-3103",
+ .fifo_size = 16,
+ .tx_loadsz = 16,
+ .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10,
+ .rxtrig_bytes = {1, 4, 8, 14},
+ .flags = UART_CAP_FIFO,
+ },
};
/* Uart divisor latch read */
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 254/258] e1000e: Fix tight loop implementation of systime read algorithm
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (231 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 252/258] serial: 8250: add uart_config entry for PORT_RT2880 Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 255/258] mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1) Greg Kroah-Hartman
` (5 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Raanan Avargil, Aaron Brown,
Jeff Kirsher, Jason A. Donenfeld
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Raanan Avargil <raanan.avargil@intel.com>
commit 37b12910dd11d9ab969f2c310dc9160b7f3e3405 upstream.
Change the algorithm. Read systimel twice and check for overflow.
If there was no overflow, use the first value.
If there was an overflow, read systimeh again and use the second
systimel value.
Signed-off-by: Raanan Avargil <raanan.avargil@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/e1000e/netdev.c | 31 +++++++++++++++++++----------
1 file changed, 21 insertions(+), 10 deletions(-)
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -4280,18 +4280,29 @@ static cycle_t e1000e_cyclecounter_read(
struct e1000_adapter *adapter = container_of(cc, struct e1000_adapter,
cc);
struct e1000_hw *hw = &adapter->hw;
+ u32 systimel_1, systimel_2, systimeh;
cycle_t systim, systim_next;
- /* SYSTIMH latching upon SYSTIML read does not work well. To fix that
- * we don't want to allow overflow of SYSTIML and a change to SYSTIMH
- * to occur between reads, so if we read a vale close to overflow, we
- * wait for overflow to occur and read both registers when its safe.
+ /* SYSTIMH latching upon SYSTIML read does not work well.
+ * This means that if SYSTIML overflows after we read it but before
+ * we read SYSTIMH, the value of SYSTIMH has been incremented and we
+ * will experience a huge non linear increment in the systime value
+ * to fix that we test for overflow and if true, we re-read systime.
*/
- u32 systim_overflow_latch_fix = 0x3FFFFFFF;
-
- do {
- systim = (cycle_t)er32(SYSTIML);
- } while (systim > systim_overflow_latch_fix);
- systim |= (cycle_t)er32(SYSTIMH) << 32;
+ systimel_1 = er32(SYSTIML);
+ systimeh = er32(SYSTIMH);
+ systimel_2 = er32(SYSTIML);
+ /* Check for overflow. If there was no overflow, use the values */
+ if (systimel_1 < systimel_2) {
+ systim = (cycle_t)systimel_1;
+ systim |= (cycle_t)systimeh << 32;
+ } else {
+ /* There was an overflow, read again SYSTIMH, and use
+ * systimel_2
+ */
+ systimeh = er32(SYSTIMH);
+ systim = (cycle_t)systimel_2;
+ systim |= (cycle_t)systimeh << 32;
+ }
if ((hw->mac.type == e1000_82574) || (hw->mac.type == e1000_82583)) {
u64 incvalue, time_delta, rem, temp;
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 255/258] mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1)
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (232 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 254/258] e1000e: Fix tight loop implementation of systime read algorithm Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 256/258] blk-mq: avoid setting hctx->tags->cpumask before allocation Greg Kroah-Hartman
` (4 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joonsoo Kim, Liuhailong,
Christoph Lameter, Pekka Enberg, David Rientjes, Andrew Morton,
Linus Torvalds
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joonsoo Kim <js1304@gmail.com>
commit 03a2d2a3eafe4015412cf4e9675ca0e2d9204074 upstream.
Commit description is copied from the original post of this bug:
http://comments.gmane.org/gmane.linux.kernel.mm/135349
Kernels after v3.9 use kmalloc_size(INDEX_NODE + 1) to get the next
larger cache size than the size index INDEX_NODE mapping. In kernels
3.9 and earlier we used malloc_sizes[INDEX_L3 + 1].cs_size.
However, sometimes we can't get the right output we expected via
kmalloc_size(INDEX_NODE + 1), causing a BUG().
The mapping table in the latest kernel is like:
index = {0, 1, 2 , 3, 4, 5, 6, n}
size = {0, 96, 192, 8, 16, 32, 64, 2^n}
The mapping table before 3.10 is like this:
index = {0 , 1 , 2, 3, 4 , 5 , 6, n}
size = {32, 64, 96, 128, 192, 256, 512, 2^(n+3)}
The problem on my mips64 machine is as follows:
(1) When configured DEBUG_SLAB && DEBUG_PAGEALLOC && DEBUG_LOCK_ALLOC
&& DEBUG_SPINLOCK, the sizeof(struct kmem_cache_node) will be "150",
and the macro INDEX_NODE turns out to be "2": #define INDEX_NODE
kmalloc_index(sizeof(struct kmem_cache_node))
(2) Then the result of kmalloc_size(INDEX_NODE + 1) is 8.
(3) Then "if(size >= kmalloc_size(INDEX_NODE + 1)" will lead to "size
= PAGE_SIZE".
(4) Then "if ((size >= (PAGE_SIZE >> 3))" test will be satisfied and
"flags |= CFLGS_OFF_SLAB" will be covered.
(5) if (flags & CFLGS_OFF_SLAB)" test will be satisfied and will go to
"cachep->slabp_cache = kmalloc_slab(slab_size, 0u)", and the result
here may be NULL while kernel bootup.
(6) Finally,"BUG_ON(ZERO_OR_NULL_PTR(cachep->slabp_cache));" causes the
BUG info as the following shows (may be only mips64 has this problem):
This patch fixes the problem of kmalloc_size(INDEX_NODE + 1) and removes
the BUG by adding 'size >= 256' check to guarantee that all necessary
small sized slabs are initialized regardless sequence of slab size in
mapping table.
Fixes: e33660165c90 ("slab: Use common kmalloc_index/kmalloc_size...")
Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Reported-by: Liuhailong <liu.hailong6@zte.com.cn>
Acked-by: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/slab.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -2190,9 +2190,16 @@ __kmem_cache_create (struct kmem_cache *
size += BYTES_PER_WORD;
}
#if FORCED_DEBUG && defined(CONFIG_DEBUG_PAGEALLOC)
- if (size >= kmalloc_size(INDEX_NODE + 1)
- && cachep->object_size > cache_line_size()
- && ALIGN(size, cachep->align) < PAGE_SIZE) {
+ /*
+ * To activate debug pagealloc, off-slab management is necessary
+ * requirement. In early phase of initialization, small sized slab
+ * doesn't get initialized so it would not be possible. So, we need
+ * to check size >= 256. It guarantees that all necessary small
+ * sized slab is initialized in current slab initialization sequence.
+ */
+ if (!slab_early_init && size >= kmalloc_size(INDEX_NODE) &&
+ size >= 256 && cachep->object_size > cache_line_size() &&
+ ALIGN(size, cachep->align) < PAGE_SIZE) {
cachep->obj_offset += PAGE_SIZE - ALIGN(size, cachep->align);
size = PAGE_SIZE;
}
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 256/258] blk-mq: avoid setting hctx->tags->cpumask before allocation
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (233 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 255/258] mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1) Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 257/258] sched/preempt: Fix cond_resched_lock() and cond_resched_softirq() Greg Kroah-Hartman
` (3 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Akinobu Mita, Keith Busch, Ming Lei,
Christoph Hellwig, Jens Axboe
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Akinobu Mita <akinobu.mita@gmail.com>
commit 1356aae08338f1c19ce1c67bf8c543a267688fc3 upstream.
When unmapped hw queue is remapped after CPU topology is changed,
hctx->tags->cpumask has to be set after hctx->tags is setup in
blk_mq_map_swqueue(), otherwise it causes null pointer dereference.
Fixes: f26cdc8536 ("blk-mq: Shared tag enhancements")
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Ming Lei <tom.leiming@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -1807,7 +1807,6 @@ static void blk_mq_map_swqueue(struct re
hctx = q->mq_ops->map_queue(q, i);
cpumask_set_cpu(i, hctx->cpumask);
- cpumask_set_cpu(i, hctx->tags->cpumask);
ctx->index_hw = hctx->nr_ctx;
hctx->ctxs[hctx->nr_ctx++] = ctx;
}
@@ -1847,6 +1846,14 @@ static void blk_mq_map_swqueue(struct re
hctx->next_cpu = cpumask_first(hctx->cpumask);
hctx->next_cpu_batch = BLK_MQ_CPU_WORK_BATCH;
}
+
+ queue_for_each_ctx(q, ctx, i) {
+ if (!cpu_online(i))
+ continue;
+
+ hctx = q->mq_ops->map_queue(q, i);
+ cpumask_set_cpu(i, hctx->tags->cpumask);
+ }
}
static void blk_mq_update_tag_set_depth(struct blk_mq_tag_set *set)
^ permalink raw reply [flat|nested] 246+ messages in thread
* [PATCH 4.2 257/258] sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (234 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 256/258] blk-mq: avoid setting hctx->tags->cpumask before allocation Greg Kroah-Hartman
@ 2015-10-18 1:59 ` Greg Kroah-Hartman
2015-10-18 18:58 ` Xen build error in 4.2.4-rc1 (sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()) Andre Tomt
` (2 subsequent siblings)
238 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 1:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
Peter Zijlstra (Intel), Alexander Graf, Boris Ostrovsky,
David Vrabel, Linus Torvalds, Mike Galbraith, Paul Mackerras,
Thomas Gleixner, Ingo Molnar
4.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
commit fe32d3cd5e8eb0f82e459763374aa80797023403 upstream.
These functions check should_resched() before unlocking spinlock/bh-enable:
preempt_count always non-zero => should_resched() always returns false.
cond_resched_lock() worked iff spin_needbreak is set.
This patch adds argument "preempt_offset" to should_resched().
preempt_count offset constants for that:
PREEMPT_DISABLE_OFFSET - offset after preempt_disable()
PREEMPT_LOCK_OFFSET - offset after spin_lock()
SOFTIRQ_DISABLE_OFFSET - offset after local_bh_distable()
SOFTIRQ_LOCK_OFFSET - offset after spin_lock_bh()
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Graf <agraf@suse.de>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: bdb438065890 ("sched: Extract the basic add/sub preempt_count modifiers")
Link: http://lkml.kernel.org/r/20150715095204.12246.98268.stgit@buzz
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/preempt.h | 4 ++--
include/asm-generic/preempt.h | 5 +++--
include/linux/preempt.h | 19 ++++++++++++++-----
include/linux/sched.h | 6 ------
kernel/sched/core.c | 6 +++---
5 files changed, 22 insertions(+), 18 deletions(-)
--- a/arch/x86/include/asm/preempt.h
+++ b/arch/x86/include/asm/preempt.h
@@ -90,9 +90,9 @@ static __always_inline bool __preempt_co
/*
* Returns true when we need to resched and can (barring IRQ state).
*/
-static __always_inline bool should_resched(void)
+static __always_inline bool should_resched(int preempt_offset)
{
- return unlikely(!raw_cpu_read_4(__preempt_count));
+ return unlikely(raw_cpu_read_4(__preempt_count) == preempt_offset);
}
#ifdef CONFIG_PREEMPT
--- a/include/asm-generic/preempt.h
+++ b/include/asm-generic/preempt.h
@@ -71,9 +71,10 @@ static __always_inline bool __preempt_co
/*
* Returns true when we need to resched and can (barring IRQ state).
*/
-static __always_inline bool should_resched(void)
+static __always_inline bool should_resched(int preempt_offset)
{
- return unlikely(!preempt_count() && tif_need_resched());
+ return unlikely(preempt_count() == preempt_offset &&
+ tif_need_resched());
}
#ifdef CONFIG_PREEMPT
--- a/include/linux/preempt.h
+++ b/include/linux/preempt.h
@@ -84,13 +84,21 @@
*/
#define in_nmi() (preempt_count() & NMI_MASK)
+/*
+ * The preempt_count offset after preempt_disable();
+ */
#if defined(CONFIG_PREEMPT_COUNT)
-# define PREEMPT_DISABLE_OFFSET 1
+# define PREEMPT_DISABLE_OFFSET PREEMPT_OFFSET
#else
-# define PREEMPT_DISABLE_OFFSET 0
+# define PREEMPT_DISABLE_OFFSET 0
#endif
/*
+ * The preempt_count offset after spin_lock()
+ */
+#define PREEMPT_LOCK_OFFSET PREEMPT_DISABLE_OFFSET
+
+/*
* The preempt_count offset needed for things like:
*
* spin_lock_bh()
@@ -103,7 +111,7 @@
*
* Work as expected.
*/
-#define SOFTIRQ_LOCK_OFFSET (SOFTIRQ_DISABLE_OFFSET + PREEMPT_DISABLE_OFFSET)
+#define SOFTIRQ_LOCK_OFFSET (SOFTIRQ_DISABLE_OFFSET + PREEMPT_LOCK_OFFSET)
/*
* Are we running in atomic context? WARNING: this macro cannot
@@ -124,7 +132,8 @@
#if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_PREEMPT_TRACER)
extern void preempt_count_add(int val);
extern void preempt_count_sub(int val);
-#define preempt_count_dec_and_test() ({ preempt_count_sub(1); should_resched(); })
+#define preempt_count_dec_and_test() \
+ ({ preempt_count_sub(1); should_resched(0); })
#else
#define preempt_count_add(val) __preempt_count_add(val)
#define preempt_count_sub(val) __preempt_count_sub(val)
@@ -184,7 +193,7 @@ do { \
#define preempt_check_resched() \
do { \
- if (should_resched()) \
+ if (should_resched(0)) \
__preempt_schedule(); \
} while (0)
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -2909,12 +2909,6 @@ extern int _cond_resched(void);
extern int __cond_resched_lock(spinlock_t *lock);
-#ifdef CONFIG_PREEMPT_COUNT
-#define PREEMPT_LOCK_OFFSET PREEMPT_OFFSET
-#else
-#define PREEMPT_LOCK_OFFSET 0
-#endif
-
#define cond_resched_lock(lock) ({ \
___might_sleep(__FILE__, __LINE__, PREEMPT_LOCK_OFFSET);\
__cond_resched_lock(lock); \
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4499,7 +4499,7 @@ SYSCALL_DEFINE0(sched_yield)
int __sched _cond_resched(void)
{
- if (should_resched()) {
+ if (should_resched(0)) {
preempt_schedule_common();
return 1;
}
@@ -4517,7 +4517,7 @@ EXPORT_SYMBOL(_cond_resched);
*/
int __cond_resched_lock(spinlock_t *lock)
{
- int resched = should_resched();
+ int resched = should_resched(PREEMPT_LOCK_OFFSET);
int ret = 0;
lockdep_assert_held(lock);
@@ -4539,7 +4539,7 @@ int __sched __cond_resched_softirq(void)
{
BUG_ON(!in_softirq());
- if (should_resched()) {
+ if (should_resched(SOFTIRQ_DISABLE_OFFSET)) {
local_bh_enable();
preempt_schedule_common();
local_bh_disable();
^ permalink raw reply [flat|nested] 246+ messages in thread
* Xen build error in 4.2.4-rc1 (sched/preempt: Fix cond_resched_lock() and cond_resched_softirq())
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (235 preceding siblings ...)
2015-10-18 1:59 ` [PATCH 4.2 257/258] sched/preempt: Fix cond_resched_lock() and cond_resched_softirq() Greg Kroah-Hartman
@ 2015-10-18 18:58 ` Andre Tomt
2015-10-18 22:05 ` Greg Kroah-Hartman
2015-10-19 4:21 ` [PATCH 4.2 000/258] 4.2.4-stable review Guenter Roeck
2015-10-19 14:37 ` Shuah Khan
238 siblings, 1 reply; 246+ messages in thread
From: Andre Tomt @ 2015-10-18 18:58 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel, Konstantin Khlebnikov; +Cc: linux, stable
On 18. okt. 2015 03:55, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.2.4 release.
> There are 258 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
There is a new build error in this rc:
> CC drivers/xen/preempt.o
> In file included from include/uapi/linux/stddef.h:1:0,
> from include/linux/stddef.h:4,
> from ./include/uapi/linux/posix_types.h:4,
> from include/uapi/linux/types.h:13,
> from include/linux/types.h:5,
> from include/uapi/linux/capability.h:16,
> from include/linux/capability.h:15,
> from include/linux/sched.h:15,
> from drivers/xen/preempt.c:12:
> drivers/xen/preempt.c: In function 'xen_maybe_preempt_hcall':
> drivers/xen/preempt.c:34:11: error: too few arguments to function 'should_resched'
> && should_resched())) {
> ^
> include/linux/compiler.h:166:42: note: in definition of macro 'unlikely'
> # define unlikely(x) __builtin_expect(!!(x), 0)
> ^
> In file included from include/linux/preempt.h:64:0,
> from include/linux/spinlock.h:50,
> from include/linux/seqlock.h:35,
> from include/linux/time.h:5,
> from include/uapi/linux/timex.h:56,
> from include/linux/timex.h:56,
> from include/linux/sched.h:19,
> from drivers/xen/preempt.c:12:
> ./arch/x86/include/asm/preempt.h:93:29: note: declared here
> static __always_inline bool should_resched(int preempt_offset)
> ^
> scripts/Makefile.build:258: recipe for target 'drivers/xen/preempt.o' failed
Caused by fe32d3cd5e8eb0f82e459763374aa80797023403
"sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()"
Builds OK with it reverted.
Alternatively, pulling in 0fa2f5cb2b0ecd8d56baa51f35f09aab234eb0bf
"sched/preempt, xen: Use need_resched() instead of should_resched()"
from linus master to fixes the build error as well.
I have not yet actually booted on any of these two variants.
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: Xen build error in 4.2.4-rc1 (sched/preempt: Fix cond_resched_lock() and cond_resched_softirq())
2015-10-18 18:58 ` Xen build error in 4.2.4-rc1 (sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()) Andre Tomt
@ 2015-10-18 22:05 ` Greg Kroah-Hartman
0 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-18 22:05 UTC (permalink / raw)
To: Andre Tomt; +Cc: linux-kernel, Konstantin Khlebnikov, linux, stable
On Sun, Oct 18, 2015 at 08:58:56PM +0200, Andre Tomt wrote:
> On 18. okt. 2015 03:55, Greg Kroah-Hartman wrote:
> >This is the start of the stable review cycle for the 4.2.4 release.
> >There are 258 patches in this series, all will be posted as a response
> >to this one. If anyone has any issues with these being applied, please
> >let me know.
>
> There is a new build error in this rc:
>
> > CC drivers/xen/preempt.o
> >In file included from include/uapi/linux/stddef.h:1:0,
> > from include/linux/stddef.h:4,
> > from ./include/uapi/linux/posix_types.h:4,
> > from include/uapi/linux/types.h:13,
> > from include/linux/types.h:5,
> > from include/uapi/linux/capability.h:16,
> > from include/linux/capability.h:15,
> > from include/linux/sched.h:15,
> > from drivers/xen/preempt.c:12:
> >drivers/xen/preempt.c: In function 'xen_maybe_preempt_hcall':
> >drivers/xen/preempt.c:34:11: error: too few arguments to function 'should_resched'
> > && should_resched())) {
> > ^
> >include/linux/compiler.h:166:42: note: in definition of macro 'unlikely'
> > # define unlikely(x) __builtin_expect(!!(x), 0)
> > ^
> >In file included from include/linux/preempt.h:64:0,
> > from include/linux/spinlock.h:50,
> > from include/linux/seqlock.h:35,
> > from include/linux/time.h:5,
> > from include/uapi/linux/timex.h:56,
> > from include/linux/timex.h:56,
> > from include/linux/sched.h:19,
> > from drivers/xen/preempt.c:12:
> >./arch/x86/include/asm/preempt.h:93:29: note: declared here
> > static __always_inline bool should_resched(int preempt_offset)
> > ^
> >scripts/Makefile.build:258: recipe for target 'drivers/xen/preempt.o' failed
>
> Caused by fe32d3cd5e8eb0f82e459763374aa80797023403
> "sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()"
> Builds OK with it reverted.
>
> Alternatively, pulling in 0fa2f5cb2b0ecd8d56baa51f35f09aab234eb0bf
> "sched/preempt, xen: Use need_resched() instead of should_resched()"
> from linus master to fixes the build error as well.
Thanks, I've pulled in that patch now to the 4.2-stable tree.
greg k-h
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: [PATCH 4.2 000/258] 4.2.4-stable review
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (236 preceding siblings ...)
2015-10-18 18:58 ` Xen build error in 4.2.4-rc1 (sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()) Andre Tomt
@ 2015-10-19 4:21 ` Guenter Roeck
2015-10-19 15:09 ` Greg Kroah-Hartman
2015-10-19 14:37 ` Shuah Khan
238 siblings, 1 reply; 246+ messages in thread
From: Guenter Roeck @ 2015-10-19 4:21 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, shuah.kh, stable, Konstantin Khlebnikov
On 10/17/2015 06:55 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.2.4 release.
> There are 258 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Tue Oct 20 01:46:04 UTC 2015.
> Anything received after that time might be too late.
>
Build results:
total: 144 pass: 142 fail: 2
Failed builds:
powerpc:defconfig
powerpc:allmodconfig
Qemu test results:
total: 93 pass: 92 fail: 1
Failed tests:
powerpc:pseries_defconfig
Failures are:
arch/powerpc/kvm/book3s_hv.c: In function 'kvmppc_run_vcpu':
arch/powerpc/kvm/book3s_hv.c:2181:3: error: too few arguments to function 'should_resched'
Caused by "sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()".
Needs c56dadf39761a61 ("sched/preempt, powerpc, kvm: Use need_resched() instead
of should_resched()") as far as I can see.
Details are available at http://server.roeck-us.net:8010/builders.
Guenter
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: [PATCH 4.2 000/258] 4.2.4-stable review
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
` (237 preceding siblings ...)
2015-10-19 4:21 ` [PATCH 4.2 000/258] 4.2.4-stable review Guenter Roeck
@ 2015-10-19 14:37 ` Shuah Khan
2015-10-19 15:13 ` Greg Kroah-Hartman
238 siblings, 1 reply; 246+ messages in thread
From: Shuah Khan @ 2015-10-19 14:37 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel; +Cc: torvalds, akpm, linux, shuah.kh, stable
On 10/17/2015 07:55 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.2.4 release.
> There are 258 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Tue Oct 20 01:46:04 UTC 2015.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.2.4-rc1.gz
> and the diffstat can be found below.
>
Compile failed:
CC drivers/xen/preempt.o
In file included from include/uapi/linux/stddef.h:1:0,
from include/linux/stddef.h:4,
from ./include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from include/uapi/linux/capability.h:16,
from include/linux/capability.h:15,
from include/linux/sched.h:15,
from drivers/xen/preempt.c:12:
drivers/xen/preempt.c: In function ‘xen_maybe_preempt_hcall’:
drivers/xen/preempt.c:34:11: error: too few arguments to function
‘should_resched’
&& should_resched())) {
^
include/linux/compiler.h:166:42: note: in definition of macro ‘unlikely’
# define unlikely(x) __builtin_expect(!!(x), 0)
^
In file included from include/linux/preempt.h:64:0,
from include/linux/spinlock.h:50,
from include/linux/seqlock.h:35,
from include/linux/time.h:5,
from include/uapi/linux/timex.h:56,
from include/linux/timex.h:56,
from include/linux/sched.h:19,
from drivers/xen/preempt.c:12:
./arch/x86/include/asm/preempt.h:93:29: note: declared here
static __always_inline bool should_resched(int preempt_offset)
^
scripts/Makefile.build:258: recipe for target 'drivers/xen/preempt.o' failed
make[2]: *** [drivers/xen/preempt.o] Error 1
scripts/Makefile.build:403: recipe for target 'drivers/xen' failed
make[1]: *** [drivers/xen] Error 2
thanks,
-- Shuah
--
Shuah Khan
Sr. Linux Kernel Developer
Open Source Innovation Group
Samsung Research America (Silicon Valley)
shuahkh@osg.samsung.com | (970) 217-8978
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: [PATCH 4.2 000/258] 4.2.4-stable review
2015-10-19 4:21 ` [PATCH 4.2 000/258] 4.2.4-stable review Guenter Roeck
@ 2015-10-19 15:09 ` Greg Kroah-Hartman
0 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-19 15:09 UTC (permalink / raw)
To: Guenter Roeck
Cc: linux-kernel, torvalds, akpm, shuah.kh, stable,
Konstantin Khlebnikov
On Sun, Oct 18, 2015 at 09:21:49PM -0700, Guenter Roeck wrote:
> On 10/17/2015 06:55 PM, Greg Kroah-Hartman wrote:
> >This is the start of the stable review cycle for the 4.2.4 release.
> >There are 258 patches in this series, all will be posted as a response
> >to this one. If anyone has any issues with these being applied, please
> >let me know.
> >
> >Responses should be made by Tue Oct 20 01:46:04 UTC 2015.
> >Anything received after that time might be too late.
> >
>
> Build results:
> total: 144 pass: 142 fail: 2
> Failed builds:
> powerpc:defconfig
> powerpc:allmodconfig
>
> Qemu test results:
> total: 93 pass: 92 fail: 1
> Failed tests:
> powerpc:pseries_defconfig
>
> Failures are:
>
> arch/powerpc/kvm/book3s_hv.c: In function 'kvmppc_run_vcpu':
> arch/powerpc/kvm/book3s_hv.c:2181:3: error: too few arguments to function 'should_resched'
>
> Caused by "sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()".
>
> Needs c56dadf39761a61 ("sched/preempt, powerpc, kvm: Use need_resched() instead
> of should_resched()") as far as I can see.
Now applied, thanks.
greg k-h
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: [PATCH 4.2 000/258] 4.2.4-stable review
2015-10-19 14:37 ` Shuah Khan
@ 2015-10-19 15:13 ` Greg Kroah-Hartman
0 siblings, 0 replies; 246+ messages in thread
From: Greg Kroah-Hartman @ 2015-10-19 15:13 UTC (permalink / raw)
To: Shuah Khan; +Cc: linux-kernel, torvalds, akpm, linux, shuah.kh, stable
On Mon, Oct 19, 2015 at 08:37:25AM -0600, Shuah Khan wrote:
> On 10/17/2015 07:55 PM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.2.4 release.
> > There are 258 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Tue Oct 20 01:46:04 UTC 2015.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.2.4-rc1.gz
> > and the diffstat can be found below.
> >
>
> Compile failed:
>
>
> CC drivers/xen/preempt.o
> In file included from include/uapi/linux/stddef.h:1:0,
> from include/linux/stddef.h:4,
> from ./include/uapi/linux/posix_types.h:4,
> from include/uapi/linux/types.h:13,
> from include/linux/types.h:5,
> from include/uapi/linux/capability.h:16,
> from include/linux/capability.h:15,
> from include/linux/sched.h:15,
> from drivers/xen/preempt.c:12:
> drivers/xen/preempt.c: In function ‘xen_maybe_preempt_hcall’:
> drivers/xen/preempt.c:34:11: error: too few arguments to function
> ‘should_resched’
> && should_resched())) {
> ^
> include/linux/compiler.h:166:42: note: in definition of macro ‘unlikely’
> # define unlikely(x) __builtin_expect(!!(x), 0)
> ^
> In file included from include/linux/preempt.h:64:0,
> from include/linux/spinlock.h:50,
> from include/linux/seqlock.h:35,
> from include/linux/time.h:5,
> from include/uapi/linux/timex.h:56,
> from include/linux/timex.h:56,
> from include/linux/sched.h:19,
> from drivers/xen/preempt.c:12:
> ./arch/x86/include/asm/preempt.h:93:29: note: declared here
> static __always_inline bool should_resched(int preempt_offset)
> ^
> scripts/Makefile.build:258: recipe for target 'drivers/xen/preempt.o' failed
> make[2]: *** [drivers/xen/preempt.o] Error 1
> scripts/Makefile.build:403: recipe for target 'drivers/xen' failed
> make[1]: *** [drivers/xen] Error 2
I've added a patch to fix this up, I'll do a -rc2 in a few hours to make
it easier for people to retest.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models
2015-10-18 1:55 ` [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models Greg Kroah-Hartman
@ 2015-10-19 23:32 ` Ben Hutchings
2015-10-21 8:48 ` Darren Hart
0 siblings, 1 reply; 246+ messages in thread
From: Ben Hutchings @ 2015-10-19 23:32 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel; +Cc: stable, Azael Avalos, Darren Hart
[-- Attachment #1: Type: text/plain, Size: 1251 bytes --]
On Sat, 2015-10-17 at 18:55 -0700, Greg Kroah-Hartman wrote:
> 4.2-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Azael Avalos <coproscefalo@gmail.com>
>
> commit 53147b6cabee5e8d1997b5682fcc0c3b72ddf9c2 upstream.
>
> Commit a2b3471b5b13 ("toshiba_acpi: Use the Hotkey Event Type function
> for keymap choosing") changed the *setup_keyboard function to query for
> the Hotkey Event Type to help choose the correct keymap, but turns out
> that here are certain Toshiba models out there not implementing this
> feature, and thus, failing to continue the input device registration and
> leaving such laptops without hotkey support.
>
> This patch changes such check, and instead of returning an error if
> the Hotkey Event Type is not present, we simply inform userspace about it,
> changing the message printed from err to notice, making the function
> responsible for registering the input device to continue.
[...]
But then this function proceeds without events_type being initialised
at all, with unpredictable results. This doesn't look like a proper
fix.
Ben.
--
Ben Hutchings
The first rule of tautology club is the first rule of tautology club.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models
2015-10-19 23:32 ` Ben Hutchings
@ 2015-10-21 8:48 ` Darren Hart
2015-10-26 16:52 ` Azael Avalos
0 siblings, 1 reply; 246+ messages in thread
From: Darren Hart @ 2015-10-21 8:48 UTC (permalink / raw)
To: Ben Hutchings
Cc: Greg Kroah-Hartman, linux-kernel, stable, Azael Avalos,
Darren Hart
On Tue, Oct 20, 2015 at 12:32:45AM +0100, Ben Hutchings wrote:
> On Sat, 2015-10-17 at 18:55 -0700, Greg Kroah-Hartman wrote:
> > 4.2-stable review patch.��If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Azael Avalos <coproscefalo@gmail.com>
> >
> > commit 53147b6cabee5e8d1997b5682fcc0c3b72ddf9c2 upstream.
> >
> > Commit a2b3471b5b13 ("toshiba_acpi: Use the Hotkey Event Type function
> > for keymap choosing") changed the *setup_keyboard function to query for
> > the Hotkey Event Type to help choose the correct keymap, but turns out
> > that here are certain Toshiba models out there not implementing this
> > feature, and thus, failing to continue the input device registration and
> > leaving such laptops without hotkey support.
> >
> > This patch changes such check, and instead of returning an error if
> > the Hotkey Event Type is not present, we simply inform userspace about it,
> > changing the message printed from err to notice, making the function
> > responsible for registering the input device to continue.
> [...]
>
> But then this function proceeds without events_type being initialised
> at all, with unpredictable results. �This doesn't look like a proper
> fix.
Azael, Ben has a point. Even after later patches, dev->hotkey_event_type doesn't
have a default value, so the later check for HCI_SYSTEM_TYPE1 or
HCI_SYSTEM_TYPE2 or failure is unpredictable.
--
Darren Hart
Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 246+ messages in thread
* Re: [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models
2015-10-21 8:48 ` Darren Hart
@ 2015-10-26 16:52 ` Azael Avalos
0 siblings, 0 replies; 246+ messages in thread
From: Azael Avalos @ 2015-10-26 16:52 UTC (permalink / raw)
To: Darren Hart
Cc: Ben Hutchings, Greg Kroah-Hartman, linux-kernel@vger.kernel.org,
stable, Darren Hart
Hi there,
Sorry for the late reply :-(
2015-10-21 2:48 GMT-06:00 Darren Hart <dvhart@infradead.org>:
> On Tue, Oct 20, 2015 at 12:32:45AM +0100, Ben Hutchings wrote:
>> On Sat, 2015-10-17 at 18:55 -0700, Greg Kroah-Hartman wrote:
>> > 4.2-stable review patch. If anyone has any objections, please let me know.
>> >
>> > ------------------
>> >
>> > From: Azael Avalos <coproscefalo@gmail.com>
>> >
>> > commit 53147b6cabee5e8d1997b5682fcc0c3b72ddf9c2 upstream.
>> >
>> > Commit a2b3471b5b13 ("toshiba_acpi: Use the Hotkey Event Type function
>> > for keymap choosing") changed the *setup_keyboard function to query for
>> > the Hotkey Event Type to help choose the correct keymap, but turns out
>> > that here are certain Toshiba models out there not implementing this
>> > feature, and thus, failing to continue the input device registration and
>> > leaving such laptops without hotkey support.
>> >
>> > This patch changes such check, and instead of returning an error if
>> > the Hotkey Event Type is not present, we simply inform userspace about it,
>> > changing the message printed from err to notice, making the function
>> > responsible for registering the input device to continue.
>> [...]
>>
>> But then this function proceeds without events_type being initialised
>> at all, with unpredictable results. This doesn't look like a proper
>> fix.
>
> Azael, Ben has a point. Even after later patches, dev->hotkey_event_type doesn't
> have a default value, so the later check for HCI_SYSTEM_TYPE1 or
> HCI_SYSTEM_TYPE2 or failure is unpredictable.
Yes, I see the issue here.
Since the function was returning before the variable value didin't matter,
and when "fixing" the issue on the mentioned model I never took the
variable initialization into account.
I'll send a patch probably later today addressing this issue.
>
> --
> Darren Hart
> Intel Open Source Technology Center
Cheers
Azael
--
-- El mundo apesta y vosotros apestais tambien --
^ permalink raw reply [flat|nested] 246+ messages in thread
end of thread, other threads:[~2015-10-26 16:52 UTC | newest]
Thread overview: 246+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-18 1:55 [PATCH 4.2 000/258] 4.2.4-stable review Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 001/258] arm: KVM: Fix incorrect device to IPA mapping Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 003/258] kvm: dont try to register to KVM_FAST_MMIO_BUS for non mmio eventfd Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 004/258] kvm: fix zero length mmio searching Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 005/258] kvm: factor out core eventfd assign/deassign logic Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 006/258] kvm: fix double free for fast mmio eventfd Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 007/258] arm: KVM: Disable virtual timer even if the guest is not using it Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 009/258] KVM: x86: trap AMD MSRs for the TSeg base and mask Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 010/258] KVM: PPC: Book3S: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store() Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 011/258] KVM: PPC: Book3S HV: Pass the correct trap argument to kvmhv_commence_exit Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 012/258] Revert "KVM: x86: apply guest MTRR virtualization on host reserved pages" Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 013/258] Revert "KVM: SVM: use NPT page attributes" Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 014/258] Revert "KVM: SVM: Sync g_pat with guest-written PAT value" Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 016/258] target/iscsi: Fix np_ip bracket issue by removing np_ip Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 017/258] scsi: fix scsi_error_handler vs. scsi_host_dev_release race Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 018/258] target: Attach EXTENDED_COPY local I/O descriptors to xcopy_pt_sess Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 019/258] target: Fix PR registration + APTPL RCU conversion regression Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 020/258] iser-target: remove command with state ISTATE_REMOVE Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 021/258] iser-target: Put the reference on commands waiting for unsol data Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 022/258] toshiba_acpi: Fix hotkeys registration on some toshiba models Greg Kroah-Hartman
2015-10-19 23:32 ` Ben Hutchings
2015-10-21 8:48 ` Darren Hart
2015-10-26 16:52 ` Azael Avalos
2015-10-18 1:55 ` [PATCH 4.2 023/258] perf/x86/intel: Fix constraint access Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 024/258] locking/qspinlock/x86: Fix performance regression under unaccelerated VMs Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 025/258] locking/qspinlock/x86: Only emit the test-and-set fallback when building guest support Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 026/258] perf tools: Fix copying of /proc/kcore Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 027/258] ARM: 8401/1: perf: Set affinity for PPI based PMUs Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 028/258] perf hists: Update the column width for the "srcline" sort key Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 029/258] perf stat: Get correct cpu id for print_aggr Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 030/258] perf tools: Add missing forward declaration of struct map to probe-event.h Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 031/258] perf tools: Add empty Build files for architectures lacking them Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 032/258] perf tools: Fix parse_events_add_pmu caller Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 033/258] perf header: Fixup reading of HEADER_NRCPUS feature Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 034/258] perf probe: Use existing routine to look for a kernel module by dso->short_name Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 035/258] ARCv2: [axs103_smp] Reduce clk for SMP FPGA configs Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 036/258] watchdog: sunxi: fix activation of system reset Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 037/258] watchdog: imgpdc: Unregister restart handler on remove Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 038/258] sched: access local runqueue directly in single_task_running Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 039/258] hwmon: (nct6775) Swap STEP_UP_TIME and STEP_DOWN_TIME registers for most chips Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 040/258] ARM: fix Thumb2 signal handling when ARMv6 is enabled Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 041/258] ARM: 8429/1: disable GCC SRA optimization Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 042/258] windfarm: decrement client count when unregistering Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 043/258] ARM: 8425/1: kgdb: Dont try to stop the machine when setting breakpoints Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 044/258] ARM: dts: omap5-uevm.dts: fix i2c5 pinctrl offsets Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 045/258] ARM: dts: omap3-beagle: make i2c3, ddc and tfp410 gpio work again Greg Kroah-Hartman
2015-10-18 1:55 ` [PATCH 4.2 046/258] ARM: pxa: ssp: Fix build error by removing originally incorrect DT binding Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 047/258] ARM: EXYNOS: reset Little cores when cpu is up Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 048/258] ARM: dts: sunxi: Raise minimum CPU voltage for sun7i-a20 to meet SoC specifications Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 049/258] ARM: dts: Fix wrong clock binding for sysmmu_fimd1_1 on exynos5420 Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 050/258] ARM: dts: fix usb pin control for imx-rex dts Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 051/258] dax: fix O_DIRECT I/O to the last block of a blockdev Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 052/258] blockdev: dont set S_DAX for misaligned partitions Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 053/258] block: blkg_destroy_all() should clear q->root_blkg and ->root_rl.blkg Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 054/258] dmaengine: at_xdmac: change block increment addressing mode Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 055/258] dmaengine: at_xdmac: clean used descriptor Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 056/258] dmaengine: dw: properly read DWC_PARAMS register Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 057/258] dmaengine: at_xdmac: fix bug in prep_dma_cyclic Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 058/258] dmaengine: pxa_dma: fix initial list move Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 059/258] pmem: add proper fencing to pmem_rw_page() Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 060/258] x86/apic: Serialize LVTT and TSC_DEADLINE writes Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 061/258] x86/alternatives: Make optimize_nops() interrupt safe and synced Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 062/258] x86/platform: Fix Geode LX timekeeping in the generic x86 build Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 063/258] x86/ioapic: Force affinity setting in setup_ioapic_dest() Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 064/258] x86/pci/intel_mid_pci: Work around for IRQ0 assignment Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 065/258] x86/paravirt: Replace the paravirt nop with a bona fide empty function Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 066/258] x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 067/258] Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 068/258] x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 069/258] x86/kexec: Fix kexec crash in syscall kexec_file_load() Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 070/258] x86/process: Add proper bound checks in 64bit get_wchan() Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 071/258] x86/mm: Set NX on gap between __ex_table and rodata Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 072/258] x86/xen: Support kexec/kdump in HVM guests by doing a soft reset Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 073/258] leds:lp55xx: Correct Kconfig dependency for f/w user helper Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 074/258] leds/led-class: Add missing put_device() Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 075/258] sched/core: Fix TASK_DEAD race in finish_task_switch() Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 076/258] s390/compat: correct uc_sigmask of the compat signal frame Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 077/258] s390/boot/decompression: disable floating point in decompressor Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 078/258] Revert "cgroup: simplify threadgroup locking" Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 079/258] Revert "sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem" Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 080/258] memcg: make mem_cgroup_read_stat() unsigned Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 081/258] spi: Fix documentation of spi_alloc_master() Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 082/258] spi: xtensa-xtfpga: fix register endianness Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 083/258] spi: bcm2835: BUG: fix wrong use of PAGE_MASK Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 084/258] spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 085/258] spi: spidev: fix possible NULL dereference Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 086/258] mm: migrate: hugetlb: putback destination hugepage to active list Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 087/258] lib/iommu-common.c: do not try to deref a null iommu->lazy_flush() pointer when n < pool->hint Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 088/258] ocfs2/dlm: fix deadlock when dispatch assert master Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 089/258] mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 090/258] memcg: fix dirty page migration Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 091/258] ALSA: hda/tegra - async probe for avoiding module loading deadlock Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 092/258] ALSA: hda - Disable power_save_node for Thinkpads Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 093/258] ALSA: synth: Fix conflicting OSS device registration on AWE32 Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 094/258] ALSA: hda: Add dock support for ThinkPad T550 Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 095/258] ALSA: hda - Apply SPDIF pin ctl to MacBookPro 12,1 Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 096/258] ALSA: hda - Disable power_save_node for IDT 92HD73xx chips Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 097/258] ASoC: pxa: pxa2xx-ac97: fix dma requestor lines Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 098/258] ASoC: fix broken pxa SoC support Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 099/258] ASoC: dwc: correct irq clear method Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 100/258] ASoC: db1200: Fix DAI link format for db1300 and db1550 Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 101/258] ASoC: sgtl5000: fix wrong register MIC_BIAS_VOLTAGE setup on probe Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 102/258] ASoC: tas2552: fix dBscale-min declaration Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 103/258] btrfs: skip waiting on ordered range for special files Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 104/258] Btrfs: fix read corruption of compressed and shared extents Greg Kroah-Hartman
2015-10-18 1:56 ` [PATCH 4.2 105/258] Btrfs: update fix for " Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 107/258] PCI: Fix devfn for VPD access through function 0 Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 108/258] PCI: Use function 0 VPD for identical functions, regular VPD for others Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 109/258] PCI: Clear IORESOURCE_UNSET when clipping a bridge window Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 110/258] dm thin: disable discard support for thin devices if pools is disabled Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 111/258] dm crypt: constrain crypt devices max_segment_size to PAGE_SIZE Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 112/258] ath10k: fix dma_mapping_error() handling Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 113/258] svcrdma: Fix send_reply() scatter/gather set-up Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 114/258] staging: ion: fix corruption of ion_import_dma_buf Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 115/258] USB: option: add ZTE PIDs Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 116/258] md/raid0: update queue parameter in a safer location Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 117/258] md/raid0: apply base queue limits *before* disk_stack_limits Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 118/258] dm raid: fix round up of default region size Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 119/258] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 120/258] netfilter: nfnetlink: work around wrong endianess in res_id field Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 121/258] netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg() Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 122/258] netfilter: ipset: Out of bound access in hash:net* types fixed Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 123/258] netfilter: ipset: Fixing unnamed union init Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 124/258] netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 125/258] netfilter: nf_log: wait for rcu grace after logger unregistration Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 126/258] netfilter: nft_compat: skip family comparison in case of NFPROTO_UNSPEC Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 127/258] netfilter: nf_log: dont zap all loggers on unregister Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 128/258] regulator: core: Correct return value check in regulator_resolve_supply Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 129/258] regulator: axp20x: Fix enable bit indexes for DCDC4 and DCDC5 Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 130/258] regulator: core: Handle probe deferral from DT when resolving supplies Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 131/258] Bluetooth: Delay check for conn->smp in smp_conn_security() Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 132/258] nfs: fix v4.2 SEEK on files over 2 gigs Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 133/258] NFS: Do cleanup before resetting pageio read/write to mds Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 134/258] NFSv4: Recovery of recalled read delegations is broken Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 135/258] nfs: fix pg_test page count calculation Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 136/258] NFS: Fix a write performance regression Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 137/258] [SMB3] Fix sec=krb5 on smb3 mounts Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 138/258] disabling oplocks/leases via module parm enable_oplocks broken for SMB3 Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 139/258] [SMB3] Do not fall back to SMBWriteX in set_file_size error cases Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 140/258] drm/qxl: only report first monitor as connected if we have no state Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 147/258] drm/amdgpu: Restore LCD backlight level on resume Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 148/258] drm/i915/bios: handle MIPI Sequence Block v3+ gracefully Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 149/258] drm: Reject DRI1 hw lock ioctl functions for kms drivers Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 151/258] drm/dp/mst: fixup handling hotplug on port removal Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 152/258] drm/dp/mst: drop cancel work sync in the mstb destroy path (v2) Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 153/258] USB: whiteheat: fix potential null-deref at probe Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 154/258] xhci: give command abortion one more chance before killing xhci Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 155/258] xhci: Move xhci_pme_quirk() behind #ifdef CONFIG_PM Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 156/258] usb: xhci: lock mutex on xhci_stop Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 157/258] usb: xhci: Clear XHCI_STATE_DYING on start Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 158/258] usb: xhci: stop everything on the first call to xhci_stop Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 159/258] usb: xhci: exit early in xhci_setup_device() if were halted or dying Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 160/258] xhci: change xhci 1.0 only restrictions to support xhci 1.1 Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 161/258] xhci: init command timeout timer earlier to avoid deleting it uninitialized Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 162/258] usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 163/258] Initialize msg/shm IPC objects before doing ipc_addid() Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 165/258] thermal: cpu_cooling: dont call kcalloc() under rcu_read_lock Greg Kroah-Hartman
2015-10-18 1:57 ` [PATCH 4.2 166/258] thermal: cpu_cooling: free power table on error or when unregistering Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 167/258] hv: util: checking the wrong variable Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 168/258] mmc: dw_mmc: handle data blocks > than 4kB if IDMAC is used Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 169/258] usb: chipidea: imx: fix a typo for imx6sx Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 170/258] cifs: use server timestamp for ntlmv2 authentication Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 171/258] irqchip/atmel-aic5: Use per chip mask caches in mask/unmask() Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 172/258] irqchip/gic-v3-its: Add missing cache flushes Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 173/258] docs: update HOWTO for 3.x -> 4.x versioning Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 174/258] extcon: Fix signedness bugs about break error handling Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 175/258] extcon: Fix attached value returned by is_extcon_changed Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 176/258] mtd: pxa3xx_nand: add a default chunk size Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 177/258] mtd: nand: sunxi: fix sunxi_nand_chips_cleanup() Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 178/258] mtd: nand: sunxi: fix OOB handling in ->write_xxx() functions Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 179/258] hpsa: fix an sprintf() overflow in the reset handler Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 180/258] PM / AVS: rockchip-io: depend on CONFIG_POWER_AVS Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 181/258] device property: fix potential NULL pointer dereference Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 182/258] ath10k: fix per-vif queue locking Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 183/258] ath10k: reject 11b tx fragmentation configuration Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 184/258] ath10k: fix peer limit enforcement Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 185/258] ath10k: wake up offchannel queue properly Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 186/258] ath10k: wake up queue upon vif creation Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 187/258] pcmcia: sa11x0: fix missing clk_put() in sa11x0 socket drivers Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 188/258] ipr: Enable SIS pipe commands for SIS-32 devices Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 189/258] regmap: debugfs: Ensure we dont underflow when printing access masks Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 190/258] regmap: debugfs: Dont bother actually printing when calculating max length Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 191/258] security: fix typo in security_task_prctl Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 192/258] usb: musb: dsps: fix polling in device-only mode Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 193/258] usb: chipidea: udc: using the correct stall implementation Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 194/258] usb: Use the USB_SS_MULT() macro to get the burst multiplier Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 195/258] usb: phy: phy-generic: Fix reset behaviour on legacy boot Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 196/258] usb: musb: cppi41: allow it to work again Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 197/258] USB: chaoskey read offset bug Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 198/258] usb: Add device quirk for Logitech PTZ cameras Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 199/258] USB: Add reset-resume quirk for two Plantronics usb headphones Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 200/258] crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 202/258] cpufreq: dt: Tolerance applies on both sides of target voltage Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 203/258] MIPS: Fix console output for Fulong2e system Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 204/258] MIPS: bootmem: Fix mapstart calculation for contiguous maps Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 205/258] MIPS: BPF: Avoid unreachable code on little endian Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 206/258] MIPS: BPF: Fix build on pre-R2 little endian CPUs Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 207/258] MIPS: dma-default: Fix 32-bit fall back to GFP_DMA Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 208/258] MIPS: CPS: Stop dangling delay slot from has_mt Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 209/258] MIPS: CPS: Dont include MT code in non-MT kernels Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 210/258] MIPS: CPS: #ifdef on CONFIG_MIPS_MT_SMP rather than CONFIG_MIPS_MT Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 216/258] tools lib traceevent: Fix string handling in heterogeneous arch environments Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 217/258] powerpc/MSI: Fix race condition in tearing down MSI interrupts Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 218/258] rsi: Fix possible leak when loading firmware Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 219/258] UBIFS: Kill unneeded locking in ubifs_init_security Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 220/258] UBI: Validate data_size Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 221/258] UBI: return ENOSPC if no enough space available Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 222/258] net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 224/258] mmc: core: Dont return an error for CD/WP GPIOs when GPIOLIB is unset Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 225/258] mmc: core: fix dead loop of mmc_retune Greg Kroah-Hartman
2015-10-18 1:58 ` [PATCH 4.2 226/258] dcache: Handle escaped paths in prepend_path Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 227/258] vfs: Test for and handle paths that are unreachable from their mnt_root Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 228/258] arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 229/258] arm64: ftrace: fix function_graph tracer panic Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 230/258] arm64: readahead: fault retry breaks mmap file read random detection Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 231/258] m68k: Define asmlinkage_protect Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 233/258] net/xen-netfront: only napi_synchronize() if running Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 234/258] igb: do not re-init SR-IOV during probe Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 235/258] genirq: Fix race in register_irq_proc() Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 236/258] clocksource: Fix abs() usage w/ 64bit values Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 237/258] md/bitmap: dont pass -1 to bitmap_storage_alloc Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 238/258] nfs/filelayout: Fix NULL reference caused by double freeing of fh_array Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 239/258] mmc: sdhci-pxav3: remove broken clock base quirk for Armada 38x sdhci driver Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 240/258] mmc: sdhci-pxav3: disable clock inversion for HS MMC cards Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 241/258] mmc: sdhci-pxav3: fix error handling of armada_38x_quirks Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 242/258] cpufreq: acpi_cpufreq: prevent crash on reading freqdomain_cpus Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 243/258] clk: ti: fix dual-registration of uart4_ick Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 244/258] clk: ti: clk-7xx: Remove hardwired ABE clock configuration Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 245/258] clk: samsung: fix cpu clocks flags checking Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 246/258] namei: results of d_is_negative() should be checked after dentry revalidation Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 247/258] dm: fix AB-BA deadlock in __dm_destroy() Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 248/258] dm cache: fix NULL pointer when switching from cleaner policy Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 249/258] staging: speakup: fix speakup-r regression Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 250/258] tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 251/258] drivers/tty: require read access for controlling terminal Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 252/258] serial: 8250: add uart_config entry for PORT_RT2880 Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 254/258] e1000e: Fix tight loop implementation of systime read algorithm Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 255/258] mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1) Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 256/258] blk-mq: avoid setting hctx->tags->cpumask before allocation Greg Kroah-Hartman
2015-10-18 1:59 ` [PATCH 4.2 257/258] sched/preempt: Fix cond_resched_lock() and cond_resched_softirq() Greg Kroah-Hartman
2015-10-18 18:58 ` Xen build error in 4.2.4-rc1 (sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()) Andre Tomt
2015-10-18 22:05 ` Greg Kroah-Hartman
2015-10-19 4:21 ` [PATCH 4.2 000/258] 4.2.4-stable review Guenter Roeck
2015-10-19 15:09 ` Greg Kroah-Hartman
2015-10-19 14:37 ` Shuah Khan
2015-10-19 15:13 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).