* [PATCH 3.18 000/222] 3.18.14-review
@ 2015-05-17 1:02 Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 001/222] kvm: add a memslot flag for incoherent memory regions Sasha Levin
` (222 more replies)
0 siblings, 223 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
This is the start of the stable review cycle for the 3.18.14 release.
There are 222 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Aaro Koskinen (2):
MIPS: OCTEON: dma-octeon: fix OHCI USB config check
MIPS: OCTEON: fix PCI interrupt mapping for D-Link DSR-1000N
Adrien Schildknecht (1):
SSB: fix Kconfig dependencies
Akinobu Mita (3):
target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection
enabled
target/file: Fix UNMAP with DIF protection support
target/file: Fix SG table for prot_buf initialization
Al Viro (1):
RCU pathwalk breakage when running into a symlink overmounting
something
Alex Deucher (3):
drm/radeon: fix doublescan modes (v2)
drm/radeon: adjust pll when audio is not enabled
drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5
Alexander Ploumistos (1):
Bluetooth: ath3k: Add support Atheros AR5B195 combo Mini PCIe card
Alexander Sverdlin (1):
MIPS: Octeon: Remove udelay() causing huge IRQ latency
Alexei Starovoitov (1):
bpf: fix 64-bit divide
Alistair Strachan (1):
staging: android: sync: Fix memory corruption in
sync_timeline_signal().
Andre Przywara (1):
KVM: arm/arm64: check IRQ number on userland injection
Andrew Elble (1):
NFS: fix BUG() crash in notify_change() with patch to chown_common()
Andrey Ryabinin (1):
ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE
Andrzej Pietrasiewicz (1):
usb: gadget: printer: enqueue printer's response for setup request
Andy Lutomirski (1):
x86/asm/decoder: Fix and enforce max instruction size in the insn
decoder
Anna Schumaker (1):
NFS: Add a stub for GETDEVICELIST
Anton Blanchard (1):
powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
Archit Taneja (1):
clk: qcom: fix RCG M/N counter configuration
Ard Biesheuvel (2):
kvm: add a memslot flag for incoherent memory regions
arm, arm64: KVM: handle potential incoherency of readonly memslots
Axel Lin (1):
usb: phy: Find the right match in devm_usb_phy_match
Bard Liao (1):
ASoC: rt5677: fixed wrong DMIC ref clock
Bartlomiej Zolnierkiewicz (1):
clk: samsung: exynos4: Disable ARMCLK down feature on Exynos4210 SoC
Ben Collins (1):
Revert "dm crypt: fix deadlock when async crypto algorithm returns
-EBUSY"
Benjamin Poirier (1):
mlx4: Fix tx ring affinity_mask creation
Boris Brezillon (2):
clk: at91: usb: propagate rate modification to the parent clk
clk: at91: usb: fix determine_rate prototype
Brian Norris (4):
UBI: account for bitflips in both the VID header and data
UBI: fix out of bounds write
UBI: initialize LEB number variable
UBI: fix check for "too many bytes"
Chandrakala Chavva (1):
MIPS: OCTEON: Use correct CSR to soft reset
Charles Keepax (2):
ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore
ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE
Chen-Yu Tsai (1):
mmc: sunxi: Use devm_reset_control_get_optional() for reset control
Chris Bainbridge (1):
ACPI / SBS: Enable battery manager when present
Christian Borntraeger (1):
KVM: s390: no need to hold the kvm->mutex for floating interrupts
Christian König (1):
drm/radeon: check new address before removing old one
Christoffer Dall (9):
arm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag
arm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option
arm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu
arm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot
arm/arm64: KVM: Introduce stage2_unmap_vm
arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized
arm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs
arm/arm64: KVM: Require in-kernel vgic for the arch timers
arm/arm64: KVM: Keep elrsr/aisr in sync with software model
Christoph Hellwig (3):
3w-xxxx: fix command completion race
3w-9xxx: fix command completion race
3w-sas: fix command completion race
Christophe Ricard (1):
NFC: st21nfcb: Retry i2c_master_send if it returns a negative value
Dan Carpenter (1):
memstick: mspro_block: add missing curly braces
Daniel Borkmann (1):
ebpf: verifier: check that call reg with ARG_ANYTHING is initialized
Daniel Vetter (1):
drm/i915: Dont enable CS_PARSER_ERROR interrupts at all
Dave Olson (1):
powerpc: Fix missing L2 cache size in /sys/devices/system/cpu
David Henningsson (1):
ALSA: hda - fix "num_steps = 0" error on ALC256
David Hildenbrand (2):
KVM: s390: fix handling of write errors in the tpi handler
KVM: s390: reinjection of irqs can fail in the tpi handler
David S. Miller (1):
ipv4: Missing sk_nulls_node_init() in ping_unhash().
David Sterba (1):
btrfs: don't accept bare namespace as a valid xattr
Davide Italiano (1):
ext4: move check under lock scope to close a race.
Dmitry Torokhov (2):
i2c: rk3x: report number of messages transmitted
drm/i915: cope with large i2c transfers
Ekaterina Tumanova (1):
KVM: s390: Zero out current VMDB of STSI before including level3 data.
Erez Shitrit (1):
IB/mlx4: Fix WQE LSO segment calculation
Eric Auger (1):
KVM: arm/arm64: vgic: vgic_init returns -ENODEV when no online vcpu
Eric Dumazet (4):
tcp: fix possible deadlock in tcp_send_fin()
tcp: avoid looping in tcp_send_fin()
net: do not deplete pfmemalloc reserve
net: fix crash in build_skb()
Eric W. Biederman (2):
mnt: Improve the umount_tree flags
mnt: Don't propagate umounts in __detach_mounts
Ezequiel Garcia (1):
[media] stk1160: Make sure current buffer is released
Felipe Balbi (13):
usb: musb: core: fix TX/RX endpoint order
usb: define a generic USB_RESUME_TIMEOUT macro
usb: musb: use new USB_RESUME_TIMEOUT
usb: host: oxu210hp: use new USB_RESUME_TIMEOUT
usb: host: fusbh200: use new USB_RESUME_TIMEOUT
usb: host: uhci: use new USB_RESUME_TIMEOUT
usb: host: fotg210: use new USB_RESUME_TIMEOUT
usb: host: r8a66597: use new USB_RESUME_TIMEOUT
usb: host: isp116x: use new USB_RESUME_TIMEOUT
usb: host: xhci: use new USB_RESUME_TIMEOUT
usb: host: ehci: use new USB_RESUME_TIMEOUT
usb: host: sl811: use new USB_RESUME_TIMEOUT
usb: core: hub: use new USB_RESUME_TIMEOUT
Filipe Manana (3):
Btrfs: fix log tree corruption when fs mounted with -o discard
Btrfs: fix inode eviction infinite loop after cloning into it
Btrfs: fix inode eviction infinite loop after extent_same ioctl
Florian Westphal (1):
netfilter: bridge: really save frag_max_size between PRE and
POST_ROUTING
Ganesan Ramalingam (1):
MIPS: Netlogic: Fix for SATA PHY init
Gavin Shan (1):
powerpc/powernv: Don't map M64 segments using M32DT
Gregory CLEMENT (2):
ARM: mvebu: Disable CPU Idle on Armada 38x
gpio: mvebu: Fix mask/unmask managment per irq chip type
Hans de Goede (3):
uas: Allow uas_use_uas_driver to return usb-storage flags
uas: Add US_FL_MAX_SECTORS_240 flag
uas: Set max_sectors_240 quirk for ASM1053 devices
Heiko Carstens (1):
s390/hibernate: fix save and restore of kernel text section
Howard Mitchell (1):
ASoC: pcm512x: Add 'Analogue' prefix to analogue volume controls
Huacai Chen (2):
MIPS: Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction
MIPS: Hibernate: flush TLB entries earlier
Ian Abbott (2):
spi: spidev: fix possible arithmetic overflow for multi-transfer
message
staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel
Ido Shamay (1):
net/mlx4_en: Schedule napi when RX buffers allocation fails
Ilya Dryomov (1):
rbd: end I/O the entire obj_request on error
Imre Deak (1):
drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg
J. Bruce Fields (2):
nfsd4: fix READ permission checking
nfsd4: disallow SEEK with special stateids
James Bottomley (1):
mvsas: fix panic on expander attached SATA devices
James Hogan (2):
MIPS: KVM: Handle MSA Disabled exceptions from guest
MIPS: lose_fpu(): Disable FPU when MSA enabled
Jan Kiszka (1):
ARM: KVM: Fix size check in __coherent_cache_guest_page
Jann Horn (1):
fs: take i_mutex during prepare_binprm for set[ug]id executables
Jens Freimann (1):
KVM: s390: fix get_all_floating_irqs
Jo-Philipp Wich (1):
ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450
John Crispin (1):
MIPS: ralink: add missing symbol for RALINK_ILL_ACC
Junjie Mao (1):
driver core: bus: Goto appropriate labels on failure in bus_add_device
K. Y. Srinivasan (3):
scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open()
Drivers: hv: vmbus: Don't wait after requesting offers
Kailang Yang (1):
ALSA: hda/realtek - Fix Headphone Mic doesn't recording for ALC256
Krzysztof Kozlowski (6):
compal-laptop: Fix leaking hwmon device
compal-laptop: Check return value of power_supply_register
power_supply: twl4030_madc: Check return value of
power_supply_register
power_supply: lp8788-charger: Fix leaked power supply on probe fail
power_supply: ipaq_micro_battery: Fix leaking workqueue
power_supply: ipaq_micro_battery: Check return values in probe
Larry Finger (1):
rtlwifi: rtl8192cu: Add new USB ID
Laszlo Ersek (1):
arm, arm64: KVM: allow forced dcache flush on page faults
Len Brown (1):
sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve
power savings and to improve performance
Li Jun (1):
usb: chipidea: otg: remove mutex unlock and lock while stop and start
role
Linus Walleij (1):
drivers: platform: parse IRQ flags from resources
Lucas Stach (1):
spi: imx: read back the RX/TX watermark levels earlier
Ludovic Desroches (1):
tty/serial: at91: maxburst was missing for dma transfers
Lukas Czerner (2):
ext4: make fsync to sync parent dir in no-journal for real this time
ext4: fix data corruption caused by unwritten and delayed extents
Lv Zheng (1):
ACPICA: Utilities: split IO address types from data type models.
Manish Badarkhe (1):
ASoC: davinci-evm: drop un-necessary remove function
Marc Zyngier (6):
arm64: KVM: Fix TLB invalidation by IPA/VMID
arm64: KVM: Fix HCR setting for 32bit guests
arm/arm64: KVM: Invalidate data cache on unmap
arm/arm64: KVM: Use kernel mapping to perform invalidation on page
fault
arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting
arm64: KVM: Do not use pgd_index to index stage-2 pgd
Marek Szyprowski (1):
arm64: dma-mapping: always clear allocated buffers
Marek Vasut (1):
rtlwifi: rtl8192cu: Add new device ID
Mark Brown (1):
i2c: core: Export bus recovery functions
Markos Chandras (4):
MIPS: Malta: Detect and fix bad memsize values
MIPS: asm: asm-eva: Introduce kernel load/store variants
MIPS: kernel: entry.S: Set correct ISA level for mips_ihb
MIPS: Kconfig: Disable SMP/CPS for 64-bit
Martin K. Petersen (2):
sd: Unregister integrity profile
sd: Fix missing ATO tag check
Max Filippov (3):
xtensa: xtfpga: fix hardware lockup caused by LCD driver
xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range
xtensa: ISS: fix locking in TAP network adapter
Michael Davidson (1):
fs/binfmt_elf.c: fix bug in loading of PIE binaries
Michael Ellerman (2):
powerpc/cell: Fix crash in iic_setup_cpu() after per_cpu changes
powerpc/cell: Fix cell iommu after it_page_shift changes
Michael Gernoth (1):
ALSA: emu10k1: don't deadlock in proc-functions
Michal Simek (2):
serial: of-serial: Remove device_type = "serial" registration
serial: xilinx: Use platform_get_irq to get irq description structure
Mike Galbraith (1):
sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs
Nadav Amit (1):
KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
Naoya Horiguchi (2):
mm/hugetlb: use pmd_page() in follow_huge_pmd()
mm/hugetlb: take page table lock in follow_huge_pmd()
NeilBrown (1):
md/raid0: fix bug with chunksize not a power of 2.
Nicholas Bellinger (1):
target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling
Nicolas Iooss (1):
wl18xx: show rx_frames_per_rates as an array as it really is
Nicolas Schichan (1):
MIPS: BCM63xx: Move bcm63xx_gpio_init() to bcm63xx_register_devices().
Niklas Cassel (1):
MIPS: smp-cps: cpu_set FPU mask if FPU present
Nishanth Menon (1):
C6x: time: Ensure consistency in __init
Octavian Purdila (1):
ACPICA: Tables: Don't release ACPI_MTX_TABLES in
acpi_tb_install_standard_table().
Oleg Nesterov (1):
ptrace: fix race between ptrace_resume() and wait_task_stopped()
Oliver Neukum (1):
cdc-wdm: fix endianness bug in debug statements
Omar Sandoval (1):
btrfs: unlock i_mutex after attempting to delete subvolume during send
Pascal Huerst (1):
ASoC: cs4271: Increase delay time after reset
Peter Maydell (1):
arm/arm64: KVM: vgic: move reset initialization into vgic_init_maps()
Peter Zubaj (1):
ALSA: emu10k1: Emu10k2 32 bit DMA mode
Quentin Casasnovas (1):
cdc-acm: prevent infinite loop when parsing CDC headers.
Rabin Vincent (1):
tracing: Handle ftrace_dump() atomic context in graph_trace_open()
Radim Krčmář (2):
KVM: use slowpath for cross page cached accesses
KVM: nVMX: mask unrestricted_guest if disabled on L0
Rafael J. Wysocki (1):
ACPI / scan: Annotate physical_node_lock in acpi_scan_is_offline()
Rafał Miłecki (1):
MIPS: BCM47XX: Fix detecting Microsoft MN-700 & Asus WL500G
Ralf Baechle (1):
MIPS: Octeon: Delete override of cpu_has_mips_r2_exec_hazard.
Russell King (1):
ARM: fix broken hibernation
Sabrina Dubroca (1):
e1000: add dummy allocator to fix race condition between mtu change
and netpoll
Sagi Grimberg (2):
iser-target: Fix session hang in case of an rdma read DIF error
IB/iser: Fix wrong calculation of protection buffer length
Sebastian Hesselbarth (1):
ARM: dts: dove: Fix uart[23] reg property
Sebastian Pöhn (1):
ip_forward: Drop frames with attached skb->sk
Sergej Sawazki (1):
ASoC: wm8741: Fix rates constraints values
Shannon Zhao (1):
arm/arm64: KVM: vgic: kick the specific vcpu instead of iterating
through all
Sifan Naeem (1):
[media] rc: img-ir: fix error in parameters passed to irq_free()
Stephen Boyd (1):
clk: qcom: Fix i2c frequency table
Steven Rostedt (1):
ring-buffer: Replace this_cpu_*() with __this_cpu_*()
Steven Rostedt (Red Hat) (1):
tools lib traceevent kbuffer: Remove extra update to data pointer in
PADDING
Sudip Mukherjee (1):
staging: panel: fix lcd type
Takashi Iwai (4):
ALSA: emux: Fix mutex deadlock at unloading
ALSA: emux: Fix mutex deadlock in OSS emulation
ALSA: emu10k1: Fix card shortname string buffer overflow
ALSA: hda - Add mute-LED mode control to Thinkpad
Thierry Reding (1):
clk: tegra: Register the proper number of resets
Thomas D (1):
tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support
for O= option in Makefile
Thomas Hebb (1):
hfsplus: don't store special "osx" xattr prefix on-disk
Tom Herbert (2):
net: add skb_checksum_complete_unset
ppp: call skb_checksum_complete_unset in ppp_receive_frame
Troy Tan (1):
rtlwifi: rtl8192ee: Fix handling of new style descriptors
Ulrik De Bie (1):
Input: elantech - fix absolute mode setting on some ASUS laptops
Vinson Lee (2):
perf symbols: Define STT_GNU_IFUNC for glibc 2.9 and older.
perf tools: Work around lack of sched_getcpu in glibc < 2.6.
Vutla, Lokesh (1):
crypto: omap-aes - Fix support for unequal lengths
Wei Yongjun (1):
ASoC: samsung: s3c24xx-i2s: Fix return value check in
s3c24xx_iis_dev_probe()
Yann Droneaud (2):
IB/core: disallow registering 0-sized memory region
IB/core: don't disallow registering region starting at 0x0
Yves-Alexis Perez (1):
ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226)
mancha security (1):
lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR
Documentation/kernel-parameters.txt | 2 +
Documentation/virtual/kvm/api.txt | 12 +-
Documentation/virtual/kvm/devices/s390_flic.txt | 3 +
arch/arm/boot/dts/dove.dtsi | 4 +-
arch/arm/include/asm/elf.h | 2 +-
arch/arm/include/asm/kvm_emulate.h | 5 +
arch/arm/include/asm/kvm_mmu.h | 87 +++++--
arch/arm/include/uapi/asm/kvm.h | 8 +-
arch/arm/kernel/hibernate.c | 5 +-
arch/arm/kernel/process.c | 10 +-
arch/arm/kernel/reboot.h | 6 +
arch/arm/kvm/arm.c | 38 +++-
arch/arm/kvm/guest.c | 1 -
arch/arm/kvm/mmu.c | 251 +++++++++++++++++----
arch/arm/kvm/psci.c | 18 ++
arch/arm/mach-mvebu/pmsu.c | 16 +-
arch/arm/mach-s3c64xx/crag6410.h | 1 +
arch/arm/mach-s3c64xx/mach-crag6410.c | 1 +
arch/arm/mm/hugetlbpage.c | 6 -
arch/arm64/include/asm/kvm_emulate.h | 7 +
arch/arm64/include/asm/kvm_host.h | 1 +
arch/arm64/include/asm/kvm_mmu.h | 81 +++----
arch/arm64/include/uapi/asm/kvm.h | 8 +-
arch/arm64/kvm/guest.c | 1 -
arch/arm64/kvm/hyp.S | 1 +
arch/arm64/kvm/reset.c | 1 -
arch/arm64/mm/dma-mapping.c | 6 +-
arch/arm64/mm/hugetlbpage.c | 6 -
arch/c6x/kernel/time.c | 2 +-
arch/ia64/mm/hugetlbpage.c | 6 -
arch/metag/mm/hugetlbpage.c | 6 -
arch/mips/Kconfig | 2 +-
arch/mips/bcm47xx/board.c | 4 +-
arch/mips/bcm63xx/prom.c | 4 -
arch/mips/bcm63xx/setup.c | 4 +
arch/mips/cavium-octeon/dma-octeon.c | 2 +-
arch/mips/cavium-octeon/setup.c | 5 +-
arch/mips/include/asm/asm-eva.h | 137 +++++++----
arch/mips/include/asm/fpu.h | 1 +
arch/mips/include/asm/kvm_host.h | 2 +
.../asm/mach-cavium-octeon/cpu-feature-overrides.h | 1 -
arch/mips/include/asm/octeon/cvmx.h | 8 -
arch/mips/include/asm/octeon/pci-octeon.h | 3 -
arch/mips/kernel/entry.S | 3 +-
arch/mips/kernel/smp-cps.c | 6 +
arch/mips/kvm/emulate.c | 1 +
arch/mips/kvm/mips.c | 4 +
arch/mips/kvm/trap_emul.c | 28 +++
arch/mips/loongson/loongson-3/irq.c | 1 +
arch/mips/mm/hugetlbpage.c | 18 --
arch/mips/mti-malta/malta-memory.c | 6 +
arch/mips/netlogic/xlp/ahci-init-xlp2.c | 13 ++
arch/mips/pci/pci-octeon.c | 8 +-
arch/mips/pci/pcie-octeon.c | 8 -
arch/mips/power/hibernate.S | 3 +-
arch/mips/ralink/Kconfig | 5 +
arch/powerpc/kernel/cacheinfo.c | 44 +++-
arch/powerpc/mm/hugetlbpage.c | 8 +
arch/powerpc/perf/callchain.c | 2 +-
arch/powerpc/platforms/cell/interrupt.c | 2 +-
arch/powerpc/platforms/cell/iommu.c | 2 +-
arch/powerpc/platforms/powernv/pci-ioda.c | 3 +-
arch/s390/kernel/suspend.c | 4 +
arch/s390/kvm/interrupt.c | 70 +++---
arch/s390/kvm/kvm-s390.h | 4 +-
arch/s390/kvm/priv.c | 42 ++--
arch/s390/mm/hugetlbpage.c | 20 --
arch/sh/mm/hugetlbpage.c | 12 -
arch/sparc/mm/hugetlbpage.c | 12 -
arch/tile/mm/hugetlbpage.c | 28 ---
arch/x86/include/asm/insn.h | 2 +-
arch/x86/include/asm/mwait.h | 8 +
arch/x86/kernel/process.c | 51 +++++
arch/x86/kvm/vmx.c | 7 +-
arch/x86/kvm/x86.c | 10 +-
arch/x86/lib/insn.c | 7 +
arch/x86/mm/hugetlbpage.c | 12 -
arch/xtensa/Kconfig | 30 +++
arch/xtensa/include/uapi/asm/unistd.h | 2 +-
arch/xtensa/platforms/iss/network.c | 29 +--
arch/xtensa/platforms/xtfpga/Makefile | 3 +-
.../platforms/xtfpga/include/platform/hardware.h | 3 -
.../xtensa/platforms/xtfpga/include/platform/lcd.h | 15 ++
arch/xtensa/platforms/xtfpga/lcd.c | 55 +++--
drivers/acpi/acpica/tbinstal.c | 1 -
drivers/acpi/sbs.c | 2 +-
drivers/acpi/scan.c | 6 +-
drivers/base/bus.c | 4 +-
drivers/base/platform.c | 9 +
drivers/block/rbd.c | 5 +
drivers/bluetooth/ath3k.c | 1 +
drivers/bluetooth/btusb.c | 1 +
drivers/clk/at91/clk-usb.c | 62 +++--
drivers/clk/qcom/clk-rcg2.c | 2 +-
drivers/clk/qcom/gcc-ipq806x.c | 2 +-
drivers/clk/samsung/clk-exynos4.c | 11 +-
drivers/clk/tegra/clk.c | 2 +-
drivers/crypto/omap-aes.c | 14 +-
drivers/gpio/gpio-mvebu.c | 24 +-
drivers/gpu/drm/i915/i915_drv.c | 4 +-
drivers/gpu/drm/i915/i915_irq.c | 8 +-
drivers/gpu/drm/i915/i915_reg.h | 1 +
drivers/gpu/drm/i915/intel_i2c.c | 66 +++++-
drivers/gpu/drm/radeon/atombios_crtc.c | 11 +-
drivers/gpu/drm/radeon/radeon_vm.c | 31 +--
drivers/gpu/drm/radeon/si_dpm.c | 1 +
drivers/hv/channel.c | 7 +-
drivers/hv/channel_mgmt.c | 12 +-
drivers/i2c/busses/i2c-rk3x.c | 2 +-
drivers/i2c/i2c-core.c | 3 +
drivers/infiniband/core/umem.c | 7 +-
drivers/infiniband/hw/mlx4/qp.c | 3 +-
drivers/infiniband/ulp/iser/iser_initiator.c | 4 +-
drivers/infiniband/ulp/isert/ib_isert.c | 6 +-
drivers/input/mouse/elantech.c | 22 ++
drivers/input/mouse/elantech.h | 1 +
drivers/md/dm-crypt.c | 12 +-
drivers/md/raid0.c | 3 +-
drivers/media/rc/img-ir/img-ir-core.c | 2 +-
drivers/media/usb/stk1160/stk1160-v4l.c | 17 +-
drivers/memstick/core/mspro_block.c | 3 +-
drivers/mmc/host/sunxi-mmc.c | 4 +-
drivers/mtd/ubi/attach.c | 2 +-
drivers/mtd/ubi/cdev.c | 2 +-
drivers/mtd/ubi/eba.c | 3 +-
drivers/mtd/ubi/wl.c | 2 +-
drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +-
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 1 +
drivers/net/ethernet/mellanox/mlx4/en_rx.c | 26 ++-
drivers/net/ethernet/mellanox/mlx4/en_tx.c | 8 +-
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 +
drivers/net/ppp/ppp_generic.c | 1 +
drivers/net/wireless/rtlwifi/pci.c | 31 ++-
drivers/net/wireless/rtlwifi/rtl8192cu/sw.c | 2 +
drivers/net/wireless/rtlwifi/rtl8192ee/sw.c | 3 +-
drivers/net/wireless/rtlwifi/rtl8192ee/trx.c | 7 +-
drivers/net/wireless/rtlwifi/rtl8192ee/trx.h | 2 +-
drivers/net/wireless/rtlwifi/wifi.h | 1 +
drivers/net/wireless/ti/wl18xx/debugfs.c | 2 +-
drivers/net/wireless/ti/wlcore/debugfs.h | 4 +-
drivers/nfc/st21nfcb/i2c.c | 4 +-
drivers/platform/x86/compal-laptop.c | 10 +-
drivers/power/ipaq_micro_battery.c | 22 +-
drivers/power/lp8788-charger.c | 4 +-
drivers/power/twl4030_madc_battery.c | 7 +-
drivers/scsi/3w-9xxx.c | 57 ++---
drivers/scsi/3w-9xxx.h | 5 -
drivers/scsi/3w-sas.c | 50 +---
drivers/scsi/3w-sas.h | 4 -
drivers/scsi/3w-xxxx.c | 42 +---
drivers/scsi/3w-xxxx.h | 5 -
drivers/scsi/mvsas/mv_sas.c | 5 +-
drivers/scsi/sd.c | 1 +
drivers/scsi/sd_dif.c | 2 +-
drivers/scsi/storvsc_drv.c | 15 +-
drivers/spi/spi-imx.c | 4 +-
drivers/spi/spidev.c | 5 +-
drivers/ssb/Kconfig | 1 +
drivers/staging/android/sync.c | 2 +-
drivers/staging/comedi/drivers/adv_pci1710.c | 3 +-
drivers/staging/panel/panel.c | 10 +-
drivers/target/target_core_file.c | 122 ++++++----
drivers/target/target_core_sbc.c | 15 +-
drivers/target/target_core_transport.c | 37 ++-
drivers/tty/serial/atmel_serial.c | 2 +
drivers/tty/serial/of_serial.c | 1 -
drivers/tty/serial/uartlite.c | 11 +-
drivers/tty/serial/xilinx_uartps.c | 12 +-
drivers/usb/chipidea/otg_fsm.c | 4 -
drivers/usb/class/cdc-acm.c | 6 +
drivers/usb/class/cdc-wdm.c | 12 +-
drivers/usb/core/hub.c | 4 +-
drivers/usb/gadget/legacy/printer.c | 9 +
drivers/usb/host/ehci-hcd.c | 10 +-
drivers/usb/host/ehci-hub.c | 9 +-
drivers/usb/host/fotg210-hcd.c | 2 +-
drivers/usb/host/fusbh200-hcd.c | 3 +-
drivers/usb/host/isp116x-hcd.c | 2 +-
drivers/usb/host/oxu210hp-hcd.c | 7 +-
drivers/usb/host/r8a66597-hcd.c | 2 +-
drivers/usb/host/sl811-hcd.c | 2 +-
drivers/usb/host/uhci-hub.c | 5 +-
drivers/usb/host/xhci-ring.c | 2 +-
drivers/usb/musb/musb_core.c | 47 ++--
drivers/usb/musb/musb_virthub.c | 2 +-
drivers/usb/phy/phy.c | 4 +-
drivers/usb/storage/uas-detect.h | 9 +-
drivers/usb/storage/uas.c | 16 +-
drivers/usb/storage/usb.c | 8 +-
fs/binfmt_elf.c | 9 +-
fs/btrfs/extent-tree.c | 5 +-
fs/btrfs/ioctl.c | 11 +-
fs/btrfs/xattr.c | 53 +++--
fs/exec.c | 76 ++++---
fs/ext4/extents.c | 15 +-
fs/ext4/extents_status.c | 8 +
fs/ext4/inode.c | 2 +
fs/ext4/namei.c | 20 +-
fs/hfsplus/xattr.c | 38 ++--
fs/namei.c | 6 +-
fs/namespace.c | 31 +--
fs/nfs/nfs4xdr.c | 6 +
fs/nfsd/nfs4proc.c | 2 +
fs/nfsd/nfs4xdr.c | 12 +-
fs/open.c | 2 +-
fs/pnode.h | 1 -
include/acpi/actypes.h | 20 ++
include/acpi/platform/acenv.h | 1 +
include/kvm/arm_arch_timer.h | 10 +-
include/kvm/arm_vgic.h | 5 +-
include/linux/bpf.h | 4 +-
include/linux/hugetlb.h | 8 +-
include/linux/kvm_host.h | 1 +
include/linux/skbuff.h | 13 ++
include/linux/swapops.h | 4 +
include/linux/usb.h | 26 +++
include/linux/usb_usual.h | 2 +
include/sound/emu10k1.h | 14 +-
include/sound/soc-dapm.h | 2 +-
include/target/target_core_base.h | 2 +-
kernel/bpf/core.c | 12 +-
kernel/bpf/verifier.c | 5 +-
kernel/ptrace.c | 20 ++
kernel/trace/ring_buffer.c | 11 +-
kernel/trace/trace_functions_graph.c | 8 +-
lib/string.c | 2 +-
mm/gup.c | 25 +-
mm/hugetlb.c | 74 +++---
mm/migrate.c | 5 +-
net/bridge/br_netfilter.c | 17 +-
net/core/skbuff.c | 30 ++-
net/ipv4/ip_forward.c | 3 +
net/ipv4/ping.c | 1 +
net/ipv4/tcp_output.c | 64 ++++--
net/netlink/af_netlink.c | 6 +-
sound/pci/emu10k1/emu10k1.c | 6 +-
sound/pci/emu10k1/emu10k1_callback.c | 4 +-
sound/pci/emu10k1/emu10k1_main.c | 21 +-
sound/pci/emu10k1/emupcm.c | 2 +-
sound/pci/emu10k1/emuproc.c | 12 -
sound/pci/emu10k1/memory.c | 11 +-
sound/pci/hda/patch_realtek.c | 8 +-
sound/pci/hda/thinkpad_helper.c | 1 +
sound/soc/codecs/cs4271.c | 4 +-
sound/soc/codecs/pcm512x.c | 4 +-
sound/soc/codecs/rt5677.c | 2 +-
sound/soc/codecs/wm8741.c | 8 +-
sound/soc/davinci/davinci-evm.c | 10 -
sound/soc/samsung/s3c24xx-i2s.c | 4 +-
sound/synth/emux/emux_oss.c | 11 +-
sound/synth/emux/emux_seq.c | 29 ++-
tools/lib/traceevent/kbuffer-parse.c | 1 -
tools/perf/util/cloexec.c | 6 +
tools/perf/util/cloexec.h | 6 +
tools/perf/util/symbol-elf.c | 4 +
tools/power/x86/turbostat/Makefile | 6 +-
virt/kvm/arm/arch_timer.c | 30 ++-
virt/kvm/arm/vgic-v2.c | 8 +
virt/kvm/arm/vgic-v3.c | 8 +
virt/kvm/arm/vgic.c | 125 +++++-----
virt/kvm/kvm_main.c | 4 +-
261 files changed, 2263 insertions(+), 1237 deletions(-)
create mode 100644 arch/arm/kernel/reboot.h
--
2.1.0
^ permalink raw reply [flat|nested] 228+ messages in thread
* [PATCH 3.18 001/222] kvm: add a memslot flag for incoherent memory regions
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 002/222] arm, arm64: KVM: allow forced dcache flush on page faults Sasha Levin
` (221 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 1050dcda3052912984b26fb6d2695a3f41792000 upstream.
Memory regions may be incoherent with the caches, typically when the
guest has mapped a host system RAM backed memory region as uncached.
Add a flag KVM_MEMSLOT_INCOHERENT so that we can tag these memslots
and handle them appropriately when mapping them.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/linux/kvm_host.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index a6059bd..e4d8f70 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -43,6 +43,7 @@
* include/linux/kvm_h.
*/
#define KVM_MEMSLOT_INVALID (1UL << 16)
+#define KVM_MEMSLOT_INCOHERENT (1UL << 17)
/* Two fragments for cross MMIO pages. */
#define KVM_MAX_MMIO_FRAGMENTS 2
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 002/222] arm, arm64: KVM: allow forced dcache flush on page faults
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 001/222] kvm: add a memslot flag for incoherent memory regions Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 003/222] arm, arm64: KVM: handle potential incoherency of readonly memslots Sasha Levin
` (220 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Laszlo Ersek <lersek@redhat.com>
commit 840f4bfbe03f1ce94ade8fdf84e8cd925ef15a48 upstream.
To allow handling of incoherent memslots in a subsequent patch, this
patch adds a paramater 'ipa_uncached' to cache_coherent_guest_page()
so that we can instruct it to flush the page's contents to DRAM even
if the guest has caching globally enabled.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 5 +++--
arch/arm/kvm/mmu.c | 9 +++++++--
arch/arm64/include/asm/kvm_mmu.h | 5 +++--
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index acb0d57..f867060 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -161,9 +161,10 @@ static inline bool vcpu_has_cache_enabled(struct kvm_vcpu *vcpu)
}
static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
- unsigned long size)
+ unsigned long size,
+ bool ipa_uncached)
{
- if (!vcpu_has_cache_enabled(vcpu))
+ if (!vcpu_has_cache_enabled(vcpu) || ipa_uncached)
kvm_flush_dcache_to_poc((void *)hva, size);
/*
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 8664ff1..8038e52 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -853,6 +853,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
struct vm_area_struct *vma;
pfn_t pfn;
pgprot_t mem_type = PAGE_S2;
+ bool fault_ipa_uncached;
write_fault = kvm_is_write_fault(vcpu);
if (fault_status == FSC_PERM && !write_fault) {
@@ -919,6 +920,8 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
if (!hugetlb && !force_pte)
hugetlb = transparent_hugepage_adjust(&pfn, &fault_ipa);
+ fault_ipa_uncached = false;
+
if (hugetlb) {
pmd_t new_pmd = pfn_pmd(pfn, mem_type);
new_pmd = pmd_mkhuge(new_pmd);
@@ -926,7 +929,8 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
kvm_set_s2pmd_writable(&new_pmd);
kvm_set_pfn_dirty(pfn);
}
- coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE);
+ coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE,
+ fault_ipa_uncached);
ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd);
} else {
pte_t new_pte = pfn_pte(pfn, mem_type);
@@ -934,7 +938,8 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
kvm_set_s2pte_writable(&new_pte);
kvm_set_pfn_dirty(pfn);
}
- coherent_cache_guest_page(vcpu, hva, PAGE_SIZE);
+ coherent_cache_guest_page(vcpu, hva, PAGE_SIZE,
+ fault_ipa_uncached);
ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte,
pgprot_val(mem_type) == pgprot_val(PAGE_S2_DEVICE));
}
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 0caf7a5..123b521 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -243,9 +243,10 @@ static inline bool vcpu_has_cache_enabled(struct kvm_vcpu *vcpu)
}
static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
- unsigned long size)
+ unsigned long size,
+ bool ipa_uncached)
{
- if (!vcpu_has_cache_enabled(vcpu))
+ if (!vcpu_has_cache_enabled(vcpu) || ipa_uncached)
kvm_flush_dcache_to_poc((void *)hva, size);
if (!icache_is_aliasing()) { /* PIPT */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 003/222] arm, arm64: KVM: handle potential incoherency of readonly memslots
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 001/222] kvm: add a memslot flag for incoherent memory regions Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 002/222] arm, arm64: KVM: allow forced dcache flush on page faults Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 004/222] arm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag Sasha Levin
` (219 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 849260c72c6b8bd53850cb00b80027db3a273c2c upstream.
Readonly memslots are often used to implement emulation of ROMs and
NOR flashes, in which case the guest may legally map these regions as
uncached.
To deal with the incoherency associated with uncached guest mappings,
treat all readonly memslots as incoherent, and ensure that pages that
belong to regions tagged as such are flushed to DRAM before being passed
to the guest.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/kvm/mmu.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 8038e52..16ae5f0 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -920,7 +920,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
if (!hugetlb && !force_pte)
hugetlb = transparent_hugepage_adjust(&pfn, &fault_ipa);
- fault_ipa_uncached = false;
+ fault_ipa_uncached = memslot->flags & KVM_MEMSLOT_INCOHERENT;
if (hugetlb) {
pmd_t new_pmd = pfn_pmd(pfn, mem_type);
@@ -1299,11 +1299,12 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
hva = vm_end;
} while (hva < reg_end);
- if (ret) {
- spin_lock(&kvm->mmu_lock);
+ spin_lock(&kvm->mmu_lock);
+ if (ret)
unmap_stage2_range(kvm, mem->guest_phys_addr, mem->memory_size);
- spin_unlock(&kvm->mmu_lock);
- }
+ else
+ stage2_flush_memslot(kvm, memslot);
+ spin_unlock(&kvm->mmu_lock);
return ret;
}
@@ -1315,6 +1316,15 @@ void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot,
unsigned long npages)
{
+ /*
+ * Readonly memslots are not incoherent with the caches by definition,
+ * but in practice, they are used mostly to emulate ROMs or NOR flashes
+ * that the guest may consider devices and hence map as uncached.
+ * To prevent incoherency issues in these cases, tag all readonly
+ * regions as incoherent.
+ */
+ if (slot->flags & KVM_MEM_READONLY)
+ slot->flags |= KVM_MEMSLOT_INCOHERENT;
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 004/222] arm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (2 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 003/222] arm, arm64: KVM: handle potential incoherency of readonly memslots Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 005/222] arm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option Sasha Levin
` (218 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit 03f1d4c17edb31b41b14ca3a749ae38d2dd6639d upstream.
If a VCPU was originally started with power off (typically to be brought
up by PSCI in SMP configurations), there is no need to clear the
POWER_OFF flag in the kernel, as this flag is only tested during the
init ioctl itself.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/kvm/arm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 9e193c8..b160bea 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -661,7 +661,7 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu,
/*
* Handle the "start in power-off" case by marking the VCPU as paused.
*/
- if (__test_and_clear_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features))
+ if (test_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features))
vcpu->arch.pause = true;
return 0;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 005/222] arm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (3 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 004/222] arm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 006/222] arm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu Sasha Levin
` (217 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit 3ad8b3de526a76fbe9466b366059e4958957b88f upstream.
The implementation of KVM_ARM_VCPU_INIT is currently not doing what
userspace expects, namely making sure that a vcpu which may have been
turned off using PSCI is returned to its initial state, which would be
powered on if userspace does not set the KVM_ARM_VCPU_POWER_OFF flag.
Implement the expected functionality and clarify the ABI.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
Documentation/virtual/kvm/api.txt | 3 ++-
arch/arm/kvm/arm.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index 7610eaa..bb82a90 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -2455,7 +2455,8 @@ should be created before this ioctl is invoked.
Possible features:
- KVM_ARM_VCPU_POWER_OFF: Starts the CPU in a power-off state.
- Depends on KVM_CAP_ARM_PSCI.
+ Depends on KVM_CAP_ARM_PSCI. If not set, the CPU will be powered on
+ and execute guest code when KVM_RUN is called.
- KVM_ARM_VCPU_EL1_32BIT: Starts the CPU in a 32bit mode.
Depends on KVM_CAP_ARM_EL1_32BIT (arm64 only).
- KVM_ARM_VCPU_PSCI_0_2: Emulate PSCI v0.2 for the CPU.
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index b160bea..edc1964 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -663,6 +663,8 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu,
*/
if (test_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features))
vcpu->arch.pause = true;
+ else
+ vcpu->arch.pause = false;
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 006/222] arm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (4 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 005/222] arm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 007/222] arm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot Sasha Levin
` (216 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit b856a59141b1066d3c896a0d0231f84dabd040af upstream.
When userspace resets the vcpu using KVM_ARM_VCPU_INIT, we should also
reset the HCR, because we now modify the HCR dynamically to
enable/disable trapping of guest accesses to the VM registers.
This is crucial for reboot of VMs working since otherwise we will not be
doing the necessary cache maintenance operations when faulting in pages
with the guest MMU off.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_emulate.h | 5 +++++
arch/arm/kvm/arm.c | 2 ++
arch/arm/kvm/guest.c | 1 -
arch/arm64/include/asm/kvm_emulate.h | 5 +++++
arch/arm64/kvm/guest.c | 1 -
5 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h
index b9db269..66ce176 100644
--- a/arch/arm/include/asm/kvm_emulate.h
+++ b/arch/arm/include/asm/kvm_emulate.h
@@ -33,6 +33,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu);
void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr);
void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr);
+static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
+{
+ vcpu->arch.hcr = HCR_GUEST_MASK;
+}
+
static inline bool vcpu_mode_is_32bit(struct kvm_vcpu *vcpu)
{
return 1;
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index edc1964..24c9ca4 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -658,6 +658,8 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu,
if (ret)
return ret;
+ vcpu_reset_hcr(vcpu);
+
/*
* Handle the "start in power-off" case by marking the VCPU as paused.
*/
diff --git a/arch/arm/kvm/guest.c b/arch/arm/kvm/guest.c
index cc0b787..8c97208 100644
--- a/arch/arm/kvm/guest.c
+++ b/arch/arm/kvm/guest.c
@@ -38,7 +38,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
{
- vcpu->arch.hcr = HCR_GUEST_MASK;
return 0;
}
diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
index 5674a55..8127e45 100644
--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@ -38,6 +38,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu);
void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr);
void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr);
+static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
+{
+ vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;
+}
+
static inline unsigned long *vcpu_pc(const struct kvm_vcpu *vcpu)
{
return (unsigned long *)&vcpu_gp_regs(vcpu)->regs.pc;
diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c
index 7679469..84d5959 100644
--- a/arch/arm64/kvm/guest.c
+++ b/arch/arm64/kvm/guest.c
@@ -38,7 +38,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
{
- vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 007/222] arm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (5 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 006/222] arm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 008/222] arm/arm64: KVM: Introduce stage2_unmap_vm Sasha Levin
` (215 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit cf5d318865e25f887d49a0c6083bbc6dcd1905b1 upstream.
When a vcpu calls SYSTEM_OFF or SYSTEM_RESET with PSCI v0.2, the vcpus
should really be turned off for the VM adhering to the suggestions in
the PSCI spec, and it's the sane thing to do.
Also, clarify the behavior and expectations for exits to user space with
the KVM_EXIT_SYSTEM_EVENT case.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
Documentation/virtual/kvm/api.txt | 9 +++++++++
arch/arm/kvm/psci.c | 18 ++++++++++++++++++
arch/arm64/include/asm/kvm_host.h | 1 +
3 files changed, 28 insertions(+)
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index bb82a90..702bb25 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -2952,6 +2952,15 @@ HVC instruction based PSCI call from the vcpu. The 'type' field describes
the system-level event type. The 'flags' field describes architecture
specific flags for the system-level event.
+Valid values for 'type' are:
+ KVM_SYSTEM_EVENT_SHUTDOWN -- the guest has requested a shutdown of the
+ VM. Userspace is not obliged to honour this, and if it does honour
+ this does not need to destroy the VM synchronously (ie it may call
+ KVM_RUN again before shutdown finally occurs).
+ KVM_SYSTEM_EVENT_RESET -- the guest has requested a reset of the VM.
+ As with SHUTDOWN, userspace can choose to ignore the request, or
+ to schedule the reset to occur in the future and may call KVM_RUN again.
+
/* Fix the size of the union. */
char padding[256];
};
diff --git a/arch/arm/kvm/psci.c b/arch/arm/kvm/psci.c
index 09cf377..58cb324 100644
--- a/arch/arm/kvm/psci.c
+++ b/arch/arm/kvm/psci.c
@@ -15,6 +15,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <linux/preempt.h>
#include <linux/kvm_host.h>
#include <linux/wait.h>
@@ -166,6 +167,23 @@ static unsigned long kvm_psci_vcpu_affinity_info(struct kvm_vcpu *vcpu)
static void kvm_prepare_system_event(struct kvm_vcpu *vcpu, u32 type)
{
+ int i;
+ struct kvm_vcpu *tmp;
+
+ /*
+ * The KVM ABI specifies that a system event exit may call KVM_RUN
+ * again and may perform shutdown/reboot at a later time that when the
+ * actual request is made. Since we are implementing PSCI and a
+ * caller of PSCI reboot and shutdown expects that the system shuts
+ * down or reboots immediately, let's make sure that VCPUs are not run
+ * after this call is handled and before the VCPUs have been
+ * re-initialized.
+ */
+ kvm_for_each_vcpu(i, tmp, vcpu->kvm) {
+ tmp->arch.pause = true;
+ kvm_vcpu_kick(tmp);
+ }
+
memset(&vcpu->run->system_event, 0, sizeof(vcpu->run->system_event));
vcpu->run->system_event.type = type;
vcpu->run->exit_reason = KVM_EXIT_SYSTEM_EVENT;
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 2012c4b..dbd3212 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -200,6 +200,7 @@ struct kvm_vcpu *kvm_arm_get_running_vcpu(void);
struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void);
u64 kvm_call_hyp(void *hypfn, ...);
+void force_vm_exit(const cpumask_t *mask);
int handle_exit(struct kvm_vcpu *vcpu, struct kvm_run *run,
int exception_index);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 008/222] arm/arm64: KVM: Introduce stage2_unmap_vm
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (6 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 007/222] arm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 009/222] arm/arm64: KVM: vgic: move reset initialization into vgic_init_maps() Sasha Levin
` (214 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit 957db105c99792ae8ef61ffc9ae77d910f6471da upstream.
Introduce a new function to unmap user RAM regions in the stage2 page
tables. This is needed on reboot (or when the guest turns off the MMU)
to ensure we fault in pages again and make the dcache, RAM, and icache
coherent.
Using unmap_stage2_range for the whole guest physical range does not
work, because that unmaps IO regions (such as the GIC) which will not be
recreated or in the best case faulted in on a page-by-page basis.
Call this function on secondary and subsequent calls to the
KVM_ARM_VCPU_INIT ioctl so that a reset VCPU will detect the guest
Stage-1 MMU is off when faulting in pages and make the caches coherent.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 1 +
arch/arm/kvm/arm.c | 7 +++++
arch/arm/kvm/mmu.c | 65 ++++++++++++++++++++++++++++++++++++++++
arch/arm64/include/asm/kvm_mmu.h | 1 +
4 files changed, 74 insertions(+)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index f867060..63e0ecc 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -52,6 +52,7 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t);
void free_boot_hyp_pgd(void);
void free_hyp_pgds(void);
+void stage2_unmap_vm(struct kvm *kvm);
int kvm_alloc_stage2_pgd(struct kvm *kvm);
void kvm_free_stage2_pgd(struct kvm *kvm);
int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 24c9ca4..827ff48 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -658,6 +658,13 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu,
if (ret)
return ret;
+ /*
+ * Ensure a rebooted VM will fault in RAM pages and detect if the
+ * guest MMU is turned off and flush the caches as needed.
+ */
+ if (vcpu->arch.has_run_once)
+ stage2_unmap_vm(vcpu->kvm);
+
vcpu_reset_hcr(vcpu);
/*
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 16ae5f0..1dc9778 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -612,6 +612,71 @@ static void unmap_stage2_range(struct kvm *kvm, phys_addr_t start, u64 size)
unmap_range(kvm, kvm->arch.pgd, start, size);
}
+static void stage2_unmap_memslot(struct kvm *kvm,
+ struct kvm_memory_slot *memslot)
+{
+ hva_t hva = memslot->userspace_addr;
+ phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT;
+ phys_addr_t size = PAGE_SIZE * memslot->npages;
+ hva_t reg_end = hva + size;
+
+ /*
+ * A memory region could potentially cover multiple VMAs, and any holes
+ * between them, so iterate over all of them to find out if we should
+ * unmap any of them.
+ *
+ * +--------------------------------------------+
+ * +---------------+----------------+ +----------------+
+ * | : VMA 1 | VMA 2 | | VMA 3 : |
+ * +---------------+----------------+ +----------------+
+ * | memory region |
+ * +--------------------------------------------+
+ */
+ do {
+ struct vm_area_struct *vma = find_vma(current->mm, hva);
+ hva_t vm_start, vm_end;
+
+ if (!vma || vma->vm_start >= reg_end)
+ break;
+
+ /*
+ * Take the intersection of this VMA with the memory region
+ */
+ vm_start = max(hva, vma->vm_start);
+ vm_end = min(reg_end, vma->vm_end);
+
+ if (!(vma->vm_flags & VM_PFNMAP)) {
+ gpa_t gpa = addr + (vm_start - memslot->userspace_addr);
+ unmap_stage2_range(kvm, gpa, vm_end - vm_start);
+ }
+ hva = vm_end;
+ } while (hva < reg_end);
+}
+
+/**
+ * stage2_unmap_vm - Unmap Stage-2 RAM mappings
+ * @kvm: The struct kvm pointer
+ *
+ * Go through the memregions and unmap any reguler RAM
+ * backing memory already mapped to the VM.
+ */
+void stage2_unmap_vm(struct kvm *kvm)
+{
+ struct kvm_memslots *slots;
+ struct kvm_memory_slot *memslot;
+ int idx;
+
+ idx = srcu_read_lock(&kvm->srcu);
+ spin_lock(&kvm->mmu_lock);
+
+ slots = kvm_memslots(kvm);
+ kvm_for_each_memslot(memslot, slots)
+ stage2_unmap_memslot(kvm, memslot);
+
+ spin_unlock(&kvm->mmu_lock);
+ srcu_read_unlock(&kvm->srcu, idx);
+}
+
/**
* kvm_free_stage2_pgd - free all stage-2 tables
* @kvm: The KVM struct pointer for the VM.
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 123b521..14a74f1 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -83,6 +83,7 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t);
void free_boot_hyp_pgd(void);
void free_hyp_pgds(void);
+void stage2_unmap_vm(struct kvm *kvm);
int kvm_alloc_stage2_pgd(struct kvm *kvm);
void kvm_free_stage2_pgd(struct kvm *kvm);
int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 009/222] arm/arm64: KVM: vgic: move reset initialization into vgic_init_maps()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (7 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 008/222] arm/arm64: KVM: Introduce stage2_unmap_vm Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 010/222] arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized Sasha Levin
` (213 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Peter Maydell <peter.maydell@linaro.org>
commit 6d3cfbe21bef5b66530b50ad16c88fdc71a04c35 upstream.
VGIC initialization currently happens in three phases:
(1) kvm_vgic_create() (triggered by userspace GIC creation)
(2) vgic_init_maps() (triggered by userspace GIC register read/write
requests, or from kvm_vgic_init() if not already run)
(3) kvm_vgic_init() (triggered by first VM run)
We were doing initialization of some state to correspond with the
state of a freshly-reset GIC in kvm_vgic_init(); this is too late,
since it will overwrite changes made by userspace using the
register access APIs before the VM is run. Move this initialization
earlier, into the vgic_init_maps() phase.
This fixes a bug where QEMU could successfully restore a saved
VM state snapshot into a VM that had already been run, but could
not restore it "from cold" using the -loadvm command line option
(the symptoms being that the restored VM would run but interrupts
were ignored).
Finally rename vgic_init_maps to vgic_init and renamed kvm_vgic_init to
kvm_vgic_map_resources.
[ This patch is originally written by Peter Maydell, but I have
modified it somewhat heavily, renaming various bits and moving code
around. If something is broken, I am to be blamed. - Christoffer ]
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/kvm/arm.c | 6 ++--
include/kvm/arm_vgic.h | 4 +--
virt/kvm/arm/vgic.c | 77 +++++++++++++++++++++-----------------------------
3 files changed, 37 insertions(+), 50 deletions(-)
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 827ff48..448314b 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -427,11 +427,11 @@ static int kvm_vcpu_first_run_init(struct kvm_vcpu *vcpu)
vcpu->arch.has_run_once = true;
/*
- * Initialize the VGIC before running a vcpu the first time on
- * this VM.
+ * Map the VGIC hardware resources before running a vcpu the first
+ * time on this VM.
*/
if (unlikely(!vgic_initialized(vcpu->kvm))) {
- ret = kvm_vgic_init(vcpu->kvm);
+ ret = kvm_vgic_map_resources(vcpu->kvm);
if (ret)
return ret;
}
diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
index 206dcc3..fe9783b 100644
--- a/include/kvm/arm_vgic.h
+++ b/include/kvm/arm_vgic.h
@@ -274,7 +274,7 @@ struct kvm_exit_mmio;
#ifdef CONFIG_KVM_ARM_VGIC
int kvm_vgic_addr(struct kvm *kvm, unsigned long type, u64 *addr, bool write);
int kvm_vgic_hyp_init(void);
-int kvm_vgic_init(struct kvm *kvm);
+int kvm_vgic_map_resources(struct kvm *kvm);
int kvm_vgic_create(struct kvm *kvm);
void kvm_vgic_destroy(struct kvm *kvm);
void kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu);
@@ -321,7 +321,7 @@ static inline int kvm_vgic_addr(struct kvm *kvm, unsigned long type, u64 *addr,
return -ENXIO;
}
-static inline int kvm_vgic_init(struct kvm *kvm)
+static inline int kvm_vgic_map_resources(struct kvm *kvm)
{
return 0;
}
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index aacdb59..91e6bfc 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -91,6 +91,7 @@
#define ACCESS_WRITE_VALUE (3 << 1)
#define ACCESS_WRITE_MASK(x) ((x) & (3 << 1))
+static int vgic_init(struct kvm *kvm);
static void vgic_retire_disabled_irqs(struct kvm_vcpu *vcpu);
static void vgic_retire_lr(int lr_nr, int irq, struct kvm_vcpu *vcpu);
static void vgic_update_state(struct kvm *kvm);
@@ -1726,39 +1727,14 @@ static int vgic_vcpu_init_maps(struct kvm_vcpu *vcpu, int nr_irqs)
int sz = (nr_irqs - VGIC_NR_PRIVATE_IRQS) / 8;
vgic_cpu->pending_shared = kzalloc(sz, GFP_KERNEL);
- vgic_cpu->vgic_irq_lr_map = kzalloc(nr_irqs, GFP_KERNEL);
+ vgic_cpu->vgic_irq_lr_map = kmalloc(nr_irqs, GFP_KERNEL);
if (!vgic_cpu->pending_shared || !vgic_cpu->vgic_irq_lr_map) {
kvm_vgic_vcpu_destroy(vcpu);
return -ENOMEM;
}
- return 0;
-}
-
-/**
- * kvm_vgic_vcpu_init - Initialize per-vcpu VGIC state
- * @vcpu: pointer to the vcpu struct
- *
- * Initialize the vgic_cpu struct and vgic_dist struct fields pertaining to
- * this vcpu and enable the VGIC for this VCPU
- */
-static void kvm_vgic_vcpu_init(struct kvm_vcpu *vcpu)
-{
- struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
- struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
- int i;
-
- for (i = 0; i < dist->nr_irqs; i++) {
- if (i < VGIC_NR_PPIS)
- vgic_bitmap_set_irq_val(&dist->irq_enabled,
- vcpu->vcpu_id, i, 1);
- if (i < VGIC_NR_PRIVATE_IRQS)
- vgic_bitmap_set_irq_val(&dist->irq_cfg,
- vcpu->vcpu_id, i, VGIC_CFG_EDGE);
-
- vgic_cpu->vgic_irq_lr_map[i] = LR_EMPTY;
- }
+ memset(vgic_cpu->vgic_irq_lr_map, LR_EMPTY, nr_irqs);
/*
* Store the number of LRs per vcpu, so we don't have to go
@@ -1767,7 +1743,7 @@ static void kvm_vgic_vcpu_init(struct kvm_vcpu *vcpu)
*/
vgic_cpu->nr_lr = vgic->nr_lr;
- vgic_enable(vcpu);
+ return 0;
}
void kvm_vgic_destroy(struct kvm *kvm)
@@ -1804,12 +1780,12 @@ void kvm_vgic_destroy(struct kvm *kvm)
* Allocate and initialize the various data structures. Must be called
* with kvm->lock held!
*/
-static int vgic_init_maps(struct kvm *kvm)
+static int vgic_init(struct kvm *kvm)
{
struct vgic_dist *dist = &kvm->arch.vgic;
struct kvm_vcpu *vcpu;
int nr_cpus, nr_irqs;
- int ret, i;
+ int ret, i, vcpu_id;
if (dist->nr_cpus) /* Already allocated */
return 0;
@@ -1859,16 +1835,28 @@ static int vgic_init_maps(struct kvm *kvm)
if (ret)
goto out;
- kvm_for_each_vcpu(i, vcpu, kvm) {
+ for (i = VGIC_NR_PRIVATE_IRQS; i < dist->nr_irqs; i += 4)
+ vgic_set_target_reg(kvm, 0, i);
+
+ kvm_for_each_vcpu(vcpu_id, vcpu, kvm) {
ret = vgic_vcpu_init_maps(vcpu, nr_irqs);
if (ret) {
kvm_err("VGIC: Failed to allocate vcpu memory\n");
break;
}
- }
- for (i = VGIC_NR_PRIVATE_IRQS; i < dist->nr_irqs; i += 4)
- vgic_set_target_reg(kvm, 0, i);
+ for (i = 0; i < dist->nr_irqs; i++) {
+ if (i < VGIC_NR_PPIS)
+ vgic_bitmap_set_irq_val(&dist->irq_enabled,
+ vcpu->vcpu_id, i, 1);
+ if (i < VGIC_NR_PRIVATE_IRQS)
+ vgic_bitmap_set_irq_val(&dist->irq_cfg,
+ vcpu->vcpu_id, i,
+ VGIC_CFG_EDGE);
+ }
+
+ vgic_enable(vcpu);
+ }
out:
if (ret)
@@ -1878,18 +1866,16 @@ out:
}
/**
- * kvm_vgic_init - Initialize global VGIC state before running any VCPUs
+ * kvm_vgic_map_resources - Configure global VGIC state before running any VCPUs
* @kvm: pointer to the kvm struct
*
* Map the virtual CPU interface into the VM before running any VCPUs. We
* can't do this at creation time, because user space must first set the
- * virtual CPU interface address in the guest physical address space. Also
- * initialize the ITARGETSRn regs to 0 on the emulated distributor.
+ * virtual CPU interface address in the guest physical address space.
*/
-int kvm_vgic_init(struct kvm *kvm)
+int kvm_vgic_map_resources(struct kvm *kvm)
{
- struct kvm_vcpu *vcpu;
- int ret = 0, i;
+ int ret = 0;
if (!irqchip_in_kernel(kvm))
return 0;
@@ -1906,7 +1892,11 @@ int kvm_vgic_init(struct kvm *kvm)
goto out;
}
- ret = vgic_init_maps(kvm);
+ /*
+ * Initialize the vgic if this hasn't already been done on demand by
+ * accessing the vgic state from userspace.
+ */
+ ret = vgic_init(kvm);
if (ret) {
kvm_err("Unable to allocate maps\n");
goto out;
@@ -1920,9 +1910,6 @@ int kvm_vgic_init(struct kvm *kvm)
goto out;
}
- kvm_for_each_vcpu(i, vcpu, kvm)
- kvm_vgic_vcpu_init(vcpu);
-
kvm->arch.vgic.ready = true;
out:
if (ret)
@@ -2167,7 +2154,7 @@ static int vgic_attr_regs_access(struct kvm_device *dev,
mutex_lock(&dev->kvm->lock);
- ret = vgic_init_maps(dev->kvm);
+ ret = vgic_init(dev->kvm);
if (ret)
goto out;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 010/222] arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (8 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 009/222] arm/arm64: KVM: vgic: move reset initialization into vgic_init_maps() Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 011/222] arm/arm64: KVM: vgic: kick the specific vcpu instead of iterating through all Sasha Levin
` (212 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit 716139df2517fbc3f2306dbe8eba0fa88dca0189 upstream.
When the vgic initializes its internal state it does so based on the
number of VCPUs available at the time. If we allow KVM to create more
VCPUs after the VGIC has been initialized, we are likely to error out in
unfortunate ways later, perform buffer overflows etc.
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/kvm/arm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 448314b..546a12e 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -213,6 +213,11 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
int err;
struct kvm_vcpu *vcpu;
+ if (irqchip_in_kernel(kvm) && vgic_initialized(kvm)) {
+ err = -EBUSY;
+ goto out;
+ }
+
vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
if (!vcpu) {
err = -ENOMEM;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 011/222] arm/arm64: KVM: vgic: kick the specific vcpu instead of iterating through all
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (9 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 010/222] arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 012/222] arm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs Sasha Levin
` (211 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Shannon Zhao <zhaoshenglong@huawei.com>
commit 016ed39c54b8a3db680e5c6a43419f806133caf2 upstream.
When call kvm_vgic_inject_irq to inject interrupt, we can known which
vcpu the interrupt for by the irq_num and the cpuid. So we should just
kick this vcpu to avoid iterating through all.
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
virt/kvm/arm/vgic.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index 91e6bfc..12c10f2 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1608,7 +1608,7 @@ static int vgic_validate_injection(struct kvm_vcpu *vcpu, int irq, int level)
}
}
-static bool vgic_update_irq_pending(struct kvm *kvm, int cpuid,
+static int vgic_update_irq_pending(struct kvm *kvm, int cpuid,
unsigned int irq_num, bool level)
{
struct vgic_dist *dist = &kvm->arch.vgic;
@@ -1673,7 +1673,7 @@ static bool vgic_update_irq_pending(struct kvm *kvm, int cpuid,
out:
spin_unlock(&dist->lock);
- return ret;
+ return ret ? cpuid : -EINVAL;
}
/**
@@ -1693,9 +1693,14 @@ out:
int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num,
bool level)
{
- if (likely(vgic_initialized(kvm)) &&
- vgic_update_irq_pending(kvm, cpuid, irq_num, level))
- vgic_kick_vcpus(kvm);
+ int vcpu_id;
+
+ if (likely(vgic_initialized(kvm))) {
+ vcpu_id = vgic_update_irq_pending(kvm, cpuid, irq_num, level);
+ if (vcpu_id >= 0)
+ /* kick the specified vcpu */
+ kvm_vcpu_kick(kvm_get_vcpu(kvm, vcpu_id));
+ }
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 012/222] arm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (10 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 011/222] arm/arm64: KVM: vgic: kick the specific vcpu instead of iterating through all Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 013/222] arm/arm64: KVM: Require in-kernel vgic for the arch timers Sasha Levin
` (210 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit ca7d9c829d419c06e450afa5f785d58198c37caa upstream.
Userspace assumes that it can wire up IRQ injections after having
created all VCPUs and after having created the VGIC, but potentially
before starting the first VCPU. This can currently lead to lost IRQs
because the state of that IRQ injection is not stored anywhere and we
don't return an error to userspace.
We haven't seen this problem manifest itself yet, presumably because
guests reset the devices on boot, but this could cause issues with
migration and other non-standard startup configurations.
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
virt/kvm/arm/vgic.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index 12c10f2..9a8c183 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1693,16 +1693,26 @@ out:
int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num,
bool level)
{
+ int ret = 0;
int vcpu_id;
- if (likely(vgic_initialized(kvm))) {
- vcpu_id = vgic_update_irq_pending(kvm, cpuid, irq_num, level);
- if (vcpu_id >= 0)
- /* kick the specified vcpu */
- kvm_vcpu_kick(kvm_get_vcpu(kvm, vcpu_id));
+ if (unlikely(!vgic_initialized(kvm))) {
+ mutex_lock(&kvm->lock);
+ ret = vgic_init(kvm);
+ mutex_unlock(&kvm->lock);
+
+ if (ret)
+ goto out;
}
- return 0;
+ vcpu_id = vgic_update_irq_pending(kvm, cpuid, irq_num, level);
+ if (vcpu_id >= 0) {
+ /* kick the specified vcpu */
+ kvm_vcpu_kick(kvm_get_vcpu(kvm, vcpu_id));
+ }
+
+out:
+ return ret;
}
static irqreturn_t vgic_maintenance_handler(int irq, void *data)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 013/222] arm/arm64: KVM: Require in-kernel vgic for the arch timers
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (11 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 012/222] arm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 014/222] KVM: arm/arm64: vgic: vgic_init returns -ENODEV when no online vcpu Sasha Levin
` (209 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit 05971120fca43e0357789a14b3386bb56eef2201 upstream.
It is curently possible to run a VM with architected timers support
without creating an in-kernel VGIC, which will result in interrupts from
the virtual timer going nowhere.
To address this issue, move the architected timers initialization to the
time when we run a VCPU for the first time, and then only initialize
(and enable) the architected timers if we have a properly created and
initialized in-kernel VGIC.
When injecting interrupts from the virtual timer to the vgic, the
current setup should ensure that this never calls an on-demand init of
the VGIC, which is the only call path that could return an error from
kvm_vgic_inject_irq(), so capture the return value and raise a warning
if there's an error there.
We also change the kvm_timer_init() function from returning an int to be
a void function, since the function always succeeds.
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/kvm/arm.c | 13 +++++++++++--
include/kvm/arm_arch_timer.h | 10 ++++------
virt/kvm/arm/arch_timer.c | 30 ++++++++++++++++++++++--------
3 files changed, 37 insertions(+), 16 deletions(-)
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 546a12e..20a7a38 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -424,6 +424,7 @@ static void update_vttbr(struct kvm *kvm)
static int kvm_vcpu_first_run_init(struct kvm_vcpu *vcpu)
{
+ struct kvm *kvm = vcpu->kvm;
int ret;
if (likely(vcpu->arch.has_run_once))
@@ -435,12 +436,20 @@ static int kvm_vcpu_first_run_init(struct kvm_vcpu *vcpu)
* Map the VGIC hardware resources before running a vcpu the first
* time on this VM.
*/
- if (unlikely(!vgic_initialized(vcpu->kvm))) {
- ret = kvm_vgic_map_resources(vcpu->kvm);
+ if (unlikely(!vgic_initialized(kvm))) {
+ ret = kvm_vgic_map_resources(kvm);
if (ret)
return ret;
}
+ /*
+ * Enable the arch timers only if we have an in-kernel VGIC
+ * and it has been properly initialized, since we cannot handle
+ * interrupts from the virtual timer with a userspace gic.
+ */
+ if (irqchip_in_kernel(kvm) && vgic_initialized(kvm))
+ kvm_timer_enable(kvm);
+
return 0;
}
diff --git a/include/kvm/arm_arch_timer.h b/include/kvm/arm_arch_timer.h
index ad9db60..b3f45a5 100644
--- a/include/kvm/arm_arch_timer.h
+++ b/include/kvm/arm_arch_timer.h
@@ -60,7 +60,8 @@ struct arch_timer_cpu {
#ifdef CONFIG_KVM_ARM_TIMER
int kvm_timer_hyp_init(void);
-int kvm_timer_init(struct kvm *kvm);
+void kvm_timer_enable(struct kvm *kvm);
+void kvm_timer_init(struct kvm *kvm);
void kvm_timer_vcpu_reset(struct kvm_vcpu *vcpu,
const struct kvm_irq_level *irq);
void kvm_timer_vcpu_init(struct kvm_vcpu *vcpu);
@@ -77,11 +78,8 @@ static inline int kvm_timer_hyp_init(void)
return 0;
};
-static inline int kvm_timer_init(struct kvm *kvm)
-{
- return 0;
-}
-
+static inline void kvm_timer_enable(struct kvm *kvm) {}
+static inline void kvm_timer_init(struct kvm *kvm) {}
static inline void kvm_timer_vcpu_reset(struct kvm_vcpu *vcpu,
const struct kvm_irq_level *irq) {}
static inline void kvm_timer_vcpu_init(struct kvm_vcpu *vcpu) {}
diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c
index 22fa819..1c0772b 100644
--- a/virt/kvm/arm/arch_timer.c
+++ b/virt/kvm/arm/arch_timer.c
@@ -61,12 +61,14 @@ static void timer_disarm(struct arch_timer_cpu *timer)
static void kvm_timer_inject_irq(struct kvm_vcpu *vcpu)
{
+ int ret;
struct arch_timer_cpu *timer = &vcpu->arch.timer_cpu;
timer->cntv_ctl |= ARCH_TIMER_CTRL_IT_MASK;
- kvm_vgic_inject_irq(vcpu->kvm, vcpu->vcpu_id,
- timer->irq->irq,
- timer->irq->level);
+ ret = kvm_vgic_inject_irq(vcpu->kvm, vcpu->vcpu_id,
+ timer->irq->irq,
+ timer->irq->level);
+ WARN_ON(ret);
}
static irqreturn_t kvm_arch_timer_handler(int irq, void *dev_id)
@@ -307,12 +309,24 @@ void kvm_timer_vcpu_terminate(struct kvm_vcpu *vcpu)
timer_disarm(timer);
}
-int kvm_timer_init(struct kvm *kvm)
+void kvm_timer_enable(struct kvm *kvm)
{
- if (timecounter && wqueue) {
- kvm->arch.timer.cntvoff = kvm_phys_timer_read();
+ if (kvm->arch.timer.enabled)
+ return;
+
+ /*
+ * There is a potential race here between VCPUs starting for the first
+ * time, which may be enabling the timer multiple times. That doesn't
+ * hurt though, because we're just setting a variable to the same
+ * variable that it already was. The important thing is that all
+ * VCPUs have the enabled variable set, before entering the guest, if
+ * the arch timers are enabled.
+ */
+ if (timecounter && wqueue)
kvm->arch.timer.enabled = 1;
- }
+}
- return 0;
+void kvm_timer_init(struct kvm *kvm)
+{
+ kvm->arch.timer.cntvoff = kvm_phys_timer_read();
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 014/222] KVM: arm/arm64: vgic: vgic_init returns -ENODEV when no online vcpu
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (12 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 013/222] arm/arm64: KVM: Require in-kernel vgic for the arch timers Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 015/222] arm64: KVM: Fix TLB invalidation by IPA/VMID Sasha Levin
` (208 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Eric Auger <eric.auger@linaro.org>
commit 66b030e48af68fd4c22d343908bc057207a0a31e upstream.
To be more explicit on vgic initialization failure, -ENODEV is
returned by vgic_init when no online vcpus can be found at init.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
virt/kvm/arm/vgic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index 9a8c183..fc82307 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1807,7 +1807,7 @@ static int vgic_init(struct kvm *kvm)
nr_cpus = dist->nr_cpus = atomic_read(&kvm->online_vcpus);
if (!nr_cpus) /* No vcpus? Can't be good... */
- return -EINVAL;
+ return -ENODEV;
/*
* If nobody configured the number of interrupts, use the
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 015/222] arm64: KVM: Fix TLB invalidation by IPA/VMID
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (13 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 014/222] KVM: arm/arm64: vgic: vgic_init returns -ENODEV when no online vcpu Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 016/222] arm64: KVM: Fix HCR setting for 32bit guests Sasha Levin
` (207 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marc Zyngier <marc.zyngier@arm.com>
commit 55e858b75808347378e5117c3c2339f46cc03575 upstream.
It took about two years for someone to notice that the IPA passed
to TLBI IPAS2E1IS must be shifted by 12 bits. Clearly our reviewing
is not as good as it should be...
Paper bag time for me.
Reported-by: Mario Smarduch <m.smarduch@samsung.com>
Tested-by: Mario Smarduch <m.smarduch@samsung.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm64/kvm/hyp.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S
index b72aa9f..a767f6a 100644
--- a/arch/arm64/kvm/hyp.S
+++ b/arch/arm64/kvm/hyp.S
@@ -1014,6 +1014,7 @@ ENTRY(__kvm_tlb_flush_vmid_ipa)
* Instead, we invalidate Stage-2 for this IPA, and the
* whole of Stage-1. Weep...
*/
+ lsr x1, x1, #12
tlbi ipas2e1is, x1
/*
* We have to ensure completion of the invalidation at Stage-2,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 016/222] arm64: KVM: Fix HCR setting for 32bit guests
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (14 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 015/222] arm64: KVM: Fix TLB invalidation by IPA/VMID Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 017/222] arm/arm64: KVM: Invalidate data cache on unmap Sasha Levin
` (206 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marc Zyngier <marc.zyngier@arm.com>
commit 801f6772cecea6cfc7da61aa197716ab64db5f9e upstream.
Commit b856a59141b1 (arm/arm64: KVM: Reset the HCR on each vcpu
when resetting the vcpu) moved the init of the HCR register to
happen later in the init of a vcpu, but left out the fixup
done in kvm_reset_vcpu when preparing for a 32bit guest.
As a result, the 32bit guest is run as a 64bit guest, but the
rest of the kernel still manages it as a 32bit. Fun follows.
Moving the fixup to vcpu_reset_hcr solves the problem for good.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm64/include/asm/kvm_emulate.h | 2 ++
arch/arm64/kvm/reset.c | 1 -
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
index 8127e45..865a7e2 100644
--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@ -41,6 +41,8 @@ void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr);
static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
{
vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;
+ if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features))
+ vcpu->arch.hcr_el2 &= ~HCR_RW;
}
static inline unsigned long *vcpu_pc(const struct kvm_vcpu *vcpu)
diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
index 70a7816..0b43265 100644
--- a/arch/arm64/kvm/reset.c
+++ b/arch/arm64/kvm/reset.c
@@ -90,7 +90,6 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu)
if (!cpu_has_32bit_el1())
return -EINVAL;
cpu_reset = &default_regs_reset32;
- vcpu->arch.hcr_el2 &= ~HCR_RW;
} else {
cpu_reset = &default_regs_reset;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 017/222] arm/arm64: KVM: Invalidate data cache on unmap
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (15 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 016/222] arm64: KVM: Fix HCR setting for 32bit guests Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 018/222] arm/arm64: KVM: Use kernel mapping to perform invalidation on page fault Sasha Levin
` (205 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marc Zyngier <marc.zyngier@arm.com>
commit 363ef89f8e9bcedc28b976d0fe2d858fe139c122 upstream.
Let's assume a guest has created an uncached mapping, and written
to that page. Let's also assume that the host uses a cache-coherent
IO subsystem. Let's finally assume that the host is under memory
pressure and starts to swap things out.
Before this "uncached" page is evicted, we need to make sure
we invalidate potential speculated, clean cache lines that are
sitting there, or the IO subsystem is going to swap out the
cached view, loosing the data that has been written directly
into memory.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 31 +++++++++++++++
arch/arm/kvm/mmu.c | 82 ++++++++++++++++++++++++++++++++--------
arch/arm64/include/asm/kvm_mmu.h | 18 +++++++++
3 files changed, 116 insertions(+), 15 deletions(-)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index 63e0ecc..2f78e22 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -44,6 +44,7 @@
#ifndef __ASSEMBLY__
+#include <linux/highmem.h>
#include <asm/cacheflush.h>
#include <asm/pgalloc.h>
@@ -188,6 +189,36 @@ static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
}
}
+static inline void __kvm_flush_dcache_pte(pte_t pte)
+{
+ void *va = kmap_atomic(pte_page(pte));
+
+ kvm_flush_dcache_to_poc(va, PAGE_SIZE);
+
+ kunmap_atomic(va);
+}
+
+static inline void __kvm_flush_dcache_pmd(pmd_t pmd)
+{
+ unsigned long size = PMD_SIZE;
+ pfn_t pfn = pmd_pfn(pmd);
+
+ while (size) {
+ void *va = kmap_atomic_pfn(pfn);
+
+ kvm_flush_dcache_to_poc(va, PAGE_SIZE);
+
+ pfn++;
+ size -= PAGE_SIZE;
+
+ kunmap_atomic(va);
+ }
+}
+
+static inline void __kvm_flush_dcache_pud(pud_t pud)
+{
+}
+
#define kvm_virt_to_phys(x) virt_to_idmap((unsigned long)(x))
void stage2_flush_vm(struct kvm *kvm);
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 1dc9778..8c66163 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -58,6 +58,26 @@ static void kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa)
kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, kvm, ipa);
}
+/*
+ * D-Cache management functions. They take the page table entries by
+ * value, as they are flushing the cache using the kernel mapping (or
+ * kmap on 32bit).
+ */
+static void kvm_flush_dcache_pte(pte_t pte)
+{
+ __kvm_flush_dcache_pte(pte);
+}
+
+static void kvm_flush_dcache_pmd(pmd_t pmd)
+{
+ __kvm_flush_dcache_pmd(pmd);
+}
+
+static void kvm_flush_dcache_pud(pud_t pud)
+{
+ __kvm_flush_dcache_pud(pud);
+}
+
static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
int min, int max)
{
@@ -119,6 +139,26 @@ static void clear_pmd_entry(struct kvm *kvm, pmd_t *pmd, phys_addr_t addr)
put_page(virt_to_page(pmd));
}
+/*
+ * Unmapping vs dcache management:
+ *
+ * If a guest maps certain memory pages as uncached, all writes will
+ * bypass the data cache and go directly to RAM. However, the CPUs
+ * can still speculate reads (not writes) and fill cache lines with
+ * data.
+ *
+ * Those cache lines will be *clean* cache lines though, so a
+ * clean+invalidate operation is equivalent to an invalidate
+ * operation, because no cache lines are marked dirty.
+ *
+ * Those clean cache lines could be filled prior to an uncached write
+ * by the guest, and the cache coherent IO subsystem would therefore
+ * end up writing old data to disk.
+ *
+ * This is why right after unmapping a page/section and invalidating
+ * the corresponding TLBs, we call kvm_flush_dcache_p*() to make sure
+ * the IO subsystem will never hit in the cache.
+ */
static void unmap_ptes(struct kvm *kvm, pmd_t *pmd,
phys_addr_t addr, phys_addr_t end)
{
@@ -128,9 +168,16 @@ static void unmap_ptes(struct kvm *kvm, pmd_t *pmd,
start_pte = pte = pte_offset_kernel(pmd, addr);
do {
if (!pte_none(*pte)) {
+ pte_t old_pte = *pte;
+
kvm_set_pte(pte, __pte(0));
- put_page(virt_to_page(pte));
kvm_tlb_flush_vmid_ipa(kvm, addr);
+
+ /* No need to invalidate the cache for device mappings */
+ if ((pte_val(old_pte) & PAGE_S2_DEVICE) != PAGE_S2_DEVICE)
+ kvm_flush_dcache_pte(old_pte);
+
+ put_page(virt_to_page(pte));
}
} while (pte++, addr += PAGE_SIZE, addr != end);
@@ -149,8 +196,13 @@ static void unmap_pmds(struct kvm *kvm, pud_t *pud,
next = kvm_pmd_addr_end(addr, end);
if (!pmd_none(*pmd)) {
if (kvm_pmd_huge(*pmd)) {
+ pmd_t old_pmd = *pmd;
+
pmd_clear(pmd);
kvm_tlb_flush_vmid_ipa(kvm, addr);
+
+ kvm_flush_dcache_pmd(old_pmd);
+
put_page(virt_to_page(pmd));
} else {
unmap_ptes(kvm, pmd, addr, next);
@@ -173,8 +225,13 @@ static void unmap_puds(struct kvm *kvm, pgd_t *pgd,
next = kvm_pud_addr_end(addr, end);
if (!pud_none(*pud)) {
if (pud_huge(*pud)) {
+ pud_t old_pud = *pud;
+
pud_clear(pud);
kvm_tlb_flush_vmid_ipa(kvm, addr);
+
+ kvm_flush_dcache_pud(old_pud);
+
put_page(virt_to_page(pud));
} else {
unmap_pmds(kvm, pud, addr, next);
@@ -209,10 +266,9 @@ static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd,
pte = pte_offset_kernel(pmd, addr);
do {
- if (!pte_none(*pte)) {
- hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
- kvm_flush_dcache_to_poc((void*)hva, PAGE_SIZE);
- }
+ if (!pte_none(*pte) &&
+ (pte_val(*pte) & PAGE_S2_DEVICE) != PAGE_S2_DEVICE)
+ kvm_flush_dcache_pte(*pte);
} while (pte++, addr += PAGE_SIZE, addr != end);
}
@@ -226,12 +282,10 @@ static void stage2_flush_pmds(struct kvm *kvm, pud_t *pud,
do {
next = kvm_pmd_addr_end(addr, end);
if (!pmd_none(*pmd)) {
- if (kvm_pmd_huge(*pmd)) {
- hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
- kvm_flush_dcache_to_poc((void*)hva, PMD_SIZE);
- } else {
+ if (kvm_pmd_huge(*pmd))
+ kvm_flush_dcache_pmd(*pmd);
+ else
stage2_flush_ptes(kvm, pmd, addr, next);
- }
}
} while (pmd++, addr = next, addr != end);
}
@@ -246,12 +300,10 @@ static void stage2_flush_puds(struct kvm *kvm, pgd_t *pgd,
do {
next = kvm_pud_addr_end(addr, end);
if (!pud_none(*pud)) {
- if (pud_huge(*pud)) {
- hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
- kvm_flush_dcache_to_poc((void*)hva, PUD_SIZE);
- } else {
+ if (pud_huge(*pud))
+ kvm_flush_dcache_pud(*pud);
+ else
stage2_flush_pmds(kvm, pud, addr, next);
- }
}
} while (pud++, addr = next, addr != end);
}
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 14a74f1..ea1bca2 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -258,6 +258,24 @@ static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
}
}
+static inline void __kvm_flush_dcache_pte(pte_t pte)
+{
+ struct page *page = pte_page(pte);
+ kvm_flush_dcache_to_poc(page_address(page), PAGE_SIZE);
+}
+
+static inline void __kvm_flush_dcache_pmd(pmd_t pmd)
+{
+ struct page *page = pmd_page(pmd);
+ kvm_flush_dcache_to_poc(page_address(page), PMD_SIZE);
+}
+
+static inline void __kvm_flush_dcache_pud(pud_t pud)
+{
+ struct page *page = pud_page(pud);
+ kvm_flush_dcache_to_poc(page_address(page), PUD_SIZE);
+}
+
#define kvm_virt_to_phys(x) __virt_to_phys((unsigned long)(x))
void stage2_flush_vm(struct kvm *kvm);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 018/222] arm/arm64: KVM: Use kernel mapping to perform invalidation on page fault
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (16 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 017/222] arm/arm64: KVM: Invalidate data cache on unmap Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 019/222] ARM: KVM: Fix size check in __coherent_cache_guest_page Sasha Levin
` (204 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marc Zyngier <marc.zyngier@arm.com>
commit 0d3e4d4fade6b04e933b11e69e80044f35e9cd60 upstream.
When handling a fault in stage-2, we need to resync I$ and D$, just
to be sure we don't leave any old cache line behind.
That's very good, except that we do so using the *user* address.
Under heavy load (swapping like crazy), we may end up in a situation
where the page gets mapped in stage-2 while being unmapped from
userspace by another CPU.
At that point, the DC/IC instructions can generate a fault, which
we handle with kvm->mmu_lock held. The box quickly deadlocks, user
is unhappy.
Instead, perform this invalidation through the kernel mapping,
which is guaranteed to be present. The box is much happier, and so
am I.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 43 +++++++++++++++++++++++++++++++---------
arch/arm/kvm/mmu.c | 12 +++++++----
arch/arm64/include/asm/kvm_mmu.h | 13 +++++++-----
3 files changed, 50 insertions(+), 18 deletions(-)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index 2f78e22..f95c124 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -162,13 +162,10 @@ static inline bool vcpu_has_cache_enabled(struct kvm_vcpu *vcpu)
return (vcpu->arch.cp15[c1_SCTLR] & 0b101) == 0b101;
}
-static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
- unsigned long size,
- bool ipa_uncached)
+static inline void __coherent_cache_guest_page(struct kvm_vcpu *vcpu, pfn_t pfn,
+ unsigned long size,
+ bool ipa_uncached)
{
- if (!vcpu_has_cache_enabled(vcpu) || ipa_uncached)
- kvm_flush_dcache_to_poc((void *)hva, size);
-
/*
* If we are going to insert an instruction page and the icache is
* either VIPT or PIPT, there is a potential problem where the host
@@ -180,10 +177,38 @@ static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
*
* VIVT caches are tagged using both the ASID and the VMID and doesn't
* need any kind of flushing (DDI 0406C.b - Page B3-1392).
+ *
+ * We need to do this through a kernel mapping (using the
+ * user-space mapping has proved to be the wrong
+ * solution). For that, we need to kmap one page at a time,
+ * and iterate over the range.
*/
- if (icache_is_pipt()) {
- __cpuc_coherent_user_range(hva, hva + size);
- } else if (!icache_is_vivt_asid_tagged()) {
+
+ bool need_flush = !vcpu_has_cache_enabled(vcpu) || ipa_uncached;
+
+ VM_BUG_ON(size & PAGE_MASK);
+
+ if (!need_flush && !icache_is_pipt())
+ goto vipt_cache;
+
+ while (size) {
+ void *va = kmap_atomic_pfn(pfn);
+
+ if (need_flush)
+ kvm_flush_dcache_to_poc(va, PAGE_SIZE);
+
+ if (icache_is_pipt())
+ __cpuc_coherent_user_range((unsigned long)va,
+ (unsigned long)va + PAGE_SIZE);
+
+ size -= PAGE_SIZE;
+ pfn++;
+
+ kunmap_atomic(va);
+ }
+
+vipt_cache:
+ if (!icache_is_pipt() && !icache_is_vivt_asid_tagged()) {
/* any kind of VIPT cache */
__flush_icache_all();
}
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 8c66163..d78fcd8 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -957,6 +957,12 @@ static bool kvm_is_device_pfn(unsigned long pfn)
return !pfn_valid(pfn);
}
+static void coherent_cache_guest_page(struct kvm_vcpu *vcpu, pfn_t pfn,
+ unsigned long size, bool uncached)
+{
+ __coherent_cache_guest_page(vcpu, pfn, size, uncached);
+}
+
static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
struct kvm_memory_slot *memslot, unsigned long hva,
unsigned long fault_status)
@@ -1046,8 +1052,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
kvm_set_s2pmd_writable(&new_pmd);
kvm_set_pfn_dirty(pfn);
}
- coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE,
- fault_ipa_uncached);
+ coherent_cache_guest_page(vcpu, pfn, PMD_SIZE, fault_ipa_uncached);
ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd);
} else {
pte_t new_pte = pfn_pte(pfn, mem_type);
@@ -1055,8 +1060,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
kvm_set_s2pte_writable(&new_pte);
kvm_set_pfn_dirty(pfn);
}
- coherent_cache_guest_page(vcpu, hva, PAGE_SIZE,
- fault_ipa_uncached);
+ coherent_cache_guest_page(vcpu, pfn, PAGE_SIZE, fault_ipa_uncached);
ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte,
pgprot_val(mem_type) == pgprot_val(PAGE_S2_DEVICE));
}
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index ea1bca2..4788440 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -243,15 +243,18 @@ static inline bool vcpu_has_cache_enabled(struct kvm_vcpu *vcpu)
return (vcpu_sys_reg(vcpu, SCTLR_EL1) & 0b101) == 0b101;
}
-static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
- unsigned long size,
- bool ipa_uncached)
+static inline void __coherent_cache_guest_page(struct kvm_vcpu *vcpu, pfn_t pfn,
+ unsigned long size,
+ bool ipa_uncached)
{
+ void *va = page_address(pfn_to_page(pfn));
+
if (!vcpu_has_cache_enabled(vcpu) || ipa_uncached)
- kvm_flush_dcache_to_poc((void *)hva, size);
+ kvm_flush_dcache_to_poc(va, size);
if (!icache_is_aliasing()) { /* PIPT */
- flush_icache_range(hva, hva + size);
+ flush_icache_range((unsigned long)va,
+ (unsigned long)va + size);
} else if (!icache_is_aivivt()) { /* non ASID-tagged VIVT */
/* any kind of VIPT cache */
__flush_icache_all();
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 019/222] ARM: KVM: Fix size check in __coherent_cache_guest_page
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (17 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 018/222] arm/arm64: KVM: Use kernel mapping to perform invalidation on page fault Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 020/222] arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting Sasha Levin
` (203 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Jan Kiszka <jan.kiszka@siemens.com>
commit a050dfb21cc22ac0c666d52531040c1bc48184cc upstream.
The check is supposed to catch page-unaligned sizes, not the inverse.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index f95c124..d409c9c 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -186,7 +186,7 @@ static inline void __coherent_cache_guest_page(struct kvm_vcpu *vcpu, pfn_t pfn,
bool need_flush = !vcpu_has_cache_enabled(vcpu) || ipa_uncached;
- VM_BUG_ON(size & PAGE_MASK);
+ VM_BUG_ON(size & ~PAGE_MASK);
if (!need_flush && !icache_is_pipt())
goto vipt_cache;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 020/222] arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (18 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 019/222] ARM: KVM: Fix size check in __coherent_cache_guest_page Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 021/222] arm64: KVM: Do not use pgd_index to index stage-2 pgd Sasha Levin
` (202 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marc Zyngier <marc.zyngier@arm.com>
commit a987370f8e7a1677ae385042644326d9cd145a20 upstream.
We're using __get_free_pages with to allocate the guest's stage-2
PGD. The standard behaviour of this function is to return a set of
pages where only the head page has a valid refcount.
This behaviour gets us into trouble when we're trying to increment
the refcount on a non-head page:
page:ffff7c00cfb693c0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x4000000000000000()
page dumped because: VM_BUG_ON_PAGE((*({ __attribute__((unused)) typeof((&page->_count)->counter) __var = ( typeof((&page->_count)->counter)) 0; (volatile typeof((&page->_count)->counter) *)&((&page->_count)->counter); })) <= 0)
BUG: failure at include/linux/mm.h:548/get_page()!
Kernel panic - not syncing: BUG!
CPU: 1 PID: 1695 Comm: kvm-vcpu-0 Not tainted 4.0.0-rc1+ #3825
Hardware name: APM X-Gene Mustang board (DT)
Call trace:
[<ffff80000008a09c>] dump_backtrace+0x0/0x13c
[<ffff80000008a1e8>] show_stack+0x10/0x1c
[<ffff800000691da8>] dump_stack+0x74/0x94
[<ffff800000690d78>] panic+0x100/0x240
[<ffff8000000a0bc4>] stage2_get_pmd+0x17c/0x2bc
[<ffff8000000a1dc4>] kvm_handle_guest_abort+0x4b4/0x6b0
[<ffff8000000a420c>] handle_exit+0x58/0x180
[<ffff80000009e7a4>] kvm_arch_vcpu_ioctl_run+0x114/0x45c
[<ffff800000099df4>] kvm_vcpu_ioctl+0x2e0/0x754
[<ffff8000001c0a18>] do_vfs_ioctl+0x424/0x5c8
[<ffff8000001c0bfc>] SyS_ioctl+0x40/0x78
CPU0: stopping
A possible approach for this is to split the compound page using
split_page() at allocation time, and change the teardown path to
free one page at a time. It turns out that alloc_pages_exact() and
free_pages_exact() does exactly that.
While we're at it, the PGD allocation code is reworked to reduce
duplication.
This has been tested on an X-Gene platform with a 4kB/48bit-VA host
kernel, and kvmtool hacked to place memory in the second page of
the hardware PGD (PUD for the host kernel). Also regression-tested
on a Cubietruck (Cortex-A7).
[ Reworked to use alloc_pages_exact() and free_pages_exact() and to
return pointers directly instead of by reference as arguments
- Christoffer ]
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 10 +++---
arch/arm/kvm/mmu.c | 67 +++++++++++++++++++++++++++++-----------
arch/arm64/include/asm/kvm_mmu.h | 46 +++------------------------
3 files changed, 57 insertions(+), 66 deletions(-)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index d409c9c..f949cb6 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -141,16 +141,14 @@ static inline bool kvm_page_empty(void *ptr)
#define KVM_PREALLOC_LEVEL 0
-static inline int kvm_prealloc_hwpgd(struct kvm *kvm, pgd_t *pgd)
+static inline void *kvm_get_hwpgd(struct kvm *kvm)
{
- return 0;
+ return kvm->arch.pgd;
}
-static inline void kvm_free_hwpgd(struct kvm *kvm) { }
-
-static inline void *kvm_get_hwpgd(struct kvm *kvm)
+static inline unsigned int kvm_get_hwpgd_size(void)
{
- return kvm->arch.pgd;
+ return PTRS_PER_S2_PGD * sizeof(pgd_t);
}
struct kvm;
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index d78fcd8..203c5ac 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -593,6 +593,20 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t phys_addr)
__phys_to_pfn(phys_addr), PAGE_HYP_DEVICE);
}
+/* Free the HW pgd, one page at a time */
+static void kvm_free_hwpgd(void *hwpgd)
+{
+ free_pages_exact(hwpgd, kvm_get_hwpgd_size());
+}
+
+/* Allocate the HW PGD, making sure that each page gets its own refcount */
+static void *kvm_alloc_hwpgd(void)
+{
+ unsigned int size = kvm_get_hwpgd_size();
+
+ return alloc_pages_exact(size, GFP_KERNEL | __GFP_ZERO);
+}
+
/**
* kvm_alloc_stage2_pgd - allocate level-1 table for stage-2 translation.
* @kvm: The KVM struct pointer for the VM.
@@ -606,15 +620,31 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t phys_addr)
*/
int kvm_alloc_stage2_pgd(struct kvm *kvm)
{
- int ret;
pgd_t *pgd;
+ void *hwpgd;
if (kvm->arch.pgd != NULL) {
kvm_err("kvm_arch already initialized?\n");
return -EINVAL;
}
+ hwpgd = kvm_alloc_hwpgd();
+ if (!hwpgd)
+ return -ENOMEM;
+
+ /* When the kernel uses more levels of page tables than the
+ * guest, we allocate a fake PGD and pre-populate it to point
+ * to the next-level page table, which will be the real
+ * initial page table pointed to by the VTTBR.
+ *
+ * When KVM_PREALLOC_LEVEL==2, we allocate a single page for
+ * the PMD and the kernel will use folded pud.
+ * When KVM_PREALLOC_LEVEL==1, we allocate 2 consecutive PUD
+ * pages.
+ */
if (KVM_PREALLOC_LEVEL > 0) {
+ int i;
+
/*
* Allocate fake pgd for the page table manipulation macros to
* work. This is not used by the hardware and we have no
@@ -622,30 +652,32 @@ int kvm_alloc_stage2_pgd(struct kvm *kvm)
*/
pgd = (pgd_t *)kmalloc(PTRS_PER_S2_PGD * sizeof(pgd_t),
GFP_KERNEL | __GFP_ZERO);
+
+ if (!pgd) {
+ kvm_free_hwpgd(hwpgd);
+ return -ENOMEM;
+ }
+
+ /* Plug the HW PGD into the fake one. */
+ for (i = 0; i < PTRS_PER_S2_PGD; i++) {
+ if (KVM_PREALLOC_LEVEL == 1)
+ pgd_populate(NULL, pgd + i,
+ (pud_t *)hwpgd + i * PTRS_PER_PUD);
+ else if (KVM_PREALLOC_LEVEL == 2)
+ pud_populate(NULL, pud_offset(pgd, 0) + i,
+ (pmd_t *)hwpgd + i * PTRS_PER_PMD);
+ }
} else {
/*
* Allocate actual first-level Stage-2 page table used by the
* hardware for Stage-2 page table walks.
*/
- pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, S2_PGD_ORDER);
+ pgd = (pgd_t *)hwpgd;
}
- if (!pgd)
- return -ENOMEM;
-
- ret = kvm_prealloc_hwpgd(kvm, pgd);
- if (ret)
- goto out_err;
-
kvm_clean_pgd(pgd);
kvm->arch.pgd = pgd;
return 0;
-out_err:
- if (KVM_PREALLOC_LEVEL > 0)
- kfree(pgd);
- else
- free_pages((unsigned long)pgd, S2_PGD_ORDER);
- return ret;
}
/**
@@ -746,11 +778,10 @@ void kvm_free_stage2_pgd(struct kvm *kvm)
return;
unmap_stage2_range(kvm, 0, KVM_PHYS_SIZE);
- kvm_free_hwpgd(kvm);
+ kvm_free_hwpgd(kvm_get_hwpgd(kvm));
if (KVM_PREALLOC_LEVEL > 0)
kfree(kvm->arch.pgd);
- else
- free_pages((unsigned long)kvm->arch.pgd, S2_PGD_ORDER);
+
kvm->arch.pgd = NULL;
}
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 4788440..93f1a4c 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -150,43 +150,6 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
#define KVM_PREALLOC_LEVEL (0)
#endif
-/**
- * kvm_prealloc_hwpgd - allocate inital table for VTTBR
- * @kvm: The KVM struct pointer for the VM.
- * @pgd: The kernel pseudo pgd
- *
- * When the kernel uses more levels of page tables than the guest, we allocate
- * a fake PGD and pre-populate it to point to the next-level page table, which
- * will be the real initial page table pointed to by the VTTBR.
- *
- * When KVM_PREALLOC_LEVEL==2, we allocate a single page for the PMD and
- * the kernel will use folded pud. When KVM_PREALLOC_LEVEL==1, we
- * allocate 2 consecutive PUD pages.
- */
-static inline int kvm_prealloc_hwpgd(struct kvm *kvm, pgd_t *pgd)
-{
- unsigned int i;
- unsigned long hwpgd;
-
- if (KVM_PREALLOC_LEVEL == 0)
- return 0;
-
- hwpgd = __get_free_pages(GFP_KERNEL | __GFP_ZERO, PTRS_PER_S2_PGD_SHIFT);
- if (!hwpgd)
- return -ENOMEM;
-
- for (i = 0; i < PTRS_PER_S2_PGD; i++) {
- if (KVM_PREALLOC_LEVEL == 1)
- pgd_populate(NULL, pgd + i,
- (pud_t *)hwpgd + i * PTRS_PER_PUD);
- else if (KVM_PREALLOC_LEVEL == 2)
- pud_populate(NULL, pud_offset(pgd, 0) + i,
- (pmd_t *)hwpgd + i * PTRS_PER_PMD);
- }
-
- return 0;
-}
-
static inline void *kvm_get_hwpgd(struct kvm *kvm)
{
pgd_t *pgd = kvm->arch.pgd;
@@ -203,12 +166,11 @@ static inline void *kvm_get_hwpgd(struct kvm *kvm)
return pmd_offset(pud, 0);
}
-static inline void kvm_free_hwpgd(struct kvm *kvm)
+static inline unsigned int kvm_get_hwpgd_size(void)
{
- if (KVM_PREALLOC_LEVEL > 0) {
- unsigned long hwpgd = (unsigned long)kvm_get_hwpgd(kvm);
- free_pages(hwpgd, PTRS_PER_S2_PGD_SHIFT);
- }
+ if (KVM_PREALLOC_LEVEL > 0)
+ return PTRS_PER_S2_PGD * PAGE_SIZE;
+ return PTRS_PER_S2_PGD * sizeof(pgd_t);
}
static inline bool kvm_page_empty(void *ptr)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 021/222] arm64: KVM: Do not use pgd_index to index stage-2 pgd
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (19 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 020/222] arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 022/222] arm/arm64: KVM: Keep elrsr/aisr in sync with software model Sasha Levin
` (201 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marc Zyngier <marc.zyngier@arm.com>
commit 04b8dc85bf4a64517e3cf20e409eeaa503b15cc1 upstream.
The kernel's pgd_index macro is designed to index a normal, page
sized array. KVM is a bit diffferent, as we can use concatenated
pages to have a bigger address space (for example 40bit IPA with
4kB pages gives us an 8kB PGD.
In the above case, the use of pgd_index will always return an index
inside the first 4kB, which makes a guest that has memory above
0x8000000000 rather unhappy, as it spins forever in a page fault,
whist the host happilly corrupts the lower pgd.
The obvious fix is to get our own kvm_pgd_index that does the right
thing(tm).
Tested on X-Gene with a hacked kvmtool that put memory at a stupidly
high address.
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 3 ++-
arch/arm/kvm/mmu.c | 6 +++---
arch/arm64/include/asm/kvm_mmu.h | 2 ++
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index f949cb6..16d9d78 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -128,13 +128,14 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
(__boundary - 1 < (end) - 1)? __boundary: (end); \
})
+#define kvm_pgd_index(addr) pgd_index(addr)
+
static inline bool kvm_page_empty(void *ptr)
{
struct page *ptr_page = virt_to_page(ptr);
return page_count(ptr_page) == 1;
}
-
#define kvm_pte_table_empty(kvm, ptep) kvm_page_empty(ptep)
#define kvm_pmd_table_empty(kvm, pmdp) kvm_page_empty(pmdp)
#define kvm_pud_table_empty(kvm, pudp) (0)
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 203c5ac..cba52cf 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -251,7 +251,7 @@ static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
phys_addr_t addr = start, end = start + size;
phys_addr_t next;
- pgd = pgdp + pgd_index(addr);
+ pgd = pgdp + kvm_pgd_index(addr);
do {
next = kvm_pgd_addr_end(addr, end);
if (!pgd_none(*pgd))
@@ -316,7 +316,7 @@ static void stage2_flush_memslot(struct kvm *kvm,
phys_addr_t next;
pgd_t *pgd;
- pgd = kvm->arch.pgd + pgd_index(addr);
+ pgd = kvm->arch.pgd + kvm_pgd_index(addr);
do {
next = kvm_pgd_addr_end(addr, end);
stage2_flush_puds(kvm, pgd, addr, next);
@@ -791,7 +791,7 @@ static pud_t *stage2_get_pud(struct kvm *kvm, struct kvm_mmu_memory_cache *cache
pgd_t *pgd;
pud_t *pud;
- pgd = kvm->arch.pgd + pgd_index(addr);
+ pgd = kvm->arch.pgd + kvm_pgd_index(addr);
if (WARN_ON(pgd_none(*pgd))) {
if (!cache)
return NULL;
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 93f1a4c..a205e95 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -137,6 +137,8 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
#define PTRS_PER_S2_PGD (1 << PTRS_PER_S2_PGD_SHIFT)
#define S2_PGD_ORDER get_order(PTRS_PER_S2_PGD * sizeof(pgd_t))
+#define kvm_pgd_index(addr) (((addr) >> PGDIR_SHIFT) & (PTRS_PER_S2_PGD - 1))
+
/*
* If we are concatenating first level stage-2 page tables, we would have less
* than or equal to 16 pointers in the fake PGD, because that's what the
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 022/222] arm/arm64: KVM: Keep elrsr/aisr in sync with software model
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (20 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 021/222] arm64: KVM: Do not use pgd_index to index stage-2 pgd Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 023/222] mlx4: Fix tx ring affinity_mask creation Sasha Levin
` (200 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoffer Dall <christoffer.dall@linaro.org>
commit ae705930fca6322600690df9dc1c7d0516145a93 upstream.
There is an interesting bug in the vgic code, which manifests itself
when the KVM run loop has a signal pending or needs a vmid generation
rollover after having disabled interrupts but before actually switching
to the guest.
In this case, we flush the vgic as usual, but we sync back the vgic
state and exit to userspace before entering the guest. The consequence
is that we will be syncing the list registers back to the software model
using the GICH_ELRSR and GICH_EISR from the last execution of the guest,
potentially overwriting a list register containing an interrupt.
This showed up during migration testing where we would capture a state
where the VM has masked the arch timer but there were no interrupts,
resulting in a hung test.
Cc: Marc Zyngier <marc.zyngier@arm.com>
Reported-by: Alex Bennee <alex.bennee@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/kvm/arm_vgic.h | 1 +
virt/kvm/arm/vgic-v2.c | 8 ++++++++
virt/kvm/arm/vgic-v3.c | 8 ++++++++
virt/kvm/arm/vgic.c | 16 ++++++++++++++++
4 files changed, 33 insertions(+)
diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
index fe9783b..3f73f6c 100644
--- a/include/kvm/arm_vgic.h
+++ b/include/kvm/arm_vgic.h
@@ -113,6 +113,7 @@ struct vgic_ops {
void (*sync_lr_elrsr)(struct kvm_vcpu *, int, struct vgic_lr);
u64 (*get_elrsr)(const struct kvm_vcpu *vcpu);
u64 (*get_eisr)(const struct kvm_vcpu *vcpu);
+ void (*clear_eisr)(struct kvm_vcpu *vcpu);
u32 (*get_interrupt_status)(const struct kvm_vcpu *vcpu);
void (*enable_underflow)(struct kvm_vcpu *vcpu);
void (*disable_underflow)(struct kvm_vcpu *vcpu);
diff --git a/virt/kvm/arm/vgic-v2.c b/virt/kvm/arm/vgic-v2.c
index 2935405..b9d48e8 100644
--- a/virt/kvm/arm/vgic-v2.c
+++ b/virt/kvm/arm/vgic-v2.c
@@ -72,6 +72,8 @@ static void vgic_v2_sync_lr_elrsr(struct kvm_vcpu *vcpu, int lr,
{
if (!(lr_desc.state & LR_STATE_MASK))
vcpu->arch.vgic_cpu.vgic_v2.vgic_elrsr |= (1ULL << lr);
+ else
+ vcpu->arch.vgic_cpu.vgic_v2.vgic_elrsr &= ~(1ULL << lr);
}
static u64 vgic_v2_get_elrsr(const struct kvm_vcpu *vcpu)
@@ -84,6 +86,11 @@ static u64 vgic_v2_get_eisr(const struct kvm_vcpu *vcpu)
return vcpu->arch.vgic_cpu.vgic_v2.vgic_eisr;
}
+static void vgic_v2_clear_eisr(struct kvm_vcpu *vcpu)
+{
+ vcpu->arch.vgic_cpu.vgic_v2.vgic_eisr = 0;
+}
+
static u32 vgic_v2_get_interrupt_status(const struct kvm_vcpu *vcpu)
{
u32 misr = vcpu->arch.vgic_cpu.vgic_v2.vgic_misr;
@@ -148,6 +155,7 @@ static const struct vgic_ops vgic_v2_ops = {
.sync_lr_elrsr = vgic_v2_sync_lr_elrsr,
.get_elrsr = vgic_v2_get_elrsr,
.get_eisr = vgic_v2_get_eisr,
+ .clear_eisr = vgic_v2_clear_eisr,
.get_interrupt_status = vgic_v2_get_interrupt_status,
.enable_underflow = vgic_v2_enable_underflow,
.disable_underflow = vgic_v2_disable_underflow,
diff --git a/virt/kvm/arm/vgic-v3.c b/virt/kvm/arm/vgic-v3.c
index 1c2c8ee..58b8af0 100644
--- a/virt/kvm/arm/vgic-v3.c
+++ b/virt/kvm/arm/vgic-v3.c
@@ -86,6 +86,8 @@ static void vgic_v3_sync_lr_elrsr(struct kvm_vcpu *vcpu, int lr,
{
if (!(lr_desc.state & LR_STATE_MASK))
vcpu->arch.vgic_cpu.vgic_v3.vgic_elrsr |= (1U << lr);
+ else
+ vcpu->arch.vgic_cpu.vgic_v3.vgic_elrsr &= ~(1U << lr);
}
static u64 vgic_v3_get_elrsr(const struct kvm_vcpu *vcpu)
@@ -98,6 +100,11 @@ static u64 vgic_v3_get_eisr(const struct kvm_vcpu *vcpu)
return vcpu->arch.vgic_cpu.vgic_v3.vgic_eisr;
}
+static void vgic_v3_clear_eisr(struct kvm_vcpu *vcpu)
+{
+ vcpu->arch.vgic_cpu.vgic_v3.vgic_eisr = 0;
+}
+
static u32 vgic_v3_get_interrupt_status(const struct kvm_vcpu *vcpu)
{
u32 misr = vcpu->arch.vgic_cpu.vgic_v3.vgic_misr;
@@ -162,6 +169,7 @@ static const struct vgic_ops vgic_v3_ops = {
.sync_lr_elrsr = vgic_v3_sync_lr_elrsr,
.get_elrsr = vgic_v3_get_elrsr,
.get_eisr = vgic_v3_get_eisr,
+ .clear_eisr = vgic_v3_clear_eisr,
.get_interrupt_status = vgic_v3_get_interrupt_status,
.enable_underflow = vgic_v3_enable_underflow,
.disable_underflow = vgic_v3_disable_underflow,
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index fc82307..28347fc 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1219,6 +1219,11 @@ static inline u64 vgic_get_eisr(struct kvm_vcpu *vcpu)
return vgic_ops->get_eisr(vcpu);
}
+static inline void vgic_clear_eisr(struct kvm_vcpu *vcpu)
+{
+ vgic_ops->clear_eisr(vcpu);
+}
+
static inline u32 vgic_get_interrupt_status(struct kvm_vcpu *vcpu)
{
return vgic_ops->get_interrupt_status(vcpu);
@@ -1258,6 +1263,7 @@ static void vgic_retire_lr(int lr_nr, int irq, struct kvm_vcpu *vcpu)
vgic_set_lr(vcpu, lr_nr, vlr);
clear_bit(lr_nr, vgic_cpu->lr_used);
vgic_cpu->vgic_irq_lr_map[irq] = LR_EMPTY;
+ vgic_sync_lr_elrsr(vcpu, lr_nr, vlr);
}
/*
@@ -1313,6 +1319,7 @@ static bool vgic_queue_irq(struct kvm_vcpu *vcpu, u8 sgi_source_id, int irq)
BUG_ON(!test_bit(lr, vgic_cpu->lr_used));
vlr.state |= LR_STATE_PENDING;
vgic_set_lr(vcpu, lr, vlr);
+ vgic_sync_lr_elrsr(vcpu, lr, vlr);
return true;
}
}
@@ -1334,6 +1341,7 @@ static bool vgic_queue_irq(struct kvm_vcpu *vcpu, u8 sgi_source_id, int irq)
vlr.state |= LR_EOI_INT;
vgic_set_lr(vcpu, lr, vlr);
+ vgic_sync_lr_elrsr(vcpu, lr, vlr);
return true;
}
@@ -1502,6 +1510,14 @@ static bool vgic_process_maintenance(struct kvm_vcpu *vcpu)
if (status & INT_STATUS_UNDERFLOW)
vgic_disable_underflow(vcpu);
+ /*
+ * In the next iterations of the vcpu loop, if we sync the vgic state
+ * after flushing it, but before entering the guest (this happens for
+ * pending signals and vmid rollovers), then make sure we don't pick
+ * up any old maintenance interrupts here.
+ */
+ vgic_clear_eisr(vcpu);
+
return level_pending;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 023/222] mlx4: Fix tx ring affinity_mask creation
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (21 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 022/222] arm/arm64: KVM: Keep elrsr/aisr in sync with software model Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 024/222] net/mlx4_en: Schedule napi when RX buffers allocation fails Sasha Levin
` (199 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Benjamin Poirier <bpoirier@suse.de>
[ Upstream commit 42eab005a5dd5d7ea2b0328aecc4d6cc0c23c9c2 ]
By default, the number of tx queues is limited by the number of online cpus
in mlx4_en_get_profile(). However, this limit no longer holds after the
ethtool .set_channels method has been called. In that situation, the driver
may access invalid bits of certain cpumask variables when queue_index >=
nr_cpu_ids.
Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Acked-by: Ido Shamay <idos@mellanox.com>
Fixes: d03a68f ("net/mlx4_en: Configure the XPS queue mapping on driver load")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/ethernet/mellanox/mlx4/en_tx.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
index 11ff28b..142ddd5 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
@@ -137,8 +137,10 @@ int mlx4_en_create_tx_ring(struct mlx4_en_priv *priv,
ring->hwtstamp_tx_type = priv->hwtstamp_config.tx_type;
ring->queue_index = queue_index;
- if (queue_index < priv->num_tx_rings_p_up && cpu_online(queue_index))
- cpumask_set_cpu(queue_index, &ring->affinity_mask);
+ if (queue_index < priv->num_tx_rings_p_up)
+ cpumask_set_cpu_local_first(queue_index,
+ priv->mdev->dev->numa_node,
+ &ring->affinity_mask);
*pring = ring;
return 0;
@@ -205,7 +207,7 @@ int mlx4_en_activate_tx_ring(struct mlx4_en_priv *priv,
err = mlx4_qp_to_ready(mdev->dev, &ring->wqres.mtt, &ring->context,
&ring->qp, &ring->qp_state);
- if (!user_prio && cpu_online(ring->queue_index))
+ if (!cpumask_empty(&ring->affinity_mask))
netif_set_xps_queue(priv->dev, &ring->affinity_mask,
ring->queue_index);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 024/222] net/mlx4_en: Schedule napi when RX buffers allocation fails
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (22 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 023/222] mlx4: Fix tx ring affinity_mask creation Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 025/222] ipv4: Missing sk_nulls_node_init() in ping_unhash() Sasha Levin
` (198 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ido Shamay <idos@mellanox.com>
[ Upstream commit 07841f9d94c11afe00c0498cf242edf4075729f4 ]
When system is out of memory, refilling of RX buffers fails while
the driver continue to pass the received packets to the kernel stack.
At some point, when all RX buffers deplete, driver may fall into a
sleep, and not recover when memory for new RX buffers is once again
availible. This is because hardware does not have valid descriptors,
so no interrupt will be generated for the driver to return to work
in napi context. Fix it by schedule the napi poll function from
stats_task delayed workqueue, as long as the allocations fail.
Signed-off-by: Ido Shamay <idos@mellanox.com>
Signed-off-by: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 1 +
drivers/net/ethernet/mellanox/mlx4/en_rx.c | 26 ++++++++++++++++++++++++--
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 +
3 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
index 0207044..68fef11 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
@@ -1466,6 +1466,7 @@ static void mlx4_en_service_task(struct work_struct *work)
if (mdev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_TS)
mlx4_en_ptp_overflow_check(mdev);
+ mlx4_en_recover_from_oom(priv);
queue_delayed_work(mdev->workqueue, &priv->service_task,
SERVICE_TASK_DELAY);
}
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_rx.c b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
index 01660c5..5bbb59d 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
@@ -237,6 +237,12 @@ static int mlx4_en_prepare_rx_desc(struct mlx4_en_priv *priv,
return mlx4_en_alloc_frags(priv, rx_desc, frags, ring->page_alloc, gfp);
}
+static inline bool mlx4_en_is_ring_empty(struct mlx4_en_rx_ring *ring)
+{
+ BUG_ON((u32)(ring->prod - ring->cons) > ring->actual_size);
+ return ring->prod == ring->cons;
+}
+
static inline void mlx4_en_update_rx_prod_db(struct mlx4_en_rx_ring *ring)
{
*ring->wqres.db.db = cpu_to_be32(ring->prod & 0xffff);
@@ -308,8 +314,7 @@ static void mlx4_en_free_rx_buf(struct mlx4_en_priv *priv,
ring->cons, ring->prod);
/* Unmap and free Rx buffers */
- BUG_ON((u32) (ring->prod - ring->cons) > ring->actual_size);
- while (ring->cons != ring->prod) {
+ while (!mlx4_en_is_ring_empty(ring)) {
index = ring->cons & ring->size_mask;
en_dbg(DRV, priv, "Processing descriptor:%d\n", index);
mlx4_en_free_rx_desc(priv, ring, index);
@@ -484,6 +489,23 @@ err_allocator:
return err;
}
+/* We recover from out of memory by scheduling our napi poll
+ * function (mlx4_en_process_cq), which tries to allocate
+ * all missing RX buffers (call to mlx4_en_refill_rx_buffers).
+ */
+void mlx4_en_recover_from_oom(struct mlx4_en_priv *priv)
+{
+ int ring;
+
+ if (!priv->port_up)
+ return;
+
+ for (ring = 0; ring < priv->rx_ring_num; ring++) {
+ if (mlx4_en_is_ring_empty(priv->rx_ring[ring]))
+ napi_reschedule(&priv->rx_cq[ring]->napi);
+ }
+}
+
void mlx4_en_destroy_rx_ring(struct mlx4_en_priv *priv,
struct mlx4_en_rx_ring **pring,
u32 size, u16 stride)
diff --git a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
index 8fef658..692bd4e 100644
--- a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
+++ b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
@@ -779,6 +779,7 @@ int mlx4_en_activate_tx_ring(struct mlx4_en_priv *priv,
void mlx4_en_deactivate_tx_ring(struct mlx4_en_priv *priv,
struct mlx4_en_tx_ring *ring);
void mlx4_en_set_num_rx_rings(struct mlx4_en_dev *mdev);
+void mlx4_en_recover_from_oom(struct mlx4_en_priv *priv);
int mlx4_en_create_rx_ring(struct mlx4_en_priv *priv,
struct mlx4_en_rx_ring **pring,
u32 size, u16 stride, int node);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 025/222] ipv4: Missing sk_nulls_node_init() in ping_unhash().
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (23 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 024/222] net/mlx4_en: Schedule napi when RX buffers allocation fails Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 026/222] ip_forward: Drop frames with attached skb->sk Sasha Levin
` (197 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit a134f083e79fb4c3d0a925691e732c56911b4326 ]
If we don't do that, then the poison value is left in the ->pprev
backlink.
This can cause crashes if we do a disconnect, followed by a connect().
Tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Wen Xu <hotdog3645@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
net/ipv4/ping.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index a5c49d6..64f4edb 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -158,6 +158,7 @@ void ping_unhash(struct sock *sk)
if (sk_hashed(sk)) {
write_lock_bh(&ping_table.lock);
hlist_nulls_del(&sk->sk_nulls_node);
+ sk_nulls_node_init(&sk->sk_nulls_node);
sock_put(sk);
isk->inet_num = 0;
isk->inet_sport = 0;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 026/222] ip_forward: Drop frames with attached skb->sk
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (24 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 025/222] ipv4: Missing sk_nulls_node_init() in ping_unhash() Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 027/222] net: add skb_checksum_complete_unset Sasha Levin
` (196 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sebastian Pöhn <sebastian.poehn@gmail.com>
[ Upstream commit 2ab957492d13bb819400ac29ae55911d50a82a13 ]
Initial discussion was:
[FYI] xfrm: Don't lookup sk_policy for timewait sockets
Forwarded frames should not have a socket attached. Especially
tw sockets will lead to panics later-on in the stack.
This was observed with TPROXY assigning a tw socket and broken
policy routing (misconfigured). As a result frame enters
forwarding path instead of input. We cannot solve this in
TPROXY as it cannot know that policy routing is broken.
v2:
Remove useless comment
Signed-off-by: Sebastian Poehn <sebastian.poehn@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
net/ipv4/ip_forward.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 787b3c2..d5410b5 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -81,6 +81,9 @@ int ip_forward(struct sk_buff *skb)
if (skb->pkt_type != PACKET_HOST)
goto drop;
+ if (unlikely(skb->sk))
+ goto drop;
+
if (skb_warn_if_lro(skb))
goto drop;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 027/222] net: add skb_checksum_complete_unset
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (25 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 026/222] ip_forward: Drop frames with attached skb->sk Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 028/222] ppp: call skb_checksum_complete_unset in ppp_receive_frame Sasha Levin
` (195 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Tom Herbert <tom@herbertland.com>
[ Upstream commit 4e18b9adf2f910ec4d30b811a74a5b626e6c6125 ]
This function changes ip_summed to CHECKSUM_NONE if CHECKSUM_COMPLETE
is set. This is called to discard checksum-complete when packet
is being modified and checksum is not pulled for headers in a layer.
Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/linux/skbuff.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 6c8b6f6..ab4a319 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -2958,6 +2958,18 @@ static inline bool __skb_checksum_validate_needed(struct sk_buff *skb,
*/
#define CHECKSUM_BREAK 76
+/* Unset checksum-complete
+ *
+ * Unset checksum complete can be done when packet is being modified
+ * (uncompressed for instance) and checksum-complete value is
+ * invalidated.
+ */
+static inline void skb_checksum_complete_unset(struct sk_buff *skb)
+{
+ if (skb->ip_summed == CHECKSUM_COMPLETE)
+ skb->ip_summed = CHECKSUM_NONE;
+}
+
/* Validate (init) checksum based on checksum complete.
*
* Return values:
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 028/222] ppp: call skb_checksum_complete_unset in ppp_receive_frame
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (26 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 027/222] net: add skb_checksum_complete_unset Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 029/222] tcp: fix possible deadlock in tcp_send_fin() Sasha Levin
` (194 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Tom Herbert <tom@herbertland.com>
[ Upstream commit 3dfb05340ec6676e6fc71a9ae87bbbe66d3c2998 ]
Call checksum_complete_unset in PPP receive to discard checksum-complete
value. PPP does not pull checksum for headers and also modifies packet
as in VJ compression.
Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/ppp/ppp_generic.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 794a473..6d6c20c 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -1714,6 +1714,7 @@ ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
{
/* note: a 0-length skb is used as an error indication */
if (skb->len > 0) {
+ skb_checksum_complete_unset(skb);
#ifdef CONFIG_PPP_MULTILINK
/* XXX do channel-level decompression here */
if (PPP_PROTO(skb) == PPP_MP)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 029/222] tcp: fix possible deadlock in tcp_send_fin()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (27 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 028/222] ppp: call skb_checksum_complete_unset in ppp_receive_frame Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 030/222] tcp: avoid looping " Sasha Levin
` (193 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit d83769a580f1132ac26439f50068a29b02be535e ]
Using sk_stream_alloc_skb() in tcp_send_fin() is dangerous in
case a huge process is killed by OOM, and tcp_mem[2] is hit.
To be able to free memory we need to make progress, so this
patch allows FIN packets to not care about tcp_mem[2], if
skb allocation succeeded.
In a follow-up patch, we might abort tcp_send_fin() infinite loop
in case TIF_MEMDIE is set on this thread, as memory allocator
did its best getting extra memory already.
This patch reverts d22e15371811 ("tcp: fix tcp fin memory accounting")
Fixes: d22e15371811 ("tcp: fix tcp fin memory accounting")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
net/ipv4/tcp_output.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 32dcb4e..c253999 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2717,6 +2717,21 @@ begin_fwd:
}
}
+/* We allow to exceed memory limits for FIN packets to expedite
+ * connection tear down and (memory) recovery.
+ * Otherwise tcp_send_fin() could loop forever.
+ */
+static void sk_forced_wmem_schedule(struct sock *sk, int size)
+{
+ int amt, status;
+
+ if (size <= sk->sk_forward_alloc)
+ return;
+ amt = sk_mem_pages(size);
+ sk->sk_forward_alloc += amt * SK_MEM_QUANTUM;
+ sk_memory_allocated_add(sk, amt, &status);
+}
+
/* Send a fin. The caller locks the socket for us. This cannot be
* allowed to fail queueing a FIN frame under any circumstances.
*/
@@ -2739,11 +2754,14 @@ void tcp_send_fin(struct sock *sk)
} else {
/* Socket is locked, keep trying until memory is available. */
for (;;) {
- skb = sk_stream_alloc_skb(sk, 0, sk->sk_allocation);
+ skb = alloc_skb_fclone(MAX_TCP_HEADER,
+ sk->sk_allocation);
if (skb)
break;
yield();
}
+ skb_reserve(skb, MAX_TCP_HEADER);
+ sk_forced_wmem_schedule(sk, skb->truesize);
/* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */
tcp_init_nondata_skb(skb, tp->write_seq,
TCPHDR_ACK | TCPHDR_FIN);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 030/222] tcp: avoid looping in tcp_send_fin()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (28 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 029/222] tcp: fix possible deadlock in tcp_send_fin() Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 031/222] net: do not deplete pfmemalloc reserve Sasha Levin
` (192 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 845704a535e9b3c76448f52af1b70e4422ea03fd ]
Presence of an unbound loop in tcp_send_fin() had always been hard
to explain when analyzing crash dumps involving gigantic dying processes
with millions of sockets.
Lets try a different strategy :
In case of memory pressure, try to add the FIN flag to last packet
in write queue, even if packet was already sent. TCP stack will
be able to deliver this FIN after a timeout event. Note that this
FIN being delivered by a retransmit, it also carries a Push flag
given our current implementation.
By checking sk_under_memory_pressure(), we anticipate that cooking
many FIN packets might deplete tcp memory.
In the case we could not allocate a packet, even with __GFP_WAIT
allocation, then not sending a FIN seems quite reasonable if it allows
to get rid of this socket, free memory, and not block the process from
eventually doing other useful work.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
net/ipv4/tcp_output.c | 50 +++++++++++++++++++++++++++++---------------------
1 file changed, 29 insertions(+), 21 deletions(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index c253999..dc9f925 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2719,7 +2719,8 @@ begin_fwd:
/* We allow to exceed memory limits for FIN packets to expedite
* connection tear down and (memory) recovery.
- * Otherwise tcp_send_fin() could loop forever.
+ * Otherwise tcp_send_fin() could be tempted to either delay FIN
+ * or even be forced to close flow without any FIN.
*/
static void sk_forced_wmem_schedule(struct sock *sk, int size)
{
@@ -2732,33 +2733,40 @@ static void sk_forced_wmem_schedule(struct sock *sk, int size)
sk_memory_allocated_add(sk, amt, &status);
}
-/* Send a fin. The caller locks the socket for us. This cannot be
- * allowed to fail queueing a FIN frame under any circumstances.
+/* Send a FIN. The caller locks the socket for us.
+ * We should try to send a FIN packet really hard, but eventually give up.
*/
void tcp_send_fin(struct sock *sk)
{
+ struct sk_buff *skb, *tskb = tcp_write_queue_tail(sk);
struct tcp_sock *tp = tcp_sk(sk);
- struct sk_buff *skb = tcp_write_queue_tail(sk);
- int mss_now;
- /* Optimization, tack on the FIN if we have a queue of
- * unsent frames. But be careful about outgoing SACKS
- * and IP options.
+ /* Optimization, tack on the FIN if we have one skb in write queue and
+ * this skb was not yet sent, or we are under memory pressure.
+ * Note: in the latter case, FIN packet will be sent after a timeout,
+ * as TCP stack thinks it has already been transmitted.
*/
- mss_now = tcp_current_mss(sk);
-
- if (tcp_send_head(sk) != NULL) {
- TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_FIN;
- TCP_SKB_CB(skb)->end_seq++;
+ if (tskb && (tcp_send_head(sk) || sk_under_memory_pressure(sk))) {
+coalesce:
+ TCP_SKB_CB(tskb)->tcp_flags |= TCPHDR_FIN;
+ TCP_SKB_CB(tskb)->end_seq++;
tp->write_seq++;
+ if (!tcp_send_head(sk)) {
+ /* This means tskb was already sent.
+ * Pretend we included the FIN on previous transmit.
+ * We need to set tp->snd_nxt to the value it would have
+ * if FIN had been sent. This is because retransmit path
+ * does not change tp->snd_nxt.
+ */
+ tp->snd_nxt++;
+ return;
+ }
} else {
- /* Socket is locked, keep trying until memory is available. */
- for (;;) {
- skb = alloc_skb_fclone(MAX_TCP_HEADER,
- sk->sk_allocation);
- if (skb)
- break;
- yield();
+ skb = alloc_skb_fclone(MAX_TCP_HEADER, sk->sk_allocation);
+ if (unlikely(!skb)) {
+ if (tskb)
+ goto coalesce;
+ return;
}
skb_reserve(skb, MAX_TCP_HEADER);
sk_forced_wmem_schedule(sk, skb->truesize);
@@ -2767,7 +2775,7 @@ void tcp_send_fin(struct sock *sk)
TCPHDR_ACK | TCPHDR_FIN);
tcp_queue_skb(sk, skb);
}
- __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_OFF);
+ __tcp_push_pending_frames(sk, tcp_current_mss(sk), TCP_NAGLE_OFF);
}
/* We get here when a process closes a file descriptor (either due to
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 031/222] net: do not deplete pfmemalloc reserve
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (29 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 030/222] tcp: avoid looping " Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 032/222] net: fix crash in build_skb() Sasha Levin
` (191 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 79930f5892e134c6da1254389577fffb8bd72c66 ]
build_skb() should look at the page pfmemalloc status.
If set, this means page allocator allocated this page in the
expectation it would help to free other pages. Networking
stack can do that only if skb->pfmemalloc is also set.
Also, we must refrain using high order pages from the pfmemalloc
reserve, so __page_frag_refill() must also use __GFP_NOMEMALLOC for
them. Under memory pressure, using order-0 pages is probably the best
strategy.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
net/core/skbuff.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 17fd8dc..e278d6b 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -309,7 +309,11 @@ struct sk_buff *build_skb(void *data, unsigned int frag_size)
memset(skb, 0, offsetof(struct sk_buff, tail));
skb->truesize = SKB_TRUESIZE(size);
- skb->head_frag = frag_size != 0;
+ if (frag_size) {
+ skb->head_frag = 1;
+ if (virt_to_head_page(data)->pfmemalloc)
+ skb->pfmemalloc = 1;
+ }
atomic_set(&skb->users, 1);
skb->head = data;
skb->data = data;
@@ -352,7 +356,8 @@ refill:
gfp_t gfp = gfp_mask;
if (order)
- gfp |= __GFP_COMP | __GFP_NOWARN;
+ gfp |= __GFP_COMP | __GFP_NOWARN |
+ __GFP_NOMEMALLOC;
nc->frag.page = alloc_pages(gfp, order);
if (likely(nc->frag.page))
break;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 032/222] net: fix crash in build_skb()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (30 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 031/222] net: do not deplete pfmemalloc reserve Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 033/222] x86/asm/decoder: Fix and enforce max instruction size in the insn decoder Sasha Levin
` (190 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 2ea2f62c8bda242433809c7f4e9eae1c52c40bbe ]
When I added pfmemalloc support in build_skb(), I forgot netlink
was using build_skb() with a vmalloc() area.
In this patch I introduce __build_skb() for netlink use,
and build_skb() is a wrapper handling both skb->head_frag and
skb->pfmemalloc
This means netlink no longer has to hack skb->head_frag
[ 1567.700067] kernel BUG at arch/x86/mm/physaddr.c:26!
[ 1567.700067] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 1567.700067] Dumping ftrace buffer:
[ 1567.700067] (ftrace buffer empty)
[ 1567.700067] Modules linked in:
[ 1567.700067] CPU: 9 PID: 16186 Comm: trinity-c182 Not tainted 4.0.0-next-20150424-sasha-00037-g4796e21 #2167
[ 1567.700067] task: ffff880127efb000 ti: ffff880246770000 task.ti: ffff880246770000
[ 1567.700067] RIP: __phys_addr (arch/x86/mm/physaddr.c:26 (discriminator 3))
[ 1567.700067] RSP: 0018:ffff8802467779d8 EFLAGS: 00010202
[ 1567.700067] RAX: 000041000ed8e000 RBX: ffffc9008ed8e000 RCX: 000000000000002c
[ 1567.700067] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffffb3fd6049
[ 1567.700067] RBP: ffff8802467779f8 R08: 0000000000000019 R09: ffff8801d0168000
[ 1567.700067] R10: ffff8801d01680c7 R11: ffffed003a02d019 R12: ffffc9000ed8e000
[ 1567.700067] R13: 0000000000000f40 R14: 0000000000001180 R15: ffffc9000ed8e000
[ 1567.700067] FS: 00007f2a7da3f700(0000) GS:ffff8801d1000000(0000) knlGS:0000000000000000
[ 1567.700067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1567.700067] CR2: 0000000000738308 CR3: 000000022e329000 CR4: 00000000000007e0
[ 1567.700067] Stack:
[ 1567.700067] ffffc9000ed8e000 ffff8801d0168000 ffffc9000ed8e000 ffff8801d0168000
[ 1567.700067] ffff880246777a28 ffffffffad7c0a21 0000000000001080 ffff880246777c08
[ 1567.700067] ffff88060d302e68 ffff880246777b58 ffff880246777b88 ffffffffad9a6821
[ 1567.700067] Call Trace:
[ 1567.700067] build_skb (include/linux/mm.h:508 net/core/skbuff.c:316)
[ 1567.700067] netlink_sendmsg (net/netlink/af_netlink.c:1633 net/netlink/af_netlink.c:2329)
[ 1567.774369] ? sched_clock_cpu (kernel/sched/clock.c:311)
[ 1567.774369] ? netlink_unicast (net/netlink/af_netlink.c:2273)
[ 1567.774369] ? netlink_unicast (net/netlink/af_netlink.c:2273)
[ 1567.774369] sock_sendmsg (net/socket.c:614 net/socket.c:623)
[ 1567.774369] sock_write_iter (net/socket.c:823)
[ 1567.774369] ? sock_sendmsg (net/socket.c:806)
[ 1567.774369] __vfs_write (fs/read_write.c:479 fs/read_write.c:491)
[ 1567.774369] ? get_lock_stats (kernel/locking/lockdep.c:249)
[ 1567.774369] ? default_llseek (fs/read_write.c:487)
[ 1567.774369] ? vtime_account_user (kernel/sched/cputime.c:701)
[ 1567.774369] ? rw_verify_area (fs/read_write.c:406 (discriminator 4))
[ 1567.774369] vfs_write (fs/read_write.c:539)
[ 1567.774369] SyS_write (fs/read_write.c:586 fs/read_write.c:577)
[ 1567.774369] ? SyS_read (fs/read_write.c:577)
[ 1567.774369] ? __this_cpu_preempt_check (lib/smp_processor_id.c:63)
[ 1567.774369] ? trace_hardirqs_on_caller (kernel/locking/lockdep.c:2594 kernel/locking/lockdep.c:2636)
[ 1567.774369] ? trace_hardirqs_on_thunk (arch/x86/lib/thunk_64.S:42)
[ 1567.774369] system_call_fastpath (arch/x86/kernel/entry_64.S:261)
Fixes: 79930f5892e ("net: do not deplete pfmemalloc reserve")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/linux/skbuff.h | 1 +
net/core/skbuff.c | 31 ++++++++++++++++++++++---------
net/netlink/af_netlink.c | 6 ++----
3 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index ab4a319..522d837 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -772,6 +772,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags,
int node);
+struct sk_buff *__build_skb(void *data, unsigned int frag_size);
struct sk_buff *build_skb(void *data, unsigned int frag_size);
static inline struct sk_buff *alloc_skb(unsigned int size,
gfp_t priority)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index e278d6b..02ebb71 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -278,13 +278,14 @@ nodata:
EXPORT_SYMBOL(__alloc_skb);
/**
- * build_skb - build a network buffer
+ * __build_skb - build a network buffer
* @data: data buffer provided by caller
- * @frag_size: size of fragment, or 0 if head was kmalloced
+ * @frag_size: size of data, or 0 if head was kmalloced
*
* Allocate a new &sk_buff. Caller provides space holding head and
* skb_shared_info. @data must have been allocated by kmalloc() only if
- * @frag_size is 0, otherwise data should come from the page allocator.
+ * @frag_size is 0, otherwise data should come from the page allocator
+ * or vmalloc()
* The return is the new skb buffer.
* On a failure the return is %NULL, and @data is not freed.
* Notes :
@@ -295,7 +296,7 @@ EXPORT_SYMBOL(__alloc_skb);
* before giving packet to stack.
* RX rings only contains data buffers, not full skbs.
*/
-struct sk_buff *build_skb(void *data, unsigned int frag_size)
+struct sk_buff *__build_skb(void *data, unsigned int frag_size)
{
struct skb_shared_info *shinfo;
struct sk_buff *skb;
@@ -309,11 +310,6 @@ struct sk_buff *build_skb(void *data, unsigned int frag_size)
memset(skb, 0, offsetof(struct sk_buff, tail));
skb->truesize = SKB_TRUESIZE(size);
- if (frag_size) {
- skb->head_frag = 1;
- if (virt_to_head_page(data)->pfmemalloc)
- skb->pfmemalloc = 1;
- }
atomic_set(&skb->users, 1);
skb->head = data;
skb->data = data;
@@ -330,6 +326,23 @@ struct sk_buff *build_skb(void *data, unsigned int frag_size)
return skb;
}
+
+/* build_skb() is wrapper over __build_skb(), that specifically
+ * takes care of skb->head and skb->pfmemalloc
+ * This means that if @frag_size is not zero, then @data must be backed
+ * by a page fragment, not kmalloc() or vmalloc()
+ */
+struct sk_buff *build_skb(void *data, unsigned int frag_size)
+{
+ struct sk_buff *skb = __build_skb(data, frag_size);
+
+ if (skb && frag_size) {
+ skb->head_frag = 1;
+ if (virt_to_head_page(data)->pfmemalloc)
+ skb->pfmemalloc = 1;
+ }
+ return skb;
+}
EXPORT_SYMBOL(build_skb);
struct netdev_alloc_cache {
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 79c965a..c0a4187 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1599,13 +1599,11 @@ static struct sk_buff *netlink_alloc_large_skb(unsigned int size,
if (data == NULL)
return NULL;
- skb = build_skb(data, size);
+ skb = __build_skb(data, size);
if (skb == NULL)
vfree(data);
- else {
- skb->head_frag = 0;
+ else
skb->destructor = netlink_skb_destructor;
- }
return skb;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 033/222] x86/asm/decoder: Fix and enforce max instruction size in the insn decoder
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (31 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 032/222] net: fix crash in build_skb() Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 034/222] sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve power savings and to improve performance Sasha Levin
` (189 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Andy Lutomirski <luto@amacapital.net>
[ Upstream commit 91e5ed49fca09c2b83b262b9757d1376ee2b46c3 ]
x86 instructions cannot exceed 15 bytes, and the instruction
decoder should enforce that. Prior to 6ba48ff46f76, the
instruction length limit was implicitly set to 16, which was an
approximation of 15, but there is currently no limit at all.
Fix MAX_INSN_SIZE (it should be 15, not 16), and fix the decoder
to reject instructions that exceed MAX_INSN_SIZE.
Other than potentially confusing some of the decoder sanity
checks, I'm not aware of any actual problems that omitting this
check would cause, nor am I aware of any practical problems
caused by the MAX_INSN_SIZE error.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Fixes: 6ba48ff46f76 ("x86: Remove arbitrary instruction size limit ...
Link: http://lkml.kernel.org/r/f8f0bc9b8c58cfd6830f7d88400bf1396cbdcd0f.1422403511.git.luto@amacapital.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/x86/include/asm/insn.h | 2 +-
arch/x86/lib/insn.c | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/insn.h b/arch/x86/include/asm/insn.h
index 48eb30a..3eabe5c 100644
--- a/arch/x86/include/asm/insn.h
+++ b/arch/x86/include/asm/insn.h
@@ -68,7 +68,7 @@ struct insn {
const insn_byte_t *next_byte;
};
-#define MAX_INSN_SIZE 16
+#define MAX_INSN_SIZE 15
#define X86_MODRM_MOD(modrm) (((modrm) & 0xc0) >> 6)
#define X86_MODRM_REG(modrm) (((modrm) & 0x38) >> 3)
diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
index 54fcffe..d979c5b 100644
--- a/arch/x86/lib/insn.c
+++ b/arch/x86/lib/insn.c
@@ -52,6 +52,13 @@
*/
void insn_init(struct insn *insn, const void *kaddr, int x86_64)
{
+ /*
+ * Instructions longer than MAX_INSN_SIZE (15 bytes) are invalid
+ * even if the input buffer is long enough to hold them.
+ */
+ if (buf_len > MAX_INSN_SIZE)
+ buf_len = MAX_INSN_SIZE;
+
memset(insn, 0, sizeof(*insn));
insn->kaddr = kaddr;
insn->next_byte = kaddr;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 034/222] sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve power savings and to improve performance
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (32 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 033/222] x86/asm/decoder: Fix and enforce max instruction size in the insn decoder Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 035/222] sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs Sasha Levin
` (188 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Len Brown <len.brown@intel.com>
[ Upstream commit b253149b843f89cd300cbdbea27ce1f847506f99 ]
In Linux-3.9 we removed the mwait_idle() loop:
69fb3676df33 ("x86 idle: remove mwait_idle() and "idle=mwait" cmdline param")
The reasoning was that modern machines should be sufficiently
happy during the boot process using the default_idle() HALT
loop, until cpuidle loads and either acpi_idle or intel_idle
invoke the newer MWAIT-with-hints idle loop.
But two machines reported problems:
1. Certain Core2-era machines support MWAIT-C1 and HALT only.
MWAIT-C1 is preferred for optimal power and performance.
But if they support just C1, cpuidle never loads and
so they use the boot-time default idle loop forever.
2. Some laptops will boot-hang if HALT is used,
but will boot successfully if MWAIT is used.
This appears to be a hidden assumption in BIOS SMI,
that is presumably valid on the proprietary OS
where the BIOS was validated.
https://bugzilla.kernel.org/show_bug.cgi?id=60770
So here we effectively revert the patch above, restoring
the mwait_idle() loop. However, we don't bother restoring
the idle=mwait cmdline parameter, since it appears to add
no value.
Maintainer notes:
For 3.9, simply revert 69fb3676df
for 3.10, patch -F3 applies, fuzz needed due to __cpuinit use in
context For 3.11, 3.12, 3.13, this patch applies cleanly
Tested-by: Mike Galbraith <bitbucket@online.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Acked-by: Mike Galbraith <bitbucket@online.de>
Cc: <stable@vger.kernel.org> # 3.9+
Cc: Borislav Petkov <bp@alien8.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ian Malone <ibmalone@gmail.com>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/345254a551eb5a6a866e048d7ab570fd2193aca4.1389763084.git.len.brown@intel.com
[ Ported to recent kernels. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/x86/include/asm/mwait.h | 8 ++++++++
arch/x86/kernel/process.c | 47 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+)
diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h
index a1410db..653dfa7 100644
--- a/arch/x86/include/asm/mwait.h
+++ b/arch/x86/include/asm/mwait.h
@@ -30,6 +30,14 @@ static inline void __mwait(unsigned long eax, unsigned long ecx)
:: "a" (eax), "c" (ecx));
}
+static inline void __sti_mwait(unsigned long eax, unsigned long ecx)
+{
+ trace_hardirqs_on();
+ /* "mwait %eax, %ecx;" */
+ asm volatile("sti; .byte 0x0f, 0x01, 0xc9;"
+ :: "a" (eax), "c" (ecx));
+}
+
/*
* This uses new MONITOR/MWAIT instructions on P4 processors with PNI,
* which can obviate IPI to trigger checking of need_resched.
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index e127dda..da06f74 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -24,6 +24,7 @@
#include <asm/syscalls.h>
#include <asm/idle.h>
#include <asm/uaccess.h>
+#include <asm/mwait.h>
#include <asm/i387.h>
#include <asm/fpu-internal.h>
#include <asm/debugreg.h>
@@ -398,6 +399,49 @@ static void amd_e400_idle(void)
default_idle();
}
+/*
+ * Intel Core2 and older machines prefer MWAIT over HALT for C1.
+ * We can't rely on cpuidle installing MWAIT, because it will not load
+ * on systems that support only C1 -- so the boot default must be MWAIT.
+ *
+ * Some AMD machines are the opposite, they depend on using HALT.
+ *
+ * So for default C1, which is used during boot until cpuidle loads,
+ * use MWAIT-C1 on Intel HW that has it, else use HALT.
+ */
+static int prefer_mwait_c1_over_halt(const struct cpuinfo_x86 *c)
+{
+ if (c->x86_vendor != X86_VENDOR_INTEL)
+ return 0;
+
+ if (!cpu_has(c, X86_FEATURE_MWAIT))
+ return 0;
+
+ return 1;
+}
+
+/*
+ * MONITOR/MWAIT with no hints, used for default default C1 state.
+ * This invokes MWAIT with interrutps enabled and no flags,
+ * which is backwards compatible with the original MWAIT implementation.
+ */
+
+static void mwait_idle(void)
+{
+ if (!need_resched()) {
+ if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR))
+ clflush((void *)¤t_thread_info()->flags);
+
+ __monitor((void *)¤t_thread_info()->flags, 0, 0);
+ smp_mb();
+ if (!need_resched())
+ __sti_mwait(0, 0);
+ else
+ local_irq_enable();
+ } else
+ local_irq_enable();
+}
+
void select_idle_routine(const struct cpuinfo_x86 *c)
{
#ifdef CONFIG_SMP
@@ -411,6 +455,9 @@ void select_idle_routine(const struct cpuinfo_x86 *c)
/* E400: APIC timer interrupt does not wake up CPU from C1e */
pr_info("using AMD E400 aware idle routine\n");
x86_idle = amd_e400_idle;
+ } else if (prefer_mwait_c1_over_halt(c)) {
+ pr_info("using mwait in idle threads\n");
+ x86_idle = mwait_idle;
} else
x86_idle = default_idle;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 035/222] sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (33 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 034/222] sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve power savings and to improve performance Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 036/222] KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save Sasha Levin
` (187 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Mike Galbraith <bitbucket@online.de>
[ Upstream commit f8e617f4582995f7c25ef25b4167213120ad122b ]
To fully take advantage of MWAIT, apparently the CLFLUSH instruction needs
another quirk on certain CPUs: proper barriers around it on certain machines.
On a Q6600 SMP system, pipe-test scheduling performance, cross core,
improves significantly:
3.8.13 487.2 KHz 1.000
3.13.0-master 415.5 KHz .852
3.13.0-master+ 415.2 KHz .852 + restore mwait_idle
3.13.0-master++ 488.5 KHz 1.002 + restore mwait_idle + IPI fix
Since X86_BUG_CLFLUSH_MONITOR is already a quirk, don't create a separate
quirk for the extra smp_mb()s.
Signed-off-by: Mike Galbraith <bitbucket@online.de>
Cc: <stable@vger.kernel.org> # 3.10+
Cc: Borislav Petkov <bp@alien8.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ian Malone <ibmalone@gmail.com>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Len Brown <len.brown@intel.com>
Cc: Len Brown <lenb@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1390061684.5566.4.camel@marge.simpson.net
[ Ported to recent kernel, added comments about the quirk. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/x86/kernel/process.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index da06f74..6ad8a63 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -428,18 +428,22 @@ static int prefer_mwait_c1_over_halt(const struct cpuinfo_x86 *c)
static void mwait_idle(void)
{
- if (!need_resched()) {
- if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR))
+ if (!current_set_polling_and_test()) {
+ if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR)) {
+ smp_mb(); /* quirk */
clflush((void *)¤t_thread_info()->flags);
+ smp_mb(); /* quirk */
+ }
__monitor((void *)¤t_thread_info()->flags, 0, 0);
- smp_mb();
if (!need_resched())
__sti_mwait(0, 0);
else
local_irq_enable();
- } else
+ } else {
local_irq_enable();
+ }
+ __current_clr_polling();
}
void select_idle_routine(const struct cpuinfo_x86 *c)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 036/222] KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (34 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 035/222] sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 037/222] Btrfs: fix log tree corruption when fs mounted with -o discard Sasha Levin
` (186 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Nadav Amit <namit@cs.technion.ac.il>
[ Upstream commit HEAD ]
commit 9e9c3fe40bcd28e3f98f0ad8408435f4503f2781 upstream.
kvm_init_msr_list is currently called before hardware_setup. As a result,
vmx_mpx_supported always returns false when kvm_init_msr_list checks whether to
save MSR_IA32_BNDCFGS.
Move kvm_init_msr_list after vmx_hardware_setup is called to fix this issue.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <1428864435-4732-1-git-send-email-namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 702a71cf592282298395b3359f49a9a985182934)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/x86/kvm/x86.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a38dd81..5369ec6 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5779,7 +5779,6 @@ int kvm_arch_init(void *opaque)
kvm_set_mmio_spte_mask();
kvm_x86_ops = ops;
- kvm_init_msr_list();
kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
PT_DIRTY_MASK, PT64_NX_MASK, 0);
@@ -7210,7 +7209,14 @@ void kvm_arch_hardware_disable(void)
int kvm_arch_hardware_setup(void)
{
- return kvm_x86_ops->hardware_setup();
+ int r;
+
+ r = kvm_x86_ops->hardware_setup();
+ if (r != 0)
+ return r;
+
+ kvm_init_msr_list();
+ return 0;
}
void kvm_arch_hardware_unsetup(void)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 037/222] Btrfs: fix log tree corruption when fs mounted with -o discard
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (35 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 036/222] KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 038/222] btrfs: don't accept bare namespace as a valid xattr Sasha Levin
` (185 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit HEAD ]
commit dcc82f4783ad91d4ab654f89f37ae9291cdc846a upstream.
While committing a transaction we free the log roots before we write the
new super block. Freeing the log roots implies marking the disk location
of every node/leaf (metadata extent) as pinned before the new super block
is written. This is to prevent the disk location of log metadata extents
from being reused before the new super block is written, otherwise we
would have a corrupted log tree if before the new super block is written
a crash/reboot happens and the location of any log tree metadata extent
ended up being reused and rewritten.
Even though we pinned the log tree's metadata extents, we were issuing a
discard against them if the fs was mounted with the -o discard option,
resulting in corruption of the log tree if a crash/reboot happened before
writing the new super block - the next time the fs was mounted, during
the log replay process we would find nodes/leafs of the log btree with
a content full of zeroes, causing the process to fail and require the
use of the tool btrfs-zero-log to wipeout the log tree (and all data
previously fsynced becoming lost forever).
Fix this by not doing a discard when pinning an extent. The discard will
be done later when it's safe (after the new super block is committed) at
extent-tree.c:btrfs_finish_extent_commit().
Fixes: e688b7252f78 (Btrfs: fix extent pinning bugs in the tree log)
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 3909e5a93ed64a186a396c1b7fd1db07e065728f)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/btrfs/extent-tree.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index 4bd5e06..950479f 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -6955,12 +6955,11 @@ static int __btrfs_free_reserved_extent(struct btrfs_root *root,
return -ENOSPC;
}
- if (btrfs_test_opt(root, DISCARD))
- ret = btrfs_discard_extent(root, start, len, NULL);
-
if (pin)
pin_down_extent(root, cache, start, len, 1);
else {
+ if (btrfs_test_opt(root, DISCARD))
+ ret = btrfs_discard_extent(root, start, len, NULL);
btrfs_add_free_space(cache, start, len);
btrfs_update_reserved_bytes(cache, len, RESERVE_FREE, delalloc);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 038/222] btrfs: don't accept bare namespace as a valid xattr
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (36 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 037/222] Btrfs: fix log tree corruption when fs mounted with -o discard Sasha Levin
@ 2015-05-17 1:02 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 039/222] Btrfs: fix inode eviction infinite loop after cloning into it Sasha Levin
` (184 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:02 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: David Sterba <dsterba@suse.cz>
[ Upstream commit HEAD ]
commit 3c3b04d10ff1811a27f86684ccd2f5ba6983211d upstream.
Due to insufficient check in btrfs_is_valid_xattr, this unexpectedly
works:
$ touch file
$ setfattr -n user. -v 1 file
$ getfattr -d file
user.="1"
ie. the missing attribute name after the namespace.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94291
Reported-by: William Douglas <william.douglas@intel.com>
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 1bb2835ed4f8ee186d8110817cf5a96ef9e35ab3)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/btrfs/xattr.c | 53 +++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 39 insertions(+), 14 deletions(-)
diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c
index dcf2013..00eacd8 100644
--- a/fs/btrfs/xattr.c
+++ b/fs/btrfs/xattr.c
@@ -324,22 +324,42 @@ const struct xattr_handler *btrfs_xattr_handlers[] = {
/*
* Check if the attribute is in a supported namespace.
*
- * This applied after the check for the synthetic attributes in the system
+ * This is applied after the check for the synthetic attributes in the system
* namespace.
*/
-static bool btrfs_is_valid_xattr(const char *name)
+static int btrfs_is_valid_xattr(const char *name)
{
- return !strncmp(name, XATTR_SECURITY_PREFIX,
- XATTR_SECURITY_PREFIX_LEN) ||
- !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN) ||
- !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) ||
- !strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) ||
- !strncmp(name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN);
+ int len = strlen(name);
+ int prefixlen = 0;
+
+ if (!strncmp(name, XATTR_SECURITY_PREFIX,
+ XATTR_SECURITY_PREFIX_LEN))
+ prefixlen = XATTR_SECURITY_PREFIX_LEN;
+ else if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
+ prefixlen = XATTR_SYSTEM_PREFIX_LEN;
+ else if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
+ prefixlen = XATTR_TRUSTED_PREFIX_LEN;
+ else if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
+ prefixlen = XATTR_USER_PREFIX_LEN;
+ else if (!strncmp(name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN))
+ prefixlen = XATTR_BTRFS_PREFIX_LEN;
+ else
+ return -EOPNOTSUPP;
+
+ /*
+ * The name cannot consist of just prefix
+ */
+ if (len <= prefixlen)
+ return -EINVAL;
+
+ return 0;
}
ssize_t btrfs_getxattr(struct dentry *dentry, const char *name,
void *buffer, size_t size)
{
+ int ret;
+
/*
* If this is a request for a synthetic attribute in the system.*
* namespace use the generic infrastructure to resolve a handler
@@ -348,8 +368,9 @@ ssize_t btrfs_getxattr(struct dentry *dentry, const char *name,
if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
return generic_getxattr(dentry, name, buffer, size);
- if (!btrfs_is_valid_xattr(name))
- return -EOPNOTSUPP;
+ ret = btrfs_is_valid_xattr(name);
+ if (ret)
+ return ret;
return __btrfs_getxattr(dentry->d_inode, name, buffer, size);
}
@@ -357,6 +378,7 @@ int btrfs_setxattr(struct dentry *dentry, const char *name, const void *value,
size_t size, int flags)
{
struct btrfs_root *root = BTRFS_I(dentry->d_inode)->root;
+ int ret;
/*
* The permission on security.* and system.* is not checked
@@ -373,8 +395,9 @@ int btrfs_setxattr(struct dentry *dentry, const char *name, const void *value,
if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
return generic_setxattr(dentry, name, value, size, flags);
- if (!btrfs_is_valid_xattr(name))
- return -EOPNOTSUPP;
+ ret = btrfs_is_valid_xattr(name);
+ if (ret)
+ return ret;
if (!strncmp(name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN))
return btrfs_set_prop(dentry->d_inode, name,
@@ -390,6 +413,7 @@ int btrfs_setxattr(struct dentry *dentry, const char *name, const void *value,
int btrfs_removexattr(struct dentry *dentry, const char *name)
{
struct btrfs_root *root = BTRFS_I(dentry->d_inode)->root;
+ int ret;
/*
* The permission on security.* and system.* is not checked
@@ -406,8 +430,9 @@ int btrfs_removexattr(struct dentry *dentry, const char *name)
if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
return generic_removexattr(dentry, name);
- if (!btrfs_is_valid_xattr(name))
- return -EOPNOTSUPP;
+ ret = btrfs_is_valid_xattr(name);
+ if (ret)
+ return ret;
if (!strncmp(name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN))
return btrfs_set_prop(dentry->d_inode, name,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 039/222] Btrfs: fix inode eviction infinite loop after cloning into it
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (37 preceding siblings ...)
2015-05-17 1:02 ` [PATCH 3.18 038/222] btrfs: don't accept bare namespace as a valid xattr Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 040/222] Btrfs: fix inode eviction infinite loop after extent_same ioctl Sasha Levin
` (183 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit HEAD ]
commit ccccf3d67294714af2d72a6fd6fd7d73b01c9329 upstream.
If we attempt to clone a 0 length region into a file we can end up
inserting a range in the inode's extent_io tree with a start offset
that is greater then the end offset, which triggers immediately the
following warning:
[ 3914.619057] WARNING: CPU: 17 PID: 4199 at fs/btrfs/extent_io.c:435 insert_state+0x4b/0x10b [btrfs]()
[ 3914.620886] BTRFS: end < start 4095 4096
(...)
[ 3914.638093] Call Trace:
[ 3914.638636] [<ffffffff81425fd9>] dump_stack+0x4c/0x65
[ 3914.639620] [<ffffffff81045390>] warn_slowpath_common+0xa1/0xbb
[ 3914.640789] [<ffffffffa03ca44f>] ? insert_state+0x4b/0x10b [btrfs]
[ 3914.642041] [<ffffffff810453f0>] warn_slowpath_fmt+0x46/0x48
[ 3914.643236] [<ffffffffa03ca44f>] insert_state+0x4b/0x10b [btrfs]
[ 3914.644441] [<ffffffffa03ca729>] __set_extent_bit+0x107/0x3f4 [btrfs]
[ 3914.645711] [<ffffffffa03cb256>] lock_extent_bits+0x65/0x1bf [btrfs]
[ 3914.646914] [<ffffffff8142b2fb>] ? _raw_spin_unlock+0x28/0x33
[ 3914.648058] [<ffffffffa03cbac4>] ? test_range_bit+0xcc/0xde [btrfs]
[ 3914.650105] [<ffffffffa03cb3c3>] lock_extent+0x13/0x15 [btrfs]
[ 3914.651361] [<ffffffffa03db39e>] lock_extent_range+0x3d/0xcd [btrfs]
[ 3914.652761] [<ffffffffa03de1fe>] btrfs_ioctl_clone+0x278/0x388 [btrfs]
[ 3914.654128] [<ffffffff811226dd>] ? might_fault+0x58/0xb5
[ 3914.655320] [<ffffffffa03e0909>] btrfs_ioctl+0xb51/0x2195 [btrfs]
(...)
[ 3914.669271] ---[ end trace 14843d3e2e622fc1 ]---
This later makes the inode eviction handler enter an infinite loop that
keeps dumping the following warning over and over:
[ 3915.117629] WARNING: CPU: 22 PID: 4228 at fs/btrfs/extent_io.c:435 insert_state+0x4b/0x10b [btrfs]()
[ 3915.119913] BTRFS: end < start 4095 4096
(...)
[ 3915.137394] Call Trace:
[ 3915.137913] [<ffffffff81425fd9>] dump_stack+0x4c/0x65
[ 3915.139154] [<ffffffff81045390>] warn_slowpath_common+0xa1/0xbb
[ 3915.140316] [<ffffffffa03ca44f>] ? insert_state+0x4b/0x10b [btrfs]
[ 3915.141505] [<ffffffff810453f0>] warn_slowpath_fmt+0x46/0x48
[ 3915.142709] [<ffffffffa03ca44f>] insert_state+0x4b/0x10b [btrfs]
[ 3915.143849] [<ffffffffa03ca729>] __set_extent_bit+0x107/0x3f4 [btrfs]
[ 3915.145120] [<ffffffffa038c1e3>] ? btrfs_kill_super+0x17/0x23 [btrfs]
[ 3915.146352] [<ffffffff811548f6>] ? deactivate_locked_super+0x3b/0x50
[ 3915.147565] [<ffffffffa03cb256>] lock_extent_bits+0x65/0x1bf [btrfs]
[ 3915.148785] [<ffffffff8142b7e2>] ? _raw_write_unlock+0x28/0x33
[ 3915.149931] [<ffffffffa03bc325>] btrfs_evict_inode+0x196/0x482 [btrfs]
[ 3915.151154] [<ffffffff81168904>] evict+0xa0/0x148
[ 3915.152094] [<ffffffff811689e5>] dispose_list+0x39/0x43
[ 3915.153081] [<ffffffff81169564>] evict_inodes+0xdc/0xeb
[ 3915.154062] [<ffffffff81154418>] generic_shutdown_super+0x49/0xef
[ 3915.155193] [<ffffffff811546d1>] kill_anon_super+0x13/0x1e
[ 3915.156274] [<ffffffffa038c1e3>] btrfs_kill_super+0x17/0x23 [btrfs]
(...)
[ 3915.167404] ---[ end trace 14843d3e2e622fc2 ]---
So just bail out of the clone ioctl if the length of the region to clone
is zero, without locking any extent range, in order to prevent this issue
(same behaviour as a pwrite with a 0 length for example).
This is trivial to reproduce. For example, the steps for the test I just
made for fstests:
mkfs.btrfs -f SCRATCH_DEV
mount SCRATCH_DEV $SCRATCH_MNT
touch $SCRATCH_MNT/foo
touch $SCRATCH_MNT/bar
$CLONER_PROG -s 0 -d 4096 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar
umount $SCRATCH_MNT
A test case for fstests follows soon.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 449b46275ce58e1d3fc20d1efacd0d0369c6070f)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/btrfs/ioctl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 4399f0c..96ea36f 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3654,6 +3654,11 @@ static noinline long btrfs_ioctl_clone(struct file *file, unsigned long srcfd,
if (off + len == src->i_size)
len = ALIGN(src->i_size, bs) - off;
+ if (len == 0) {
+ ret = 0;
+ goto out_unlock;
+ }
+
/* verify the end result is block aligned */
if (!IS_ALIGNED(off, bs) || !IS_ALIGNED(off + len, bs) ||
!IS_ALIGNED(destoff, bs))
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 040/222] Btrfs: fix inode eviction infinite loop after extent_same ioctl
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (38 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 039/222] Btrfs: fix inode eviction infinite loop after cloning into it Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 041/222] usb: gadget: printer: enqueue printer's response for setup request Sasha Levin
` (182 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit HEAD ]
commit 113e8283869b9855c8b999796aadd506bbac155f upstream.
If we pass a length of 0 to the extent_same ioctl, we end up locking an
extent range with a start offset greater then its end offset (if the
destination file's offset is greater than zero). This results in a warning
from extent_io.c:insert_state through the following call chain:
btrfs_extent_same()
btrfs_double_lock()
lock_extent_range()
lock_extent(inode->io_tree, offset, offset + len - 1)
lock_extent_bits()
__set_extent_bit()
insert_state()
--> WARN_ON(end < start)
This leads to an infinite loop when evicting the inode. This is the same
problem that my previous patch titled
"Btrfs: fix inode eviction infinite loop after cloning into it" addressed
but for the extent_same ioctl instead of the clone ioctl.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 9dc106617d5669a6f8d86e08f620dc2fb0413e21)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/btrfs/ioctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 96ea36f..5c414fe 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2925,6 +2925,9 @@ static int btrfs_extent_same(struct inode *src, u64 loff, u64 len,
if (src == dst)
return -EINVAL;
+ if (len == 0)
+ return 0;
+
btrfs_double_lock(src, loff, dst, dst_loff, len);
ret = extent_same_check_offsets(src, loff, len);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 041/222] usb: gadget: printer: enqueue printer's response for setup request
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (39 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 040/222] Btrfs: fix inode eviction infinite loop after extent_same ioctl Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 042/222] KVM: s390: fix handling of write errors in the tpi handler Sasha Levin
` (181 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
[ Upstream commit eb132ccbdec5df46e29c9814adf76075ce83576b ]
Function-specific setup requests should be handled in such a way, that
apart from filling in the data buffer, the requests are also actually
enqueued: if function-specific setup is called from composte_setup(),
the "usb_ep_queue()" block of code in composite_setup() is skipped.
The printer function lacks this part and it results in e.g. get device id
requests failing: the host expects some response, the device prepares it
but does not equeue it for sending to the host, so the host finally asserts
timeout.
This patch adds enqueueing the prepared responses.
Cc: <stable@vger.kernel.org> # v3.4+
Fixes: 2e87edf49227: "usb: gadget: make g_printer use composite"
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/gadget/legacy/printer.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/usb/gadget/legacy/printer.c b/drivers/usb/gadget/legacy/printer.c
index 6474081..c9c6dae 100644
--- a/drivers/usb/gadget/legacy/printer.c
+++ b/drivers/usb/gadget/legacy/printer.c
@@ -980,6 +980,15 @@ unknown:
break;
}
/* host either stalls (value < 0) or reports success */
+ if (value >= 0) {
+ req->length = value;
+ req->zero = value < wLength;
+ value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
+ if (value < 0) {
+ ERROR(dev, "%s:%d Error!\n", __func__, __LINE__);
+ req->status = 0;
+ }
+ }
return value;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 042/222] KVM: s390: fix handling of write errors in the tpi handler
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (40 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 041/222] usb: gadget: printer: enqueue printer's response for setup request Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 043/222] KVM: s390: reinjection of irqs can fail " Sasha Levin
` (180 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: David Hildenbrand <dahi@linux.vnet.ibm.com>
[ Upstream commit 261520dcfcba93ca5dfe671b88ffab038cd940c8 ]
If the I/O interrupt could not be written to the guest provided
area (e.g. access exception), a program exception was injected into the
guest but "inti" wasn't freed, therefore resulting in a memory leak.
In addition, the I/O interrupt wasn't reinjected. Therefore the dequeued
interrupt is lost.
This patch fixes the problem while cleaning up the function and making the
cc and rc logic easier to handle.
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org # 3.16+
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/s390/kvm/priv.c | 40 +++++++++++++++++++++++-----------------
1 file changed, 23 insertions(+), 17 deletions(-)
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index 9c565b6..84c3d7f 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -228,18 +228,19 @@ static int handle_tpi(struct kvm_vcpu *vcpu)
struct kvm_s390_interrupt_info *inti;
unsigned long len;
u32 tpi_data[3];
- int cc, rc;
+ int rc;
u64 addr;
- rc = 0;
addr = kvm_s390_get_base_disp_s(vcpu);
if (addr & 3)
return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
- cc = 0;
+
inti = kvm_s390_get_io_int(vcpu->kvm, vcpu->arch.sie_block->gcr[6], 0);
- if (!inti)
- goto no_interrupt;
- cc = 1;
+ if (!inti) {
+ kvm_s390_set_psw_cc(vcpu, 0);
+ return 0;
+ }
+
tpi_data[0] = inti->io.subchannel_id << 16 | inti->io.subchannel_nr;
tpi_data[1] = inti->io.io_int_parm;
tpi_data[2] = inti->io.io_int_word;
@@ -250,30 +251,35 @@ static int handle_tpi(struct kvm_vcpu *vcpu)
*/
len = sizeof(tpi_data) - 4;
rc = write_guest(vcpu, addr, &tpi_data, len);
- if (rc)
- return kvm_s390_inject_prog_cond(vcpu, rc);
+ if (rc) {
+ rc = kvm_s390_inject_prog_cond(vcpu, rc);
+ goto reinject_interrupt;
+ }
} else {
/*
* Store the three-word I/O interruption code into
* the appropriate lowcore area.
*/
len = sizeof(tpi_data);
- if (write_guest_lc(vcpu, __LC_SUBCHANNEL_ID, &tpi_data, len))
+ if (write_guest_lc(vcpu, __LC_SUBCHANNEL_ID, &tpi_data, len)) {
+ /* failed writes to the low core are not recoverable */
rc = -EFAULT;
+ goto reinject_interrupt;
+ }
}
+
+ /* irq was successfully handed to the guest */
+ kfree(inti);
+ kvm_s390_set_psw_cc(vcpu, 1);
+ return 0;
+reinject_interrupt:
/*
* If we encounter a problem storing the interruption code, the
* instruction is suppressed from the guest's view: reinject the
* interrupt.
*/
- if (!rc)
- kfree(inti);
- else
- kvm_s390_reinject_io_int(vcpu->kvm, inti);
-no_interrupt:
- /* Set condition code and we're done. */
- if (!rc)
- kvm_s390_set_psw_cc(vcpu, cc);
+ kvm_s390_reinject_io_int(vcpu->kvm, inti);
+ /* don't set the cc, a pgm irq was injected or we drop to user space */
return rc ? -EFAULT : 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 043/222] KVM: s390: reinjection of irqs can fail in the tpi handler
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (41 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 042/222] KVM: s390: fix handling of write errors in the tpi handler Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 044/222] KVM: s390: Zero out current VMDB of STSI before including level3 data Sasha Levin
` (179 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: David Hildenbrand <dahi@linux.vnet.ibm.com>
[ Upstream commit 15462e37ca848abac7477dece65f8af25febd744 ]
The reinjection of an I/O interrupt can fail if the list is at the limit
and between the dequeue and the reinjection, another I/O interrupt is
injected (e.g. if user space floods kvm with I/O interrupts).
This patch avoids this memory leak and returns -EFAULT in this special
case. This error is not recoverable, so let's fail hard. This can later
be avoided by not dequeuing the interrupt but working directly on the
locked list.
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org # 3.16+
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/s390/kvm/interrupt.c | 4 ++--
arch/s390/kvm/kvm-s390.h | 4 ++--
arch/s390/kvm/priv.c | 5 ++++-
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index 29e2e5a..da92802 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -930,10 +930,10 @@ int kvm_s390_inject_vm(struct kvm *kvm,
return rc;
}
-void kvm_s390_reinject_io_int(struct kvm *kvm,
+int kvm_s390_reinject_io_int(struct kvm *kvm,
struct kvm_s390_interrupt_info *inti)
{
- __inject_vm(kvm, inti);
+ return __inject_vm(kvm, inti);
}
int kvm_s390_inject_vcpu(struct kvm_vcpu *vcpu,
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 244d023..4c17347 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -148,8 +148,8 @@ int __must_check kvm_s390_inject_vcpu(struct kvm_vcpu *vcpu,
int __must_check kvm_s390_inject_program_int(struct kvm_vcpu *vcpu, u16 code);
struct kvm_s390_interrupt_info *kvm_s390_get_io_int(struct kvm *kvm,
u64 cr6, u64 schid);
-void kvm_s390_reinject_io_int(struct kvm *kvm,
- struct kvm_s390_interrupt_info *inti);
+int kvm_s390_reinject_io_int(struct kvm *kvm,
+ struct kvm_s390_interrupt_info *inti);
int kvm_s390_mask_adapter(struct kvm *kvm, unsigned int id, bool masked);
/* implemented in priv.c */
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index 84c3d7f..69cd0ce 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -278,7 +278,10 @@ reinject_interrupt:
* instruction is suppressed from the guest's view: reinject the
* interrupt.
*/
- kvm_s390_reinject_io_int(vcpu->kvm, inti);
+ if (kvm_s390_reinject_io_int(vcpu->kvm, inti)) {
+ kfree(inti);
+ rc = -EFAULT;
+ }
/* don't set the cc, a pgm irq was injected or we drop to user space */
return rc ? -EFAULT : 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 044/222] KVM: s390: Zero out current VMDB of STSI before including level3 data.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (42 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 043/222] KVM: s390: reinjection of irqs can fail " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 045/222] KVM: s390: no need to hold the kvm->mutex for floating interrupts Sasha Levin
` (178 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ekaterina Tumanova <tumanova@linux.vnet.ibm.com>
[ Upstream commit b75f4c9afac2604feb971441116c07a24ecca1ec ]
s390 documentation requires words 0 and 10-15 to be reserved and stored as
zeros. As we fill out all other fields, we can memset the full structure.
Signed-off-by: Ekaterina Tumanova <tumanova@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/s390/kvm/priv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index 69cd0ce..a30102c 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -470,6 +470,7 @@ static void handle_stsi_3_2_2(struct kvm_vcpu *vcpu, struct sysinfo_3_2_2 *mem)
for (n = mem->count - 1; n > 0 ; n--)
memcpy(&mem->vm[n], &mem->vm[n - 1], sizeof(mem->vm[0]));
+ memset(&mem->vm[0], 0, sizeof(mem->vm[0]));
mem->vm[0].cpus_total = cpus;
mem->vm[0].cpus_configured = cpus;
mem->vm[0].cpus_standby = 0;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 045/222] KVM: s390: no need to hold the kvm->mutex for floating interrupts
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (43 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 044/222] KVM: s390: Zero out current VMDB of STSI before including level3 data Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 046/222] KVM: s390: fix get_all_floating_irqs Sasha Levin
` (177 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christian Borntraeger <borntraeger@de.ibm.com>
[ Upstream commit 69a8d456263849152826542c7cb0a164b90e68a8 ]
The kvm mutex was (probably) used to protect against cpu hotplug.
The current code no longer needs to protect against that, as we only
rely on CPU data structures that are guaranteed to be available
if we can access the CPU. (e.g. vcpu_create will put the cpu
in the array AFTER the cpu is ready).
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/s390/kvm/interrupt.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index da92802..63fafd6 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -784,7 +784,6 @@ struct kvm_s390_interrupt_info *kvm_s390_get_io_int(struct kvm *kvm,
if ((!schid && !cr6) || (schid && cr6))
return NULL;
- mutex_lock(&kvm->lock);
fi = &kvm->arch.float_int;
spin_lock(&fi->lock);
inti = NULL;
@@ -812,7 +811,6 @@ struct kvm_s390_interrupt_info *kvm_s390_get_io_int(struct kvm *kvm,
if (list_empty(&fi->list))
atomic_set(&fi->active, 0);
spin_unlock(&fi->lock);
- mutex_unlock(&kvm->lock);
return inti;
}
@@ -825,7 +823,6 @@ static int __inject_vm(struct kvm *kvm, struct kvm_s390_interrupt_info *inti)
int sigcpu;
int rc = 0;
- mutex_lock(&kvm->lock);
fi = &kvm->arch.float_int;
spin_lock(&fi->lock);
if (fi->irq_count >= KVM_S390_MAX_FLOAT_IRQS) {
@@ -868,7 +865,6 @@ static int __inject_vm(struct kvm *kvm, struct kvm_s390_interrupt_info *inti)
kvm_s390_vcpu_wakeup(kvm_get_vcpu(kvm, sigcpu));
unlock_fi:
spin_unlock(&fi->lock);
- mutex_unlock(&kvm->lock);
return rc;
}
@@ -1029,7 +1025,6 @@ void kvm_s390_clear_float_irqs(struct kvm *kvm)
struct kvm_s390_float_interrupt *fi;
struct kvm_s390_interrupt_info *n, *inti = NULL;
- mutex_lock(&kvm->lock);
fi = &kvm->arch.float_int;
spin_lock(&fi->lock);
list_for_each_entry_safe(inti, n, &fi->list, list) {
@@ -1039,7 +1034,6 @@ void kvm_s390_clear_float_irqs(struct kvm *kvm)
fi->irq_count = 0;
atomic_set(&fi->active, 0);
spin_unlock(&fi->lock);
- mutex_unlock(&kvm->lock);
}
static inline int copy_irq_to_user(struct kvm_s390_interrupt_info *inti,
@@ -1079,7 +1073,6 @@ static int get_all_floating_irqs(struct kvm *kvm, __u8 *buf, __u64 len)
int ret = 0;
int n = 0;
- mutex_lock(&kvm->lock);
fi = &kvm->arch.float_int;
spin_lock(&fi->lock);
@@ -1098,7 +1091,6 @@ static int get_all_floating_irqs(struct kvm *kvm, __u8 *buf, __u64 len)
}
spin_unlock(&fi->lock);
- mutex_unlock(&kvm->lock);
return ret < 0 ? ret : n;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 046/222] KVM: s390: fix get_all_floating_irqs
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (44 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 045/222] KVM: s390: no need to hold the kvm->mutex for floating interrupts Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 047/222] s390/hibernate: fix save and restore of kernel text section Sasha Levin
` (176 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Jens Freimann <jfrei@linux.vnet.ibm.com>
[ Upstream commit 94aa033efcac47b09db22cb561e135baf37b7887 ]
This fixes a bug introduced with commit c05c4186bbe4 ("KVM: s390:
add floating irq controller").
get_all_floating_irqs() does copy_to_user() while holding
a spin lock. Let's fix this by filling a temporary buffer
first and copy it to userspace after giving up the lock.
Cc: <stable@vger.kernel.org> # 3.18+: 69a8d4562638 KVM: s390: no need to hold...
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
Documentation/virtual/kvm/devices/s390_flic.txt | 3 ++
arch/s390/kvm/interrupt.c | 58 ++++++++++++++-----------
2 files changed, 35 insertions(+), 26 deletions(-)
diff --git a/Documentation/virtual/kvm/devices/s390_flic.txt b/Documentation/virtual/kvm/devices/s390_flic.txt
index 4ceef53..d1ad9d5 100644
--- a/Documentation/virtual/kvm/devices/s390_flic.txt
+++ b/Documentation/virtual/kvm/devices/s390_flic.txt
@@ -27,6 +27,9 @@ Groups:
Copies all floating interrupts into a buffer provided by userspace.
When the buffer is too small it returns -ENOMEM, which is the indication
for userspace to try again with a bigger buffer.
+ -ENOBUFS is returned when the allocation of a kernelspace buffer has
+ failed.
+ -EFAULT is returned when copying data to userspace failed.
All interrupts remain pending, i.e. are not deleted from the list of
currently pending interrupts.
attr->addr contains the userspace address of the buffer into which all
diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index 63fafd6..cd6344d 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -16,6 +16,7 @@
#include <linux/mmu_context.h>
#include <linux/signal.h>
#include <linux/slab.h>
+#include <linux/vmalloc.h>
#include <asm/asm-offsets.h>
#include <asm/uaccess.h>
#include "kvm-s390.h"
@@ -1036,61 +1037,66 @@ void kvm_s390_clear_float_irqs(struct kvm *kvm)
spin_unlock(&fi->lock);
}
-static inline int copy_irq_to_user(struct kvm_s390_interrupt_info *inti,
- u8 *addr)
+static void inti_to_irq(struct kvm_s390_interrupt_info *inti,
+ struct kvm_s390_irq *irq)
{
- struct kvm_s390_irq __user *uptr = (struct kvm_s390_irq __user *) addr;
- struct kvm_s390_irq irq = {0};
-
- irq.type = inti->type;
+ irq->type = inti->type;
switch (inti->type) {
case KVM_S390_INT_PFAULT_INIT:
case KVM_S390_INT_PFAULT_DONE:
case KVM_S390_INT_VIRTIO:
case KVM_S390_INT_SERVICE:
- irq.u.ext = inti->ext;
+ irq->u.ext = inti->ext;
break;
case KVM_S390_INT_IO_MIN...KVM_S390_INT_IO_MAX:
- irq.u.io = inti->io;
+ irq->u.io = inti->io;
break;
case KVM_S390_MCHK:
- irq.u.mchk = inti->mchk;
+ irq->u.mchk = inti->mchk;
break;
- default:
- return -EINVAL;
}
-
- if (copy_to_user(uptr, &irq, sizeof(irq)))
- return -EFAULT;
-
- return 0;
}
-static int get_all_floating_irqs(struct kvm *kvm, __u8 *buf, __u64 len)
+static int get_all_floating_irqs(struct kvm *kvm, u8 __user *usrbuf, u64 len)
{
struct kvm_s390_interrupt_info *inti;
struct kvm_s390_float_interrupt *fi;
+ struct kvm_s390_irq *buf;
+ int max_irqs;
int ret = 0;
int n = 0;
+ if (len > KVM_S390_FLIC_MAX_BUFFER || len == 0)
+ return -EINVAL;
+
+ /*
+ * We are already using -ENOMEM to signal
+ * userspace it may retry with a bigger buffer,
+ * so we need to use something else for this case
+ */
+ buf = vzalloc(len);
+ if (!buf)
+ return -ENOBUFS;
+
+ max_irqs = len / sizeof(struct kvm_s390_irq);
+
fi = &kvm->arch.float_int;
spin_lock(&fi->lock);
-
list_for_each_entry(inti, &fi->list, list) {
- if (len < sizeof(struct kvm_s390_irq)) {
+ if (n == max_irqs) {
/* signal userspace to try again */
ret = -ENOMEM;
break;
}
- ret = copy_irq_to_user(inti, buf);
- if (ret)
- break;
- buf += sizeof(struct kvm_s390_irq);
- len -= sizeof(struct kvm_s390_irq);
+ inti_to_irq(inti, &buf[n]);
n++;
}
-
spin_unlock(&fi->lock);
+ if (!ret && n > 0) {
+ if (copy_to_user(usrbuf, buf, sizeof(struct kvm_s390_irq) * n))
+ ret = -EFAULT;
+ }
+ vfree(buf);
return ret < 0 ? ret : n;
}
@@ -1101,7 +1107,7 @@ static int flic_get_attr(struct kvm_device *dev, struct kvm_device_attr *attr)
switch (attr->group) {
case KVM_DEV_FLIC_GET_ALL_IRQS:
- r = get_all_floating_irqs(dev->kvm, (u8 *) attr->addr,
+ r = get_all_floating_irqs(dev->kvm, (u8 __user *) attr->addr,
attr->attr);
break;
default:
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 047/222] s390/hibernate: fix save and restore of kernel text section
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (45 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 046/222] KVM: s390: fix get_all_floating_irqs Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 048/222] KVM: use slowpath for cross page cached accesses Sasha Levin
` (175 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Heiko Carstens <heiko.carstens@de.ibm.com>
[ Upstream commit d74419495633493c9cd3f2bbeb7f3529d0edded6 ]
Sebastian reported a crash caused by a jump label mismatch after resume.
This happens because we do not save the kernel text section during suspend
and therefore also do not restore it during resume, but use the kernel image
that restores the old system.
This means that after a suspend/resume cycle we lost all modifications done
to the kernel text section.
The reason for this is the pfn_is_nosave() function, which incorrectly
returns that read-only pages don't need to be saved. This is incorrect since
we mark the kernel text section read-only.
We still need to make sure to not save and restore pages contained within
NSS and DCSS segment.
To fix this add an extra case for the kernel text section and only save
those pages if they are not contained within an NSS segment.
Fixes the following crash (and the above bugs as well):
Jump label code mismatch at netif_receive_skb_internal+0x28/0xd0
Found: c0 04 00 00 00 00
Expected: c0 f4 00 00 00 11
New: c0 04 00 00 00 00
Kernel panic - not syncing: Corrupted kernel text
CPU: 0 PID: 9 Comm: migration/0 Not tainted 3.19.0-01975-gb1b096e70f23 #4
Call Trace:
[<0000000000113972>] show_stack+0x72/0xf0
[<000000000081f15e>] dump_stack+0x6e/0x90
[<000000000081c4e8>] panic+0x108/0x2b0
[<000000000081be64>] jump_label_bug.isra.2+0x104/0x108
[<0000000000112176>] __jump_label_transform+0x9e/0xd0
[<00000000001121e6>] __sm_arch_jump_label_transform+0x3e/0x50
[<00000000001d1136>] multi_cpu_stop+0x12e/0x170
[<00000000001d1472>] cpu_stopper_thread+0xb2/0x168
[<000000000015d2ac>] smpboot_thread_fn+0x134/0x1b0
[<0000000000158baa>] kthread+0x10a/0x110
[<0000000000824a86>] kernel_thread_starter+0x6/0xc
Reported-and-tested-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/s390/kernel/suspend.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/s390/kernel/suspend.c b/arch/s390/kernel/suspend.c
index 1c4c5ac..d3236c9 100644
--- a/arch/s390/kernel/suspend.c
+++ b/arch/s390/kernel/suspend.c
@@ -138,6 +138,8 @@ int pfn_is_nosave(unsigned long pfn)
{
unsigned long nosave_begin_pfn = PFN_DOWN(__pa(&__nosave_begin));
unsigned long nosave_end_pfn = PFN_DOWN(__pa(&__nosave_end));
+ unsigned long eshared_pfn = PFN_DOWN(__pa(&_eshared)) - 1;
+ unsigned long stext_pfn = PFN_DOWN(__pa(&_stext));
/* Always save lowcore pages (LC protection might be enabled). */
if (pfn <= LC_PAGES)
@@ -145,6 +147,8 @@ int pfn_is_nosave(unsigned long pfn)
if (pfn >= nosave_begin_pfn && pfn < nosave_end_pfn)
return 1;
/* Skip memory holes and read-only pages (NSS, DCSS, ...). */
+ if (pfn >= stext_pfn && pfn <= eshared_pfn)
+ return ipl_info.type == IPL_TYPE_NSS ? 1 : 0;
if (tprot(PFN_PHYS(pfn)))
return 1;
return 0;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 048/222] KVM: use slowpath for cross page cached accesses
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (46 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 047/222] s390/hibernate: fix save and restore of kernel text section Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 049/222] KVM: arm/arm64: check IRQ number on userland injection Sasha Levin
` (174 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Radim Krčmář <rkrcmar@redhat.com>
[ Upstream commit ca3f0874723fad81d0c701b63ae3a17a408d5f25 ]
kvm_write_guest_cached() does not mark all written pages as dirty and
code comments in kvm_gfn_to_hva_cache_init() talk about NULL memslot
with cross page accesses. Fix all the easy way.
The check is '<= 1' to have the same result for 'len = 0' cache anywhere
in the page. (nr_pages_needed is 0 on page boundary.)
Fixes: 8f964525a121 ("KVM: Allow cross page reads and writes from cached translations.")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <20150408121648.GA3519@potion.brq.redhat.com>
Reviewed-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
virt/kvm/kvm_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 272fee8..4e52bb9 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1615,8 +1615,8 @@ int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
ghc->generation = slots->generation;
ghc->len = len;
ghc->memslot = gfn_to_memslot(kvm, start_gfn);
- ghc->hva = gfn_to_hva_many(ghc->memslot, start_gfn, &nr_pages_avail);
- if (!kvm_is_error_hva(ghc->hva) && nr_pages_avail >= nr_pages_needed) {
+ ghc->hva = gfn_to_hva_many(ghc->memslot, start_gfn, NULL);
+ if (!kvm_is_error_hva(ghc->hva) && nr_pages_needed <= 1) {
ghc->hva += offset;
} else {
/*
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 049/222] KVM: arm/arm64: check IRQ number on userland injection
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (47 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 048/222] KVM: use slowpath for cross page cached accesses Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 050/222] MIPS: KVM: Handle MSA Disabled exceptions from guest Sasha Levin
` (173 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit fd1d0ddf2ae92fb3df42ed476939861806c5d785 ]
When userland injects a SPI via the KVM_IRQ_LINE ioctl we currently
only check it against a fixed limit, which historically is set
to 127. With the new dynamic IRQ allocation the effective limit may
actually be smaller (64).
So when now a malicious or buggy userland injects a SPI in that
range, we spill over on our VGIC bitmaps and bytemaps memory.
I could trigger a host kernel NULL pointer dereference with current
mainline by injecting some bogus IRQ number from a hacked kvmtool:
-----------------
....
DEBUG: kvm_vgic_inject_irq(kvm, cpu=0, irq=114, level=1)
DEBUG: vgic_update_irq_pending(kvm, cpu=0, irq=114, level=1)
DEBUG: IRQ #114 still in the game, writing to bytemap now...
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = ffffffc07652e000
[00000000] *pgd=00000000f658b003, *pud=00000000f658b003, *pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 1053 Comm: lkvm-msi-irqinj Not tainted 4.0.0-rc7+ #3027
Hardware name: FVP Base (DT)
task: ffffffc0774e9680 ti: ffffffc0765a8000 task.ti: ffffffc0765a8000
PC is at kvm_vgic_inject_irq+0x234/0x310
LR is at kvm_vgic_inject_irq+0x30c/0x310
pc : [<ffffffc0000ae0a8>] lr : [<ffffffc0000ae180>] pstate: 80000145
.....
So this patch fixes this by checking the SPI number against the
actual limit. Also we remove the former legacy hard limit of
127 in the ioctl code.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
CC: <stable@vger.kernel.org> # 4.0, 3.19, 3.18
[maz: wrap KVM_ARM_IRQ_GIC_MAX with #ifndef __KERNEL__,
as suggested by Christopher Covington]
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/uapi/asm/kvm.h | 8 +++++++-
arch/arm/kvm/arm.c | 3 +--
arch/arm64/include/uapi/asm/kvm.h | 8 +++++++-
virt/kvm/arm/vgic.c | 3 +++
4 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/arch/arm/include/uapi/asm/kvm.h b/arch/arm/include/uapi/asm/kvm.h
index 09ee408..b404cf8 100644
--- a/arch/arm/include/uapi/asm/kvm.h
+++ b/arch/arm/include/uapi/asm/kvm.h
@@ -193,8 +193,14 @@ struct kvm_arch_memory_slot {
#define KVM_ARM_IRQ_CPU_IRQ 0
#define KVM_ARM_IRQ_CPU_FIQ 1
-/* Highest supported SPI, from VGIC_NR_IRQS */
+/*
+ * This used to hold the highest supported SPI, but it is now obsolete
+ * and only here to provide source code level compatibility with older
+ * userland. The highest SPI number can be set via KVM_DEV_ARM_VGIC_GRP_NR_IRQS.
+ */
+#ifndef __KERNEL__
#define KVM_ARM_IRQ_GIC_MAX 127
+#endif
/* PSCI interface */
#define KVM_PSCI_FN_BASE 0x95c1ba5e
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 20a7a38..ed5834e 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -653,8 +653,7 @@ int kvm_vm_ioctl_irq_line(struct kvm *kvm, struct kvm_irq_level *irq_level,
if (!irqchip_in_kernel(kvm))
return -ENXIO;
- if (irq_num < VGIC_NR_PRIVATE_IRQS ||
- irq_num > KVM_ARM_IRQ_GIC_MAX)
+ if (irq_num < VGIC_NR_PRIVATE_IRQS)
return -EINVAL;
return kvm_vgic_inject_irq(kvm, 0, irq_num, level);
diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h
index 8e38878..d9e9822 100644
--- a/arch/arm64/include/uapi/asm/kvm.h
+++ b/arch/arm64/include/uapi/asm/kvm.h
@@ -179,8 +179,14 @@ struct kvm_arch_memory_slot {
#define KVM_ARM_IRQ_CPU_IRQ 0
#define KVM_ARM_IRQ_CPU_FIQ 1
-/* Highest supported SPI, from VGIC_NR_IRQS */
+/*
+ * This used to hold the highest supported SPI, but it is now obsolete
+ * and only here to provide source code level compatibility with older
+ * userland. The highest SPI number can be set via KVM_DEV_ARM_VGIC_GRP_NR_IRQS.
+ */
+#ifndef __KERNEL__
#define KVM_ARM_IRQ_GIC_MAX 127
+#endif
/* PSCI interface */
#define KVM_PSCI_FN_BASE 0x95c1ba5e
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index 28347fc..5f67fad 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1721,6 +1721,9 @@ int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num,
goto out;
}
+ if (irq_num >= kvm->arch.vgic.nr_irqs)
+ return -EINVAL;
+
vcpu_id = vgic_update_irq_pending(kvm, cpuid, irq_num, level);
if (vcpu_id >= 0) {
/* kick the specified vcpu */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 050/222] MIPS: KVM: Handle MSA Disabled exceptions from guest
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (48 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 049/222] KVM: arm/arm64: check IRQ number on userland injection Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 051/222] MIPS: lose_fpu(): Disable FPU when MSA enabled Sasha Levin
` (172 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: James Hogan <james.hogan@imgtec.com>
[ Upstream commit 98119ad53376885819d93dfb8737b6a9a61ca0ba ]
Guest user mode can generate a guest MSA Disabled exception on an MSA
capable core by simply trying to execute an MSA instruction. Since this
exception is unknown to KVM it will be passed on to the guest kernel.
However guest Linux kernels prior to v3.15 do not set up an exception
handler for the MSA Disabled exception as they don't support any MSA
capable cores. This results in a guest OS panic.
Since an older processor ID may be being emulated, and MSA support is
not advertised to the guest, the correct behaviour is to generate a
Reserved Instruction exception in the guest kernel so it can send the
guest process an illegal instruction signal (SIGILL), as would happen
with a non-MSA-capable core.
Fix this as minimally as reasonably possible by preventing
kvm_mips_check_privilege() from relaying MSA Disabled exceptions from
guest user mode to the guest kernel, and handling the MSA Disabled
exception by emulating a Reserved Instruction exception in the guest,
via a new handle_msa_disabled() KVM callback.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Gleb Natapov <gleb@kernel.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/include/asm/kvm_host.h | 2 ++
arch/mips/kvm/emulate.c | 1 +
arch/mips/kvm/mips.c | 4 ++++
arch/mips/kvm/trap_emul.c | 28 ++++++++++++++++++++++++++++
4 files changed, 35 insertions(+)
diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index f2c2497..4e3205a 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -321,6 +321,7 @@ enum mips_mmu_types {
#define T_TRAP 13 /* Trap instruction */
#define T_VCEI 14 /* Virtual coherency exception */
#define T_FPE 15 /* Floating point exception */
+#define T_MSADIS 21 /* MSA disabled exception */
#define T_WATCH 23 /* Watch address reference */
#define T_VCED 31 /* Virtual coherency data */
@@ -577,6 +578,7 @@ struct kvm_mips_callbacks {
int (*handle_syscall)(struct kvm_vcpu *vcpu);
int (*handle_res_inst)(struct kvm_vcpu *vcpu);
int (*handle_break)(struct kvm_vcpu *vcpu);
+ int (*handle_msa_disabled)(struct kvm_vcpu *vcpu);
int (*vm_init)(struct kvm *kvm);
int (*vcpu_init)(struct kvm_vcpu *vcpu);
int (*vcpu_setup)(struct kvm_vcpu *vcpu);
diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c
index fb3e8df..838d3a6 100644
--- a/arch/mips/kvm/emulate.c
+++ b/arch/mips/kvm/emulate.c
@@ -2176,6 +2176,7 @@ enum emulation_result kvm_mips_check_privilege(unsigned long cause,
case T_SYSCALL:
case T_BREAK:
case T_RES_INST:
+ case T_MSADIS:
break;
case T_COP_UNUSABLE:
diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
index 270bbd4..39074fb 100644
--- a/arch/mips/kvm/mips.c
+++ b/arch/mips/kvm/mips.c
@@ -1119,6 +1119,10 @@ int kvm_mips_handle_exit(struct kvm_run *run, struct kvm_vcpu *vcpu)
ret = kvm_mips_callbacks->handle_break(vcpu);
break;
+ case T_MSADIS:
+ ret = kvm_mips_callbacks->handle_msa_disabled(vcpu);
+ break;
+
default:
kvm_err("Exception Code: %d, not yet handled, @ PC: %p, inst: 0x%08x BadVaddr: %#lx Status: %#lx\n",
exccode, opc, kvm_get_inst(opc, vcpu), badvaddr,
diff --git a/arch/mips/kvm/trap_emul.c b/arch/mips/kvm/trap_emul.c
index fd7257b..4372cc8 100644
--- a/arch/mips/kvm/trap_emul.c
+++ b/arch/mips/kvm/trap_emul.c
@@ -330,6 +330,33 @@ static int kvm_trap_emul_handle_break(struct kvm_vcpu *vcpu)
return ret;
}
+static int kvm_trap_emul_handle_msa_disabled(struct kvm_vcpu *vcpu)
+{
+ struct kvm_run *run = vcpu->run;
+ uint32_t __user *opc = (uint32_t __user *) vcpu->arch.pc;
+ unsigned long cause = vcpu->arch.host_cp0_cause;
+ enum emulation_result er = EMULATE_DONE;
+ int ret = RESUME_GUEST;
+
+ /* No MSA supported in guest, guest reserved instruction exception */
+ er = kvm_mips_emulate_ri_exc(cause, opc, run, vcpu);
+
+ switch (er) {
+ case EMULATE_DONE:
+ ret = RESUME_GUEST;
+ break;
+
+ case EMULATE_FAIL:
+ run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ ret = RESUME_HOST;
+ break;
+
+ default:
+ BUG();
+ }
+ return ret;
+}
+
static int kvm_trap_emul_vm_init(struct kvm *kvm)
{
return 0;
@@ -470,6 +497,7 @@ static struct kvm_mips_callbacks kvm_trap_emul_callbacks = {
.handle_syscall = kvm_trap_emul_handle_syscall,
.handle_res_inst = kvm_trap_emul_handle_res_inst,
.handle_break = kvm_trap_emul_handle_break,
+ .handle_msa_disabled = kvm_trap_emul_handle_msa_disabled,
.vm_init = kvm_trap_emul_vm_init,
.vcpu_init = kvm_trap_emul_vcpu_init,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 051/222] MIPS: lose_fpu(): Disable FPU when MSA enabled
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (49 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 050/222] MIPS: KVM: Handle MSA Disabled exceptions from guest Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 052/222] MIPS: Malta: Detect and fix bad memsize values Sasha Levin
` (171 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: James Hogan <james.hogan@imgtec.com>
[ Upstream commit f8483988cadd7dd22de928db29ed3bcbe02faf78 ]
The lose_fpu() function only disables the FPU in CP0_Status.CU1 if the
FPU is in use and MSA isn't enabled.
This isn't necessarily a problem because KSTK_STATUS(current), the
version of CP0_Status stored on the kernel stack on entry from user
mode, does always get updated and gets restored when returning to user
mode, but I don't think it was intended, and it is inconsistent with the
case of only the FPU being in use. Sometimes leaving the FPU enabled may
also mask kernel bugs where FPU operations are executed when the FPU
might not be enabled.
So lets disable the FPU in the MSA case too.
Fixes: 33c771ba5c5d ("MIPS: save/disable MSA in lose_fpu")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9323/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/include/asm/fpu.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/mips/include/asm/fpu.h b/arch/mips/include/asm/fpu.h
index dd56241..99f71e8 100644
--- a/arch/mips/include/asm/fpu.h
+++ b/arch/mips/include/asm/fpu.h
@@ -150,6 +150,7 @@ static inline void lose_fpu(int save)
}
disable_msa();
clear_thread_flag(TIF_USEDMSA);
+ __disable_fpu();
} else if (is_fpu_owner()) {
if (save)
_save_fp(current);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 052/222] MIPS: Malta: Detect and fix bad memsize values
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (50 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 051/222] MIPS: lose_fpu(): Disable FPU when MSA enabled Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 053/222] MIPS: asm: asm-eva: Introduce kernel load/store variants Sasha Levin
` (170 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Markos Chandras <markos.chandras@imgtec.com>
[ Upstream commit f7f8aea4b97c4d48e42f02cb37026bee445f239f ]
memsize denotes the amount of RAM we can access from kseg{0,1} and
that should be up to 256M. In case the bootloader reports a value
higher than that (perhaps reporting all the available RAM) it's best
if we fix it ourselves and just warn the user about that. This is
usually a problem with the bootloader and/or its environment.
[ralf@linux-mips.org: Remove useless parens as suggested bei Sergei.
Reformat long pr_warn statement to fit into 80 column limit.]
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: <stable@vger.kernel.org> # v3.15+
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9362/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/mti-malta/malta-memory.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/mips/mti-malta/malta-memory.c b/arch/mips/mti-malta/malta-memory.c
index 8fddd2cd..efe366d 100644
--- a/arch/mips/mti-malta/malta-memory.c
+++ b/arch/mips/mti-malta/malta-memory.c
@@ -53,6 +53,12 @@ fw_memblock_t * __init fw_getmdesc(int eva)
pr_warn("memsize not set in YAMON, set to default (32Mb)\n");
physical_memsize = 0x02000000;
} else {
+ if (memsize > (256 << 20)) { /* memsize should be capped to 256M */
+ pr_warn("Unsupported memsize value (0x%lx) detected! "
+ "Using 0x10000000 (256M) instead\n",
+ memsize);
+ memsize = 256 << 20;
+ }
/* If ememsize is set, then set physical_memsize to that */
physical_memsize = ememsize ? : memsize;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 053/222] MIPS: asm: asm-eva: Introduce kernel load/store variants
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (51 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 052/222] MIPS: Malta: Detect and fix bad memsize values Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 054/222] MIPS: Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction Sasha Levin
` (169 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Markos Chandras <markos.chandras@imgtec.com>
[ Upstream commit 60cd7e08e453bc6828ac4b539f949e4acd80f143 ]
Introduce new macros for kernel load/store variants which will be
used to perform regular kernel space load/store operations in EVA
mode.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: <stable@vger.kernel.org> # v3.15+
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9500/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/include/asm/asm-eva.h | 137 +++++++++++++++++++++++++++-------------
1 file changed, 93 insertions(+), 44 deletions(-)
diff --git a/arch/mips/include/asm/asm-eva.h b/arch/mips/include/asm/asm-eva.h
index e41c56e..1e38f0e 100644
--- a/arch/mips/include/asm/asm-eva.h
+++ b/arch/mips/include/asm/asm-eva.h
@@ -11,6 +11,36 @@
#define __ASM_ASM_EVA_H
#ifndef __ASSEMBLY__
+
+/* Kernel variants */
+
+#define kernel_cache(op, base) "cache " op ", " base "\n"
+#define kernel_ll(reg, addr) "ll " reg ", " addr "\n"
+#define kernel_sc(reg, addr) "sc " reg ", " addr "\n"
+#define kernel_lw(reg, addr) "lw " reg ", " addr "\n"
+#define kernel_lwl(reg, addr) "lwl " reg ", " addr "\n"
+#define kernel_lwr(reg, addr) "lwr " reg ", " addr "\n"
+#define kernel_lh(reg, addr) "lh " reg ", " addr "\n"
+#define kernel_lb(reg, addr) "lb " reg ", " addr "\n"
+#define kernel_lbu(reg, addr) "lbu " reg ", " addr "\n"
+#define kernel_sw(reg, addr) "sw " reg ", " addr "\n"
+#define kernel_swl(reg, addr) "swl " reg ", " addr "\n"
+#define kernel_swr(reg, addr) "swr " reg ", " addr "\n"
+#define kernel_sh(reg, addr) "sh " reg ", " addr "\n"
+#define kernel_sb(reg, addr) "sb " reg ", " addr "\n"
+
+#ifdef CONFIG_32BIT
+/*
+ * No 'sd' or 'ld' instructions in 32-bit but the code will
+ * do the correct thing
+ */
+#define kernel_sd(reg, addr) user_sw(reg, addr)
+#define kernel_ld(reg, addr) user_lw(reg, addr)
+#else
+#define kernel_sd(reg, addr) "sd " reg", " addr "\n"
+#define kernel_ld(reg, addr) "ld " reg", " addr "\n"
+#endif /* CONFIG_32BIT */
+
#ifdef CONFIG_EVA
#define __BUILD_EVA_INSN(insn, reg, addr) \
@@ -41,37 +71,60 @@
#else
-#define user_cache(op, base) "cache " op ", " base "\n"
-#define user_ll(reg, addr) "ll " reg ", " addr "\n"
-#define user_sc(reg, addr) "sc " reg ", " addr "\n"
-#define user_lw(reg, addr) "lw " reg ", " addr "\n"
-#define user_lwl(reg, addr) "lwl " reg ", " addr "\n"
-#define user_lwr(reg, addr) "lwr " reg ", " addr "\n"
-#define user_lh(reg, addr) "lh " reg ", " addr "\n"
-#define user_lb(reg, addr) "lb " reg ", " addr "\n"
-#define user_lbu(reg, addr) "lbu " reg ", " addr "\n"
-#define user_sw(reg, addr) "sw " reg ", " addr "\n"
-#define user_swl(reg, addr) "swl " reg ", " addr "\n"
-#define user_swr(reg, addr) "swr " reg ", " addr "\n"
-#define user_sh(reg, addr) "sh " reg ", " addr "\n"
-#define user_sb(reg, addr) "sb " reg ", " addr "\n"
+#define user_cache(op, base) kernel_cache(op, base)
+#define user_ll(reg, addr) kernel_ll(reg, addr)
+#define user_sc(reg, addr) kernel_sc(reg, addr)
+#define user_lw(reg, addr) kernel_lw(reg, addr)
+#define user_lwl(reg, addr) kernel_lwl(reg, addr)
+#define user_lwr(reg, addr) kernel_lwr(reg, addr)
+#define user_lh(reg, addr) kernel_lh(reg, addr)
+#define user_lb(reg, addr) kernel_lb(reg, addr)
+#define user_lbu(reg, addr) kernel_lbu(reg, addr)
+#define user_sw(reg, addr) kernel_sw(reg, addr)
+#define user_swl(reg, addr) kernel_swl(reg, addr)
+#define user_swr(reg, addr) kernel_swr(reg, addr)
+#define user_sh(reg, addr) kernel_sh(reg, addr)
+#define user_sb(reg, addr) kernel_sb(reg, addr)
#ifdef CONFIG_32BIT
-/*
- * No 'sd' or 'ld' instructions in 32-bit but the code will
- * do the correct thing
- */
-#define user_sd(reg, addr) user_sw(reg, addr)
-#define user_ld(reg, addr) user_lw(reg, addr)
+#define user_sd(reg, addr) kernel_sw(reg, addr)
+#define user_ld(reg, addr) kernel_lw(reg, addr)
#else
-#define user_sd(reg, addr) "sd " reg", " addr "\n"
-#define user_ld(reg, addr) "ld " reg", " addr "\n"
+#define user_sd(reg, addr) kernel_sd(reg, addr)
+#define user_ld(reg, addr) kernel_ld(reg, addr)
#endif /* CONFIG_32BIT */
#endif /* CONFIG_EVA */
#else /* __ASSEMBLY__ */
+#define kernel_cache(op, base) cache op, base
+#define kernel_ll(reg, addr) ll reg, addr
+#define kernel_sc(reg, addr) sc reg, addr
+#define kernel_lw(reg, addr) lw reg, addr
+#define kernel_lwl(reg, addr) lwl reg, addr
+#define kernel_lwr(reg, addr) lwr reg, addr
+#define kernel_lh(reg, addr) lh reg, addr
+#define kernel_lb(reg, addr) lb reg, addr
+#define kernel_lbu(reg, addr) lbu reg, addr
+#define kernel_sw(reg, addr) sw reg, addr
+#define kernel_swl(reg, addr) swl reg, addr
+#define kernel_swr(reg, addr) swr reg, addr
+#define kernel_sh(reg, addr) sh reg, addr
+#define kernel_sb(reg, addr) sb reg, addr
+
+#ifdef CONFIG_32BIT
+/*
+ * No 'sd' or 'ld' instructions in 32-bit but the code will
+ * do the correct thing
+ */
+#define kernel_sd(reg, addr) user_sw(reg, addr)
+#define kernel_ld(reg, addr) user_lw(reg, addr)
+#else
+#define kernel_sd(reg, addr) sd reg, addr
+#define kernel_ld(reg, addr) ld reg, addr
+#endif /* CONFIG_32BIT */
+
#ifdef CONFIG_EVA
#define __BUILD_EVA_INSN(insn, reg, addr) \
@@ -101,31 +154,27 @@
#define user_sd(reg, addr) user_sw(reg, addr)
#else
-#define user_cache(op, base) cache op, base
-#define user_ll(reg, addr) ll reg, addr
-#define user_sc(reg, addr) sc reg, addr
-#define user_lw(reg, addr) lw reg, addr
-#define user_lwl(reg, addr) lwl reg, addr
-#define user_lwr(reg, addr) lwr reg, addr
-#define user_lh(reg, addr) lh reg, addr
-#define user_lb(reg, addr) lb reg, addr
-#define user_lbu(reg, addr) lbu reg, addr
-#define user_sw(reg, addr) sw reg, addr
-#define user_swl(reg, addr) swl reg, addr
-#define user_swr(reg, addr) swr reg, addr
-#define user_sh(reg, addr) sh reg, addr
-#define user_sb(reg, addr) sb reg, addr
+#define user_cache(op, base) kernel_cache(op, base)
+#define user_ll(reg, addr) kernel_ll(reg, addr)
+#define user_sc(reg, addr) kernel_sc(reg, addr)
+#define user_lw(reg, addr) kernel_lw(reg, addr)
+#define user_lwl(reg, addr) kernel_lwl(reg, addr)
+#define user_lwr(reg, addr) kernel_lwr(reg, addr)
+#define user_lh(reg, addr) kernel_lh(reg, addr)
+#define user_lb(reg, addr) kernel_lb(reg, addr)
+#define user_lbu(reg, addr) kernel_lbu(reg, addr)
+#define user_sw(reg, addr) kernel_sw(reg, addr)
+#define user_swl(reg, addr) kernel_swl(reg, addr)
+#define user_swr(reg, addr) kernel_swr(reg, addr)
+#define user_sh(reg, addr) kernel_sh(reg, addr)
+#define user_sb(reg, addr) kernel_sb(reg, addr)
#ifdef CONFIG_32BIT
-/*
- * No 'sd' or 'ld' instructions in 32-bit but the code will
- * do the correct thing
- */
-#define user_sd(reg, addr) user_sw(reg, addr)
-#define user_ld(reg, addr) user_lw(reg, addr)
+#define user_sd(reg, addr) kernel_sw(reg, addr)
+#define user_ld(reg, addr) kernel_lw(reg, addr)
#else
-#define user_sd(reg, addr) sd reg, addr
-#define user_ld(reg, addr) ld reg, addr
+#define user_sd(reg, addr) kernel_sd(reg, addr)
+#define user_ld(reg, addr) kernel_sd(reg, addr)
#endif /* CONFIG_32BIT */
#endif /* CONFIG_EVA */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 054/222] MIPS: Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (52 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 053/222] MIPS: asm: asm-eva: Introduce kernel load/store variants Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 055/222] MIPS: Hibernate: flush TLB entries earlier Sasha Levin
` (168 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Huacai Chen <chenhc@lemote.com>
[ Upstream commit 0add9c2f1cff9f3f1f2eb7e9babefa872a9d14b9 ]
HPET irq is routed to i8259 and then to MIPS CPU irq (cascade). After
commit a3e6c1eff5 (MIPS: IRQ: Fix disable_irq on CPU IRQs), if without
IRQF_NO_SUSPEND in cascade_irqaction, HPET interrupts will lost during
suspend. The result is machine cannot be waken up.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: <stable@vger.kernel.org>
Cc: Steven J. Hill <Steven.Hill@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/9528/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/loongson/loongson-3/irq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/mips/loongson/loongson-3/irq.c b/arch/mips/loongson/loongson-3/irq.c
index ca1c62a..8f5209a 100644
--- a/arch/mips/loongson/loongson-3/irq.c
+++ b/arch/mips/loongson/loongson-3/irq.c
@@ -44,6 +44,7 @@ void mach_irq_dispatch(unsigned int pending)
static struct irqaction cascade_irqaction = {
.handler = no_action,
+ .flags = IRQF_NO_SUSPEND,
.name = "cascade",
};
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 055/222] MIPS: Hibernate: flush TLB entries earlier
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (53 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 054/222] MIPS: Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 056/222] staging: panel: fix lcd type Sasha Levin
` (167 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Huacai Chen <chenhc@lemote.com>
[ Upstream commit a843d00d038b11267279e3b5388222320f9ddc1d ]
We found that TLB mismatch not only happens after kernel resume, but
also happens during snapshot restore. So move it to the beginning of
swsusp_arch_suspend().
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: <stable@vger.kernel.org>
Cc: Steven J. Hill <Steven.Hill@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: stable@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/9621/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/power/hibernate.S | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/mips/power/hibernate.S b/arch/mips/power/hibernate.S
index 32a7c82..e7567c8 100644
--- a/arch/mips/power/hibernate.S
+++ b/arch/mips/power/hibernate.S
@@ -30,6 +30,8 @@ LEAF(swsusp_arch_suspend)
END(swsusp_arch_suspend)
LEAF(swsusp_arch_resume)
+ /* Avoid TLB mismatch during and after kernel resume */
+ jal local_flush_tlb_all
PTR_L t0, restore_pblist
0:
PTR_L t1, PBE_ADDRESS(t0) /* source */
@@ -43,7 +45,6 @@ LEAF(swsusp_arch_resume)
bne t1, t3, 1b
PTR_L t0, PBE_NEXT(t0)
bnez t0, 0b
- jal local_flush_tlb_all /* Avoid TLB mismatch after kernel resume */
PTR_LA t0, saved_regs
PTR_L ra, PT_R31(t0)
PTR_L sp, PT_R29(t0)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 056/222] staging: panel: fix lcd type
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (54 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 055/222] MIPS: Hibernate: flush TLB entries earlier Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 057/222] staging: android: sync: Fix memory corruption in sync_timeline_signal() Sasha Levin
` (166 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
[ Upstream commit 2c20d92dad5db6440cfa88d811b69fd605240ce4 ]
the lcd type as defined in the Kconfig is not matching in the code.
as a result the rs, rw and en pins were getting interchanged.
Kconfig defines the value of PANEL_LCD to be 1 if we select custom
configuration but in the code LCD_TYPE_CUSTOM is defined as 5.
my hardware is LCD_TYPE_CUSTOM, but the pins were assigned to it
as pins of LCD_TYPE_OLD, and it was not working.
Now values are corrected with referenece to the values defined in
Kconfig and it is working.
checked on JHD204A lcd with LCD_TYPE_CUSTOM configuration.
Cc: <stable@vger.kernel.org> # 2.6.32+
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Acked-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/staging/panel/panel.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/staging/panel/panel.c b/drivers/staging/panel/panel.c
index 6d1a320..2dee175 100644
--- a/drivers/staging/panel/panel.c
+++ b/drivers/staging/panel/panel.c
@@ -275,11 +275,11 @@ static unsigned char lcd_bits[LCD_PORTS][LCD_BITS][BIT_STATES];
* LCD types
*/
#define LCD_TYPE_NONE 0
-#define LCD_TYPE_OLD 1
-#define LCD_TYPE_KS0074 2
-#define LCD_TYPE_HANTRONIX 3
-#define LCD_TYPE_NEXCOM 4
-#define LCD_TYPE_CUSTOM 5
+#define LCD_TYPE_CUSTOM 1
+#define LCD_TYPE_OLD 2
+#define LCD_TYPE_KS0074 3
+#define LCD_TYPE_HANTRONIX 4
+#define LCD_TYPE_NEXCOM 5
/*
* keypad types
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 057/222] staging: android: sync: Fix memory corruption in sync_timeline_signal().
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (55 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 056/222] staging: panel: fix lcd type Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 058/222] md/raid0: fix bug with chunksize not a power of 2 Sasha Levin
` (165 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Alistair Strachan <alistair.strachan@imgtec.com>
[ Upstream commit 8e43c9c75faf2902955bd2ecd7a50a8cc41cb00a ]
The android_fence_release() function checks for active sync points
by calling list_empty() on the list head embedded on the sync
point. However, it is only valid to use list_empty() on nodes that
have been initialized with INIT_LIST_HEAD() or list_del_init().
Because the list entry has likely been removed from the active list
by sync_timeline_signal(), there is a good chance that this
WARN_ON_ONCE() will be hit due to dangling pointers pointing at
freed memory (even though the sync drivers did nothing wrong)
and memory corruption will ensue as the list entry is removed for
a second time, corrupting the active list.
This problem can be reproduced quite easily with CONFIG_DEBUG_LIST=y
and fences with more than one sync point.
Signed-off-by: Alistair Strachan <alistair.strachan@imgtec.com>
Cc: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Colin Cross <ccross@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/staging/android/sync.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c
index 7bdb62b..f83e00c 100644
--- a/drivers/staging/android/sync.c
+++ b/drivers/staging/android/sync.c
@@ -114,7 +114,7 @@ void sync_timeline_signal(struct sync_timeline *obj)
list_for_each_entry_safe(pt, next, &obj->active_list_head,
active_list) {
if (fence_is_signaled_locked(&pt->base))
- list_del(&pt->active_list);
+ list_del_init(&pt->active_list);
}
spin_unlock_irqrestore(&obj->child_list_lock, flags);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 058/222] md/raid0: fix bug with chunksize not a power of 2.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (56 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 057/222] staging: android: sync: Fix memory corruption in sync_timeline_signal() Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 059/222] cdc-wdm: fix endianness bug in debug statements Sasha Levin
` (164 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: NeilBrown <neilb@suse.de>
[ Upstream commit 47d68979cc968535cb87f3e5f2e6a3533ea48fbd ]
Since commit 20d0189b1012a37d2533a87fb451f7852f2418d1
in v3.14-rc1 RAID0 has performed incorrect calculations
when the chunksize is not a power of 2.
This happens because "sector_div()" modifies its first argument, but
this wasn't taken into account in the patch.
So restore that first arg before re-using the variable.
Reported-by: Joe Landman <joe.landman@gmail.com>
Reported-by: Dave Chinner <david@fromorbit.com>
Fixes: 20d0189b1012a37d2533a87fb451f7852f2418d1
Cc: stable@vger.kernel.org (3.14 and later).
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/md/raid0.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index ba6b85d..d5c12e5 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -319,7 +319,7 @@ static struct strip_zone *find_zone(struct r0conf *conf,
/*
* remaps the bio to the target device. we separate two flows.
- * power 2 flow and a general flow for the sake of perfromance
+ * power 2 flow and a general flow for the sake of performance
*/
static struct md_rdev *map_sector(struct mddev *mddev, struct strip_zone *zone,
sector_t sector, sector_t *sector_offset)
@@ -537,6 +537,7 @@ static void raid0_make_request(struct mddev *mddev, struct bio *bio)
split = bio;
}
+ sector = bio->bi_iter.bi_sector;
zone = find_zone(mddev->private, §or);
tmp_dev = map_sector(mddev, zone, sector, §or);
split->bi_bdev = tmp_dev->bdev;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 059/222] cdc-wdm: fix endianness bug in debug statements
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (57 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 058/222] md/raid0: fix bug with chunksize not a power of 2 Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 060/222] mmc: sunxi: Use devm_reset_control_get_optional() for reset control Sasha Levin
` (163 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Oliver Neukum <oneukum@suse.de>
[ Upstream commit 323ece54e0761198946ecd0c2091f1d2bfdfcb64 ]
Values directly from descriptors given in debug statements
must be converted to native endianness.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/class/cdc-wdm.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c
index a051a7a..a81f9dd 100644
--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -245,7 +245,7 @@ static void wdm_int_callback(struct urb *urb)
case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
dev_dbg(&desc->intf->dev,
"NOTIFY_RESPONSE_AVAILABLE received: index %d len %d",
- dr->wIndex, dr->wLength);
+ le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
break;
case USB_CDC_NOTIFY_NETWORK_CONNECTION:
@@ -262,7 +262,9 @@ static void wdm_int_callback(struct urb *urb)
clear_bit(WDM_POLL_RUNNING, &desc->flags);
dev_err(&desc->intf->dev,
"unknown notification %d received: index %d len %d\n",
- dr->bNotificationType, dr->wIndex, dr->wLength);
+ dr->bNotificationType,
+ le16_to_cpu(dr->wIndex),
+ le16_to_cpu(dr->wLength));
goto exit;
}
@@ -408,7 +410,7 @@ static ssize_t wdm_write
USB_RECIP_INTERFACE);
req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
req->wValue = 0;
- req->wIndex = desc->inum;
+ req->wIndex = desc->inum; /* already converted */
req->wLength = cpu_to_le16(count);
set_bit(WDM_IN_USE, &desc->flags);
desc->outbuf = buf;
@@ -422,7 +424,7 @@ static ssize_t wdm_write
rv = usb_translate_errors(rv);
} else {
dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d",
- req->wIndex);
+ le16_to_cpu(req->wIndex));
}
out:
usb_autopm_put_interface(desc->intf);
@@ -820,7 +822,7 @@ static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor
desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
desc->irq->wValue = 0;
- desc->irq->wIndex = desc->inum;
+ desc->irq->wIndex = desc->inum; /* already converted */
desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
usb_fill_control_urb(
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 060/222] mmc: sunxi: Use devm_reset_control_get_optional() for reset control
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (58 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 059/222] cdc-wdm: fix endianness bug in debug statements Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 061/222] spi: imx: read back the RX/TX watermark levels earlier Sasha Levin
` (162 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Chen-Yu Tsai <wens@csie.org>
[ Upstream commit 9e71c589e44ddf2b86f361c81e360c6b0d0354b1 ]
The reset control for the sunxi mmc controller is optional. Some
newer platforms (sun6i, sun8i, sun9i) have it, while older ones
(sun4i, sun5i, sun7i) don't.
Use the properly stubbed _optional version so the driver does not
fail to compile when RESET_CONTROLLER=n.
This patch also adds a check for deferred probing on the reset
control.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Cc: <stable@vger.kernel.org> # 3.16+
Acked-by: David Lanzendörfer <david.lanzendoerfer@o2s.ch>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/mmc/host/sunxi-mmc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sunxi-mmc.c b/drivers/mmc/host/sunxi-mmc.c
index d1663b3..aac659b 100644
--- a/drivers/mmc/host/sunxi-mmc.c
+++ b/drivers/mmc/host/sunxi-mmc.c
@@ -909,7 +909,9 @@ static int sunxi_mmc_resource_request(struct sunxi_mmc_host *host,
return PTR_ERR(host->clk_mmc);
}
- host->reset = devm_reset_control_get(&pdev->dev, "ahb");
+ host->reset = devm_reset_control_get_optional(&pdev->dev, "ahb");
+ if (PTR_ERR(host->reset) == -EPROBE_DEFER)
+ return PTR_ERR(host->reset);
ret = clk_prepare_enable(host->clk_ahb);
if (ret) {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 061/222] spi: imx: read back the RX/TX watermark levels earlier
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (59 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 060/222] mmc: sunxi: Use devm_reset_control_get_optional() for reset control Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 062/222] spi: spidev: fix possible arithmetic overflow for multi-transfer message Sasha Levin
` (161 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit f511ab09dfb0fe7b2335eccac51ff9f001a32e4a ]
They are used to decide if the controller can do DMA on a buffer
of a specific length and thus are needed before any transfer is attempted.
This fixes a memory leak where the SPI core uses the drivers can_dma()
callback to determine if a buffer needs to be mapped. As the watermark
levels aren't correct at that point the driver falsely claims to be able to
DMA the buffer when it fact it isn't.
After the transfer has been done the core uses the same callback to
determine if it needs to unmap the buffers. As the driver now correctly
claims to not being able to DMA the buffer the core doesn't attempt to
unmap the buffer which leaves the SGT leaking.
Fixes: f62caccd12c17e4 (spi: spi-imx: add DMA support)
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/spi/spi-imx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 82269a8..bf0effb 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -371,8 +371,6 @@ static int __maybe_unused mx51_ecspi_config(struct spi_imx_data *spi_imx,
if (spi_imx->dma_is_inited) {
dma = readl(spi_imx->base + MX51_ECSPI_DMA);
- spi_imx->tx_wml = spi_imx_get_fifosize(spi_imx) / 2;
- spi_imx->rx_wml = spi_imx_get_fifosize(spi_imx) / 2;
spi_imx->rxt_wml = spi_imx_get_fifosize(spi_imx) / 2;
rx_wml_cfg = spi_imx->rx_wml << MX51_ECSPI_DMA_RX_WML_OFFSET;
tx_wml_cfg = spi_imx->tx_wml << MX51_ECSPI_DMA_TX_WML_OFFSET;
@@ -869,6 +867,8 @@ static int spi_imx_sdma_init(struct device *dev, struct spi_imx_data *spi_imx,
master->max_dma_len = MAX_SDMA_BD_BYTES;
spi_imx->bitbang.master->flags = SPI_MASTER_MUST_RX |
SPI_MASTER_MUST_TX;
+ spi_imx->tx_wml = spi_imx_get_fifosize(spi_imx) / 2;
+ spi_imx->rx_wml = spi_imx_get_fifosize(spi_imx) / 2;
spi_imx->dma_is_inited = 1;
return 0;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 062/222] spi: spidev: fix possible arithmetic overflow for multi-transfer message
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (60 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 061/222] spi: imx: read back the RX/TX watermark levels earlier Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 063/222] compal-laptop: Fix leaking hwmon device Sasha Levin
` (160 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ian Abbott <abbotti@mev.co.uk>
[ Upstream commit f20fbaad7620af2df36a1f9d1c9ecf48ead5b747 ]
`spidev_message()` sums the lengths of the individual SPI transfers to
determine the overall SPI message length. It restricts the total
length, returning an error if too long, but it does not check for
arithmetic overflow. For example, if the SPI message consisted of two
transfers and the first has a length of 10 and the second has a length
of (__u32)(-1), the total length would be seen as 9, even though the
second transfer is actually very long. If the second transfer specifies
a null `rx_buf` and a non-null `tx_buf`, the `copy_from_user()` could
overrun the spidev's pre-allocated tx buffer before it reaches an
invalid user memory address. Fix it by checking that neither the total
nor the individual transfer lengths exceed the maximum allowed value.
Thanks to Dan Carpenter for reporting the potential integer overflow.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/spi/spidev.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c
index e50039f..409a8c5 100644
--- a/drivers/spi/spidev.c
+++ b/drivers/spi/spidev.c
@@ -246,7 +246,10 @@ static int spidev_message(struct spidev_data *spidev,
k_tmp->len = u_tmp->len;
total += k_tmp->len;
- if (total > bufsiz) {
+ /* Check total length of transfers. Also check each
+ * transfer length to avoid arithmetic overflow.
+ */
+ if (total > bufsiz || k_tmp->len > bufsiz) {
status = -EMSGSIZE;
goto done;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 063/222] compal-laptop: Fix leaking hwmon device
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (61 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 062/222] spi: spidev: fix possible arithmetic overflow for multi-transfer message Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 064/222] compal-laptop: Check return value of power_supply_register Sasha Levin
` (159 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[ Upstream commit ad774702f1705c04e5fa492b793d8d477a504fa6 ]
The commit c2be45f09bb0 ("compal-laptop: Use
devm_hwmon_device_register_with_groups") wanted to change the
registering of hwmon device to resource-managed version. It mostly did
it except the main thing - it forgot to use devm-like function so the
hwmon device leaked after device removal or probe failure.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: c2be45f09bb0 ("compal-laptop: Use devm_hwmon_device_register_with_groups")
Cc: <stable@vger.kernel.org>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/platform/x86/compal-laptop.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/platform/x86/compal-laptop.c b/drivers/platform/x86/compal-laptop.c
index 26bfd7b..da5e7b8 100644
--- a/drivers/platform/x86/compal-laptop.c
+++ b/drivers/platform/x86/compal-laptop.c
@@ -1027,9 +1027,9 @@ static int compal_probe(struct platform_device *pdev)
if (err)
return err;
- hwmon_dev = hwmon_device_register_with_groups(&pdev->dev,
- "compal", data,
- compal_hwmon_groups);
+ hwmon_dev = devm_hwmon_device_register_with_groups(&pdev->dev,
+ "compal", data,
+ compal_hwmon_groups);
if (IS_ERR(hwmon_dev)) {
err = PTR_ERR(hwmon_dev);
goto remove;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 064/222] compal-laptop: Check return value of power_supply_register
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (62 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 063/222] compal-laptop: Fix leaking hwmon device Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 065/222] ring-buffer: Replace this_cpu_*() with __this_cpu_*() Sasha Levin
` (158 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[ Upstream commit 1915a718b1872edffcb13e5436a9f7302d3d36f0 ]
The return value of power_supply_register() call was not checked and
even on error probe() function returned 0. If registering failed then
during unbind the driver tried to unregister power supply which was not
actually registered.
This could lead to memory corruption because power_supply_unregister()
unconditionally cleans up given power supply.
Fix this by checking return status of power_supply_register() call. In
case of failure, clean up sysfs entries and fail the probe.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 9be0fcb5ed46 ("compal-laptop: add JHL90, battery & hwmon interface")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/platform/x86/compal-laptop.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/compal-laptop.c b/drivers/platform/x86/compal-laptop.c
index da5e7b8..034aa84 100644
--- a/drivers/platform/x86/compal-laptop.c
+++ b/drivers/platform/x86/compal-laptop.c
@@ -1037,7 +1037,9 @@ static int compal_probe(struct platform_device *pdev)
/* Power supply */
initialize_power_supply_data(data);
- power_supply_register(&compal_device->dev, &data->psy);
+ err = power_supply_register(&compal_device->dev, &data->psy);
+ if (err < 0)
+ goto remove;
platform_set_drvdata(pdev, data);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 065/222] ring-buffer: Replace this_cpu_*() with __this_cpu_*()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (63 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 064/222] compal-laptop: Check return value of power_supply_register Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 066/222] power_supply: twl4030_madc: Check return value of power_supply_register Sasha Levin
` (157 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Steven Rostedt <rostedt@goodmis.org>
[ Upstream commit 80a9b64e2c156b6523e7a01f2ba6e5d86e722814 ]
It has come to my attention that this_cpu_read/write are horrible on
architectures other than x86. Worse yet, they actually disable
preemption or interrupts! This caused some unexpected tracing results
on ARM.
101.356868: preempt_count_add <-ring_buffer_lock_reserve
101.356870: preempt_count_sub <-ring_buffer_lock_reserve
The ring_buffer_lock_reserve has recursion protection that requires
accessing a per cpu variable. But since preempt_disable() is traced, it
too got traced while accessing the variable that is suppose to prevent
recursion like this.
The generic version of this_cpu_read() and write() are:
#define this_cpu_generic_read(pcp) \
({ typeof(pcp) ret__; \
preempt_disable(); \
ret__ = *this_cpu_ptr(&(pcp)); \
preempt_enable(); \
ret__; \
})
#define this_cpu_generic_to_op(pcp, val, op) \
do { \
unsigned long flags; \
raw_local_irq_save(flags); \
*__this_cpu_ptr(&(pcp)) op val; \
raw_local_irq_restore(flags); \
} while (0)
Which is unacceptable for locations that know they are within preempt
disabled or interrupt disabled locations.
Paul McKenney stated that __this_cpu_() versions produce much better code on
other architectures than this_cpu_() does, if we know that the call is done in
a preempt disabled location.
I also changed the recursive_unlock() to use two local variables instead
of accessing the per_cpu variable twice.
Link: http://lkml.kernel.org/r/20150317114411.GE3589@linux.vnet.ibm.com
Link: http://lkml.kernel.org/r/20150317104038.312e73d1@gandalf.local.home
Cc: stable@vger.kernel.org
Acked-by: Christoph Lameter <cl@linux.com>
Reported-by: Uwe Kleine-Koenig <u.kleine-koenig@pengutronix.de>
Tested-by: Uwe Kleine-Koenig <u.kleine-koenig@pengutronix.de>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
kernel/trace/ring_buffer.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index f4fbbfc..0fc5cfe 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -2684,7 +2684,7 @@ static DEFINE_PER_CPU(unsigned int, current_context);
static __always_inline int trace_recursive_lock(void)
{
- unsigned int val = this_cpu_read(current_context);
+ unsigned int val = __this_cpu_read(current_context);
int bit;
if (in_interrupt()) {
@@ -2701,18 +2701,17 @@ static __always_inline int trace_recursive_lock(void)
return 1;
val |= (1 << bit);
- this_cpu_write(current_context, val);
+ __this_cpu_write(current_context, val);
return 0;
}
static __always_inline void trace_recursive_unlock(void)
{
- unsigned int val = this_cpu_read(current_context);
+ unsigned int val = __this_cpu_read(current_context);
- val--;
- val &= this_cpu_read(current_context);
- this_cpu_write(current_context, val);
+ val &= val & (val - 1);
+ __this_cpu_write(current_context, val);
}
#else
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 066/222] power_supply: twl4030_madc: Check return value of power_supply_register
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (64 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 065/222] ring-buffer: Replace this_cpu_*() with __this_cpu_*() Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 067/222] power_supply: lp8788-charger: Fix leaked power supply on probe fail Sasha Levin
` (156 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[ Upstream commit 68c3ed6fa7e0d69529ced772d650ab128916a81d ]
The return value of power_supply_register() call was not checked and
even on error probe() function returned 0. If registering failed then
during unbind the driver tried to unregister power supply which was not
actually registered.
This could lead to memory corruption because power_supply_unregister()
unconditionally cleans up given power supply.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: da0a00ebc239 ("power: Add twl4030_madc battery driver.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/power/twl4030_madc_battery.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/power/twl4030_madc_battery.c b/drivers/power/twl4030_madc_battery.c
index 7ef445a..cf90760 100644
--- a/drivers/power/twl4030_madc_battery.c
+++ b/drivers/power/twl4030_madc_battery.c
@@ -192,6 +192,7 @@ static int twl4030_madc_battery_probe(struct platform_device *pdev)
{
struct twl4030_madc_battery *twl4030_madc_bat;
struct twl4030_madc_bat_platform_data *pdata = pdev->dev.platform_data;
+ int ret = 0;
twl4030_madc_bat = kzalloc(sizeof(*twl4030_madc_bat), GFP_KERNEL);
if (!twl4030_madc_bat)
@@ -216,9 +217,11 @@ static int twl4030_madc_battery_probe(struct platform_device *pdev)
twl4030_madc_bat->pdata = pdata;
platform_set_drvdata(pdev, twl4030_madc_bat);
- power_supply_register(&pdev->dev, &twl4030_madc_bat->psy);
+ ret = power_supply_register(&pdev->dev, &twl4030_madc_bat->psy);
+ if (ret < 0)
+ kfree(twl4030_madc_bat);
- return 0;
+ return ret;
}
static int twl4030_madc_battery_remove(struct platform_device *pdev)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 067/222] power_supply: lp8788-charger: Fix leaked power supply on probe fail
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (65 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 066/222] power_supply: twl4030_madc: Check return value of power_supply_register Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 068/222] power_supply: ipaq_micro_battery: Fix leaking workqueue Sasha Levin
` (155 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[ Upstream commit a7117f81e8391e035c49b3440792f7e6cea28173 ]
Driver forgot to unregister charger power supply if registering of
battery supply failed in probe(). In such case the memory associated
with power supply leaked.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 98a276649358 ("power_supply: Add new lp8788 charger driver")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/power/lp8788-charger.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/power/lp8788-charger.c b/drivers/power/lp8788-charger.c
index ed49b50..72da2a6 100644
--- a/drivers/power/lp8788-charger.c
+++ b/drivers/power/lp8788-charger.c
@@ -417,8 +417,10 @@ static int lp8788_psy_register(struct platform_device *pdev,
pchg->battery.num_properties = ARRAY_SIZE(lp8788_battery_prop);
pchg->battery.get_property = lp8788_battery_get_property;
- if (power_supply_register(&pdev->dev, &pchg->battery))
+ if (power_supply_register(&pdev->dev, &pchg->battery)) {
+ power_supply_unregister(&pchg->charger);
return -EPERM;
+ }
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 068/222] power_supply: ipaq_micro_battery: Fix leaking workqueue
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (66 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 067/222] power_supply: lp8788-charger: Fix leaked power supply on probe fail Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 069/222] power_supply: ipaq_micro_battery: Check return values in probe Sasha Levin
` (154 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[ Upstream commit f852ec461e24504690445e7d281cbe806df5ccef ]
Driver allocates singlethread workqueue in probe but it is not destroyed
during removal.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 00a588f9d27f ("power: add driver for battery reading on iPaq h3xxx")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/power/ipaq_micro_battery.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/power/ipaq_micro_battery.c b/drivers/power/ipaq_micro_battery.c
index 9d69460..698cf16 100644
--- a/drivers/power/ipaq_micro_battery.c
+++ b/drivers/power/ipaq_micro_battery.c
@@ -251,6 +251,7 @@ static int micro_batt_remove(struct platform_device *pdev)
power_supply_unregister(µ_ac_power);
power_supply_unregister(µ_batt_power);
cancel_delayed_work_sync(&mb->update);
+ destroy_workqueue(mb->wq);
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 069/222] power_supply: ipaq_micro_battery: Check return values in probe
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (67 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 068/222] power_supply: ipaq_micro_battery: Fix leaking workqueue Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 070/222] NFS: fix BUG() crash in notify_change() with patch to chown_common() Sasha Levin
` (153 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[ Upstream commit a2c1d531854c4319610f1d83351213b47a633969 ]
The return values of create_singlethread_workqueue() and
power_supply_register() calls were not checked and even on error probe()
function returned 0.
1. If allocation of workqueue failed (returning NULL) then further
accesses could lead to NULL pointer dereference. The
queue_delayed_work() expects workqueue to be non-NULL.
2. If registration of power supply failed then during unbind the driver
tried to unregister power supply which was not actually registered.
This could lead to memory corruption because
power_supply_unregister() unconditionally cleans up given power
supply.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 00a588f9d27f ("power: add driver for battery reading on iPaq h3xxx")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/power/ipaq_micro_battery.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/power/ipaq_micro_battery.c b/drivers/power/ipaq_micro_battery.c
index 698cf16..96b15e0 100644
--- a/drivers/power/ipaq_micro_battery.c
+++ b/drivers/power/ipaq_micro_battery.c
@@ -226,6 +226,7 @@ static struct power_supply micro_ac_power = {
static int micro_batt_probe(struct platform_device *pdev)
{
struct micro_battery *mb;
+ int ret;
mb = devm_kzalloc(&pdev->dev, sizeof(*mb), GFP_KERNEL);
if (!mb)
@@ -233,14 +234,30 @@ static int micro_batt_probe(struct platform_device *pdev)
mb->micro = dev_get_drvdata(pdev->dev.parent);
mb->wq = create_singlethread_workqueue("ipaq-battery-wq");
+ if (!mb->wq)
+ return -ENOMEM;
+
INIT_DELAYED_WORK(&mb->update, micro_battery_work);
platform_set_drvdata(pdev, mb);
queue_delayed_work(mb->wq, &mb->update, 1);
- power_supply_register(&pdev->dev, µ_batt_power);
- power_supply_register(&pdev->dev, µ_ac_power);
+
+ ret = power_supply_register(&pdev->dev, µ_batt_power);
+ if (ret < 0)
+ goto batt_err;
+
+ ret = power_supply_register(&pdev->dev, µ_ac_power);
+ if (ret < 0)
+ goto ac_err;
dev_info(&pdev->dev, "iPAQ micro battery driver\n");
return 0;
+
+ac_err:
+ power_supply_unregister(µ_ac_power);
+batt_err:
+ cancel_delayed_work_sync(&mb->update);
+ destroy_workqueue(mb->wq);
+ return ret;
}
static int micro_batt_remove(struct platform_device *pdev)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 070/222] NFS: fix BUG() crash in notify_change() with patch to chown_common()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (68 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 069/222] power_supply: ipaq_micro_battery: Check return values in probe Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 071/222] ARM: fix broken hibernation Sasha Levin
` (152 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Andrew Elble <aweits@rit.edu>
[ Upstream commit c1b8940b42bb6487b10f2267a96b486276ce9ff7 ]
We have observed a BUG() crash in fs/attr.c:notify_change(). The crash
occurs during an rsync into a filesystem that is exported via NFS.
1.) fs/attr.c:notify_change() modifies the caller's version of attr.
2.) 6de0ec00ba8d ("VFS: make notify_change pass ATTR_KILL_S*ID to
setattr operations") introduced a BUG() restriction such that "no
function will ever call notify_change() with both ATTR_MODE and
ATTR_KILL_S*ID set". Under some circumstances though, it will have
assisted in setting the caller's version of attr to this very
combination.
3.) 27ac0ffeac80 ("locks: break delegations on any attribute
modification") introduced code to handle breaking
delegations. This can result in notify_change() being re-called. attr
_must_ be explicitly reset to avoid triggering the BUG() established
in #2.
4.) The path that that triggers this is via fs/open.c:chmod_common().
The combination of attr flags set here and in the first call to
notify_change() along with a later failed break_deleg_wait()
results in notify_change() being called again via retry_deleg
without resetting attr.
Solution is to move retry_deleg in chmod_common() a bit further up to
ensure attr is completely reset.
There are other places where this seemingly could occur, such as
fs/utimes.c:utimes_common(), but the attr flags are not initially
set in such a way to trigger this.
Fixes: 27ac0ffeac80 ("locks: break delegations on any attribute modification")
Reported-by: Eric Meddaugh <etmsys@rit.edu>
Tested-by: Eric Meddaugh <etmsys@rit.edu>
Signed-off-by: Andrew Elble <aweits@rit.edu>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/open.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/open.c b/fs/open.c
index de92c13..4a8a355 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -558,6 +558,7 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
+retry_deleg:
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
@@ -574,7 +575,6 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
if (!S_ISDIR(inode->i_mode))
newattrs.ia_valid |=
ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
-retry_deleg:
mutex_lock(&inode->i_mutex);
error = security_path_chown(path, uid, gid);
if (!error)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 071/222] ARM: fix broken hibernation
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (69 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 070/222] NFS: fix BUG() crash in notify_change() with patch to chown_common() Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 072/222] ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE Sasha Levin
` (151 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Russell King <rmk+kernel@arm.linux.org.uk>
[ Upstream commit 767bf7e7a1e82a81c59778348d156993d0a6175d ]
Normally, when a CPU wants to clear a cache line to zero in the external
L2 cache, it would generate bus cycles to write each word as it would do
with any other data access.
However, a Cortex A9 connected to a L2C-310 has a specific feature where
the CPU can detect this operation, and signal that it wants to zero an
entire cache line. This feature, known as Full Line of Zeros (FLZ),
involves a non-standard AXI signalling mechanism which only the L2C-310
can properly interpret.
There are separate enable bits in both the L2C-310 and the Cortex A9 -
the L2C-310 needs to be enabled and have the FLZ enable bit set in the
auxiliary control register before the Cortex A9 has this feature
enabled.
Unfortunately, the suspend code was not respecting this - it's not
obvious from the code:
swsusp_arch_suspend()
cpu_suspend() /* saves the Cortex A9 auxiliary control register */
arch_save_image()
soft_restart() /* turns off FLZ in Cortex A9, and disables L2C */
cpu_resume() /* restores the Cortex A9 registers, inc auxcr */
At this point, we end up with the L2C disabled, but the Cortex A9 with
FLZ enabled - which means any memset() or zeroing of a full cache line
will fail to take effect.
A similar issue exists in the resume path, but it's slightly more
complex:
swsusp_arch_suspend()
cpu_suspend() /* saves the Cortex A9 auxiliary control register */
arch_save_image() /* image with A9 auxcr saved */
...
swsusp_arch_resume()
call_with_stack()
arch_restore_image() /* restores image with A9 auxcr saved above */
soft_restart() /* turns off FLZ in Cortex A9, and disables L2C */
cpu_resume() /* restores the Cortex A9 registers, inc auxcr */
Again, here we end up with the L2C disabled, but Cortex A9 FLZ enabled.
There's no need to turn off the L2C in either of these two paths; there
are benefits from not doing so - for example, the page copies will be
faster with the L2C enabled.
Hence, fix this by providing a variant of soft_restart() which can be
used without turning the L2 cache controller off, and use it in both
of these paths to keep the L2C enabled across the respective resume
transitions.
Fixes: 8ef418c7178f ("ARM: l2c: trial at enabling some Cortex-A9 optimisations")
Reported-by: Sean Cross <xobs@kosagi.com>
Tested-by: Sean Cross <xobs@kosagi.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/kernel/hibernate.c | 5 +++--
arch/arm/kernel/process.c | 10 ++++++++--
arch/arm/kernel/reboot.h | 6 ++++++
3 files changed, 17 insertions(+), 4 deletions(-)
create mode 100644 arch/arm/kernel/reboot.h
diff --git a/arch/arm/kernel/hibernate.c b/arch/arm/kernel/hibernate.c
index c4cc50e..cfb354f 100644
--- a/arch/arm/kernel/hibernate.c
+++ b/arch/arm/kernel/hibernate.c
@@ -22,6 +22,7 @@
#include <asm/suspend.h>
#include <asm/memory.h>
#include <asm/sections.h>
+#include "reboot.h"
int pfn_is_nosave(unsigned long pfn)
{
@@ -61,7 +62,7 @@ static int notrace arch_save_image(unsigned long unused)
ret = swsusp_save();
if (ret == 0)
- soft_restart(virt_to_phys(cpu_resume));
+ _soft_restart(virt_to_phys(cpu_resume), false);
return ret;
}
@@ -86,7 +87,7 @@ static void notrace arch_restore_image(void *unused)
for (pbe = restore_pblist; pbe; pbe = pbe->next)
copy_page(pbe->orig_address, pbe->address);
- soft_restart(virt_to_phys(cpu_resume));
+ _soft_restart(virt_to_phys(cpu_resume), false);
}
static u64 resume_stack[PAGE_SIZE/2/sizeof(u64)] __nosavedata;
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
index fe972a2..ecefea4 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -41,6 +41,7 @@
#include <asm/system_misc.h>
#include <asm/mach/time.h>
#include <asm/tls.h>
+#include "reboot.h"
#ifdef CONFIG_CC_STACKPROTECTOR
#include <linux/stackprotector.h>
@@ -95,7 +96,7 @@ static void __soft_restart(void *addr)
BUG();
}
-void soft_restart(unsigned long addr)
+void _soft_restart(unsigned long addr, bool disable_l2)
{
u64 *stack = soft_restart_stack + ARRAY_SIZE(soft_restart_stack);
@@ -104,7 +105,7 @@ void soft_restart(unsigned long addr)
local_fiq_disable();
/* Disable the L2 if we're the last man standing. */
- if (num_online_cpus() == 1)
+ if (disable_l2)
outer_disable();
/* Change to the new stack and continue with the reset. */
@@ -114,6 +115,11 @@ void soft_restart(unsigned long addr)
BUG();
}
+void soft_restart(unsigned long addr)
+{
+ _soft_restart(addr, num_online_cpus() == 1);
+}
+
/*
* Function pointers to optional machine specific functions
*/
diff --git a/arch/arm/kernel/reboot.h b/arch/arm/kernel/reboot.h
new file mode 100644
index 0000000..c87f058
--- /dev/null
+++ b/arch/arm/kernel/reboot.h
@@ -0,0 +1,6 @@
+#ifndef REBOOT_H
+#define REBOOT_H
+
+extern void _soft_restart(unsigned long addr, bool disable_l2);
+
+#endif
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 072/222] ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (70 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 071/222] ARM: fix broken hibernation Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 073/222] ARM: mvebu: Disable CPU Idle on Armada 38x Sasha Levin
` (150 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Andrey Ryabinin <a.ryabinin@samsung.com>
[ Upstream commit 8defb3367fcd19d1af64c07792aade0747b54e0f ]
Usually ELF_ET_DYN_BASE is 2/3 of TASK_SIZE. With 3G/1G user/kernel
split this is not so, because 2*TASK_SIZE overflows 32 bits,
so the actual value of ELF_ET_DYN_BASE is:
(2 * TASK_SIZE / 3) = 0x2a000000
When ASLR is disabled PIE binaries will load at ELF_ET_DYN_BASE address.
On 32bit platforms AddressSanitzer uses addresses [0x20000000 - 0x40000000]
for shadow memory [1]. So ASan doesn't work for PIE binaries when ASLR disabled
as it fails to map shadow memory.
Also after Kees's 'split ET_DYN ASLR from mmap ASLR' patchset PIE binaries
has a high chance of loading somewhere in between [0x2a000000 - 0x40000000]
even if ASLR enabled. This makes ASan with PIE absolutely incompatible.
Fix overflow by dividing TASK_SIZE prior to multiplying.
After this patch ELF_ET_DYN_BASE equals to (for CONFIG_VMSPLIT_3G=y):
(TASK_SIZE / 3 * 2) = 0x7f555554
[1] https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm#Mapping
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Reported-by: Maria Guseva <m.guseva@samsung.com>
Cc: stable@vger.kernel.org
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/elf.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h
index afb9caf..674d03f 100644
--- a/arch/arm/include/asm/elf.h
+++ b/arch/arm/include/asm/elf.h
@@ -115,7 +115,7 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs);
the loader. We need to make sure that it is out of the way of the program
that it will "exec", and that there is sufficient room for the brk. */
-#define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3)
+#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
/* When the program starts, a1 contains a pointer to a function to be
registered with atexit, as per the SVR4 ABI. A value of 0 means we
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 073/222] ARM: mvebu: Disable CPU Idle on Armada 38x
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (71 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 072/222] ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 074/222] ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore Sasha Levin
` (149 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Gregory CLEMENT <gregory.clement@free-electrons.com>
[ Upstream commit 548ae94c1cc7fc120848757249b9a542b1080ffb ]
On Armada 38x SoCs, under heavy I/O load, the system hangs when CPU
Idle is enabled. Waiting for a solution to this issue, this patch
disables the CPU Idle support for this SoC.
As CPU Hot plug support also uses some of the CPU Idle functions it is
also affected by the same issue. This patch disables it also for the
Armada 38x SoCs.
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: <stable@vger.kernel.org> # v3.17 +
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/mach-mvebu/pmsu.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-mvebu/pmsu.c b/arch/arm/mach-mvebu/pmsu.c
index bbd8664..6f8a85c 100644
--- a/arch/arm/mach-mvebu/pmsu.c
+++ b/arch/arm/mach-mvebu/pmsu.c
@@ -415,6 +415,9 @@ static __init int armada_38x_cpuidle_init(void)
void __iomem *mpsoc_base;
u32 reg;
+ pr_warn("CPU idle is currently broken on Armada 38x: disabling");
+ return 0;
+
np = of_find_compatible_node(NULL, NULL,
"marvell,armada-380-coherency-fabric");
if (!np)
@@ -476,6 +479,16 @@ static int __init mvebu_v7_cpu_pm_init(void)
return 0;
of_node_put(np);
+ /*
+ * Currently the CPU idle support for Armada 38x is broken, as
+ * the CPU hotplug uses some of the CPU idle functions it is
+ * broken too, so let's disable it
+ */
+ if (of_machine_is_compatible("marvell,armada380")) {
+ cpu_hotplug_disable();
+ pr_warn("CPU hotplug support is currently broken on Armada 38x: disabling");
+ }
+
if (of_machine_is_compatible("marvell,armadaxp"))
ret = armada_xp_cpuidle_init();
else if (of_machine_is_compatible("marvell,armada370"))
@@ -489,7 +502,8 @@ static int __init mvebu_v7_cpu_pm_init(void)
return ret;
mvebu_v7_pmsu_enable_l2_powerdown_onidle();
- platform_device_register(&mvebu_v7_cpuidle_device);
+ if (mvebu_v7_cpuidle_device.name)
+ platform_device_register(&mvebu_v7_cpuidle_device);
cpu_pm_register_notifier(&mvebu_v7_cpu_pm_notifier);
return 0;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 074/222] ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (72 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 073/222] ARM: mvebu: Disable CPU Idle on Armada 38x Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 075/222] ARM: dts: dove: Fix uart[23] reg property Sasha Levin
` (148 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
[ Upstream commit 4e330ae4ab2915444f1e6dca1358a910aa259362 ]
There are two PMICs on Cragganmore, currently one dynamically assign
its IRQ base and the other uses a fixed base. It is possible for the
statically assigned PMIC to fail if its IRQ is taken by the dynamically
assigned one. Fix this by statically assigning both the IRQ bases.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Kukjin Kim <kgene@kernel.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/mach-s3c64xx/crag6410.h | 1 +
arch/arm/mach-s3c64xx/mach-crag6410.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/arm/mach-s3c64xx/crag6410.h b/arch/arm/mach-s3c64xx/crag6410.h
index 7bc6668..dcbe17f 100644
--- a/arch/arm/mach-s3c64xx/crag6410.h
+++ b/arch/arm/mach-s3c64xx/crag6410.h
@@ -14,6 +14,7 @@
#include <mach/gpio-samsung.h>
#define GLENFARCLAS_PMIC_IRQ_BASE IRQ_BOARD_START
+#define BANFF_PMIC_IRQ_BASE (IRQ_BOARD_START + 64)
#define PCA935X_GPIO_BASE GPIO_BOARD_START
#define CODEC_GPIO_BASE (GPIO_BOARD_START + 8)
diff --git a/arch/arm/mach-s3c64xx/mach-crag6410.c b/arch/arm/mach-s3c64xx/mach-crag6410.c
index 10b913b..65c426b 100644
--- a/arch/arm/mach-s3c64xx/mach-crag6410.c
+++ b/arch/arm/mach-s3c64xx/mach-crag6410.c
@@ -554,6 +554,7 @@ static struct wm831x_touch_pdata touch_pdata = {
static struct wm831x_pdata crag_pmic_pdata = {
.wm831x_num = 1,
+ .irq_base = BANFF_PMIC_IRQ_BASE,
.gpio_base = BANFF_PMIC_GPIO_BASE,
.soft_shutdown = true,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 075/222] ARM: dts: dove: Fix uart[23] reg property
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (73 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 074/222] ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 076/222] usb: musb: core: fix TX/RX endpoint order Sasha Levin
` (147 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
[ Upstream commit a74cd13b807029397f7232449df929bac11fb228 ]
Fix Dove's register addresses of uart2 and uart3 nodes that seem to
be broken since ages due to a copy-and-paste error.
Cc: <stable@vger.kernel.org> # 3.7+
Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Acked-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/boot/dts/dove.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/dove.dtsi b/arch/arm/boot/dts/dove.dtsi
index a5441d5..3cc8b83 100644
--- a/arch/arm/boot/dts/dove.dtsi
+++ b/arch/arm/boot/dts/dove.dtsi
@@ -154,7 +154,7 @@
uart2: serial@12200 {
compatible = "ns16550a";
- reg = <0x12000 0x100>;
+ reg = <0x12200 0x100>;
reg-shift = <2>;
interrupts = <9>;
clocks = <&core_clk 0>;
@@ -163,7 +163,7 @@
uart3: serial@12300 {
compatible = "ns16550a";
- reg = <0x12100 0x100>;
+ reg = <0x12300 0x100>;
reg-shift = <2>;
interrupts = <10>;
clocks = <&core_clk 0>;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 076/222] usb: musb: core: fix TX/RX endpoint order
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (74 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 075/222] ARM: dts: dove: Fix uart[23] reg property Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 077/222] usb: phy: Find the right match in devm_usb_phy_match Sasha Levin
` (146 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit e3c93e1a3f35be4cf1493d3ccfb0c6d9209e4922 ]
As per Mentor Graphics' documentation, we should
always handle TX endpoints before RX endpoints.
This patch fixes that error while also updating
some hard-to-read comments which were scattered
around musb_interrupt().
This patch should be backported as far back as
possible since this error has been in the driver
since it's conception.
Cc: <stable@vger.kernel.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/musb/musb_core.c | 44 ++++++++++++++++++++++++++------------------
1 file changed, 26 insertions(+), 18 deletions(-)
diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c
index b841ee0..b04b805 100644
--- a/drivers/usb/musb/musb_core.c
+++ b/drivers/usb/musb/musb_core.c
@@ -1521,16 +1521,30 @@ irqreturn_t musb_interrupt(struct musb *musb)
is_host_active(musb) ? "host" : "peripheral",
musb->int_usb, musb->int_tx, musb->int_rx);
- /* the core can interrupt us for multiple reasons; docs have
- * a generic interrupt flowchart to follow
+ /**
+ * According to Mentor Graphics' documentation, flowchart on page 98,
+ * IRQ should be handled as follows:
+ *
+ * . Resume IRQ
+ * . Session Request IRQ
+ * . VBUS Error IRQ
+ * . Suspend IRQ
+ * . Connect IRQ
+ * . Disconnect IRQ
+ * . Reset/Babble IRQ
+ * . SOF IRQ (we're not using this one)
+ * . Endpoint 0 IRQ
+ * . TX Endpoints
+ * . RX Endpoints
+ *
+ * We will be following that flowchart in order to avoid any problems
+ * that might arise with internal Finite State Machine.
*/
+
if (musb->int_usb)
retval |= musb_stage0_irq(musb, musb->int_usb,
devctl);
- /* "stage 1" is handling endpoint irqs */
-
- /* handle endpoint 0 first */
if (musb->int_tx & 1) {
if (is_host_active(musb))
retval |= musb_h_ep0_irq(musb);
@@ -1538,37 +1552,31 @@ irqreturn_t musb_interrupt(struct musb *musb)
retval |= musb_g_ep0_irq(musb);
}
- /* RX on endpoints 1-15 */
- reg = musb->int_rx >> 1;
+ reg = musb->int_tx >> 1;
ep_num = 1;
while (reg) {
if (reg & 1) {
- /* musb_ep_select(musb->mregs, ep_num); */
- /* REVISIT just retval = ep->rx_irq(...) */
retval = IRQ_HANDLED;
if (is_host_active(musb))
- musb_host_rx(musb, ep_num);
+ musb_host_tx(musb, ep_num);
else
- musb_g_rx(musb, ep_num);
+ musb_g_tx(musb, ep_num);
}
-
reg >>= 1;
ep_num++;
}
- /* TX on endpoints 1-15 */
- reg = musb->int_tx >> 1;
+ reg = musb->int_rx >> 1;
ep_num = 1;
while (reg) {
if (reg & 1) {
- /* musb_ep_select(musb->mregs, ep_num); */
- /* REVISIT just retval |= ep->tx_irq(...) */
retval = IRQ_HANDLED;
if (is_host_active(musb))
- musb_host_tx(musb, ep_num);
+ musb_host_rx(musb, ep_num);
else
- musb_g_tx(musb, ep_num);
+ musb_g_rx(musb, ep_num);
}
+
reg >>= 1;
ep_num++;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 077/222] usb: phy: Find the right match in devm_usb_phy_match
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (75 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 076/222] usb: musb: core: fix TX/RX endpoint order Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 078/222] usb: define a generic USB_RESUME_TIMEOUT macro Sasha Levin
` (145 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Axel Lin <axel.lin@ingics.com>
[ Upstream commit 869aee0f31429fa9d94d5aef539602b73ae0cf4b ]
The res parameter passed to devm_usb_phy_match() is the location where the
pointer to the usb_phy is stored, hence it needs to be dereferenced before
comparing to the match data in order to find the correct match.
Fixes: 410219dcd2ba ("usb: otg: utils: devres: Add API's to associate a device with the phy")
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Cc: <stable@vger.kernel.org> # v3.6+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/phy/phy.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/phy/phy.c b/drivers/usb/phy/phy.c
index 045cd30..7e8898d 100644
--- a/drivers/usb/phy/phy.c
+++ b/drivers/usb/phy/phy.c
@@ -78,7 +78,9 @@ static void devm_usb_phy_release(struct device *dev, void *res)
static int devm_usb_phy_match(struct device *dev, void *res, void *match_data)
{
- return res == match_data;
+ struct usb_phy **phy = res;
+
+ return *phy == match_data;
}
/**
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 078/222] usb: define a generic USB_RESUME_TIMEOUT macro
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (76 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 077/222] usb: phy: Find the right match in devm_usb_phy_match Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 079/222] usb: musb: use new USB_RESUME_TIMEOUT Sasha Levin
` (144 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 62f0342de1f012f3e90607d39e20fce811391169 ]
Every USB Host controller should use this new
macro to define for how long resume signalling
should be driven on the bus.
Currently, almost every single USB controller
is using a 20ms timeout for resume signalling.
That's problematic for two reasons:
a) sometimes that 20ms timer expires a little
before 20ms, which makes us fail certification
b) some (many) devices actually need more than
20ms resume signalling.
Sure, in case of (b) we can state that the device
is against the USB spec, but the fact is that
we have no control over which device the certification
lab will use. We also have no control over which host
they will use. Most likely they'll be using a Windows
PC which, again, we have no control over how that
USB stack is written and how long resume signalling
they are using.
At the end of the day, we must make sure Linux passes
electrical compliance when working as Host or as Device
and currently we don't pass compliance as host because
we're driving resume signallig for exactly 20ms and
that confuses certification test setup resulting in
Certification failure.
Cc: <stable@vger.kernel.org> # v3.10+
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/linux/usb.h | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/include/linux/usb.h b/include/linux/usb.h
index 3827bff..bdbd19f 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
@@ -205,6 +205,32 @@ void usb_put_intf(struct usb_interface *intf);
#define USB_MAXINTERFACES 32
#define USB_MAXIADS (USB_MAXINTERFACES/2)
+/*
+ * USB Resume Timer: Every Host controller driver should drive the resume
+ * signalling on the bus for the amount of time defined by this macro.
+ *
+ * That way we will have a 'stable' behavior among all HCDs supported by Linux.
+ *
+ * Note that the USB Specification states we should drive resume for *at least*
+ * 20 ms, but it doesn't give an upper bound. This creates two possible
+ * situations which we want to avoid:
+ *
+ * (a) sometimes an msleep(20) might expire slightly before 20 ms, which causes
+ * us to fail USB Electrical Tests, thus failing Certification
+ *
+ * (b) Some (many) devices actually need more than 20 ms of resume signalling,
+ * and while we can argue that's against the USB Specification, we don't have
+ * control over which devices a certification laboratory will be using for
+ * certification. If CertLab uses a device which was tested against Windows and
+ * that happens to have relaxed resume signalling rules, we might fall into
+ * situations where we fail interoperability and electrical tests.
+ *
+ * In order to avoid both conditions, we're using a 40 ms resume timeout, which
+ * should cope with both LPJ calibration errors and devices not following every
+ * detail of the USB Specification.
+ */
+#define USB_RESUME_TIMEOUT 40 /* ms */
+
/**
* struct usb_interface_cache - long-term representation of a device interface
* @num_altsetting: number of altsettings defined.
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 079/222] usb: musb: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (77 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 078/222] usb: define a generic USB_RESUME_TIMEOUT macro Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 080/222] usb: host: oxu210hp: " Sasha Levin
` (143 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 309be239369609929d5d3833ee043f7c5afc95d1 ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Based on original work by Bin Liu <Bin Liu <b-liu@ti.com>>
Cc: Bin Liu <b-liu@ti.com>
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/musb/musb_core.c | 3 ++-
drivers/usb/musb/musb_virthub.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c
index b04b805..6d63efc 100644
--- a/drivers/usb/musb/musb_core.c
+++ b/drivers/usb/musb/musb_core.c
@@ -99,6 +99,7 @@
#include <linux/platform_device.h>
#include <linux/io.h>
#include <linux/dma-mapping.h>
+#include <linux/usb.h>
#include "musb_core.h"
@@ -480,7 +481,7 @@ static irqreturn_t musb_stage0_irq(struct musb *musb, u8 int_usb,
+ msecs_to_jiffies(20);
schedule_delayed_work(
&musb->finish_resume_work,
- msecs_to_jiffies(20));
+ msecs_to_jiffies(USB_RESUME_TIMEOUT));
musb->xceiv->state = OTG_STATE_A_HOST;
musb->is_active = 1;
diff --git a/drivers/usb/musb/musb_virthub.c b/drivers/usb/musb/musb_virthub.c
index e2d2d8c..0241a3a 100644
--- a/drivers/usb/musb/musb_virthub.c
+++ b/drivers/usb/musb/musb_virthub.c
@@ -136,7 +136,7 @@ void musb_port_suspend(struct musb *musb, bool do_suspend)
/* later, GetPortStatus will stop RESUME signaling */
musb->port1_status |= MUSB_PORT_STAT_RESUME;
schedule_delayed_work(&musb->finish_resume_work,
- msecs_to_jiffies(20));
+ msecs_to_jiffies(USB_RESUME_TIMEOUT));
}
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 080/222] usb: host: oxu210hp: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (78 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 079/222] usb: musb: use new USB_RESUME_TIMEOUT Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 081/222] usb: host: fusbh200: " Sasha Levin
` (142 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 84c0d178eb9f3a3ae4d63dc97a440266cf17f7f5 ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/oxu210hp-hcd.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/host/oxu210hp-hcd.c b/drivers/usb/host/oxu210hp-hcd.c
index 4fe79a2..c3d4074 100644
--- a/drivers/usb/host/oxu210hp-hcd.c
+++ b/drivers/usb/host/oxu210hp-hcd.c
@@ -2500,11 +2500,12 @@ static irqreturn_t oxu210_hcd_irq(struct usb_hcd *hcd)
|| oxu->reset_done[i] != 0)
continue;
- /* start 20 msec resume signaling from this port,
- * and make hub_wq collect PORT_STAT_C_SUSPEND to
+ /* start USB_RESUME_TIMEOUT resume signaling from this
+ * port, and make hub_wq collect PORT_STAT_C_SUSPEND to
* stop that signaling.
*/
- oxu->reset_done[i] = jiffies + msecs_to_jiffies(20);
+ oxu->reset_done[i] = jiffies +
+ msecs_to_jiffies(USB_RESUME_TIMEOUT);
oxu_dbg(oxu, "port %d remote wakeup\n", i + 1);
mod_timer(&hcd->rh_timer, oxu->reset_done[i]);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 081/222] usb: host: fusbh200: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (79 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 080/222] usb: host: oxu210hp: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 082/222] usb: host: uhci: " Sasha Levin
` (141 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 595227db1f2d98bfc33f02a55842f268e12b247d ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/fusbh200-hcd.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/usb/host/fusbh200-hcd.c b/drivers/usb/host/fusbh200-hcd.c
index abe42f3..50fa8f2 100644
--- a/drivers/usb/host/fusbh200-hcd.c
+++ b/drivers/usb/host/fusbh200-hcd.c
@@ -1550,10 +1550,9 @@ static int fusbh200_hub_control (
if ((temp & PORT_PE) == 0)
goto error;
- /* resume signaling for 20 msec */
fusbh200_writel(fusbh200, temp | PORT_RESUME, status_reg);
fusbh200->reset_done[wIndex] = jiffies
- + msecs_to_jiffies(20);
+ + msecs_to_jiffies(USB_RESUME_TIMEOUT);
break;
case USB_PORT_FEAT_C_SUSPEND:
clear_bit(wIndex, &fusbh200->port_c_suspend);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 082/222] usb: host: uhci: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (80 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 081/222] usb: host: fusbh200: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 083/222] usb: host: fotg210: " Sasha Levin
` (140 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit b8fb6f79f76f478acbbffccc966daa878f172a0a ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/uhci-hub.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/host/uhci-hub.c b/drivers/usb/host/uhci-hub.c
index 93e17b1..98c66d8 100644
--- a/drivers/usb/host/uhci-hub.c
+++ b/drivers/usb/host/uhci-hub.c
@@ -165,7 +165,7 @@ static void uhci_check_ports(struct uhci_hcd *uhci)
/* Port received a wakeup request */
set_bit(port, &uhci->resuming_ports);
uhci->ports_timeout = jiffies +
- msecs_to_jiffies(25);
+ msecs_to_jiffies(USB_RESUME_TIMEOUT);
usb_hcd_start_port_resume(
&uhci_to_hcd(uhci)->self, port);
@@ -337,7 +337,8 @@ static int uhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
uhci_finish_suspend(uhci, port, port_addr);
/* USB v2.0 7.1.7.5 */
- uhci->ports_timeout = jiffies + msecs_to_jiffies(50);
+ uhci->ports_timeout = jiffies +
+ msecs_to_jiffies(USB_RESUME_TIMEOUT);
break;
case USB_PORT_FEAT_POWER:
/* UHCI has no power switching */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 083/222] usb: host: fotg210: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (81 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 082/222] usb: host: uhci: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 084/222] usb: host: r8a66597: " Sasha Levin
` (139 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 7e136bb71a08e8b8be3bc492f041d9b0bea3856d ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/fotg210-hcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/fotg210-hcd.c b/drivers/usb/host/fotg210-hcd.c
index 3de1278..a2fbb0b 100644
--- a/drivers/usb/host/fotg210-hcd.c
+++ b/drivers/usb/host/fotg210-hcd.c
@@ -1595,7 +1595,7 @@ static int fotg210_hub_control(
/* resume signaling for 20 msec */
fotg210_writel(fotg210, temp | PORT_RESUME, status_reg);
fotg210->reset_done[wIndex] = jiffies
- + msecs_to_jiffies(20);
+ + msecs_to_jiffies(USB_RESUME_TIMEOUT);
break;
case USB_PORT_FEAT_C_SUSPEND:
clear_bit(wIndex, &fotg210->port_c_suspend);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 084/222] usb: host: r8a66597: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (82 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 083/222] usb: host: fotg210: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 085/222] usb: host: isp116x: " Sasha Levin
` (138 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 7a606ac29752a3e571b83f9b3fceb1eaa1d37781 ]
While this driver was already using a 50ms resume
timeout, let's make sure everybody uses the same
macro so it's easy to fix later should anything
go wrong.
It also gives a more "stable" expectation to Linux
users.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/r8a66597-hcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/r8a66597-hcd.c b/drivers/usb/host/r8a66597-hcd.c
index 110b4b9..f130bb2 100644
--- a/drivers/usb/host/r8a66597-hcd.c
+++ b/drivers/usb/host/r8a66597-hcd.c
@@ -2300,7 +2300,7 @@ static int r8a66597_bus_resume(struct usb_hcd *hcd)
rh->port &= ~USB_PORT_STAT_SUSPEND;
rh->port |= USB_PORT_STAT_C_SUSPEND << 16;
r8a66597_mdfy(r8a66597, RESUME, RESUME | UACT, dvstctr_reg);
- msleep(50);
+ msleep(USB_RESUME_TIMEOUT);
r8a66597_mdfy(r8a66597, UACT, RESUME | UACT, dvstctr_reg);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 085/222] usb: host: isp116x: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (83 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 084/222] usb: host: r8a66597: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 086/222] usb: host: xhci: " Sasha Levin
` (137 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 8c0ae6574ccfd3d619876a65829aad74c9d22ba5 ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/isp116x-hcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/isp116x-hcd.c b/drivers/usb/host/isp116x-hcd.c
index 240e792..b62298f 100644
--- a/drivers/usb/host/isp116x-hcd.c
+++ b/drivers/usb/host/isp116x-hcd.c
@@ -1487,7 +1487,7 @@ static int isp116x_bus_resume(struct usb_hcd *hcd)
spin_unlock_irq(&isp116x->lock);
hcd->state = HC_STATE_RESUMING;
- msleep(20);
+ msleep(USB_RESUME_TIMEOUT);
/* Go operational */
spin_lock_irq(&isp116x->lock);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 086/222] usb: host: xhci: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (84 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 085/222] usb: host: isp116x: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 087/222] usb: host: ehci: " Sasha Levin
` (136 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit b9e451885deb6262dbaf5cd14aa77d192d9ac759 ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/xhci-ring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 338f19c..3307e16 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1576,7 +1576,7 @@ static void handle_port_status(struct xhci_hcd *xhci,
} else {
xhci_dbg(xhci, "resume HS port %d\n", port_id);
bus_state->resume_done[faked_port_index] = jiffies +
- msecs_to_jiffies(20);
+ msecs_to_jiffies(USB_RESUME_TIMEOUT);
set_bit(faked_port_index, &bus_state->resuming_ports);
mod_timer(&hcd->rh_timer,
bus_state->resume_done[faked_port_index]);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 087/222] usb: host: ehci: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (85 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 086/222] usb: host: xhci: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 088/222] usb: host: sl811: " Sasha Levin
` (135 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit ea16328f80ca8d74434352157f37ef60e2f55ce2 ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/ehci-hcd.c | 10 +++++-----
drivers/usb/host/ehci-hub.c | 9 ++++++---
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
index 15feaf9..3df32fa 100644
--- a/drivers/usb/host/ehci-hcd.c
+++ b/drivers/usb/host/ehci-hcd.c
@@ -787,12 +787,12 @@ static irqreturn_t ehci_irq (struct usb_hcd *hcd)
ehci->reset_done[i] == 0))
continue;
- /* start 20 msec resume signaling from this port,
- * and make hub_wq collect PORT_STAT_C_SUSPEND to
- * stop that signaling. Use 5 ms extra for safety,
- * like usb_port_resume() does.
+ /* start USB_RESUME_TIMEOUT msec resume signaling from
+ * this port, and make hub_wq collect
+ * PORT_STAT_C_SUSPEND to stop that signaling.
*/
- ehci->reset_done[i] = jiffies + msecs_to_jiffies(25);
+ ehci->reset_done[i] = jiffies +
+ msecs_to_jiffies(USB_RESUME_TIMEOUT);
set_bit(i, &ehci->resuming_ports);
ehci_dbg (ehci, "port %d remote wakeup\n", i + 1);
usb_hcd_start_port_resume(&hcd->self, i);
diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c
index 5728829..ecd5d6a 100644
--- a/drivers/usb/host/ehci-hub.c
+++ b/drivers/usb/host/ehci-hub.c
@@ -473,10 +473,13 @@ static int ehci_bus_resume (struct usb_hcd *hcd)
ehci_writel(ehci, temp, &ehci->regs->port_status [i]);
}
- /* msleep for 20ms only if code is trying to resume port */
+ /*
+ * msleep for USB_RESUME_TIMEOUT ms only if code is trying to resume
+ * port
+ */
if (resume_needed) {
spin_unlock_irq(&ehci->lock);
- msleep(20);
+ msleep(USB_RESUME_TIMEOUT);
spin_lock_irq(&ehci->lock);
if (ehci->shutdown)
goto shutdown;
@@ -944,7 +947,7 @@ int ehci_hub_control(
temp &= ~PORT_WAKE_BITS;
ehci_writel(ehci, temp | PORT_RESUME, status_reg);
ehci->reset_done[wIndex] = jiffies
- + msecs_to_jiffies(20);
+ + msecs_to_jiffies(USB_RESUME_TIMEOUT);
set_bit(wIndex, &ehci->resuming_ports);
usb_hcd_start_port_resume(&hcd->self, wIndex);
break;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 088/222] usb: host: sl811: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (86 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 087/222] usb: host: ehci: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 089/222] usb: core: hub: " Sasha Levin
` (134 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 08debfb13b199716da6153940c31968c556b195d ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/host/sl811-hcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/sl811-hcd.c b/drivers/usb/host/sl811-hcd.c
index ad0c348..17f97f9 100644
--- a/drivers/usb/host/sl811-hcd.c
+++ b/drivers/usb/host/sl811-hcd.c
@@ -1259,7 +1259,7 @@ sl811h_hub_control(
sl811_write(sl811, SL11H_CTLREG1, sl811->ctrl1);
mod_timer(&sl811->timer, jiffies
- + msecs_to_jiffies(20));
+ + msecs_to_jiffies(USB_RESUME_TIMEOUT));
break;
case USB_PORT_FEAT_POWER:
port_power(sl811, 0);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 089/222] usb: core: hub: use new USB_RESUME_TIMEOUT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (87 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 088/222] usb: host: sl811: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 090/222] clk: at91: usb: propagate rate modification to the parent clk Sasha Levin
` (133 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit bbc78c07a51f6fd29c227b1220a9016e585358ba ]
Make sure we're using the new macro, so our
resume signaling will always pass certification.
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/core/hub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 2246954..85e03cb 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -3394,10 +3394,10 @@ int usb_port_resume(struct usb_device *udev, pm_message_t msg)
if (status) {
dev_dbg(&port_dev->dev, "can't resume, status %d\n", status);
} else {
- /* drive resume for at least 20 msec */
+ /* drive resume for USB_RESUME_TIMEOUT msec */
dev_dbg(&udev->dev, "usb %sresume\n",
(PMSG_IS_AUTO(msg) ? "auto-" : ""));
- msleep(25);
+ msleep(USB_RESUME_TIMEOUT);
/* Virtual root hubs can trigger on GET_PORT_STATUS to
* stop resume signaling. Then finish the resume
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 090/222] clk: at91: usb: propagate rate modification to the parent clk
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (88 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 089/222] usb: core: hub: " Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 091/222] ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) Sasha Levin
` (132 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Boris Brezillon <boris.brezillon@free-electrons.com>
[ Upstream commit 4591243102faa8de92da320edea47219901461e9 ]
The at91sam9n12 and at91sam9x5 usb clocks do not propagate rate
modification requests to their parents.
This causes a bug when the PLLB is left uninitialized by the bootloader
(PLL multiplier set to 0, or in other words, PLL rate = 0 Hz).
Implement the determinate_rate method and propagate the change rate
request to the parent clk.
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reported-by: Bo Shen <voice.shen@atmel.com>
Tested-by: Bo Shen <voice.shen@atmel.com>
Signed-off-by: Michael Turquette <mturquette@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/clk/at91/clk-usb.c | 64 +++++++++++++++++++++++++++++++++++-----------
1 file changed, 49 insertions(+), 15 deletions(-)
diff --git a/drivers/clk/at91/clk-usb.c b/drivers/clk/at91/clk-usb.c
index a23ac0c..0b7c3e8 100644
--- a/drivers/clk/at91/clk-usb.c
+++ b/drivers/clk/at91/clk-usb.c
@@ -56,22 +56,55 @@ static unsigned long at91sam9x5_clk_usb_recalc_rate(struct clk_hw *hw,
return DIV_ROUND_CLOSEST(parent_rate, (usbdiv + 1));
}
-static long at91sam9x5_clk_usb_round_rate(struct clk_hw *hw, unsigned long rate,
- unsigned long *parent_rate)
+static long at91sam9x5_clk_usb_determine_rate(struct clk_hw *hw,
+ unsigned long rate,
+ unsigned long min_rate,
+ unsigned long max_rate,
+ unsigned long *best_parent_rate,
+ struct clk_hw **best_parent_hw)
{
- unsigned long div;
+ struct clk *parent = NULL;
+ long best_rate = -EINVAL;
+ unsigned long tmp_rate;
+ int best_diff = -1;
+ int tmp_diff;
+ int i;
- if (!rate)
- return -EINVAL;
+ for (i = 0; i < __clk_get_num_parents(hw->clk); i++) {
+ int div;
- if (rate >= *parent_rate)
- return *parent_rate;
+ parent = clk_get_parent_by_index(hw->clk, i);
+ if (!parent)
+ continue;
+
+ for (div = 1; div < SAM9X5_USB_MAX_DIV + 2; div++) {
+ unsigned long tmp_parent_rate;
+
+ tmp_parent_rate = rate * div;
+ tmp_parent_rate = __clk_round_rate(parent,
+ tmp_parent_rate);
+ tmp_rate = DIV_ROUND_CLOSEST(tmp_parent_rate, div);
+ if (tmp_rate < rate)
+ tmp_diff = rate - tmp_rate;
+ else
+ tmp_diff = tmp_rate - rate;
+
+ if (best_diff < 0 || best_diff > tmp_diff) {
+ best_rate = tmp_rate;
+ best_diff = tmp_diff;
+ *best_parent_rate = tmp_parent_rate;
+ *best_parent_hw = __clk_get_hw(parent);
+ }
+
+ if (!best_diff || tmp_rate < rate)
+ break;
+ }
- div = DIV_ROUND_CLOSEST(*parent_rate, rate);
- if (div > SAM9X5_USB_MAX_DIV + 1)
- div = SAM9X5_USB_MAX_DIV + 1;
+ if (!best_diff)
+ break;
+ }
- return DIV_ROUND_CLOSEST(*parent_rate, div);
+ return best_rate;
}
static int at91sam9x5_clk_usb_set_parent(struct clk_hw *hw, u8 index)
@@ -121,7 +154,7 @@ static int at91sam9x5_clk_usb_set_rate(struct clk_hw *hw, unsigned long rate,
static const struct clk_ops at91sam9x5_usb_ops = {
.recalc_rate = at91sam9x5_clk_usb_recalc_rate,
- .round_rate = at91sam9x5_clk_usb_round_rate,
+ .determine_rate = at91sam9x5_clk_usb_determine_rate,
.get_parent = at91sam9x5_clk_usb_get_parent,
.set_parent = at91sam9x5_clk_usb_set_parent,
.set_rate = at91sam9x5_clk_usb_set_rate,
@@ -159,7 +192,7 @@ static const struct clk_ops at91sam9n12_usb_ops = {
.disable = at91sam9n12_clk_usb_disable,
.is_enabled = at91sam9n12_clk_usb_is_enabled,
.recalc_rate = at91sam9x5_clk_usb_recalc_rate,
- .round_rate = at91sam9x5_clk_usb_round_rate,
+ .determine_rate = at91sam9x5_clk_usb_determine_rate,
.set_rate = at91sam9x5_clk_usb_set_rate,
};
@@ -179,7 +212,8 @@ at91sam9x5_clk_register_usb(struct at91_pmc *pmc, const char *name,
init.ops = &at91sam9x5_usb_ops;
init.parent_names = parent_names;
init.num_parents = num_parents;
- init.flags = CLK_SET_RATE_GATE | CLK_SET_PARENT_GATE;
+ init.flags = CLK_SET_RATE_GATE | CLK_SET_PARENT_GATE |
+ CLK_SET_RATE_PARENT;
usb->hw.init = &init;
usb->pmc = pmc;
@@ -207,7 +241,7 @@ at91sam9n12_clk_register_usb(struct at91_pmc *pmc, const char *name,
init.ops = &at91sam9n12_usb_ops;
init.parent_names = &parent_name;
init.num_parents = 1;
- init.flags = CLK_SET_RATE_GATE;
+ init.flags = CLK_SET_RATE_GATE | CLK_SET_RATE_PARENT;
usb->hw.init = &init;
usb->pmc = pmc;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 091/222] ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226)
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (89 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 090/222] clk: at91: usb: propagate rate modification to the parent clk Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 092/222] ALSA: emu10k1: don't deadlock in proc-functions Sasha Levin
` (131 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Yves-Alexis Perez <corsac@debian.org>
[ Upstream commit c0278669fb61596cc1a10ab8686d27c37269c37b ]
This model uses the same dock port as the previous generation.
Signed-off-by: Yves-Alexis Perez <corsac@debian.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 1783a33..3887eff 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4906,6 +4906,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x2212, "Thinkpad T440", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2214, "Thinkpad X240", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2215, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
+ SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
SND_PCI_QUIRK(0x17aa, 0x5013, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 092/222] ALSA: emu10k1: don't deadlock in proc-functions
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (90 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 091/222] ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 093/222] ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 Sasha Levin
` (130 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Michael Gernoth <michael@gernoth.net>
[ Upstream commit 91bf0c2dcb935a87e5c0795f5047456b965fd143 ]
The functions snd_emu10k1_proc_spdif_read and snd_emu1010_fpga_read
acquire the emu_lock before accessing the FPGA. The function used
to access the FPGA (snd_emu1010_fpga_read) also tries to take
the emu_lock which causes a deadlock.
Remove the outer locking in the proc-functions (guarding only the
already safe fpga read) to prevent this deadlock.
[removed superfluous flags variables too -- tiwai]
Signed-off-by: Michael Gernoth <michael@gernoth.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/pci/emu10k1/emuproc.c | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/sound/pci/emu10k1/emuproc.c b/sound/pci/emu10k1/emuproc.c
index 2ca9f2e..53745f4 100644
--- a/sound/pci/emu10k1/emuproc.c
+++ b/sound/pci/emu10k1/emuproc.c
@@ -241,31 +241,22 @@ static void snd_emu10k1_proc_spdif_read(struct snd_info_entry *entry,
struct snd_emu10k1 *emu = entry->private_data;
u32 value;
u32 value2;
- unsigned long flags;
u32 rate;
if (emu->card_capabilities->emu_model) {
- spin_lock_irqsave(&emu->emu_lock, flags);
snd_emu1010_fpga_read(emu, 0x38, &value);
- spin_unlock_irqrestore(&emu->emu_lock, flags);
if ((value & 0x1) == 0) {
- spin_lock_irqsave(&emu->emu_lock, flags);
snd_emu1010_fpga_read(emu, 0x2a, &value);
snd_emu1010_fpga_read(emu, 0x2b, &value2);
- spin_unlock_irqrestore(&emu->emu_lock, flags);
rate = 0x1770000 / (((value << 5) | value2)+1);
snd_iprintf(buffer, "ADAT Locked : %u\n", rate);
} else {
snd_iprintf(buffer, "ADAT Unlocked\n");
}
- spin_lock_irqsave(&emu->emu_lock, flags);
snd_emu1010_fpga_read(emu, 0x20, &value);
- spin_unlock_irqrestore(&emu->emu_lock, flags);
if ((value & 0x4) == 0) {
- spin_lock_irqsave(&emu->emu_lock, flags);
snd_emu1010_fpga_read(emu, 0x28, &value);
snd_emu1010_fpga_read(emu, 0x29, &value2);
- spin_unlock_irqrestore(&emu->emu_lock, flags);
rate = 0x1770000 / (((value << 5) | value2)+1);
snd_iprintf(buffer, "SPDIF Locked : %d\n", rate);
} else {
@@ -410,14 +401,11 @@ static void snd_emu_proc_emu1010_reg_read(struct snd_info_entry *entry,
{
struct snd_emu10k1 *emu = entry->private_data;
u32 value;
- unsigned long flags;
int i;
snd_iprintf(buffer, "EMU1010 Registers:\n\n");
for(i = 0; i < 0x40; i+=1) {
- spin_lock_irqsave(&emu->emu_lock, flags);
snd_emu1010_fpga_read(emu, i, &value);
- spin_unlock_irqrestore(&emu->emu_lock, flags);
snd_iprintf(buffer, "%02X: %08X, %02X\n", i, value, (value >> 8) & 0x7f);
}
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 093/222] ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (91 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 092/222] ALSA: emu10k1: don't deadlock in proc-functions Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 094/222] ALSA: hda - fix "num_steps = 0" error on ALC256 Sasha Levin
` (129 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Jo-Philipp Wich <jow@openwrt.org>
[ Upstream commit f2aa111041ce36b94e651d882458dea502e76721 ]
The Lenovo Thinkpad T450 requires the ALC292_FIXUP_TPT440_DOCK as well in
order to get working sound output on the docking stations headphone jack.
Patch tested on a Thinkpad T450 (20BVCTO1WW) using kernel 4.0-rc7 in
conjunction with a ThinkPad Ultradock.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 3887eff..c12fb35 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4913,6 +4913,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x501a, "Thinkpad", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x501e, "Thinkpad L440", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x5026, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
+ SND_PCI_QUIRK(0x17aa, 0x5034, "Thinkpad T450", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x5036, "Thinkpad T450s", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x5109, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K),
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 094/222] ALSA: hda - fix "num_steps = 0" error on ALC256
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (92 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 093/222] ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 095/222] ALSA: hda/realtek - Fix Headphone Mic doesn't recording for ALC256 Sasha Levin
` (128 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: David Henningsson <david.henningsson@canonical.com>
[ Upstream commit 7d1b6e29327428993ba568bdd8c66734070f45e0 ]
The ALC256 does not have a mixer nid at 0x0b, and there's no
loopback path (the output pins are directly connected to the DACs).
This commit fixes an "num_steps = 0 for NID=0xb (ctl = Beep Playback Volume)"
error (and as a result, problems with amixer/alsamixer).
If there's pcbeep functionality, it certainly isn't controlled by setting an
amp on 0x0b, so disable beep functionality (at least for now).
Cc: stable@vger.kernel.org
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1446517
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/pci/hda/patch_realtek.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index c12fb35..5f83a48 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5414,6 +5414,7 @@ static int patch_alc269(struct hda_codec *codec)
break;
case 0x10ec0256:
spec->codec_variant = ALC269_TYPE_ALC256;
+ spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */
break;
}
@@ -5427,8 +5428,8 @@ static int patch_alc269(struct hda_codec *codec)
if (err < 0)
goto error;
- if (!spec->gen.no_analog && spec->gen.beep_nid)
- set_beep_amp(spec, 0x0b, 0x04, HDA_INPUT);
+ if (!spec->gen.no_analog && spec->gen.beep_nid && spec->gen.mixer_nid)
+ set_beep_amp(spec, spec->gen.mixer_nid, 0x04, HDA_INPUT);
codec->patch_ops = alc_patch_ops;
#ifdef CONFIG_PM
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 095/222] ALSA: hda/realtek - Fix Headphone Mic doesn't recording for ALC256
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (93 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 094/222] ALSA: hda - fix "num_steps = 0" error on ALC256 Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 096/222] Input: elantech - fix absolute mode setting on some ASUS laptops Sasha Levin
` (127 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Kailang Yang <kailang@realtek.com>
[ Upstream commit d32b66668c702aed0e330dc5ca186afbadcdacf8 ]
Switch default pcbeep path to Line in path.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Tested-by: Hui Wang <hui.wang@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 5f83a48..e3ad4a4 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5415,6 +5415,7 @@ static int patch_alc269(struct hda_codec *codec)
case 0x10ec0256:
spec->codec_variant = ALC269_TYPE_ALC256;
spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */
+ alc_update_coef_idx(codec, 0x36, 1 << 13, 1 << 5); /* Switch pcbeep path to Line in path*/
break;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 096/222] Input: elantech - fix absolute mode setting on some ASUS laptops
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (94 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 095/222] ALSA: hda/realtek - Fix Headphone Mic doesn't recording for ALC256 Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 097/222] fs/binfmt_elf.c: fix bug in loading of PIE binaries Sasha Levin
` (126 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ulrik De Bie <ulrik.debie-os@e2big.org>
[ Upstream commit bd884149aca61de269fd9bad83fe2a4232ffab21 ]
On ASUS TP500LN and X750JN, the touchpad absolute mode is reset each
time set_rate is done.
In order to fix this, we will verify the firmware version, and if it
matches the one in those laptops, the set_rate function is overloaded
with a function elantech_set_rate_restore_reg_07 that performs the
set_rate with the original function, followed by a restore of reg_07
(the register that sets the absolute mode on elantech v4 hardware).
Also the ASUS TP500LN and X750JN firmware version, capabilities, and
button constellation is added to elantech.c
Cc: stable@vger.kernel.org
Reported-and-tested-by: George Moutsopoulos <gmoutso@yahoo.co.uk>
Signed-off-by: Ulrik De Bie <ulrik.debie-os@e2big.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/input/mouse/elantech.c | 22 ++++++++++++++++++++++
drivers/input/mouse/elantech.h | 1 +
2 files changed, 23 insertions(+)
diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c
index 6e22682..991dc6b 100644
--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -893,6 +893,21 @@ static psmouse_ret_t elantech_process_byte(struct psmouse *psmouse)
}
/*
+ * This writes the reg_07 value again to the hardware at the end of every
+ * set_rate call because the register loses its value. reg_07 allows setting
+ * absolute mode on v4 hardware
+ */
+static void elantech_set_rate_restore_reg_07(struct psmouse *psmouse,
+ unsigned int rate)
+{
+ struct elantech_data *etd = psmouse->private;
+
+ etd->original_set_rate(psmouse, rate);
+ if (elantech_write_reg(psmouse, 0x07, etd->reg_07))
+ psmouse_err(psmouse, "restoring reg_07 failed\n");
+}
+
+/*
* Put the touchpad into absolute mode
*/
static int elantech_set_absolute_mode(struct psmouse *psmouse)
@@ -1094,6 +1109,8 @@ static int elantech_get_resolution_v4(struct psmouse *psmouse,
* Asus K53SV 0x450f01 78, 15, 0c 2 hw buttons
* Asus G46VW 0x460f02 00, 18, 0c 2 hw buttons
* Asus G750JX 0x360f00 00, 16, 0c 2 hw buttons
+ * Asus TP500LN 0x381f17 10, 14, 0e clickpad
+ * Asus X750JN 0x381f17 10, 14, 0e clickpad
* Asus UX31 0x361f00 20, 15, 0e clickpad
* Asus UX32VD 0x361f02 00, 15, 0e clickpad
* Avatar AVIU-145A2 0x361f00 ? clickpad
@@ -1635,6 +1652,11 @@ int elantech_init(struct psmouse *psmouse)
goto init_fail;
}
+ if (etd->fw_version == 0x381f17) {
+ etd->original_set_rate = psmouse->set_rate;
+ psmouse->set_rate = elantech_set_rate_restore_reg_07;
+ }
+
if (elantech_set_input_params(psmouse)) {
psmouse_err(psmouse, "failed to query touchpad range.\n");
goto init_fail;
diff --git a/drivers/input/mouse/elantech.h b/drivers/input/mouse/elantech.h
index 6f3afec..f965d15 100644
--- a/drivers/input/mouse/elantech.h
+++ b/drivers/input/mouse/elantech.h
@@ -142,6 +142,7 @@ struct elantech_data {
struct finger_pos mt[ETP_MAX_FINGERS];
unsigned char parity[256];
int (*send_cmd)(struct psmouse *psmouse, unsigned char c, unsigned char *param);
+ void (*original_set_rate)(struct psmouse *psmouse, unsigned int rate);
};
#ifdef CONFIG_MOUSE_PS2_ELANTECH
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 097/222] fs/binfmt_elf.c: fix bug in loading of PIE binaries
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (95 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 096/222] Input: elantech - fix absolute mode setting on some ASUS laptops Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 098/222] ptrace: fix race between ptrace_resume() and wait_task_stopped() Sasha Levin
` (125 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Michael Davidson <md@google.com>
[ Upstream commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 ]
With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down
address allocation strategy, load_elf_binary() will attempt to map a PIE
binary into an address range immediately below mm->mmap_base.
Unfortunately, load_elf_ binary() does not take account of the need to
allocate sufficient space for the entire binary which means that, while
the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent
PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are
that is supposed to be the "gap" between the stack and the binary.
Since the size of the "gap" on x86_64 is only guaranteed to be 128MB this
means that binaries with large data segments > 128MB can end up mapping
part of their data segment over their stack resulting in corruption of the
stack (and the data segment once the binary starts to run).
Any PIE binary with a data segment > 128MB is vulnerable to this although
address randomization means that the actual gap between the stack and the
end of the binary is normally greater than 128MB. The larger the data
segment of the binary the higher the probability of failure.
Fix this by calculating the total size of the binary in the same way as
load_elf_interp().
Signed-off-by: Michael Davidson <md@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/binfmt_elf.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index e1efcaa..3dd2497 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -750,6 +750,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
int elf_prot = 0, elf_flags;
unsigned long k, vaddr;
+ unsigned long total_size = 0;
if (elf_ppnt->p_type != PT_LOAD)
continue;
@@ -812,10 +813,16 @@ static int load_elf_binary(struct linux_binprm *bprm)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
+ total_size = total_mapping_size(elf_phdata,
+ loc->elf_ex.e_phnum);
+ if (!total_size) {
+ error = -EINVAL;
+ goto out_free_dentry;
+ }
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
- elf_prot, elf_flags, 0);
+ elf_prot, elf_flags, total_size);
if (BAD_ADDR(error)) {
retval = IS_ERR((void *)error) ?
PTR_ERR((void*)error) : -EINVAL;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 098/222] ptrace: fix race between ptrace_resume() and wait_task_stopped()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (96 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 097/222] fs/binfmt_elf.c: fix bug in loading of PIE binaries Sasha Levin
@ 2015-05-17 1:03 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 099/222] NFC: st21nfcb: Retry i2c_master_send if it returns a negative value Sasha Levin
` (124 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:03 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Oleg Nesterov <oleg@redhat.com>
[ Upstream commit b72c186999e689cb0b055ab1c7b3cd8fffbeb5ed ]
ptrace_resume() is called when the tracee is still __TASK_TRACED. We set
tracee->exit_code and then wake_up_state() changes tracee->state. If the
tracer's sub-thread does wait() in between, task_stopped_code(ptrace => T)
wrongly looks like another report from tracee.
This confuses debugger, and since wait_task_stopped() clears ->exit_code
the tracee can miss a signal.
Test-case:
#include <stdio.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/ptrace.h>
#include <pthread.h>
#include <assert.h>
int pid;
void *waiter(void *arg)
{
int stat;
for (;;) {
assert(pid == wait(&stat));
assert(WIFSTOPPED(stat));
if (WSTOPSIG(stat) == SIGHUP)
continue;
assert(WSTOPSIG(stat) == SIGCONT);
printf("ERR! extra/wrong report:%x\n", stat);
}
}
int main(void)
{
pthread_t thread;
pid = fork();
if (!pid) {
assert(ptrace(PTRACE_TRACEME, 0,0,0) == 0);
for (;;)
kill(getpid(), SIGHUP);
}
assert(pthread_create(&thread, NULL, waiter, NULL) == 0);
for (;;)
ptrace(PTRACE_CONT, pid, 0, SIGCONT);
return 0;
}
Note for stable: the bug is very old, but without 9899d11f6544 "ptrace:
ensure arch_ptrace/ptrace_request can never race with SIGKILL" the fix
should use lock_task_sighand(child).
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Pavel Labath <labath@google.com>
Tested-by: Pavel Labath <labath@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
kernel/ptrace.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 54e7522..dcd9682 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -714,6 +714,8 @@ static int ptrace_peek_siginfo(struct task_struct *child,
static int ptrace_resume(struct task_struct *child, long request,
unsigned long data)
{
+ bool need_siglock;
+
if (!valid_signal(data))
return -EIO;
@@ -741,8 +743,26 @@ static int ptrace_resume(struct task_struct *child, long request,
user_disable_single_step(child);
}
+ /*
+ * Change ->exit_code and ->state under siglock to avoid the race
+ * with wait_task_stopped() in between; a non-zero ->exit_code will
+ * wrongly look like another report from tracee.
+ *
+ * Note that we need siglock even if ->exit_code == data and/or this
+ * status was not reported yet, the new status must not be cleared by
+ * wait_task_stopped() after resume.
+ *
+ * If data == 0 we do not care if wait_task_stopped() reports the old
+ * status and clears the code too; this can't race with the tracee, it
+ * takes siglock after resume.
+ */
+ need_siglock = data && !thread_group_empty(current);
+ if (need_siglock)
+ spin_lock_irq(&child->sighand->siglock);
child->exit_code = data;
wake_up_state(child, __TASK_TRACED);
+ if (need_siglock)
+ spin_unlock_irq(&child->sighand->siglock);
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 099/222] NFC: st21nfcb: Retry i2c_master_send if it returns a negative value
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (97 preceding siblings ...)
2015-05-17 1:03 ` [PATCH 3.18 098/222] ptrace: fix race between ptrace_resume() and wait_task_stopped() Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 100/222] rtlwifi: rtl8192cu: Add new USB ID Sasha Levin
` (123 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christophe Ricard <christophe.ricard@gmail.com>
[ Upstream commit d4a41d10b2cb5890aeda6b2912973b2a754b05b1 ]
i2c_master_send may return many negative values different than
-EREMOTEIO.
In case an i2c transaction is NACK'ed, on raspberry pi B+
kernel 3.18, -EIO is generated instead.
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/nfc/st21nfcb/i2c.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/nfc/st21nfcb/i2c.c b/drivers/nfc/st21nfcb/i2c.c
index c5d2427..2cf867b 100644
--- a/drivers/nfc/st21nfcb/i2c.c
+++ b/drivers/nfc/st21nfcb/i2c.c
@@ -112,7 +112,7 @@ static int st21nfcb_nci_i2c_write(void *phy_id, struct sk_buff *skb)
return phy->ndlc->hard_fault;
r = i2c_master_send(client, skb->data, skb->len);
- if (r == -EREMOTEIO) { /* Retry, chip was in standby */
+ if (r < 0) { /* Retry, chip was in standby */
usleep_range(1000, 4000);
r = i2c_master_send(client, skb->data, skb->len);
}
@@ -151,7 +151,7 @@ static int st21nfcb_nci_i2c_read(struct st21nfcb_i2c_phy *phy,
struct i2c_client *client = phy->i2c_dev;
r = i2c_master_recv(client, buf, ST21NFCB_NCI_I2C_MIN_SIZE);
- if (r == -EREMOTEIO) { /* Retry, chip was in standby */
+ if (r < 0) { /* Retry, chip was in standby */
usleep_range(1000, 4000);
r = i2c_master_recv(client, buf, ST21NFCB_NCI_I2C_MIN_SIZE);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 100/222] rtlwifi: rtl8192cu: Add new USB ID
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (98 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 099/222] NFC: st21nfcb: Retry i2c_master_send if it returns a negative value Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 101/222] rtlwifi: rtl8192cu: Add new device ID Sasha Levin
` (122 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Larry Finger <Larry.Finger@lwfinger.net>
[ Upstream commit 2f92b314f4daff2117847ac5343c54d3d041bf78 ]
USB ID 2001:330d is used for a D-Link DWA-131.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/wireless/rtlwifi/rtl8192cu/sw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
index e06bafe..3e3c853 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
@@ -377,6 +377,7 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
{RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/
{RTL_USB_DEVICE(0x2001, 0x3309, rtl92cu_hal_cfg)}, /*D-Link-Alpha*/
{RTL_USB_DEVICE(0x2001, 0x330a, rtl92cu_hal_cfg)}, /*D-Link-Alpha*/
+ {RTL_USB_DEVICE(0x2001, 0x330d, rtl92cu_hal_cfg)}, /*D-Link DWA-131 */
{RTL_USB_DEVICE(0x2019, 0xab2b, rtl92cu_hal_cfg)}, /*Planex -Abocom*/
{RTL_USB_DEVICE(0x20f4, 0x624d, rtl92cu_hal_cfg)}, /*TRENDNet*/
{RTL_USB_DEVICE(0x2357, 0x0100, rtl92cu_hal_cfg)}, /*TP-Link WN8200ND*/
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 101/222] rtlwifi: rtl8192cu: Add new device ID
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (99 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 100/222] rtlwifi: rtl8192cu: Add new USB ID Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 102/222] ext4: make fsync to sync parent dir in no-journal for real this time Sasha Levin
` (121 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 9374e7d2fdcad3c36dafc8d3effd554bc702c4b6 ]
Add new ID for ASUS N10 WiFi dongle.
Signed-off-by: Marek Vasut <marex@denx.de>
Tested-by: Marek Vasut <marex@denx.de>
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: John W. Linville <linville@tuxdriver.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/wireless/rtlwifi/rtl8192cu/sw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
index 3e3c853..5034660 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
@@ -321,6 +321,7 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
{RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/
{RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/
{RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/
+ {RTL_USB_DEVICE(0x0b05, 0x17ba, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/
{RTL_USB_DEVICE(0x0bda, 0x5088, rtl92cu_hal_cfg)}, /*Thinkware-CC&C*/
{RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
{RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 102/222] ext4: make fsync to sync parent dir in no-journal for real this time
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (100 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 101/222] rtlwifi: rtl8192cu: Add new device ID Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 103/222] mnt: Improve the umount_tree flags Sasha Levin
` (120 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Lukas Czerner <lczerner@redhat.com>
[ Upstream commit e12fb97222fc41e8442896934f76d39ef99b590a ]
Previously commit 14ece1028b3ed53ffec1b1213ffc6acaf79ad77c added a
support for for syncing parent directory of newly created inodes to
make sure that the inode is not lost after a power failure in
no-journal mode.
However this does not work in majority of cases, namely:
- if the directory has inline data
- if the directory is already indexed
- if the directory already has at least one block and:
- the new entry fits into it
- or we've successfully converted it to indexed
So in those cases we might lose the inode entirely even after fsync in
the no-journal mode. This also includes ext2 default mode obviously.
I've noticed this while running xfstest generic/321 and even though the
test should fail (we need to run fsck after a crash in no-journal mode)
I could not find a newly created entries even when if it was fsynced
before.
Fix this by adjusting the ext4_add_entry() successful exit paths to set
the inode EXT4_STATE_NEWENTRY so that fsync has the chance to fsync the
parent directory as well.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Frank Mayhar <fmayhar@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/ext4/namei.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 4262118..bada5a1 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1865,7 +1865,7 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry,
struct inode *inode)
{
struct inode *dir = dentry->d_parent->d_inode;
- struct buffer_head *bh;
+ struct buffer_head *bh = NULL;
struct ext4_dir_entry_2 *de;
struct ext4_dir_entry_tail *t;
struct super_block *sb;
@@ -1889,14 +1889,14 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry,
return retval;
if (retval == 1) {
retval = 0;
- return retval;
+ goto out;
}
}
if (is_dx(dir)) {
retval = ext4_dx_add_entry(handle, dentry, inode);
if (!retval || (retval != ERR_BAD_DX_DIR))
- return retval;
+ goto out;
ext4_clear_inode_flag(dir, EXT4_INODE_INDEX);
dx_fallback++;
ext4_mark_inode_dirty(handle, dir);
@@ -1908,14 +1908,15 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry,
return PTR_ERR(bh);
retval = add_dirent_to_buf(handle, dentry, inode, NULL, bh);
- if (retval != -ENOSPC) {
- brelse(bh);
- return retval;
- }
+ if (retval != -ENOSPC)
+ goto out;
if (blocks == 1 && !dx_fallback &&
- EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_DIR_INDEX))
- return make_indexed_dir(handle, dentry, inode, bh);
+ EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_DIR_INDEX)) {
+ retval = make_indexed_dir(handle, dentry, inode, bh);
+ bh = NULL; /* make_indexed_dir releases bh */
+ goto out;
+ }
brelse(bh);
}
bh = ext4_append(handle, dir, &block);
@@ -1931,6 +1932,7 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry,
}
retval = add_dirent_to_buf(handle, dentry, inode, de, bh);
+out:
brelse(bh);
if (retval == 0)
ext4_set_inode_state(inode, EXT4_STATE_NEWENTRY);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 103/222] mnt: Improve the umount_tree flags
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (101 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 102/222] ext4: make fsync to sync parent dir in no-journal for real this time Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 104/222] mnt: Don't propagate umounts in __detach_mounts Sasha Levin
` (119 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "Eric W. Biederman" <ebiederm@xmission.com>
[ Upstream commit e819f152104c9f7c9fe50e1aecce6f5d4bf06d65 ]
- Remove the unneeded declaration from pnode.h
- Mark umount_tree static as it has no callers outside of namespace.c
- Define an enumeration of umount_tree's flags.
- Pass umount_tree's flags in by name
This removes the magic numbers 0, 1 and 2 making the code a little
clearer and makes it possible for there to be lazy unmounts that don't
propagate. Which is what __detach_mounts actually wants for example.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/namespace.c | 31 ++++++++++++++++---------------
fs/pnode.h | 1 -
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index bbde147..7ea7e51 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1322,14 +1322,15 @@ static inline void namespace_lock(void)
down_write(&namespace_sem);
}
+enum umount_tree_flags {
+ UMOUNT_SYNC = 1,
+ UMOUNT_PROPAGATE = 2,
+};
/*
* mount_lock must be held
* namespace_sem must be held for write
- * how = 0 => just this tree, don't propagate
- * how = 1 => propagate; we know that nobody else has reference to any victims
- * how = 2 => lazy umount
*/
-void umount_tree(struct mount *mnt, int how)
+static void umount_tree(struct mount *mnt, enum umount_tree_flags how)
{
HLIST_HEAD(tmp_list);
struct mount *p;
@@ -1343,7 +1344,7 @@ void umount_tree(struct mount *mnt, int how)
hlist_for_each_entry(p, &tmp_list, mnt_hash)
list_del_init(&p->mnt_child);
- if (how)
+ if (how & UMOUNT_PROPAGATE)
propagate_umount(&tmp_list);
hlist_for_each_entry(p, &tmp_list, mnt_hash) {
@@ -1351,7 +1352,7 @@ void umount_tree(struct mount *mnt, int how)
list_del_init(&p->mnt_list);
__touch_mnt_namespace(p->mnt_ns);
p->mnt_ns = NULL;
- if (how < 2)
+ if (how & UMOUNT_SYNC)
p->mnt.mnt_flags |= MNT_SYNC_UMOUNT;
if (mnt_has_parent(p)) {
hlist_del_init(&p->mnt_mp_list);
@@ -1456,14 +1457,14 @@ static int do_umount(struct mount *mnt, int flags)
if (flags & MNT_DETACH) {
if (!list_empty(&mnt->mnt_list))
- umount_tree(mnt, 2);
+ umount_tree(mnt, UMOUNT_PROPAGATE);
retval = 0;
} else {
shrink_submounts(mnt);
retval = -EBUSY;
if (!propagate_mount_busy(mnt, 2)) {
if (!list_empty(&mnt->mnt_list))
- umount_tree(mnt, 1);
+ umount_tree(mnt, UMOUNT_PROPAGATE|UMOUNT_SYNC);
retval = 0;
}
}
@@ -1495,7 +1496,7 @@ void __detach_mounts(struct dentry *dentry)
lock_mount_hash();
while (!hlist_empty(&mp->m_list)) {
mnt = hlist_entry(mp->m_list.first, struct mount, mnt_mp_list);
- umount_tree(mnt, 2);
+ umount_tree(mnt, UMOUNT_PROPAGATE);
}
unlock_mount_hash();
put_mountpoint(mp);
@@ -1662,7 +1663,7 @@ struct mount *copy_tree(struct mount *mnt, struct dentry *dentry,
out:
if (res) {
lock_mount_hash();
- umount_tree(res, 0);
+ umount_tree(res, UMOUNT_SYNC);
unlock_mount_hash();
}
return q;
@@ -1686,7 +1687,7 @@ void drop_collected_mounts(struct vfsmount *mnt)
{
namespace_lock();
lock_mount_hash();
- umount_tree(real_mount(mnt), 0);
+ umount_tree(real_mount(mnt), UMOUNT_SYNC);
unlock_mount_hash();
namespace_unlock();
}
@@ -1869,7 +1870,7 @@ static int attach_recursive_mnt(struct mount *source_mnt,
out_cleanup_ids:
while (!hlist_empty(&tree_list)) {
child = hlist_entry(tree_list.first, struct mount, mnt_hash);
- umount_tree(child, 0);
+ umount_tree(child, UMOUNT_SYNC);
}
unlock_mount_hash();
cleanup_group_ids(source_mnt, NULL);
@@ -2046,7 +2047,7 @@ static int do_loopback(struct path *path, const char *old_name,
err = graft_tree(mnt, parent, mp);
if (err) {
lock_mount_hash();
- umount_tree(mnt, 0);
+ umount_tree(mnt, UMOUNT_SYNC);
unlock_mount_hash();
}
out2:
@@ -2417,7 +2418,7 @@ void mark_mounts_for_expiry(struct list_head *mounts)
while (!list_empty(&graveyard)) {
mnt = list_first_entry(&graveyard, struct mount, mnt_expire);
touch_mnt_namespace(mnt->mnt_ns);
- umount_tree(mnt, 1);
+ umount_tree(mnt, UMOUNT_PROPAGATE|UMOUNT_SYNC);
}
unlock_mount_hash();
namespace_unlock();
@@ -2488,7 +2489,7 @@ static void shrink_submounts(struct mount *mnt)
m = list_first_entry(&graveyard, struct mount,
mnt_expire);
touch_mnt_namespace(m->mnt_ns);
- umount_tree(m, 1);
+ umount_tree(m, UMOUNT_PROPAGATE|UMOUNT_SYNC);
}
}
}
diff --git a/fs/pnode.h b/fs/pnode.h
index 4a24635..16afc3d 100644
--- a/fs/pnode.h
+++ b/fs/pnode.h
@@ -47,7 +47,6 @@ int get_dominating_id(struct mount *mnt, const struct path *root);
unsigned int mnt_get_count(struct mount *mnt);
void mnt_set_mountpoint(struct mount *, struct mountpoint *,
struct mount *);
-void umount_tree(struct mount *, int);
struct mount *copy_tree(struct mount *, struct dentry *, int);
bool is_path_reachable(struct mount *, struct dentry *,
const struct path *root);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 104/222] mnt: Don't propagate umounts in __detach_mounts
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (102 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 103/222] mnt: Improve the umount_tree flags Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 105/222] perf symbols: Define STT_GNU_IFUNC for glibc 2.9 and older Sasha Levin
` (118 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "Eric W. Biederman" <ebiederm@xmission.com>
[ Upstream commit 8318e667f176f7ea34451a1a530634e293f216ac ]
Invoking mount propagation from __detach_mounts is inefficient and
wrong.
It is inefficient because __detach_mounts already walks the list of
mounts that where something needs to be done, and mount propagation
walks some subset of those mounts again.
It is actively wrong because if the dentry that is passed to
__detach_mounts is not part of the path to a mount that mount should
not be affected.
change_mnt_propagation(p,MS_PRIVATE) modifies the mount propagation
tree of a master mount so it's slaves are connected to another master
if possible. Which means even removing a mount from the middle of a
mount tree with __detach_mounts will not deprive any mount propagated
mount events.
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 7ea7e51..07ba424 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1496,7 +1496,7 @@ void __detach_mounts(struct dentry *dentry)
lock_mount_hash();
while (!hlist_empty(&mp->m_list)) {
mnt = hlist_entry(mp->m_list.first, struct mount, mnt_mp_list);
- umount_tree(mnt, UMOUNT_PROPAGATE);
+ umount_tree(mnt, 0);
}
unlock_mount_hash();
put_mountpoint(mp);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 105/222] perf symbols: Define STT_GNU_IFUNC for glibc 2.9 and older.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (103 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 104/222] mnt: Don't propagate umounts in __detach_mounts Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 106/222] perf tools: Work around lack of sched_getcpu in glibc < 2.6 Sasha Levin
` (117 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Vinson Lee <vlee@twitter.com>
[ Upstream commit 4e31050f482c02c822b150d71cf1ea5be7c9d6e4 ]
The token STT_GNU_IFUNC is not available with glibc 2.9 and older.
Define this token if it is not already defined.
This patch fixes this build errors with older versions of glibc.
CC util/symbol-elf.o
util/symbol-elf.c: In function ‘elf_sym__is_function’:
util/symbol-elf.c:75: error: ‘STT_GNU_IFUNC’ undeclared (first use in this function)
util/symbol-elf.c:75: error: (Each undeclared identifier is reported only once
util/symbol-elf.c:75: error: for each function it appears in.)
make: *** [util/symbol-elf.o] Error 1
Signed-off-by: Vinson Lee <vlee@twitter.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Anton Blanchard <anton@samba.org>
Cc: Avi Kivity <avi@cloudius-systems.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Stephane Eranian <eranian@google.com>
Cc: Waiman Long <Waiman.Long@hp.com>
Cc: stable@vger.kernel.org # 3.17+
Link: http://lkml.kernel.org/r/1423528286-13630-1-git-send-email-vlee@twopensource.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
tools/perf/util/symbol-elf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index 1e23a5b..fcaf06b 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -48,6 +48,10 @@ static inline uint8_t elf_sym__type(const GElf_Sym *sym)
return GELF_ST_TYPE(sym->st_info);
}
+#ifndef STT_GNU_IFUNC
+#define STT_GNU_IFUNC 10
+#endif
+
static inline int elf_sym__is_function(const GElf_Sym *sym)
{
return (elf_sym__type(sym) == STT_FUNC ||
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 106/222] perf tools: Work around lack of sched_getcpu in glibc < 2.6.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (104 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 105/222] perf symbols: Define STT_GNU_IFUNC for glibc 2.9 and older Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 107/222] powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH Sasha Levin
` (116 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Vinson Lee <vlee@twitter.com>
[ Upstream commit e1e455f4f4d35850c30235747620d0d078fe9f64 ]
This patch fixes this build error with glibc < 2.6.
CC util/cloexec.o
cc1: warnings being treated as errors
util/cloexec.c: In function ‘perf_flag_probe’:
util/cloexec.c:24: error: implicit declaration of function
‘sched_getcpu’
util/cloexec.c:24: error: nested extern declaration of ‘sched_getcpu’
make: *** [util/cloexec.o] Error 1
Signed-off-by: Vinson Lee <vlee@twitter.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Cc: stable@vger.kernel.org # 3.18+
Link: http://lkml.kernel.org/r/1427137761-16119-1-git-send-email-vlee@twopensource.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
tools/perf/util/cloexec.c | 6 ++++++
tools/perf/util/cloexec.h | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/tools/perf/util/cloexec.c b/tools/perf/util/cloexec.c
index 6da965b..85b5238 100644
--- a/tools/perf/util/cloexec.c
+++ b/tools/perf/util/cloexec.c
@@ -7,6 +7,12 @@
static unsigned long flag = PERF_FLAG_FD_CLOEXEC;
+int __weak sched_getcpu(void)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
static int perf_flag_probe(void)
{
/* use 'safest' configuration as used in perf_evsel__fallback() */
diff --git a/tools/perf/util/cloexec.h b/tools/perf/util/cloexec.h
index 94a5a7d..68888c2 100644
--- a/tools/perf/util/cloexec.h
+++ b/tools/perf/util/cloexec.h
@@ -3,4 +3,10 @@
unsigned long perf_event_open_cloexec_flag(void);
+#ifdef __GLIBC_PREREQ
+#if !__GLIBC_PREREQ(2, 6)
+extern int sched_getcpu(void) __THROW;
+#endif
+#endif
+
#endif /* __PERF_CLOEXEC_H */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 107/222] powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (105 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 106/222] perf tools: Work around lack of sched_getcpu in glibc < 2.6 Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 108/222] tools lib traceevent kbuffer: Remove extra update to data pointer in PADDING Sasha Levin
` (115 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Anton Blanchard <anton@samba.org>
[ Upstream commit 9a5cbce421a283e6aea3c4007f141735bf9da8c3 ]
We cap 32bit userspace backtraces to PERF_MAX_STACK_DEPTH
(currently 127), but we forgot to do the same for 64bit backtraces.
Cc: stable@vger.kernel.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/powerpc/perf/callchain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/perf/callchain.c b/arch/powerpc/perf/callchain.c
index 2396dda..ead5535 100644
--- a/arch/powerpc/perf/callchain.c
+++ b/arch/powerpc/perf/callchain.c
@@ -243,7 +243,7 @@ static void perf_callchain_user_64(struct perf_callchain_entry *entry,
sp = regs->gpr[1];
perf_callchain_store(entry, next_ip);
- for (;;) {
+ while (entry->nr < PERF_MAX_STACK_DEPTH) {
fp = (unsigned long __user *) sp;
if (!valid_user_sp(sp, 1) || read_user_stack_64(fp, &next_sp))
return;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 108/222] tools lib traceevent kbuffer: Remove extra update to data pointer in PADDING
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (106 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 107/222] powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 109/222] tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support for O= option in Makefile Sasha Levin
` (114 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
[ Upstream commit c5e691928bf166ac03430e957038b60adba3cf6c ]
When a event PADDING is hit (a deleted event that is still in the ring
buffer), translate_data() sets the length of the padding and also updates
the data pointer which is passed back to the caller.
This is unneeded because the caller also updates the data pointer with
the passed back length. translate_data() should not update the pointer,
only set the length.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org # 3.12+
Link: http://lkml.kernel.org/r/20150324135923.461431960@goodmis.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
tools/lib/traceevent/kbuffer-parse.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/lib/traceevent/kbuffer-parse.c b/tools/lib/traceevent/kbuffer-parse.c
index dcc6652..deb3569 100644
--- a/tools/lib/traceevent/kbuffer-parse.c
+++ b/tools/lib/traceevent/kbuffer-parse.c
@@ -372,7 +372,6 @@ translate_data(struct kbuffer *kbuf, void *data, void **rptr,
switch (type_len) {
case KBUFFER_TYPE_PADDING:
*length = read_4(kbuf, data);
- data += *length;
break;
case KBUFFER_TYPE_TIME_EXTEND:
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 109/222] tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support for O= option in Makefile
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (107 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 108/222] tools lib traceevent kbuffer: Remove extra update to data pointer in PADDING Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 110/222] UBI: account for bitflips in both the VID header and data Sasha Levin
` (113 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Thomas D <whissi@whissi.de>
[ Upstream commit f82263c6989c31ae9b94cecddffb29dcbec38710 ]
Since commit ee0778a30153
("tools/power: turbostat: make Makefile a bit more capable")
turbostat's Makefile is using
[...]
BUILD_OUTPUT := $(PWD)
[...]
which obviously causes trouble when building "turbostat" with
make -C /usr/src/linux/tools/power/x86/turbostat ARCH=x86 turbostat
because GNU make does not update nor guarantee that $PWD is set.
This patch changes the Makefile to use $CURDIR instead, which GNU make
guarantees to set and update (i.e. when using "make -C ...") and also
adds support for the O= option (see "make help" in your root of your
kernel source tree for more details).
Link: https://bugs.gentoo.org/show_bug.cgi?id=533918
Fixes: ee0778a30153 ("tools/power: turbostat: make Makefile a bit more capable")
Signed-off-by: Thomas D. <whissi@whissi.de>
Cc: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
tools/power/x86/turbostat/Makefile | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tools/power/x86/turbostat/Makefile b/tools/power/x86/turbostat/Makefile
index d1b3a36..4039854 100644
--- a/tools/power/x86/turbostat/Makefile
+++ b/tools/power/x86/turbostat/Makefile
@@ -1,8 +1,12 @@
CC = $(CROSS_COMPILE)gcc
-BUILD_OUTPUT := $(PWD)
+BUILD_OUTPUT := $(CURDIR)
PREFIX := /usr
DESTDIR :=
+ifeq ("$(origin O)", "command line")
+ BUILD_OUTPUT := $(O)
+endif
+
turbostat : turbostat.c
CFLAGS += -Wall
CFLAGS += -DMSRHEADER='"../../../../arch/x86/include/uapi/asm/msr-index.h"'
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 110/222] UBI: account for bitflips in both the VID header and data
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (108 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 109/222] tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support for O= option in Makefile Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 111/222] UBI: fix out of bounds write Sasha Levin
` (112 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Brian Norris <computersforpeace@gmail.com>
[ Upstream commit 8eef7d70f7c6772c3490f410ee2bceab3b543fa1 ]
We are completely discarding the earlier value of 'bitflips', which
could reflect a bitflip found in ubi_io_read_vid_hdr(). Let's use the
bitwise OR of header and data 'bitflip' statuses instead.
Coverity CID #1226856
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/mtd/ubi/attach.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/attach.c b/drivers/mtd/ubi/attach.c
index 6f27d9a..21841fe 100644
--- a/drivers/mtd/ubi/attach.c
+++ b/drivers/mtd/ubi/attach.c
@@ -408,7 +408,7 @@ int ubi_compare_lebs(struct ubi_device *ubi, const struct ubi_ainf_peb *aeb,
second_is_newer = !second_is_newer;
} else {
dbg_bld("PEB %d CRC is OK", pnum);
- bitflips = !!err;
+ bitflips |= !!err;
}
mutex_unlock(&ubi->buf_mutex);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 111/222] UBI: fix out of bounds write
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (109 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 110/222] UBI: account for bitflips in both the VID header and data Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 112/222] UBI: initialize LEB number variable Sasha Levin
` (111 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Brian Norris <computersforpeace@gmail.com>
[ Upstream commit d74adbdb9abf0d2506a6c4afa534d894f28b763f ]
If aeb->len >= vol->reserved_pebs, we should not be writing aeb into the
PEB->LEB mapping.
Caught by Coverity, CID #711212.
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/mtd/ubi/eba.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c
index 2402d3b..493f7b3 100644
--- a/drivers/mtd/ubi/eba.c
+++ b/drivers/mtd/ubi/eba.c
@@ -1361,7 +1361,8 @@ int ubi_eba_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
* during re-size.
*/
ubi_move_aeb_to_list(av, aeb, &ai->erase);
- vol->eba_tbl[aeb->lnum] = aeb->pnum;
+ else
+ vol->eba_tbl[aeb->lnum] = aeb->pnum;
}
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 112/222] UBI: initialize LEB number variable
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (110 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 111/222] UBI: fix out of bounds write Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 113/222] UBI: fix check for "too many bytes" Sasha Levin
` (110 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Brian Norris <computersforpeace@gmail.com>
[ Upstream commit f16db8071ce18819fbd705ddcc91c6f392fb61f8 ]
In some of the 'out_not_moved' error paths, lnum may be used
uninitialized. Don't ignore the warning; let's fix it.
This uninitialized variable doesn't have much visible effect in the end,
since we just schedule the PEB for erasure, and its LEB number doesn't
really matter (it just gets printed in debug messages). But let's get it
straight anyway.
Coverity CID #113449
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/mtd/ubi/wl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index b9686c1..ef67056 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -1001,7 +1001,7 @@ static int wear_leveling_worker(struct ubi_device *ubi, struct ubi_work *wrk,
int shutdown)
{
int err, scrubbing = 0, torture = 0, protect = 0, erroneous = 0;
- int vol_id = -1, uninitialized_var(lnum);
+ int vol_id = -1, lnum = -1;
#ifdef CONFIG_MTD_UBI_FASTMAP
int anchor = wrk->anchor;
#endif
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 113/222] UBI: fix check for "too many bytes"
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (111 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 112/222] UBI: initialize LEB number variable Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 114/222] scsi: storvsc: Fix a bug in copy_from_bounce_buffer() Sasha Levin
` (109 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Brian Norris <computersforpeace@gmail.com>
[ Upstream commit 299d0c5b27346a77a0777c993372bf8777d4f2e5 ]
The comparison from the previous line seems to have been erroneously
(partially) copied-and-pasted onto the next. The second line should be
checking req.bytes, not req.lnum.
Coverity CID #139400
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
[rw: Fixed comparison]
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/mtd/ubi/cdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/cdev.c b/drivers/mtd/ubi/cdev.c
index 59de69a..3946d78 100644
--- a/drivers/mtd/ubi/cdev.c
+++ b/drivers/mtd/ubi/cdev.c
@@ -453,7 +453,7 @@ static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
/* Validate the request */
err = -EINVAL;
if (req.lnum < 0 || req.lnum >= vol->reserved_pebs ||
- req.bytes < 0 || req.lnum >= vol->usable_leb_size)
+ req.bytes < 0 || req.bytes > vol->usable_leb_size)
break;
err = get_exclusive(desc);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 114/222] scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (112 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 113/222] UBI: fix check for "too many bytes" Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 115/222] target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling Sasha Levin
` (108 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "K. Y. Srinivasan" <kys@microsoft.com>
[ Upstream commit 8de580742fee8bc34d116f57a20b22b9a5f08403 ]
We may exit this function without properly freeing up the maapings
we may have acquired. Fix the bug.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Long Li <longli@microsoft.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/scsi/storvsc_drv.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 90af465..4534d9d 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -741,21 +741,22 @@ static unsigned int copy_to_bounce_buffer(struct scatterlist *orig_sgl,
if (bounce_sgl[j].length == PAGE_SIZE) {
/* full..move to next entry */
sg_kunmap_atomic(bounce_addr);
+ bounce_addr = 0;
j++;
+ }
- /* if we need to use another bounce buffer */
- if (srclen || i != orig_sgl_count - 1)
- bounce_addr = sg_kmap_atomic(bounce_sgl,j);
+ /* if we need to use another bounce buffer */
+ if (srclen && bounce_addr == 0)
+ bounce_addr = sg_kmap_atomic(bounce_sgl, j);
- } else if (srclen == 0 && i == orig_sgl_count - 1) {
- /* unmap the last bounce that is < PAGE_SIZE */
- sg_kunmap_atomic(bounce_addr);
- }
}
sg_kunmap_atomic(src_addr - orig_sgl[i].offset);
}
+ if (bounce_addr)
+ sg_kunmap_atomic(bounce_addr);
+
local_irq_restore(flags);
return total_copied;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 115/222] target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (113 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 114/222] scsi: storvsc: Fix a bug in copy_from_bounce_buffer() Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 116/222] target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled Sasha Levin
` (107 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Nicholas Bellinger <nab@linux-iscsi.org>
[ Upstream commit c8e639852ad720499912acedfd6b072325fd2807 ]
This patch fixes a bug for COMPARE_AND_WRITE handling with
fabrics using SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC.
It adds the missing allocation for cmd->t_bidi_data_sg within
transport_generic_new_cmd() that is used by COMPARE_AND_WRITE
for the initial READ payload, even if the fabric is already
providing a pre-allocated buffer for cmd->t_data_sg.
Also, fix zero-length COMPARE_AND_WRITE handling within the
compare_and_write_callback() and target_complete_ok_work()
to queue the response, skipping the initial READ.
This fixes COMPARE_AND_WRITE emulation with loopback, vhost,
and xen-backend fabric drivers using SG_TO_MEM_NOALLOC.
Reported-by: Christoph Hellwig <hch@lst.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: <stable@vger.kernel.org> # v3.12+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/target/target_core_sbc.c | 15 +++++++++-----
drivers/target/target_core_transport.c | 37 ++++++++++++++++++++++++++++++----
include/target/target_core_base.h | 2 +-
3 files changed, 44 insertions(+), 10 deletions(-)
diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
index 565c0da..fa89c2f 100644
--- a/drivers/target/target_core_sbc.c
+++ b/drivers/target/target_core_sbc.c
@@ -299,7 +299,7 @@ sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *o
return 0;
}
-static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd)
+static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success)
{
unsigned char *buf, *addr;
struct scatterlist *sg;
@@ -363,7 +363,7 @@ sbc_execute_rw(struct se_cmd *cmd)
cmd->data_direction);
}
-static sense_reason_t compare_and_write_post(struct se_cmd *cmd)
+static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success)
{
struct se_device *dev = cmd->se_dev;
@@ -386,7 +386,7 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd)
return TCM_NO_SENSE;
}
-static sense_reason_t compare_and_write_callback(struct se_cmd *cmd)
+static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success)
{
struct se_device *dev = cmd->se_dev;
struct scatterlist *write_sg = NULL, *sg;
@@ -401,11 +401,16 @@ static sense_reason_t compare_and_write_callback(struct se_cmd *cmd)
/*
* Handle early failure in transport_generic_request_failure(),
- * which will not have taken ->caw_mutex yet..
+ * which will not have taken ->caw_sem yet..
*/
- if (!cmd->t_data_sg || !cmd->t_bidi_data_sg)
+ if (!success && (!cmd->t_data_sg || !cmd->t_bidi_data_sg))
return TCM_NO_SENSE;
/*
+ * Handle special case for zero-length COMPARE_AND_WRITE
+ */
+ if (!cmd->data_length)
+ goto out;
+ /*
* Immediately exit + release dev->caw_sem if command has already
* been failed with a non-zero SCSI status.
*/
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
index 2e09984..e786e91 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1615,11 +1615,11 @@ void transport_generic_request_failure(struct se_cmd *cmd,
transport_complete_task_attr(cmd);
/*
* Handle special case for COMPARE_AND_WRITE failure, where the
- * callback is expected to drop the per device ->caw_mutex.
+ * callback is expected to drop the per device ->caw_sem.
*/
if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) &&
cmd->transport_complete_callback)
- cmd->transport_complete_callback(cmd);
+ cmd->transport_complete_callback(cmd, false);
switch (sense_reason) {
case TCM_NON_EXISTENT_LUN:
@@ -1975,8 +1975,12 @@ static void target_complete_ok_work(struct work_struct *work)
if (cmd->transport_complete_callback) {
sense_reason_t rc;
- rc = cmd->transport_complete_callback(cmd);
+ rc = cmd->transport_complete_callback(cmd, true);
if (!rc && !(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE_POST)) {
+ if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) &&
+ !cmd->data_length)
+ goto queue_rsp;
+
return;
} else if (rc) {
ret = transport_send_check_condition_and_sense(cmd,
@@ -1990,6 +1994,7 @@ static void target_complete_ok_work(struct work_struct *work)
}
}
+queue_rsp:
switch (cmd->data_direction) {
case DMA_FROM_DEVICE:
spin_lock(&cmd->se_lun->lun_sep_lock);
@@ -2094,6 +2099,16 @@ static inline void transport_reset_sgl_orig(struct se_cmd *cmd)
static inline void transport_free_pages(struct se_cmd *cmd)
{
if (cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) {
+ /*
+ * Release special case READ buffer payload required for
+ * SG_TO_MEM_NOALLOC to function with COMPARE_AND_WRITE
+ */
+ if (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) {
+ transport_free_sgl(cmd->t_bidi_data_sg,
+ cmd->t_bidi_data_nents);
+ cmd->t_bidi_data_sg = NULL;
+ cmd->t_bidi_data_nents = 0;
+ }
transport_reset_sgl_orig(cmd);
return;
}
@@ -2246,6 +2261,7 @@ sense_reason_t
transport_generic_new_cmd(struct se_cmd *cmd)
{
int ret = 0;
+ bool zero_flag = !(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB);
/*
* Determine is the TCM fabric module has already allocated physical
@@ -2254,7 +2270,6 @@ transport_generic_new_cmd(struct se_cmd *cmd)
*/
if (!(cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) &&
cmd->data_length) {
- bool zero_flag = !(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB);
if ((cmd->se_cmd_flags & SCF_BIDI) ||
(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE)) {
@@ -2285,6 +2300,20 @@ transport_generic_new_cmd(struct se_cmd *cmd)
cmd->data_length, zero_flag);
if (ret < 0)
return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
+ } else if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) &&
+ cmd->data_length) {
+ /*
+ * Special case for COMPARE_AND_WRITE with fabrics
+ * using SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC.
+ */
+ u32 caw_length = cmd->t_task_nolb *
+ cmd->se_dev->dev_attrib.block_size;
+
+ ret = target_alloc_sgl(&cmd->t_bidi_data_sg,
+ &cmd->t_bidi_data_nents,
+ caw_length, zero_flag);
+ if (ret < 0)
+ return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
}
/*
* If this command is not a write we can execute it right here,
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
index 1fbd69c..c4b85a5 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -520,7 +520,7 @@ struct se_cmd {
sense_reason_t (*execute_cmd)(struct se_cmd *);
sense_reason_t (*execute_rw)(struct se_cmd *, struct scatterlist *,
u32, enum dma_data_direction);
- sense_reason_t (*transport_complete_callback)(struct se_cmd *);
+ sense_reason_t (*transport_complete_callback)(struct se_cmd *, bool);
unsigned char *t_task_cdb;
unsigned char __t_task_cdb[TCM_MAX_COMMAND_SIZE];
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 116/222] target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (114 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 115/222] target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 117/222] target/file: Fix UNMAP with DIF protection support Sasha Levin
` (106 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit 38da0f49e8aa1649af397d53f88e163d0e60c058 ]
When CONFIG_DEBUG_SG=y and DIF protection support enabled, kernel
BUG()s are triggered due to the following two issues:
1) prot_sg is not initialized by sg_init_table().
When CONFIG_DEBUG_SG=y, scatterlist helpers check sg entry has a
correct magic value.
2) vmalloc'ed buffer is passed to sg_set_buf().
sg_set_buf() uses virt_to_page() to convert virtual address to struct
page, but it doesn't work with vmalloc address. vmalloc_to_page()
should be used instead. As prot_buf isn't usually too large, so
fix it by allocating prot_buf by kmalloc instead of vmalloc.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/target/target_core_file.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c
index f018b6a..f53878f 100644
--- a/drivers/target/target_core_file.c
+++ b/drivers/target/target_core_file.c
@@ -273,7 +273,7 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot,
se_dev->prot_length;
if (!is_write) {
- fd_prot->prot_buf = vzalloc(prot_size);
+ fd_prot->prot_buf = kzalloc(prot_size, GFP_KERNEL);
if (!fd_prot->prot_buf) {
pr_err("Unable to allocate fd_prot->prot_buf\n");
return -ENOMEM;
@@ -285,9 +285,10 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot,
fd_prot->prot_sg_nents, GFP_KERNEL);
if (!fd_prot->prot_sg) {
pr_err("Unable to allocate fd_prot->prot_sg\n");
- vfree(fd_prot->prot_buf);
+ kfree(fd_prot->prot_buf);
return -ENOMEM;
}
+ sg_init_table(fd_prot->prot_sg, fd_prot->prot_sg_nents);
size = prot_size;
for_each_sg(fd_prot->prot_sg, sg, fd_prot->prot_sg_nents, i) {
@@ -317,7 +318,7 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot,
if (is_write || ret < 0) {
kfree(fd_prot->prot_sg);
- vfree(fd_prot->prot_buf);
+ kfree(fd_prot->prot_buf);
}
return ret;
@@ -652,11 +653,11 @@ fd_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
0, fd_prot.prot_sg, 0);
if (rc) {
kfree(fd_prot.prot_sg);
- vfree(fd_prot.prot_buf);
+ kfree(fd_prot.prot_buf);
return rc;
}
kfree(fd_prot.prot_sg);
- vfree(fd_prot.prot_buf);
+ kfree(fd_prot.prot_buf);
}
} else {
memset(&fd_prot, 0, sizeof(struct fd_prot));
@@ -672,7 +673,7 @@ fd_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
0, fd_prot.prot_sg, 0);
if (rc) {
kfree(fd_prot.prot_sg);
- vfree(fd_prot.prot_buf);
+ kfree(fd_prot.prot_buf);
return rc;
}
}
@@ -708,7 +709,7 @@ fd_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
if (ret < 0) {
kfree(fd_prot.prot_sg);
- vfree(fd_prot.prot_buf);
+ kfree(fd_prot.prot_buf);
return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 117/222] target/file: Fix UNMAP with DIF protection support
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (115 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 116/222] target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 118/222] target/file: Fix SG table for prot_buf initialization Sasha Levin
` (105 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit 64d240b721b21e266ffde645ec965c3b6d1c551f ]
When UNMAP command is issued with DIF protection support enabled,
the protection info for the unmapped region is remain unchanged.
So READ command for the region causes data integrity failure.
This fixes it by invalidating protection info for the unmapped region
by filling with 0xff pattern. This change also adds helper function
fd_do_prot_fill() in order to reduce code duplication with existing
fd_format_prot().
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/target/target_core_file.c | 86 +++++++++++++++++++++++++++------------
1 file changed, 61 insertions(+), 25 deletions(-)
diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c
index f53878f..79d24a3 100644
--- a/drivers/target/target_core_file.c
+++ b/drivers/target/target_core_file.c
@@ -544,6 +544,56 @@ fd_execute_write_same(struct se_cmd *cmd)
return 0;
}
+static int
+fd_do_prot_fill(struct se_device *se_dev, sector_t lba, sector_t nolb,
+ void *buf, size_t bufsize)
+{
+ struct fd_dev *fd_dev = FD_DEV(se_dev);
+ struct file *prot_fd = fd_dev->fd_prot_file;
+ sector_t prot_length, prot;
+ loff_t pos = lba * se_dev->prot_length;
+
+ if (!prot_fd) {
+ pr_err("Unable to locate fd_dev->fd_prot_file\n");
+ return -ENODEV;
+ }
+
+ prot_length = nolb * se_dev->prot_length;
+
+ for (prot = 0; prot < prot_length;) {
+ sector_t len = min_t(sector_t, bufsize, prot_length - prot);
+ ssize_t ret = kernel_write(prot_fd, buf, len, pos + prot);
+
+ if (ret != len) {
+ pr_err("vfs_write to prot file failed: %zd\n", ret);
+ return ret < 0 ? ret : -ENODEV;
+ }
+ prot += ret;
+ }
+
+ return 0;
+}
+
+static int
+fd_do_prot_unmap(struct se_cmd *cmd, sector_t lba, sector_t nolb)
+{
+ void *buf;
+ int rc;
+
+ buf = (void *)__get_free_page(GFP_KERNEL);
+ if (!buf) {
+ pr_err("Unable to allocate FILEIO prot buf\n");
+ return -ENOMEM;
+ }
+ memset(buf, 0xff, PAGE_SIZE);
+
+ rc = fd_do_prot_fill(cmd->se_dev, lba, nolb, buf, PAGE_SIZE);
+
+ free_page((unsigned long)buf);
+
+ return rc;
+}
+
static sense_reason_t
fd_do_unmap(struct se_cmd *cmd, void *priv, sector_t lba, sector_t nolb)
{
@@ -551,6 +601,12 @@ fd_do_unmap(struct se_cmd *cmd, void *priv, sector_t lba, sector_t nolb)
struct inode *inode = file->f_mapping->host;
int ret;
+ if (cmd->se_dev->dev_attrib.pi_prot_type) {
+ ret = fd_do_prot_unmap(cmd, lba, nolb);
+ if (ret)
+ return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
+ }
+
if (S_ISBLK(inode->i_mode)) {
/* The backend is block device, use discard */
struct block_device *bdev = inode->i_bdev;
@@ -873,48 +929,28 @@ static int fd_init_prot(struct se_device *dev)
static int fd_format_prot(struct se_device *dev)
{
- struct fd_dev *fd_dev = FD_DEV(dev);
- struct file *prot_fd = fd_dev->fd_prot_file;
- sector_t prot_length, prot;
unsigned char *buf;
- loff_t pos = 0;
int unit_size = FDBD_FORMAT_UNIT_SIZE * dev->dev_attrib.block_size;
- int rc, ret = 0, size, len;
+ int ret;
if (!dev->dev_attrib.pi_prot_type) {
pr_err("Unable to format_prot while pi_prot_type == 0\n");
return -ENODEV;
}
- if (!prot_fd) {
- pr_err("Unable to locate fd_dev->fd_prot_file\n");
- return -ENODEV;
- }
buf = vzalloc(unit_size);
if (!buf) {
pr_err("Unable to allocate FILEIO prot buf\n");
return -ENOMEM;
}
- prot_length = (dev->transport->get_blocks(dev) + 1) * dev->prot_length;
- size = prot_length;
pr_debug("Using FILEIO prot_length: %llu\n",
- (unsigned long long)prot_length);
+ (unsigned long long)(dev->transport->get_blocks(dev) + 1) *
+ dev->prot_length);
memset(buf, 0xff, unit_size);
- for (prot = 0; prot < prot_length; prot += unit_size) {
- len = min(unit_size, size);
- rc = kernel_write(prot_fd, buf, len, pos);
- if (rc != len) {
- pr_err("vfs_write to prot file failed: %d\n", rc);
- ret = -ENODEV;
- goto out;
- }
- pos += len;
- size -= len;
- }
-
-out:
+ ret = fd_do_prot_fill(dev, 0, dev->transport->get_blocks(dev) + 1,
+ buf, unit_size);
vfree(buf);
return ret;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 118/222] target/file: Fix SG table for prot_buf initialization
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (116 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 117/222] target/file: Fix UNMAP with DIF protection support Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 119/222] iser-target: Fix session hang in case of an rdma read DIF error Sasha Levin
` (104 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit c836777830428372074d5129ac513e1472c99791 ]
In fd_do_prot_rw(), it allocates prot_buf which is used to copy from
se_cmd->t_prot_sg by sbc_dif_copy_prot(). The SG table for prot_buf
is also initialized by allocating 'se_cmd->t_prot_nents' entries of
scatterlist and setting the data length of each entry to PAGE_SIZE
at most.
However if se_cmd->t_prot_sg contains a clustered entry (i.e.
sg->length > PAGE_SIZE), the SG table for prot_buf can't be
initialized correctly and sbc_dif_copy_prot() can't copy to prot_buf.
(This actually happened with TCM loopback fabric module)
As prot_buf is allocated by kzalloc() and it's physically contiguous,
we only need a single scatterlist entry.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/target/target_core_file.c | 21 ++++++---------------
1 file changed, 6 insertions(+), 15 deletions(-)
diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c
index 79d24a3..88c9179 100644
--- a/drivers/target/target_core_file.c
+++ b/drivers/target/target_core_file.c
@@ -263,11 +263,10 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot,
struct se_device *se_dev = cmd->se_dev;
struct fd_dev *dev = FD_DEV(se_dev);
struct file *prot_fd = dev->fd_prot_file;
- struct scatterlist *sg;
loff_t pos = (cmd->t_task_lba * se_dev->prot_length);
unsigned char *buf;
- u32 prot_size, len, size;
- int rc, ret = 1, i;
+ u32 prot_size;
+ int rc, ret = 1;
prot_size = (cmd->data_length / se_dev->dev_attrib.block_size) *
se_dev->prot_length;
@@ -280,24 +279,16 @@ static int fd_do_prot_rw(struct se_cmd *cmd, struct fd_prot *fd_prot,
}
buf = fd_prot->prot_buf;
- fd_prot->prot_sg_nents = cmd->t_prot_nents;
- fd_prot->prot_sg = kzalloc(sizeof(struct scatterlist) *
- fd_prot->prot_sg_nents, GFP_KERNEL);
+ fd_prot->prot_sg_nents = 1;
+ fd_prot->prot_sg = kzalloc(sizeof(struct scatterlist),
+ GFP_KERNEL);
if (!fd_prot->prot_sg) {
pr_err("Unable to allocate fd_prot->prot_sg\n");
kfree(fd_prot->prot_buf);
return -ENOMEM;
}
sg_init_table(fd_prot->prot_sg, fd_prot->prot_sg_nents);
- size = prot_size;
-
- for_each_sg(fd_prot->prot_sg, sg, fd_prot->prot_sg_nents, i) {
-
- len = min_t(u32, PAGE_SIZE, size);
- sg_set_buf(sg, buf, len);
- size -= len;
- buf += len;
- }
+ sg_set_buf(fd_prot->prot_sg, buf, prot_size);
}
if (is_write) {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 119/222] iser-target: Fix session hang in case of an rdma read DIF error
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (117 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 118/222] target/file: Fix SG table for prot_buf initialization Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 120/222] Bluetooth: ath3k: Add support Atheros AR5B195 combo Mini PCIe card Sasha Levin
` (103 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sagi Grimberg <sagig@mellanox.com>
[ Upstream commit 364189f0ada5478e4faf8a552d6071a650d757cd ]
This hang was a result of a missing command put when
a DIF error occurred during a rdma read (and we sent
an CHECK_CONDITION error without passing it to the
backend).
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/infiniband/ulp/isert/ib_isert.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index a6daabc..0618e40 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -1900,11 +1900,13 @@ isert_completion_rdma_read(struct iser_tx_desc *tx_desc,
cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT;
spin_unlock_bh(&cmd->istate_lock);
- if (ret)
+ if (ret) {
+ target_put_sess_cmd(se_cmd->se_sess, se_cmd);
transport_send_check_condition_and_sense(se_cmd,
se_cmd->pi_err, 0);
- else
+ } else {
target_execute_cmd(se_cmd);
+ }
}
static void
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 120/222] Bluetooth: ath3k: Add support Atheros AR5B195 combo Mini PCIe card
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (118 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 119/222] iser-target: Fix session hang in case of an rdma read DIF error Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 121/222] powerpc/powernv: Don't map M64 segments using M32DT Sasha Levin
` (102 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Alexander Ploumistos <alex.ploumistos@gmail.com>
[ Upstream commit 2eeff0b4317a02f0e281df891d990194f0737aae ]
Add 04f2:aff1 to ath3k.c supported devices list and btusb.c blacklist, so
that the device can load the ath3k firmware and re-enumerate itself as an
AR3011 device.
T: Bus=05 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=04f2 ProdID=aff1 Rev= 0.01
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
Signed-off-by: Alexander Ploumistos <alexpl@fedoraproject.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/bluetooth/ath3k.c | 1 +
drivers/bluetooth/btusb.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
index de4c849..288547a 100644
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -65,6 +65,7 @@ static const struct usb_device_id ath3k_table[] = {
/* Atheros AR3011 with sflash firmware*/
{ USB_DEVICE(0x0489, 0xE027) },
{ USB_DEVICE(0x0489, 0xE03D) },
+ { USB_DEVICE(0x04F2, 0xAFF1) },
{ USB_DEVICE(0x0930, 0x0215) },
{ USB_DEVICE(0x0CF3, 0x3002) },
{ USB_DEVICE(0x0CF3, 0xE019) },
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 9a7d24f..813bb06 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -153,6 +153,7 @@ static const struct usb_device_id blacklist_table[] = {
/* Atheros 3011 with sflash firmware */
{ USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE },
{ USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
+ { USB_DEVICE(0x04f2, 0xaff1), .driver_info = BTUSB_IGNORE },
{ USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
{ USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
{ USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 121/222] powerpc/powernv: Don't map M64 segments using M32DT
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (119 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 120/222] Bluetooth: ath3k: Add support Atheros AR5B195 combo Mini PCIe card Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 122/222] powerpc: Fix missing L2 cache size in /sys/devices/system/cpu Sasha Levin
` (101 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Gavin Shan <gwshan@linux.vnet.ibm.com>
[ Upstream commit 027fa02f84e851e21daffdf8900d6117071890f8 ]
If M64 has been supported, the prefetchable 64-bits memory resources
shouldn't be mapped to the corresponding PE# via M32DT. Unfortunately,
we're doing that in pnv_ioda_setup_pe_seg() wrongly. The issue was
introduced by commit 262af55 ("powerpc/powernv: Enable M64 aperatus
for PHB3"). The patch fixes the issue by simply skipping M64 resources
when updating to M32DT.
Cc: <stable@vger.kernel.org> # v3.17+
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/powerpc/platforms/powernv/pci-ioda.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c
index 3f59670..86a7256 100644
--- a/arch/powerpc/platforms/powernv/pci-ioda.c
+++ b/arch/powerpc/platforms/powernv/pci-ioda.c
@@ -1645,7 +1645,8 @@ static void pnv_ioda_setup_pe_seg(struct pci_controller *hose,
region.start += phb->ioda.io_segsize;
index++;
}
- } else if (res->flags & IORESOURCE_MEM) {
+ } else if ((res->flags & IORESOURCE_MEM) &&
+ !pnv_pci_is_mem_pref_64(res->flags)) {
region.start = res->start -
hose->mem_offset[0] -
phb->ioda.m32_pci_base;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 122/222] powerpc: Fix missing L2 cache size in /sys/devices/system/cpu
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (120 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 121/222] powerpc/powernv: Don't map M64 segments using M32DT Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 123/222] powerpc/cell: Fix crash in iic_setup_cpu() after per_cpu changes Sasha Levin
` (100 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Dave Olson <olson@cumulusnetworks.com>
[ Upstream commit f7e9e358362557c3aa2c1ec47490f29fe880a09e ]
This problem appears to have been introduced in 2.6.29 by commit
93197a36a9c1 "Rewrite sysfs processor cache info code".
This caused lscpu to error out on at least e500v2 devices, eg:
error: cannot open /sys/devices/system/cpu/cpu0/cache/index2/size: No such file or directory
Some embedded powerpc systems use cache-size in DTS for the unified L2
cache size, not d-cache-size, so we need to allow for both DTS names.
Added a new CACHE_TYPE_UNIFIED_D cache_type_info structure to handle
this.
Fixes: 93197a36a9c1 ("powerpc: Rewrite sysfs processor cache info code")
Signed-off-by: Dave Olson <olson@cumulusnetworks.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/powerpc/kernel/cacheinfo.c | 44 +++++++++++++++++++++++++++++++----------
1 file changed, 34 insertions(+), 10 deletions(-)
diff --git a/arch/powerpc/kernel/cacheinfo.c b/arch/powerpc/kernel/cacheinfo.c
index 40198d5..8005b79 100644
--- a/arch/powerpc/kernel/cacheinfo.c
+++ b/arch/powerpc/kernel/cacheinfo.c
@@ -61,12 +61,22 @@ struct cache_type_info {
};
/* These are used to index the cache_type_info array. */
-#define CACHE_TYPE_UNIFIED 0
-#define CACHE_TYPE_INSTRUCTION 1
-#define CACHE_TYPE_DATA 2
+#define CACHE_TYPE_UNIFIED 0 /* cache-size, cache-block-size, etc. */
+#define CACHE_TYPE_UNIFIED_D 1 /* d-cache-size, d-cache-block-size, etc */
+#define CACHE_TYPE_INSTRUCTION 2
+#define CACHE_TYPE_DATA 3
static const struct cache_type_info cache_type_info[] = {
{
+ /* Embedded systems that use cache-size, cache-block-size,
+ * etc. for the Unified (typically L2) cache. */
+ .name = "Unified",
+ .size_prop = "cache-size",
+ .line_size_props = { "cache-line-size",
+ "cache-block-size", },
+ .nr_sets_prop = "cache-sets",
+ },
+ {
/* PowerPC Processor binding says the [di]-cache-*
* must be equal on unified caches, so just use
* d-cache properties. */
@@ -293,7 +303,8 @@ static struct cache *cache_find_first_sibling(struct cache *cache)
{
struct cache *iter;
- if (cache->type == CACHE_TYPE_UNIFIED)
+ if (cache->type == CACHE_TYPE_UNIFIED ||
+ cache->type == CACHE_TYPE_UNIFIED_D)
return cache;
list_for_each_entry(iter, &cache_list, list)
@@ -324,16 +335,29 @@ static bool cache_node_is_unified(const struct device_node *np)
return of_get_property(np, "cache-unified", NULL);
}
-static struct cache *cache_do_one_devnode_unified(struct device_node *node,
- int level)
+/*
+ * Unified caches can have two different sets of tags. Most embedded
+ * use cache-size, etc. for the unified cache size, but open firmware systems
+ * use d-cache-size, etc. Check on initialization for which type we have, and
+ * return the appropriate structure type. Assume it's embedded if it isn't
+ * open firmware. If it's yet a 3rd type, then there will be missing entries
+ * in /sys/devices/system/cpu/cpu0/cache/index2/, and this code will need
+ * to be extended further.
+ */
+static int cache_is_unified_d(const struct device_node *np)
{
- struct cache *cache;
+ return of_get_property(np,
+ cache_type_info[CACHE_TYPE_UNIFIED_D].size_prop, NULL) ?
+ CACHE_TYPE_UNIFIED_D : CACHE_TYPE_UNIFIED;
+}
+/*
+ */
+static struct cache *cache_do_one_devnode_unified(struct device_node *node, int level)
+{
pr_debug("creating L%d ucache for %s\n", level, node->full_name);
- cache = new_cache(CACHE_TYPE_UNIFIED, level, node);
-
- return cache;
+ return new_cache(cache_is_unified_d(node), level, node);
}
static struct cache *cache_do_one_devnode_split(struct device_node *node,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 123/222] powerpc/cell: Fix crash in iic_setup_cpu() after per_cpu changes
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (121 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 122/222] powerpc: Fix missing L2 cache size in /sys/devices/system/cpu Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 124/222] powerpc/cell: Fix cell iommu after it_page_shift changes Sasha Levin
` (99 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit b0dd00addc5035f87ec9c5820dacc1ebc7fcb3e6 ]
The conversion from __get_cpu_var() to this_cpu_ptr() in iic_setup_cpu()
is wrong. It causes an oops at boot.
We need the per-cpu address of struct cpu_iic, not cpu_iic.regs->prio.
Sparse noticed this, because we pass a non-iomem pointer to out_be64(),
but we obviously don't check the sparse results often enough.
Fixes: 69111bac42f5 ("powerpc: Replace __get_cpu_var uses")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/powerpc/platforms/cell/interrupt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/cell/interrupt.c b/arch/powerpc/platforms/cell/interrupt.c
index 8a106b4..28e558d 100644
--- a/arch/powerpc/platforms/cell/interrupt.c
+++ b/arch/powerpc/platforms/cell/interrupt.c
@@ -163,7 +163,7 @@ static unsigned int iic_get_irq(void)
void iic_setup_cpu(void)
{
- out_be64(&__get_cpu_var(cpu_iic).regs->prio, 0xff);
+ out_be64(&this_cpu_ptr(&cpu_iic)->regs->prio, 0xff);
}
u8 iic_get_target_id(int cpu)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 124/222] powerpc/cell: Fix cell iommu after it_page_shift changes
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (122 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 123/222] powerpc/cell: Fix crash in iic_setup_cpu() after per_cpu changes Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 125/222] ASoC: cs4271: Increase delay time after reset Sasha Levin
` (98 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 7261b956b276aa97fbf60d00f1d7717d2ea6ee78 ]
The patch to add it_page_shift incorrectly changed the increment of
uaddr to use it_page_shift, rather then (1 << it_page_shift).
This broke booting on at least some Cell blades, as the iommu was
basically non-functional.
Fixes: 3a553170d35d ("powerpc/iommu: Add it_page_shift field to determine iommu page size")
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/powerpc/platforms/cell/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/cell/iommu.c b/arch/powerpc/platforms/cell/iommu.c
index 2b90ff8..59ef76c 100644
--- a/arch/powerpc/platforms/cell/iommu.c
+++ b/arch/powerpc/platforms/cell/iommu.c
@@ -197,7 +197,7 @@ static int tce_build_cell(struct iommu_table *tbl, long index, long npages,
io_pte = (unsigned long *)tbl->it_base + (index - tbl->it_offset);
- for (i = 0; i < npages; i++, uaddr += tbl->it_page_shift)
+ for (i = 0; i < npages; i++, uaddr += (1 << tbl->it_page_shift))
io_pte[i] = base_pte | (__pa(uaddr) & CBE_IOPTE_RPN_Mask);
mb();
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 125/222] ASoC: cs4271: Increase delay time after reset
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (123 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 124/222] powerpc/cell: Fix cell iommu after it_page_shift changes Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 126/222] ASoC: wm8741: Fix rates constraints values Sasha Levin
` (97 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Pascal Huerst <pascal.huerst@gmail.com>
[ Upstream commit 74ff960222d90999508b4ba0d3449f796695b6d5 ]
The delay time after a reset in the codec probe callback was too short,
and did not work on certain hw because the codec needs more time to
power on. This increases the delay time from 1us to 1ms.
Signed-off-by: Pascal Huerst <pascal.huerst@gmail.com>
Acked-by: Brian Austin <brian.austin@cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/soc/codecs/cs4271.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/cs4271.c b/sound/soc/codecs/cs4271.c
index 6ec074f..38c2adc 100644
--- a/sound/soc/codecs/cs4271.c
+++ b/sound/soc/codecs/cs4271.c
@@ -561,10 +561,10 @@ static int cs4271_probe(struct snd_soc_codec *codec)
if (gpio_is_valid(cs4271->gpio_nreset)) {
/* Reset codec */
gpio_direction_output(cs4271->gpio_nreset, 0);
- udelay(1);
+ mdelay(1);
gpio_set_value(cs4271->gpio_nreset, 1);
/* Give the codec time to wake up */
- udelay(1);
+ mdelay(1);
}
ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 126/222] ASoC: wm8741: Fix rates constraints values
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (124 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 125/222] ASoC: cs4271: Increase delay time after reset Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 127/222] ASoC: davinci-evm: drop un-necessary remove function Sasha Levin
` (96 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sergej Sawazki <ce3a@gmx.de>
[ Upstream commit 8787041d9bb832b9449b1eb878cedcebce42c61a ]
The WM8741 DAC supports the following typical audio sampling rates:
44.1kHz, 88.2kHz, 176.4kHz (eg: with a master clock of 22.5792MHz)
32kHz, 48kHz, 96kHz, 192kHz (eg: with a master clock of 24.576MHz)
For the rates lists, we should use 82000 instead of 88235, 176400
instead of 1764000 and 192000 instead of 19200 (seems to be a typo).
Signed-off-by: Sergej Sawazki <ce3a@gmx.de>
Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/soc/codecs/wm8741.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/sound/soc/codecs/wm8741.c b/sound/soc/codecs/wm8741.c
index 31bb480..9e71c76 100644
--- a/sound/soc/codecs/wm8741.c
+++ b/sound/soc/codecs/wm8741.c
@@ -123,7 +123,7 @@ static struct {
};
static const unsigned int rates_11289[] = {
- 44100, 88235,
+ 44100, 88200,
};
static const struct snd_pcm_hw_constraint_list constraints_11289 = {
@@ -150,7 +150,7 @@ static const struct snd_pcm_hw_constraint_list constraints_16384 = {
};
static const unsigned int rates_16934[] = {
- 44100, 88235,
+ 44100, 88200,
};
static const struct snd_pcm_hw_constraint_list constraints_16934 = {
@@ -168,7 +168,7 @@ static const struct snd_pcm_hw_constraint_list constraints_18432 = {
};
static const unsigned int rates_22579[] = {
- 44100, 88235, 1764000
+ 44100, 88200, 176400
};
static const struct snd_pcm_hw_constraint_list constraints_22579 = {
@@ -186,7 +186,7 @@ static const struct snd_pcm_hw_constraint_list constraints_24576 = {
};
static const unsigned int rates_36864[] = {
- 48000, 96000, 19200
+ 48000, 96000, 192000
};
static const struct snd_pcm_hw_constraint_list constraints_36864 = {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 127/222] ASoC: davinci-evm: drop un-necessary remove function
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (125 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 126/222] ASoC: wm8741: Fix rates constraints values Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 128/222] ASoC: pcm512x: Add 'Analogue' prefix to analogue volume controls Sasha Levin
` (95 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Manish Badarkhe <manishvb@ti.com>
[ Upstream commit a57069e33fbc6625f39e1b09c88ea44629a35206 ]
As davinci card gets registered using 'devm_' api
there is no need to unregister the card in 'remove'
function.
Hence drop the 'remove' function.
Fixes: ee2f615d6e59c (ASoC: davinci-evm: Add device tree binding)
Signed-off-by: Manish Badarkhe <manishvb@ti.com>
Signed-off-by: Jyri Sarha <jsarha@ti.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/soc/davinci/davinci-evm.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/sound/soc/davinci/davinci-evm.c b/sound/soc/davinci/davinci-evm.c
index a50010e..82837e5 100644
--- a/sound/soc/davinci/davinci-evm.c
+++ b/sound/soc/davinci/davinci-evm.c
@@ -431,18 +431,8 @@ static int davinci_evm_probe(struct platform_device *pdev)
return ret;
}
-static int davinci_evm_remove(struct platform_device *pdev)
-{
- struct snd_soc_card *card = platform_get_drvdata(pdev);
-
- snd_soc_unregister_card(card);
-
- return 0;
-}
-
static struct platform_driver davinci_evm_driver = {
.probe = davinci_evm_probe,
- .remove = davinci_evm_remove,
.driver = {
.name = "davinci_evm",
.owner = THIS_MODULE,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 128/222] ASoC: pcm512x: Add 'Analogue' prefix to analogue volume controls
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (126 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 127/222] ASoC: davinci-evm: drop un-necessary remove function Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 129/222] ACPICA: Utilities: split IO address types from data type models Sasha Levin
` (94 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Howard Mitchell <hm@hmbedded.co.uk>
[ Upstream commit 4d9b13c7cc803fbde59d7e998f7de2b9a2101c7e ]
This is to ensure that 'alsactl restore' does not apply default
initialisation as the chip reset defaults are preferred.
Signed-off-by: Howard Mitchell <hm@hmbedded.co.uk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/soc/codecs/pcm512x.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/pcm512x.c b/sound/soc/codecs/pcm512x.c
index 640c991..28b7721 100644
--- a/sound/soc/codecs/pcm512x.c
+++ b/sound/soc/codecs/pcm512x.c
@@ -261,9 +261,9 @@ static const struct soc_enum pcm512x_veds =
static const struct snd_kcontrol_new pcm512x_controls[] = {
SOC_DOUBLE_R_TLV("Digital Playback Volume", PCM512x_DIGITAL_VOLUME_2,
PCM512x_DIGITAL_VOLUME_3, 0, 255, 1, digital_tlv),
-SOC_DOUBLE_TLV("Playback Volume", PCM512x_ANALOG_GAIN_CTRL,
+SOC_DOUBLE_TLV("Analogue Playback Volume", PCM512x_ANALOG_GAIN_CTRL,
PCM512x_LAGN_SHIFT, PCM512x_RAGN_SHIFT, 1, 1, analog_tlv),
-SOC_DOUBLE_TLV("Playback Boost Volume", PCM512x_ANALOG_GAIN_BOOST,
+SOC_DOUBLE_TLV("Analogue Playback Boost Volume", PCM512x_ANALOG_GAIN_BOOST,
PCM512x_AGBL_SHIFT, PCM512x_AGBR_SHIFT, 1, 0, boost_tlv),
SOC_DOUBLE("Digital Playback Switch", PCM512x_MUTE, PCM512x_RQML_SHIFT,
PCM512x_RQMR_SHIFT, 1, 1),
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 129/222] ACPICA: Utilities: split IO address types from data type models.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (127 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 128/222] ASoC: pcm512x: Add 'Analogue' prefix to analogue volume controls Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 130/222] ACPICA: Tables: Don't release ACPI_MTX_TABLES in acpi_tb_install_standard_table() Sasha Levin
` (93 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Lv Zheng <lv.zheng@intel.com>
[ Upstream commit 2b8760100e1de69b6ff004c986328a82947db4ad ]
ACPICA commit aacf863cfffd46338e268b7415f7435cae93b451
It is reported that on a physically 64-bit addressed machine, 32-bit kernel
can trigger crashes in accessing the memory regions that are beyond the
32-bit boundary. The region field's start address should still be 32-bit
compliant, but after a calculation (adding some offsets), it may exceed the
32-bit boundary. This case is rare and buggy, but there are real BIOSes
leaked with such issues (see References below).
This patch fixes this gap by always defining IO addresses as 64-bit, and
allows OSPMs to optimize it for a real 32-bit machine to reduce the size of
the internal objects.
Internal acpi_physical_address usages in the structures that can be fixed
by this change include:
1. struct acpi_object_region:
acpi_physical_address address;
2. struct acpi_address_range:
acpi_physical_address start_address;
acpi_physical_address end_address;
3. struct acpi_mem_space_context;
acpi_physical_address address;
4. struct acpi_table_desc
acpi_physical_address address;
See known issues 1 for other usages.
Note that acpi_io_address which is used for ACPI_PROCESSOR may also suffer
from same problem, so this patch changes it accordingly.
For iasl, it will enforce acpi_physical_address as 32-bit to generate
32-bit OSPM compatible tables on 32-bit platforms, we need to define
ACPI_32BIT_PHYSICAL_ADDRESS for it in acenv.h.
Known issues:
1. Cleanup of mapped virtual address
In struct acpi_mem_space_context, acpi_physical_address is used as a virtual
address:
acpi_physical_address mapped_physical_address;
It is better to introduce acpi_virtual_address or use acpi_size instead.
This patch doesn't make such a change. Because this should be done along
with a change to acpi_os_map_memory()/acpi_os_unmap_memory().
There should be no functional problem to leave this unchanged except
that only this structure is enlarged unexpectedly.
Link: https://github.com/acpica/acpica/commit/aacf863c
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=87971
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=79501
Reported-and-tested-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reported-and-tested-by: Sial Nije <sialnije@gmail.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/acpi/actypes.h | 20 ++++++++++++++++++++
include/acpi/platform/acenv.h | 1 +
2 files changed, 21 insertions(+)
diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h
index 7000e66..93ef422 100644
--- a/include/acpi/actypes.h
+++ b/include/acpi/actypes.h
@@ -199,9 +199,29 @@ typedef int s32;
typedef s32 acpi_native_int;
typedef u32 acpi_size;
+
+#ifdef ACPI_32BIT_PHYSICAL_ADDRESS
+
+/*
+ * OSPMs can define this to shrink the size of the structures for 32-bit
+ * none PAE environment. ASL compiler may always define this to generate
+ * 32-bit OSPM compliant tables.
+ */
typedef u32 acpi_io_address;
typedef u32 acpi_physical_address;
+#else /* ACPI_32BIT_PHYSICAL_ADDRESS */
+
+/*
+ * It is reported that, after some calculations, the physical addresses can
+ * wrap over the 32-bit boundary on 32-bit PAE environment.
+ * https://bugzilla.kernel.org/show_bug.cgi?id=87971
+ */
+typedef u64 acpi_io_address;
+typedef u64 acpi_physical_address;
+
+#endif /* ACPI_32BIT_PHYSICAL_ADDRESS */
+
#define ACPI_MAX_PTR ACPI_UINT32_MAX
#define ACPI_SIZE_MAX ACPI_UINT32_MAX
diff --git a/include/acpi/platform/acenv.h b/include/acpi/platform/acenv.h
index 5f8cc1f..9e1ed2e 100644
--- a/include/acpi/platform/acenv.h
+++ b/include/acpi/platform/acenv.h
@@ -76,6 +76,7 @@
#define ACPI_LARGE_NAMESPACE_NODE
#define ACPI_DATA_TABLE_DISASSEMBLY
#define ACPI_SINGLE_THREADED
+#define ACPI_32BIT_PHYSICAL_ADDRESS
#endif
/* acpi_exec configuration. Multithreaded with full AML debugger */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 130/222] ACPICA: Tables: Don't release ACPI_MTX_TABLES in acpi_tb_install_standard_table().
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (128 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 129/222] ACPICA: Utilities: split IO address types from data type models Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 131/222] ACPI / scan: Annotate physical_node_lock in acpi_scan_is_offline() Sasha Levin
` (92 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Octavian Purdila <octavian.purdila@intel.com>
[ Upstream commit 77ddc2fe08329e375505bc36a3df3233fe57317b ]
ACPICA commit c70434d4da13e65b6163c79a5aa16b40193631c7
ACPI_MTX_TABLES is acquired and released by the callers of
acpi_tb_install_standard_table() so releasing it in the function itself is
causing the following error in Linux kernel if the table is reloaded:
ACPI Error: Mutex [0x2] is not acquired, cannot release (20141107/utmutex-321)
Call Trace:
[<ffffffff81b0bd48>] dump_stack+0x4f/0x7b
[<ffffffff81546bf5>] acpi_ut_release_mutex+0x47/0x67
[<ffffffff81544357>] acpi_load_table+0x73/0xcb
Link: https://github.com/acpica/acpica/commit/c70434d4
Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Cc: 3.16+ <stable@vger.kernel.org> # 3.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/acpi/acpica/tbinstal.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/acpi/acpica/tbinstal.c b/drivers/acpi/acpica/tbinstal.c
index 755b90c..c0b39f3 100644
--- a/drivers/acpi/acpica/tbinstal.c
+++ b/drivers/acpi/acpica/tbinstal.c
@@ -346,7 +346,6 @@ acpi_tb_install_standard_table(acpi_physical_address address,
*/
acpi_tb_uninstall_table(&new_table_desc);
*table_index = i;
- (void)acpi_ut_release_mutex(ACPI_MTX_TABLES);
return_ACPI_STATUS(AE_OK);
}
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 131/222] ACPI / scan: Annotate physical_node_lock in acpi_scan_is_offline()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (129 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 130/222] ACPICA: Tables: Don't release ACPI_MTX_TABLES in acpi_tb_install_standard_table() Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 132/222] xtensa: xtfpga: fix hardware lockup caused by LCD driver Sasha Levin
` (91 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
[ Upstream commit 4c533c801d1c9b5c38458a0e7516e0cf50643782 ]
acpi_scan_is_offline() may be called under the physical_node_lock
lock of the given device object's parent, so prevent lockdep from
complaining about that by annotating that instance with
SINGLE_DEPTH_NESTING.
Fixes: caa73ea158de (ACPI / hotplug / driver core: Handle containers in a special way)
Reported-and-tested-by: Xie XiuQi <xiexiuqi@huawei.com>
Reviewed-by: Toshi Kani <toshi.kani@hp.com>
Cc: 3.14+ <stable@vger.kernel.org> # 3.14+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/acpi/scan.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index c9ea3df..0446d0d 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -251,7 +251,11 @@ bool acpi_scan_is_offline(struct acpi_device *adev, bool uevent)
struct acpi_device_physical_node *pn;
bool offline = true;
- mutex_lock(&adev->physical_node_lock);
+ /*
+ * acpi_container_offline() calls this for all of the container's
+ * children under the container's physical_node_lock lock.
+ */
+ mutex_lock_nested(&adev->physical_node_lock, SINGLE_DEPTH_NESTING);
list_for_each_entry(pn, &adev->physical_node_list, node)
if (device_supports_offline(pn->dev) && !pn->dev->offline) {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 132/222] xtensa: xtfpga: fix hardware lockup caused by LCD driver
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (130 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 131/222] ACPI / scan: Annotate physical_node_lock in acpi_scan_is_offline() Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 133/222] xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range Sasha Levin
` (90 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Max Filippov <jcmvbkbc@gmail.com>
[ Upstream commit 4949009eb8d40a441dcddcd96e101e77d31cf1b2 ]
LCD driver is always built for the XTFPGA platform, but its base address
is not configurable, and is wrong for ML605/KC705. Its initialization
locks up KC705 board hardware.
Make the whole driver optional, and its base address and bus width
configurable. Implement 4-bit bus access method.
Cc: stable@vger.kernel.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/xtensa/Kconfig | 30 ++++++++++++
arch/xtensa/platforms/xtfpga/Makefile | 3 +-
.../platforms/xtfpga/include/platform/hardware.h | 3 --
.../xtensa/platforms/xtfpga/include/platform/lcd.h | 15 ++++++
arch/xtensa/platforms/xtfpga/lcd.c | 55 +++++++++++++---------
5 files changed, 81 insertions(+), 25 deletions(-)
diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig
index 81f57e8..73d328f 100644
--- a/arch/xtensa/Kconfig
+++ b/arch/xtensa/Kconfig
@@ -406,6 +406,36 @@ source "drivers/pcmcia/Kconfig"
source "drivers/pci/hotplug/Kconfig"
+config XTFPGA_LCD
+ bool "Enable XTFPGA LCD driver"
+ depends on XTENSA_PLATFORM_XTFPGA
+ default n
+ help
+ There's a 2x16 LCD on most of XTFPGA boards, kernel may output
+ progress messages there during bootup/shutdown. It may be useful
+ during board bringup.
+
+ If unsure, say N.
+
+config XTFPGA_LCD_BASE_ADDR
+ hex "XTFPGA LCD base address"
+ depends on XTFPGA_LCD
+ default "0x0d0c0000"
+ help
+ Base address of the LCD controller inside KIO region.
+ Different boards from XTFPGA family have LCD controller at different
+ addresses. Please consult prototyping user guide for your board for
+ the correct address. Wrong address here may lead to hardware lockup.
+
+config XTFPGA_LCD_8BIT_ACCESS
+ bool "Use 8-bit access to XTFPGA LCD"
+ depends on XTFPGA_LCD
+ default n
+ help
+ LCD may be connected with 4- or 8-bit interface, 8-bit access may
+ only be used with 8-bit interface. Please consult prototyping user
+ guide for your board for the correct interface width.
+
endmenu
menu "Executable file formats"
diff --git a/arch/xtensa/platforms/xtfpga/Makefile b/arch/xtensa/platforms/xtfpga/Makefile
index b9ae206..7839d38 100644
--- a/arch/xtensa/platforms/xtfpga/Makefile
+++ b/arch/xtensa/platforms/xtfpga/Makefile
@@ -6,4 +6,5 @@
#
# Note 2! The CFLAGS definitions are in the main makefile...
-obj-y = setup.o lcd.o
+obj-y += setup.o
+obj-$(CONFIG_XTFPGA_LCD) += lcd.o
diff --git a/arch/xtensa/platforms/xtfpga/include/platform/hardware.h b/arch/xtensa/platforms/xtfpga/include/platform/hardware.h
index aeb316b..e8cc86f 100644
--- a/arch/xtensa/platforms/xtfpga/include/platform/hardware.h
+++ b/arch/xtensa/platforms/xtfpga/include/platform/hardware.h
@@ -40,9 +40,6 @@
/* UART */
#define DUART16552_PADDR (XCHAL_KIO_PADDR + 0x0D050020)
-/* LCD instruction and data addresses. */
-#define LCD_INSTR_ADDR ((char *)IOADDR(0x0D040000))
-#define LCD_DATA_ADDR ((char *)IOADDR(0x0D040004))
/* Misc. */
#define XTFPGA_FPGAREGS_VADDR IOADDR(0x0D020000)
diff --git a/arch/xtensa/platforms/xtfpga/include/platform/lcd.h b/arch/xtensa/platforms/xtfpga/include/platform/lcd.h
index 0e43564..4c8541e 100644
--- a/arch/xtensa/platforms/xtfpga/include/platform/lcd.h
+++ b/arch/xtensa/platforms/xtfpga/include/platform/lcd.h
@@ -11,10 +11,25 @@
#ifndef __XTENSA_XTAVNET_LCD_H
#define __XTENSA_XTAVNET_LCD_H
+#ifdef CONFIG_XTFPGA_LCD
/* Display string STR at position POS on the LCD. */
void lcd_disp_at_pos(char *str, unsigned char pos);
/* Shift the contents of the LCD display left or right. */
void lcd_shiftleft(void);
void lcd_shiftright(void);
+#else
+static inline void lcd_disp_at_pos(char *str, unsigned char pos)
+{
+}
+
+static inline void lcd_shiftleft(void)
+{
+}
+
+static inline void lcd_shiftright(void)
+{
+}
+#endif
+
#endif
diff --git a/arch/xtensa/platforms/xtfpga/lcd.c b/arch/xtensa/platforms/xtfpga/lcd.c
index 2872301..4dc0c1b 100644
--- a/arch/xtensa/platforms/xtfpga/lcd.c
+++ b/arch/xtensa/platforms/xtfpga/lcd.c
@@ -1,50 +1,63 @@
/*
- * Driver for the LCD display on the Tensilica LX60 Board.
+ * Driver for the LCD display on the Tensilica XTFPGA board family.
+ * http://www.mytechcorp.com/cfdata/productFile/File1/MOC-16216B-B-A0A04.pdf
*
* This file is subject to the terms and conditions of the GNU General Public
* License. See the file "COPYING" in the main directory of this archive
* for more details.
*
* Copyright (C) 2001, 2006 Tensilica Inc.
+ * Copyright (C) 2015 Cadence Design Systems Inc.
*/
-/*
- *
- * FIXME: this code is from the examples from the LX60 user guide.
- *
- * The lcd_pause function does busy waiting, which is probably not
- * great. Maybe the code could be changed to use kernel timers, or
- * change the hardware to not need to wait.
- */
-
+#include <linux/delay.h>
#include <linux/init.h>
#include <linux/io.h>
#include <platform/hardware.h>
#include <platform/lcd.h>
-#include <linux/delay.h>
-#define LCD_PAUSE_ITERATIONS 4000
+/* LCD instruction and data addresses. */
+#define LCD_INSTR_ADDR ((char *)IOADDR(CONFIG_XTFPGA_LCD_BASE_ADDR))
+#define LCD_DATA_ADDR (LCD_INSTR_ADDR + 4)
+
#define LCD_CLEAR 0x1
#define LCD_DISPLAY_ON 0xc
/* 8bit and 2 lines display */
#define LCD_DISPLAY_MODE8BIT 0x38
+#define LCD_DISPLAY_MODE4BIT 0x28
#define LCD_DISPLAY_POS 0x80
#define LCD_SHIFT_LEFT 0x18
#define LCD_SHIFT_RIGHT 0x1c
+static void lcd_put_byte(u8 *addr, u8 data)
+{
+#ifdef CONFIG_XTFPGA_LCD_8BIT_ACCESS
+ ACCESS_ONCE(*addr) = data;
+#else
+ ACCESS_ONCE(*addr) = data & 0xf0;
+ ACCESS_ONCE(*addr) = (data << 4) & 0xf0;
+#endif
+}
+
static int __init lcd_init(void)
{
- *LCD_INSTR_ADDR = LCD_DISPLAY_MODE8BIT;
+ ACCESS_ONCE(*LCD_INSTR_ADDR) = LCD_DISPLAY_MODE8BIT;
mdelay(5);
- *LCD_INSTR_ADDR = LCD_DISPLAY_MODE8BIT;
+ ACCESS_ONCE(*LCD_INSTR_ADDR) = LCD_DISPLAY_MODE8BIT;
udelay(200);
- *LCD_INSTR_ADDR = LCD_DISPLAY_MODE8BIT;
+ ACCESS_ONCE(*LCD_INSTR_ADDR) = LCD_DISPLAY_MODE8BIT;
+ udelay(50);
+#ifndef CONFIG_XTFPGA_LCD_8BIT_ACCESS
+ ACCESS_ONCE(*LCD_INSTR_ADDR) = LCD_DISPLAY_MODE4BIT;
+ udelay(50);
+ lcd_put_byte(LCD_INSTR_ADDR, LCD_DISPLAY_MODE4BIT);
udelay(50);
- *LCD_INSTR_ADDR = LCD_DISPLAY_ON;
+#endif
+ lcd_put_byte(LCD_INSTR_ADDR, LCD_DISPLAY_ON);
udelay(50);
- *LCD_INSTR_ADDR = LCD_CLEAR;
+ lcd_put_byte(LCD_INSTR_ADDR, LCD_CLEAR);
mdelay(10);
lcd_disp_at_pos("XTENSA LINUX", 0);
return 0;
@@ -52,10 +65,10 @@ static int __init lcd_init(void)
void lcd_disp_at_pos(char *str, unsigned char pos)
{
- *LCD_INSTR_ADDR = LCD_DISPLAY_POS | pos;
+ lcd_put_byte(LCD_INSTR_ADDR, LCD_DISPLAY_POS | pos);
udelay(100);
while (*str != 0) {
- *LCD_DATA_ADDR = *str;
+ lcd_put_byte(LCD_DATA_ADDR, *str);
udelay(200);
str++;
}
@@ -63,13 +76,13 @@ void lcd_disp_at_pos(char *str, unsigned char pos)
void lcd_shiftleft(void)
{
- *LCD_INSTR_ADDR = LCD_SHIFT_LEFT;
+ lcd_put_byte(LCD_INSTR_ADDR, LCD_SHIFT_LEFT);
udelay(50);
}
void lcd_shiftright(void)
{
- *LCD_INSTR_ADDR = LCD_SHIFT_RIGHT;
+ lcd_put_byte(LCD_INSTR_ADDR, LCD_SHIFT_RIGHT);
udelay(50);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 133/222] xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (131 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 132/222] xtensa: xtfpga: fix hardware lockup caused by LCD driver Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 134/222] xtensa: ISS: fix locking in TAP network adapter Sasha Levin
` (89 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Max Filippov <jcmvbkbc@gmail.com>
[ Upstream commit 01e84c70fe40c8111f960987bcf7f931842e6d07 ]
xtensa actually uses sync_file_range2 implementation, so it should
define __NR_sync_file_range2 as other architectures that use that
function. That fixes userspace interface (that apparently never worked)
and avoids special-casing xtensa in libc implementations.
See the thread ending at
http://lists.busybox.net/pipermail/uclibc/2015-February/048833.html
for more details.
Cc: stable@vger.kernel.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/xtensa/include/uapi/asm/unistd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/xtensa/include/uapi/asm/unistd.h b/arch/xtensa/include/uapi/asm/unistd.h
index db5bb72..62d8465 100644
--- a/arch/xtensa/include/uapi/asm/unistd.h
+++ b/arch/xtensa/include/uapi/asm/unistd.h
@@ -715,7 +715,7 @@ __SYSCALL(323, sys_process_vm_writev, 6)
__SYSCALL(324, sys_name_to_handle_at, 5)
#define __NR_open_by_handle_at 325
__SYSCALL(325, sys_open_by_handle_at, 3)
-#define __NR_sync_file_range 326
+#define __NR_sync_file_range2 326
__SYSCALL(326, sys_sync_file_range2, 6)
#define __NR_perf_event_open 327
__SYSCALL(327, sys_perf_event_open, 5)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 134/222] xtensa: ISS: fix locking in TAP network adapter
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (132 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 133/222] xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 135/222] gpio: mvebu: Fix mask/unmask managment per irq chip type Sasha Levin
` (88 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Max Filippov <jcmvbkbc@gmail.com>
[ Upstream commit 24e94454c8cb6a13634f5a2f5a01da53a546a58d ]
- don't lock lp->lock in the iss_net_timer for the call of iss_net_poll,
it will lock it itself;
- invert order of lp->lock and opened_lock acquisition in the
iss_net_open to make it consistent with iss_net_poll;
- replace spin_lock with spin_lock_bh when acquiring locks used in
iss_net_timer from non-atomic context;
- replace spin_lock_irqsave with spin_lock_bh in the iss_net_start_xmit
as the driver doesn't use lp->lock in the hard IRQ context;
- replace __SPIN_LOCK_UNLOCKED(lp.lock) with spin_lock_init, otherwise
lockdep is unhappy about using non-static key.
Cc: <stable@vger.kernel.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/xtensa/platforms/iss/network.c | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/arch/xtensa/platforms/iss/network.c b/arch/xtensa/platforms/iss/network.c
index d05f8fe..17b1ef3 100644
--- a/arch/xtensa/platforms/iss/network.c
+++ b/arch/xtensa/platforms/iss/network.c
@@ -349,8 +349,8 @@ static void iss_net_timer(unsigned long priv)
{
struct iss_net_private *lp = (struct iss_net_private *)priv;
- spin_lock(&lp->lock);
iss_net_poll();
+ spin_lock(&lp->lock);
mod_timer(&lp->timer, jiffies + lp->timer_val);
spin_unlock(&lp->lock);
}
@@ -361,7 +361,7 @@ static int iss_net_open(struct net_device *dev)
struct iss_net_private *lp = netdev_priv(dev);
int err;
- spin_lock(&lp->lock);
+ spin_lock_bh(&lp->lock);
err = lp->tp.open(lp);
if (err < 0)
@@ -376,9 +376,11 @@ static int iss_net_open(struct net_device *dev)
while ((err = iss_net_rx(dev)) > 0)
;
- spin_lock(&opened_lock);
+ spin_unlock_bh(&lp->lock);
+ spin_lock_bh(&opened_lock);
list_add(&lp->opened_list, &opened);
- spin_unlock(&opened_lock);
+ spin_unlock_bh(&opened_lock);
+ spin_lock_bh(&lp->lock);
init_timer(&lp->timer);
lp->timer_val = ISS_NET_TIMER_VALUE;
@@ -387,7 +389,7 @@ static int iss_net_open(struct net_device *dev)
mod_timer(&lp->timer, jiffies + lp->timer_val);
out:
- spin_unlock(&lp->lock);
+ spin_unlock_bh(&lp->lock);
return err;
}
@@ -395,7 +397,7 @@ static int iss_net_close(struct net_device *dev)
{
struct iss_net_private *lp = netdev_priv(dev);
netif_stop_queue(dev);
- spin_lock(&lp->lock);
+ spin_lock_bh(&lp->lock);
spin_lock(&opened_lock);
list_del(&opened);
@@ -405,18 +407,17 @@ static int iss_net_close(struct net_device *dev)
lp->tp.close(lp);
- spin_unlock(&lp->lock);
+ spin_unlock_bh(&lp->lock);
return 0;
}
static int iss_net_start_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct iss_net_private *lp = netdev_priv(dev);
- unsigned long flags;
int len;
netif_stop_queue(dev);
- spin_lock_irqsave(&lp->lock, flags);
+ spin_lock_bh(&lp->lock);
len = lp->tp.write(lp, &skb);
@@ -438,7 +439,7 @@ static int iss_net_start_xmit(struct sk_buff *skb, struct net_device *dev)
pr_err("%s: %s failed(%d)\n", dev->name, __func__, len);
}
- spin_unlock_irqrestore(&lp->lock, flags);
+ spin_unlock_bh(&lp->lock);
dev_kfree_skb(skb);
return NETDEV_TX_OK;
@@ -466,9 +467,9 @@ static int iss_net_set_mac(struct net_device *dev, void *addr)
if (!is_valid_ether_addr(hwaddr->sa_data))
return -EADDRNOTAVAIL;
- spin_lock(&lp->lock);
+ spin_lock_bh(&lp->lock);
memcpy(dev->dev_addr, hwaddr->sa_data, ETH_ALEN);
- spin_unlock(&lp->lock);
+ spin_unlock_bh(&lp->lock);
return 0;
}
@@ -520,11 +521,11 @@ static int iss_net_configure(int index, char *init)
*lp = (struct iss_net_private) {
.device_list = LIST_HEAD_INIT(lp->device_list),
.opened_list = LIST_HEAD_INIT(lp->opened_list),
- .lock = __SPIN_LOCK_UNLOCKED(lp.lock),
.dev = dev,
.index = index,
- };
+ };
+ spin_lock_init(&lp->lock);
/*
* If this name ends up conflicting with an existing registered
* netdevice, that is OK, register_netdev{,ice}() will notice this
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 135/222] gpio: mvebu: Fix mask/unmask managment per irq chip type
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (133 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 134/222] xtensa: ISS: fix locking in TAP network adapter Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 136/222] clk: samsung: exynos4: Disable ARMCLK down feature on Exynos4210 SoC Sasha Levin
` (87 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Gregory CLEMENT <gregory.clement@free-electrons.com>
[ Upstream commit 61819549f572edd7fce53f228c0d8420cdc85f71 ]
Level IRQ handlers and edge IRQ handler are managed by tow different
sets of registers. But currently the driver uses the same mask for the
both registers. It lead to issues with the following scenario:
First, an IRQ is requested on a GPIO to be triggered on front. After,
this an other IRQ is requested for a GPIO of the same bank but
triggered on level. Then the first one will be also setup to be
triggered on level. It leads to an interrupt storm.
The different kind of handler are already associated with two
different irq chip type. With this patch the driver uses a private
mask for each one which solves this issue.
It has been tested on an Armada XP based board and on an Armada 375
board. For the both boards, with this patch is applied, there is no
such interrupt storm when running the previous scenario.
This bug was already fixed but in a different way in the legacy
version of this driver by Evgeniy Dushistov:
9ece8839b1277fb9128ff6833411614ab6c88d68 "ARM: orion: Fix for certain
sequence of request_irq can cause irq storm". The fact the new version
of the gpio drive could be affected had been discussed there:
http://thread.gmane.org/gmane.linux.ports.arm.kernel/344670/focus=364012
Reported-by: Evgeniy A. Dushistov <dushistov@mail.ru>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Cc: <stable@vger.kernel.org> # v3.7 +
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpio/gpio-mvebu.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/drivers/gpio/gpio-mvebu.c b/drivers/gpio/gpio-mvebu.c
index 418e386..a93ddbc 100644
--- a/drivers/gpio/gpio-mvebu.c
+++ b/drivers/gpio/gpio-mvebu.c
@@ -305,11 +305,13 @@ static void mvebu_gpio_edge_irq_mask(struct irq_data *d)
{
struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
struct mvebu_gpio_chip *mvchip = gc->private;
+ struct irq_chip_type *ct = irq_data_get_chip_type(d);
u32 mask = 1 << (d->irq - gc->irq_base);
irq_gc_lock(gc);
- gc->mask_cache &= ~mask;
- writel_relaxed(gc->mask_cache, mvebu_gpioreg_edge_mask(mvchip));
+ ct->mask_cache_priv &= ~mask;
+
+ writel_relaxed(ct->mask_cache_priv, mvebu_gpioreg_edge_mask(mvchip));
irq_gc_unlock(gc);
}
@@ -317,11 +319,13 @@ static void mvebu_gpio_edge_irq_unmask(struct irq_data *d)
{
struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
struct mvebu_gpio_chip *mvchip = gc->private;
+ struct irq_chip_type *ct = irq_data_get_chip_type(d);
+
u32 mask = 1 << (d->irq - gc->irq_base);
irq_gc_lock(gc);
- gc->mask_cache |= mask;
- writel_relaxed(gc->mask_cache, mvebu_gpioreg_edge_mask(mvchip));
+ ct->mask_cache_priv |= mask;
+ writel_relaxed(ct->mask_cache_priv, mvebu_gpioreg_edge_mask(mvchip));
irq_gc_unlock(gc);
}
@@ -329,11 +333,13 @@ static void mvebu_gpio_level_irq_mask(struct irq_data *d)
{
struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
struct mvebu_gpio_chip *mvchip = gc->private;
+ struct irq_chip_type *ct = irq_data_get_chip_type(d);
+
u32 mask = 1 << (d->irq - gc->irq_base);
irq_gc_lock(gc);
- gc->mask_cache &= ~mask;
- writel_relaxed(gc->mask_cache, mvebu_gpioreg_level_mask(mvchip));
+ ct->mask_cache_priv &= ~mask;
+ writel_relaxed(ct->mask_cache_priv, mvebu_gpioreg_level_mask(mvchip));
irq_gc_unlock(gc);
}
@@ -341,11 +347,13 @@ static void mvebu_gpio_level_irq_unmask(struct irq_data *d)
{
struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
struct mvebu_gpio_chip *mvchip = gc->private;
+ struct irq_chip_type *ct = irq_data_get_chip_type(d);
+
u32 mask = 1 << (d->irq - gc->irq_base);
irq_gc_lock(gc);
- gc->mask_cache |= mask;
- writel_relaxed(gc->mask_cache, mvebu_gpioreg_level_mask(mvchip));
+ ct->mask_cache_priv |= mask;
+ writel_relaxed(ct->mask_cache_priv, mvebu_gpioreg_level_mask(mvchip));
irq_gc_unlock(gc);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 136/222] clk: samsung: exynos4: Disable ARMCLK down feature on Exynos4210 SoC
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (134 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 135/222] gpio: mvebu: Fix mask/unmask managment per irq chip type Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 137/222] clk: tegra: Register the proper number of resets Sasha Levin
` (86 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
[ Upstream commit 3a9e9cb65be84d6c64fbe9c69a73c15d59f29454 ]
Commit 42773b28e71d ("clk: samsung: exynos4: Enable ARMCLK
down feature") enabled ARMCLK down feature on all Exynos4
SoCs. Unfortunately on Exynos4210 SoC ARMCLK down feature
causes a lockup when ondemand cpufreq governor is used.
Fix it by limiting ARMCLK down feature to Exynos4x12 SoCs.
This patch was tested on:
- Exynos4210 SoC based Trats board
- Exynos4210 SoC based Origen board
- Exynos4412 SoC based Trats2 board
- Exynos4412 SoC based Odroid-U3 board
Cc: Daniel Drake <drake@endlessm.com>
Cc: Tomasz Figa <t.figa@samsung.com>
Cc: Kukjin Kim <kgene@kernel.org>
Fixes: 42773b28e71d ("clk: samsung: exynos4: Enable ARMCLK down feature")
Cc: <stable@vger.kernel.org> # v3.17+
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Michael Turquette <mturquette@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/clk/samsung/clk-exynos4.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/clk/samsung/clk-exynos4.c b/drivers/clk/samsung/clk-exynos4.c
index 940f028..6197317 100644
--- a/drivers/clk/samsung/clk-exynos4.c
+++ b/drivers/clk/samsung/clk-exynos4.c
@@ -1354,7 +1354,7 @@ static struct samsung_pll_clock exynos4x12_plls[nr_plls] __initdata = {
VPLL_LOCK, VPLL_CON0, NULL),
};
-static void __init exynos4_core_down_clock(enum exynos4_soc soc)
+static void __init exynos4x12_core_down_clock(void)
{
unsigned int tmp;
@@ -1373,11 +1373,9 @@ static void __init exynos4_core_down_clock(enum exynos4_soc soc)
__raw_writel(tmp, reg_base + PWR_CTRL1);
/*
- * Disable the clock up feature on Exynos4x12, in case it was
- * enabled by bootloader.
+ * Disable the clock up feature in case it was enabled by bootloader.
*/
- if (exynos4_soc == EXYNOS4X12)
- __raw_writel(0x0, reg_base + E4X12_PWR_CTRL2);
+ __raw_writel(0x0, reg_base + E4X12_PWR_CTRL2);
}
/* register exynos4 clocks */
@@ -1474,7 +1472,8 @@ static void __init exynos4_clk_init(struct device_node *np,
samsung_clk_register_alias(ctx, exynos4_aliases,
ARRAY_SIZE(exynos4_aliases));
- exynos4_core_down_clock(soc);
+ if (soc == EXYNOS4X12)
+ exynos4x12_core_down_clock();
exynos4_clk_sleep_init();
samsung_clk_of_add_provider(np, ctx);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 137/222] clk: tegra: Register the proper number of resets
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (135 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 136/222] clk: samsung: exynos4: Disable ARMCLK down feature on Exynos4210 SoC Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 138/222] clk: qcom: Fix i2c frequency table Sasha Levin
` (85 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Thierry Reding <treding@nvidia.com>
[ Upstream commit 5e43e259171e1eee8bc074d9c44be434e685087b ]
The number of resets controls is 32 times the number of peripheral
register banks rather than 32 times the number of clocks. This reduces
(drastically) the number of reset controls registered from 10080 (315
clocks * 32) to 224 (6 peripheral register banks * 32).
This also fixes a potential crash because trying to use any of the
excess reset controls (224-10079) would have caused accesses beyond
the array bounds of the peripheral register banks definition array.
Cc: Peter De Schrijver <pdeschrijver@nvidia.com>
Cc: Prashant Gaikwad <pgaikwad@nvidia.com>
Fixes: 6d5b988e7dc5 ("clk: tegra: implement a reset driver")
Cc: stable@vger.kernel.org # 3.14+
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/clk/tegra/clk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/tegra/clk.c b/drivers/clk/tegra/clk.c
index 97dc859..c51f7c8 100644
--- a/drivers/clk/tegra/clk.c
+++ b/drivers/clk/tegra/clk.c
@@ -272,7 +272,7 @@ void __init tegra_add_of_provider(struct device_node *np)
of_clk_add_provider(np, of_clk_src_onecell_get, &clk_data);
rst_ctlr.of_node = np;
- rst_ctlr.nr_resets = clk_num * 32;
+ rst_ctlr.nr_resets = periph_banks * 32;
reset_controller_register(&rst_ctlr);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 138/222] clk: qcom: Fix i2c frequency table
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (136 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 137/222] clk: tegra: Register the proper number of resets Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 139/222] clk: qcom: fix RCG M/N counter configuration Sasha Levin
` (84 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Stephen Boyd <sboyd@codeaurora.org>
[ Upstream commit 0bf0ff82c34da02ee5795101b328225a2d519594 ]
PXO is 25MHz, not 27MHz. Fix the table.
Fixes: 24d8fba44af3 "clk: qcom: Add support for IPQ8064's global
clock controller (GCC)"
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Reviewed-by: Andy Gross <agross@codeaurora.org>
Tested-by: Andy Gross <agross@codeaurora.org>
Signed-off-by: Michael Turquette <mturquette@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/clk/qcom/gcc-ipq806x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/qcom/gcc-ipq806x.c b/drivers/clk/qcom/gcc-ipq806x.c
index 5cd62a7..8c37d9c 100644
--- a/drivers/clk/qcom/gcc-ipq806x.c
+++ b/drivers/clk/qcom/gcc-ipq806x.c
@@ -514,8 +514,8 @@ static struct freq_tbl clk_tbl_gsbi_qup[] = {
{ 10800000, P_PXO, 1, 2, 5 },
{ 15060000, P_PLL8, 1, 2, 51 },
{ 24000000, P_PLL8, 4, 1, 4 },
+ { 25000000, P_PXO, 1, 0, 0 },
{ 25600000, P_PLL8, 1, 1, 15 },
- { 27000000, P_PXO, 1, 0, 0 },
{ 48000000, P_PLL8, 4, 1, 2 },
{ 51200000, P_PLL8, 1, 2, 15 },
{ }
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 139/222] clk: qcom: fix RCG M/N counter configuration
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (137 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 138/222] clk: qcom: Fix i2c frequency table Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 140/222] Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY" Sasha Levin
` (83 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Archit Taneja <architt@codeaurora.org>
[ Upstream commit 0b21503dbbfa669dbd847b33578d4041513cddb2 ]
Currently, a RCG's M/N counter (used for fraction division) is
set to either 'bypass' (counter disabled) or 'dual edge' (counter
enabled) based on whether the corresponding rcg struct has a mnd
field specified and a non-zero N.
In the case where M and N are the same value, the M/N counter is
still enabled by code even though no division takes place.
Leaving the RCG in such a state can result in improper behavior.
This was observed with the DSI pixel clock RCG when M and N were
both set to 1.
Add an additional check (M != N) to enable the M/N counter only
when it's needed for fraction division.
Signed-off-by: Archit Taneja <architt@codeaurora.org>
Fixes: bcd61c0f535a (clk: qcom: Add support for root clock
generators (RCGs))
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/clk/qcom/clk-rcg2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/qcom/clk-rcg2.c b/drivers/clk/qcom/clk-rcg2.c
index cfa9eb4..f76b685 100644
--- a/drivers/clk/qcom/clk-rcg2.c
+++ b/drivers/clk/qcom/clk-rcg2.c
@@ -240,7 +240,7 @@ static int clk_rcg2_configure(struct clk_rcg2 *rcg, const struct freq_tbl *f)
mask |= CFG_SRC_SEL_MASK | CFG_MODE_MASK;
cfg = f->pre_div << CFG_SRC_DIV_SHIFT;
cfg |= rcg->parent_map[f->src] << CFG_SRC_SEL_SHIFT;
- if (rcg->mnd_width && f->n)
+ if (rcg->mnd_width && f->n && (f->m != f->n))
cfg |= CFG_MODE_DUAL_EDGE;
ret = regmap_update_bits(rcg->clkr.regmap,
rcg->cmd_rcgr + CFG_REG, mask, cfg);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 140/222] Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY"
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (138 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 139/222] clk: qcom: fix RCG M/N counter configuration Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 141/222] sd: Unregister integrity profile Sasha Levin
` (82 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ben Collins <ben.c@servergy.com>
[ Upstream commit c0403ec0bb5a8c5b267fb7e16021bec0b17e4964 ]
This reverts Linux 4.1-rc1 commit 0618764cb25f6fa9fb31152995de42a8a0496475.
The problem which that commit attempts to fix actually lies in the
Freescale CAAM crypto driver not dm-crypt.
dm-crypt uses CRYPTO_TFM_REQ_MAY_BACKLOG. This means the the crypto
driver should internally backlog requests which arrive when the queue is
full and process them later. Until the crypto hw's queue becomes full,
the driver returns -EINPROGRESS. When the crypto hw's queue if full,
the driver returns -EBUSY, and if CRYPTO_TFM_REQ_MAY_BACKLOG is set, is
expected to backlog the request and process it when the hardware has
queue space. At the point when the driver takes the request from the
backlog and starts processing it, it calls the completion function with
a status of -EINPROGRESS. The completion function is called (for a
second time, in the case of backlogged requests) with a status/err of 0
when a request is done.
Crypto drivers for hardware without hardware queueing use the helpers,
crypto_init_queue(), crypto_enqueue_request(), crypto_dequeue_request()
and crypto_get_backlog() helpers to implement this behaviour correctly,
while others implement this behaviour without these helpers (ccp, for
example).
dm-crypt (before the patch that needs reverting) uses this API
correctly. It queues up as many requests as the hw queues will allow
(i.e. as long as it gets back -EINPROGRESS from the request function).
Then, when it sees at least one backlogged request (gets -EBUSY), it
waits till that backlogged request is handled (completion gets called
with -EINPROGRESS), and then continues. The references to
af_alg_wait_for_completion() and af_alg_complete() in that commit's
commit message are irrelevant because those functions only handle one
request at a time, unlink dm-crypt.
The problem is that the Freescale CAAM driver, which that commit
describes as having being tested with, fails to implement the
backlogging behaviour correctly. In cam_jr_enqueue(), if the hardware
queue is full, it simply returns -EBUSY without backlogging the request.
What the observed deadlock was is not described in the commit message
but it is obviously the wait_for_completion() in crypto_convert() where
dm-crypto would wait for the completion being called with -EINPROGRESS
in the case of backlogged requests. This completion will never be
completed due to the bug in the CAAM driver.
Commit 0618764cb25 incorrectly made dm-crypt wait for every request,
even when the driver/hardware queues are not full, which means that
dm-crypt will never see -EBUSY. This means that that commit will cause
a performance regression on all crypto drivers which implement the API
correctly.
Revert it. Correct backlog handling should be implemented in the CAAM
driver instead.
Cc'ing stable purely because commit 0618764cb25 did. If for some reason
a stable@ kernel did pick up commit 0618764cb25 it should get reverted.
Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Reviewed-by: Horia Geanta <horia.geanta@freescale.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/md/dm-crypt.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 08981be..a9f2266 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -920,11 +920,10 @@ static int crypt_convert(struct crypt_config *cc,
switch (r) {
/* async */
+ case -EINPROGRESS:
case -EBUSY:
wait_for_completion(&ctx->restart);
reinit_completion(&ctx->restart);
- /* fall through*/
- case -EINPROGRESS:
ctx->req = NULL;
ctx->cc_sector++;
continue;
@@ -1315,10 +1314,8 @@ static void kcryptd_async_done(struct crypto_async_request *async_req,
struct dm_crypt_io *io = container_of(ctx, struct dm_crypt_io, ctx);
struct crypt_config *cc = io->cc;
- if (error == -EINPROGRESS) {
- complete(&ctx->restart);
+ if (error == -EINPROGRESS)
return;
- }
if (!error && cc->iv_gen_ops && cc->iv_gen_ops->post)
error = cc->iv_gen_ops->post(cc, iv_of_dmreq(cc, dmreq), dmreq);
@@ -1329,12 +1326,15 @@ static void kcryptd_async_done(struct crypto_async_request *async_req,
crypt_free_req(cc, req_of_dmreq(cc, dmreq), io->base_bio);
if (!atomic_dec_and_test(&ctx->cc_pending))
- return;
+ goto done;
if (bio_data_dir(io->base_bio) == READ)
kcryptd_crypt_read_done(io);
else
kcryptd_crypt_write_io_submit(io, 1);
+done:
+ if (!completion_done(&ctx->restart))
+ complete(&ctx->restart);
}
static void kcryptd_crypt(struct work_struct *work)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 141/222] sd: Unregister integrity profile
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (139 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 140/222] Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY" Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 142/222] sd: Fix missing ATO tag check Sasha Levin
` (81 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "Martin K. Petersen" <martin.petersen@oracle.com>
[ Upstream commit e727c42bd55794765c460b7ac2b6cc969f2a9698 ]
The new integrity code did not correctly unregister the profile for SD
disks. Call blk_integrity_unregister() when we release a disk.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Reported-by: Sagi Grimberg <sagig@dev.mellanox.co.il>
Tested-by: Sagi Grimberg <sagig@mellanox.com>
Cc: stable@vger.kernel.org # v3.17+
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/scsi/sd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index dd8c8d6..7a4d88c 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3118,6 +3118,7 @@ static void scsi_disk_release(struct device *dev)
ida_remove(&sd_index_ida, sdkp->index);
spin_unlock(&sd_index_lock);
+ blk_integrity_unregister(disk);
disk->private_data = NULL;
put_disk(disk);
put_device(&sdkp->device->sdev_gendev);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 142/222] sd: Fix missing ATO tag check
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (140 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 141/222] sd: Unregister integrity profile Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 143/222] Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open() Sasha Levin
` (80 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "Martin K. Petersen" <martin.petersen@oracle.com>
[ Upstream commit e557990e358934fb168d30371c9c0f63e314c6b8 ]
3aec2f41a8bae introduced a merge error where we would end up check for
sdkp instead of sdkp->ATO. Fix this so we register app tag capability
correctly.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: <stable@vger.kernel.org> # v3.17+
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/scsi/sd_dif.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/sd_dif.c b/drivers/scsi/sd_dif.c
index 14c7d42..5c06d29 100644
--- a/drivers/scsi/sd_dif.c
+++ b/drivers/scsi/sd_dif.c
@@ -77,7 +77,7 @@ void sd_dif_config_host(struct scsi_disk *sdkp)
disk->integrity->flags |= BLK_INTEGRITY_DEVICE_CAPABLE;
- if (!sdkp)
+ if (!sdkp->ATO)
return;
if (type == SD_DIF_TYPE3_PROTECTION)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 143/222] Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (141 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 142/222] sd: Fix missing ATO tag check Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 144/222] mvsas: fix panic on expander attached SATA devices Sasha Levin
` (79 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "K. Y. Srinivasan" <kys@microsoft.com>
[ Upstream commit 40384e4bbeb9f2651fe9bffc0062d9f31ef625bf ]
Correctly rollback state if the failure occurs after we have handed over
the ownership of the buffer to the host.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/hv/channel.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
index 433f72a..995e2a0 100644
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c
@@ -135,7 +135,7 @@ int vmbus_open(struct vmbus_channel *newchannel, u32 send_ringbuffer_size,
GFP_KERNEL);
if (!open_info) {
err = -ENOMEM;
- goto error0;
+ goto error_gpadl;
}
init_completion(&open_info->waitevent);
@@ -151,7 +151,7 @@ int vmbus_open(struct vmbus_channel *newchannel, u32 send_ringbuffer_size,
if (userdatalen > MAX_USER_DEFINED_BYTES) {
err = -EINVAL;
- goto error0;
+ goto error_gpadl;
}
if (userdatalen)
@@ -195,6 +195,9 @@ error1:
list_del(&open_info->msglistentry);
spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
+error_gpadl:
+ vmbus_teardown_gpadl(newchannel, newchannel->ringbuffer_gpadlhandle);
+
error0:
free_pages((unsigned long)out,
get_order(send_ringbuffer_size + recv_ringbuffer_size));
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 144/222] mvsas: fix panic on expander attached SATA devices
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (142 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 143/222] Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open() Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 145/222] [media] rc: img-ir: fix error in parameters passed to irq_free() Sasha Levin
` (78 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: James Bottomley <JBottomley@Odin.com>
[ Upstream commit 56cbd0ccc1b508de19561211d7ab9e1c77e6b384 ]
mvsas is giving a General protection fault when it encounters an expander
attached ATA device. Analysis of mvs_task_prep_ata() shows that the driver is
assuming all ATA devices are locally attached and obtaining the phy mask by
indexing the local phy table (in the HBA structure) with the phy id. Since
expanders have many more phys than the HBA, this is causing the index into the
HBA phy table to overflow and returning rubbish as the pointer.
mvs_task_prep_ssp() instead does the phy mask using the port properties.
Mirror this in mvs_task_prep_ata() to fix the panic.
Reported-by: Adam Talbot <ajtalbot1@gmail.com>
Tested-by: Adam Talbot <ajtalbot1@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/scsi/mvsas/mv_sas.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c
index ac52f7c..0eb2da8 100644
--- a/drivers/scsi/mvsas/mv_sas.c
+++ b/drivers/scsi/mvsas/mv_sas.c
@@ -441,14 +441,11 @@ static u32 mvs_get_ncq_tag(struct sas_task *task, u32 *tag)
static int mvs_task_prep_ata(struct mvs_info *mvi,
struct mvs_task_exec_info *tei)
{
- struct sas_ha_struct *sha = mvi->sas;
struct sas_task *task = tei->task;
struct domain_device *dev = task->dev;
struct mvs_device *mvi_dev = dev->lldd_dev;
struct mvs_cmd_hdr *hdr = tei->hdr;
struct asd_sas_port *sas_port = dev->port;
- struct sas_phy *sphy = dev->phy;
- struct asd_sas_phy *sas_phy = sha->sas_phy[sphy->number];
struct mvs_slot_info *slot;
void *buf_prd;
u32 tag = tei->tag, hdr_tag;
@@ -468,7 +465,7 @@ static int mvs_task_prep_ata(struct mvs_info *mvi,
slot->tx = mvi->tx_prod;
del_q = TXQ_MODE_I | tag |
(TXQ_CMD_STP << TXQ_CMD_SHIFT) |
- (MVS_PHY_ID << TXQ_PHY_SHIFT) |
+ ((sas_port->phy_mask & TXQ_PHY_MASK) << TXQ_PHY_SHIFT) |
(mvi_dev->taskfileset << TXQ_SRS_SHIFT);
mvi->tx[mvi->tx_prod] = cpu_to_le32(del_q);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 145/222] [media] rc: img-ir: fix error in parameters passed to irq_free()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (143 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 144/222] mvsas: fix panic on expander attached SATA devices Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 146/222] [media] stk1160: Make sure current buffer is released Sasha Levin
` (77 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sifan Naeem <sifan.naeem@imgtec.com>
[ Upstream commit 80ccf4ad06dc9d2f06a8347b2d309cdc959f72b3 ]
img_ir_remove() passes a pointer to the ISR function as the 2nd
parameter to irq_free() instead of a pointer to the device data
structure.
This issue causes unloading img-ir module to fail with the below
warning after building and loading img-ir as a module.
WARNING: CPU: 2 PID: 155 at ../kernel/irq/manage.c:1278
__free_irq+0xb4/0x214() Trying to free already-free IRQ 58
Modules linked in: img_ir(-)
CPU: 2 PID: 155 Comm: rmmod Not tainted 3.14.0 #55 ...
Call Trace:
...
[<8048d420>] __free_irq+0xb4/0x214
[<8048d6b4>] free_irq+0xac/0xf4
[<c009b130>] img_ir_remove+0x54/0xd4 [img_ir] [<8073ded0>]
platform_drv_remove+0x30/0x54 ...
Fixes: 160a8f8aec4d ("[media] rc: img-ir: add base driver")
Signed-off-by: Sifan Naeem <sifan.naeem@imgtec.com>
Cc: <stable@vger.kernel.org> # 3.15+
Acked-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/media/rc/img-ir/img-ir-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/rc/img-ir/img-ir-core.c b/drivers/media/rc/img-ir/img-ir-core.c
index a0cac2f..9971dda 100644
--- a/drivers/media/rc/img-ir/img-ir-core.c
+++ b/drivers/media/rc/img-ir/img-ir-core.c
@@ -146,7 +146,7 @@ static int img_ir_remove(struct platform_device *pdev)
{
struct img_ir_priv *priv = platform_get_drvdata(pdev);
- free_irq(priv->irq, img_ir_isr);
+ free_irq(priv->irq, priv);
img_ir_remove_hw(priv);
img_ir_remove_raw(priv);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 146/222] [media] stk1160: Make sure current buffer is released
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (144 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 145/222] [media] rc: img-ir: fix error in parameters passed to irq_free() Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 147/222] IB/core: disallow registering 0-sized memory region Sasha Levin
` (76 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
[ Upstream commit aeff09276748b66072f2db2e668cec955cf41959 ]
The available (i.e. not used) buffers are returned by stk1160_clear_queue(),
on the stop_streaming() path. However, this is insufficient and the current
buffer must be released as well. Fix it.
Cc: stable@vger.kernel.org
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/media/usb/stk1160/stk1160-v4l.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/stk1160/stk1160-v4l.c b/drivers/media/usb/stk1160/stk1160-v4l.c
index 2330543..f6d0334 100644
--- a/drivers/media/usb/stk1160/stk1160-v4l.c
+++ b/drivers/media/usb/stk1160/stk1160-v4l.c
@@ -244,6 +244,11 @@ static int stk1160_stop_streaming(struct stk1160 *dev)
if (mutex_lock_interruptible(&dev->v4l_lock))
return -ERESTARTSYS;
+ /*
+ * Once URBs are cancelled, the URB complete handler
+ * won't be running. This is required to safely release the
+ * current buffer (dev->isoc_ctl.buf).
+ */
stk1160_cancel_isoc(dev);
/*
@@ -624,8 +629,16 @@ void stk1160_clear_queue(struct stk1160 *dev)
stk1160_info("buffer [%p/%d] aborted\n",
buf, buf->vb.v4l2_buf.index);
}
- /* It's important to clear current buffer */
- dev->isoc_ctl.buf = NULL;
+
+ /* It's important to release the current buffer */
+ if (dev->isoc_ctl.buf) {
+ buf = dev->isoc_ctl.buf;
+ dev->isoc_ctl.buf = NULL;
+
+ vb2_buffer_done(&buf->vb, VB2_BUF_STATE_ERROR);
+ stk1160_info("buffer [%p/%d] aborted\n",
+ buf, buf->vb.v4l2_buf.index);
+ }
spin_unlock_irqrestore(&dev->buf_lock, flags);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 147/222] IB/core: disallow registering 0-sized memory region
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (145 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 146/222] [media] stk1160: Make sure current buffer is released Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 148/222] IB/core: don't disallow registering region starting at 0x0 Sasha Levin
` (75 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Yann Droneaud <ydroneaud@opteya.com>
[ Upstream commit 8abaae62f3fdead8f4ce0ab46b4ab93dee39bab2 ]
If ib_umem_get() is called with a size equal to 0 and an
non-page aligned address, one page will be pinned and a
0-sized umem will be returned to the caller.
This should not be allowed: it's not expected for a memory
region to have a size equal to 0.
This patch adds a check to explicitly refuse to register
a 0-sized region.
Link: http://mid.gmane.org/cover.1428929103.git.ydroneaud@opteya.com
Cc: <stable@vger.kernel.org>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Jack Morgenstein <jackm@mellanox.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/infiniband/core/umem.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
index dfa4286..0f4c7b5 100644
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -94,6 +94,9 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
if (dmasync)
dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+ if (!size)
+ return ERR_PTR(-EINVAL);
+
/*
* If the combination of the addr and size requested for this memory
* region causes an integer overflow, return error.
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 148/222] IB/core: don't disallow registering region starting at 0x0
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (146 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 147/222] IB/core: disallow registering 0-sized memory region Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 149/222] IB/mlx4: Fix WQE LSO segment calculation Sasha Levin
` (74 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Yann Droneaud <ydroneaud@opteya.com>
[ Upstream commit 66578b0b2f69659f00b6169e6fe7377c4b100d18 ]
In a call to ib_umem_get(), if address is 0x0 and size is
already page aligned, check added in commit 8494057ab5e4
("IB/uverbs: Prevent integer overflow in ib_umem_get address
arithmetic") will refuse to register a memory region that
could otherwise be valid (provided vm.mmap_min_addr sysctl
and mmap_low_allowed SELinux knobs allow userspace to map
something at address 0x0).
This patch allows back such registration: ib_umem_get()
should probably don't care of the base address provided it
can be pinned with get_user_pages().
There's two possible overflows, in (addr + size) and in
PAGE_ALIGN(addr + size), this patch keep ensuring none
of them happen while allowing to pin memory at address
0x0. Anyway, the case of size equal 0 is no more (partially)
handled as 0-length memory region are disallowed by an
earlier check.
Link: http://mid.gmane.org/cover.1428929103.git.ydroneaud@opteya.com
Cc: <stable@vger.kernel.org> # 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic")
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Jack Morgenstein <jackm@mellanox.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Haggai Eran <haggaie@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/infiniband/core/umem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
index 0f4c7b5..49df6af 100644
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -101,8 +101,8 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
* If the combination of the addr and size requested for this memory
* region causes an integer overflow, return error.
*/
- if ((PAGE_ALIGN(addr + size) <= size) ||
- (PAGE_ALIGN(addr + size) <= addr))
+ if (((addr + size) < addr) ||
+ PAGE_ALIGN(addr + size) < (addr + size))
return ERR_PTR(-EINVAL);
if (!can_do_mlock())
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 149/222] IB/mlx4: Fix WQE LSO segment calculation
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (147 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 148/222] IB/core: don't disallow registering region starting at 0x0 Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 150/222] IB/iser: Fix wrong calculation of protection buffer length Sasha Levin
` (73 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Erez Shitrit <erezsh@mellanox.com>
[ Upstream commit ca9b590caa17bcbbea119594992666e96cde9c2f ]
The current code decreases from the mss size (which is the gso_size
from the kernel skb) the size of the packet headers.
It shouldn't do that because the mss that comes from the stack
(e.g IPoIB) includes only the tcp payload without the headers.
The result is indication to the HW that each packet that the HW sends
is smaller than what it could be, and too many packets will be sent
for big messages.
An easy way to demonstrate one more aspect of the problem is by
configuring the ipoib mtu to be less than 2*hlen (2*56) and then
run app sending big TCP messages. This will tell the HW to send packets
with giant (negative value which under unsigned arithmetics becomes
a huge positive one) length and the QP moves to SQE state.
Fixes: b832be1e4007 ('IB/mlx4: Add IPoIB LSO support')
Reported-by: Matthew Finlay <matt@mellanox.com>
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/infiniband/hw/mlx4/qp.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/mlx4/qp.c b/drivers/infiniband/hw/mlx4/qp.c
index 03045dd..33cbb76 100644
--- a/drivers/infiniband/hw/mlx4/qp.c
+++ b/drivers/infiniband/hw/mlx4/qp.c
@@ -2559,8 +2559,7 @@ static int build_lso_seg(struct mlx4_wqe_lso_seg *wqe, struct ib_send_wr *wr,
memcpy(wqe->header, wr->wr.ud.header, wr->wr.ud.hlen);
- *lso_hdr_sz = cpu_to_be32((wr->wr.ud.mss - wr->wr.ud.hlen) << 16 |
- wr->wr.ud.hlen);
+ *lso_hdr_sz = cpu_to_be32(wr->wr.ud.mss << 16 | wr->wr.ud.hlen);
*lso_seg_len = halign;
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 150/222] IB/iser: Fix wrong calculation of protection buffer length
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (148 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 149/222] IB/mlx4: Fix WQE LSO segment calculation Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 151/222] tracing: Handle ftrace_dump() atomic context in graph_trace_open() Sasha Levin
` (72 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sagi Grimberg <sagig@mellanox.com>
[ Upstream commit a065fe6aa25ba6ba93c02dc13486131bb3c64d5f ]
This length miss-calculation may cause a silent data corruption
in the DIX case and cause the device to reference unmapped area.
Fixes: d77e65350f2d ('libiscsi, iser: Adjust data_length to include protection information')
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/infiniband/ulp/iser/iser_initiator.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/ulp/iser/iser_initiator.c b/drivers/infiniband/ulp/iser/iser_initiator.c
index 20e859a..76eb57b 100644
--- a/drivers/infiniband/ulp/iser/iser_initiator.c
+++ b/drivers/infiniband/ulp/iser/iser_initiator.c
@@ -409,8 +409,8 @@ int iser_send_command(struct iscsi_conn *conn,
if (scsi_prot_sg_count(sc)) {
prot_buf->buf = scsi_prot_sglist(sc);
prot_buf->size = scsi_prot_sg_count(sc);
- prot_buf->data_len = data_buf->data_len >>
- ilog2(sc->device->sector_size) * 8;
+ prot_buf->data_len = (data_buf->data_len >>
+ ilog2(sc->device->sector_size)) * 8;
}
if (hdr->flags & ISCSI_FLAG_CMD_READ) {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 151/222] tracing: Handle ftrace_dump() atomic context in graph_trace_open()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (149 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 150/222] IB/iser: Fix wrong calculation of protection buffer length Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 152/222] i2c: rk3x: report number of messages transmitted Sasha Levin
` (71 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Rabin Vincent <rabin@rab.in>
[ Upstream commit ef99b88b16bee753fa51207abdc58ae660453ec6 ]
graph_trace_open() can be called in atomic context from ftrace_dump().
Use GFP_ATOMIC for the memory allocations when that's the case, in order
to avoid the following splat.
BUG: sleeping function called from invalid context at mm/slab.c:2849
in_atomic(): 1, irqs_disabled(): 128, pid: 0, name: swapper/0
Backtrace:
..
[<8004dc94>] (__might_sleep) from [<801371f4>] (kmem_cache_alloc_trace+0x160/0x238)
r7:87800040 r6:000080d0 r5:810d16e8 r4:000080d0
[<80137094>] (kmem_cache_alloc_trace) from [<800cbd60>] (graph_trace_open+0x30/0xd0)
r10:00000100 r9:809171a8 r8:00008e28 r7:810d16f0 r6:00000001 r5:810d16e8
r4:810d16f0
[<800cbd30>] (graph_trace_open) from [<800c79c4>] (trace_init_global_iter+0x50/0x9c)
r8:00008e28 r7:808c853c r6:00000001 r5:810d16e8 r4:810d16f0 r3:800cbd30
[<800c7974>] (trace_init_global_iter) from [<800c7aa0>] (ftrace_dump+0x90/0x2ec)
r4:810d2580 r3:00000000
[<800c7a10>] (ftrace_dump) from [<80414b2c>] (sysrq_ftrace_dump+0x1c/0x20)
r10:00000100 r9:809171a8 r8:808f6e7c r7:00000001 r6:00000007 r5:0000007a
r4:808d5394
[<80414b10>] (sysrq_ftrace_dump) from [<800169b8>] (return_to_handler+0x0/0x18)
[<80415498>] (__handle_sysrq) from [<800169b8>] (return_to_handler+0x0/0x18)
r8:808c8100 r7:808c8444 r6:00000101 r5:00000010 r4:84eb3210
[<80415668>] (handle_sysrq) from [<800169b8>] (return_to_handler+0x0/0x18)
[<8042a760>] (pl011_int) from [<800169b8>] (return_to_handler+0x0/0x18)
r10:809171bc r9:809171a8 r8:00000001 r7:00000026 r6:808c6000 r5:84f01e60
r4:8454fe00
[<8007782c>] (handle_irq_event_percpu) from [<80077b44>] (handle_irq_event+0x4c/0x6c)
r10:808c7ef0 r9:87283e00 r8:00000001 r7:00000000 r6:8454fe00 r5:84f01e60
r4:84f01e00
[<80077af8>] (handle_irq_event) from [<8007aa28>] (handle_fasteoi_irq+0xf0/0x1ac)
r6:808f52a4 r5:84f01e60 r4:84f01e00 r3:00000000
[<8007a938>] (handle_fasteoi_irq) from [<80076dc0>] (generic_handle_irq+0x3c/0x4c)
r6:00000026 r5:00000000 r4:00000026 r3:8007a938
[<80076d84>] (generic_handle_irq) from [<80077128>] (__handle_domain_irq+0x8c/0xfc)
r4:808c1e38 r3:0000002e
[<8007709c>] (__handle_domain_irq) from [<800087b8>] (gic_handle_irq+0x34/0x6c)
r10:80917748 r9:00000001 r8:88802100 r7:808c7ef0 r6:808c8fb0 r5:00000015
r4:8880210c r3:808c7ef0
[<80008784>] (gic_handle_irq) from [<80014044>] (__irq_svc+0x44/0x7c)
Link: http://lkml.kernel.org/r/1428953721-31349-1-git-send-email-rabin@rab.in
Link: http://lkml.kernel.org/r/1428957012-2319-1-git-send-email-rabin@rab.in
Cc: stable@vger.kernel.org # 3.13+
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
kernel/trace/trace_functions_graph.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index f0a0c98..2964333 100644
--- a/kernel/trace/trace_functions_graph.c
+++ b/kernel/trace/trace_functions_graph.c
@@ -1462,15 +1462,19 @@ void graph_trace_open(struct trace_iterator *iter)
{
/* pid and depth on the last trace processed */
struct fgraph_data *data;
+ gfp_t gfpflags;
int cpu;
iter->private = NULL;
- data = kzalloc(sizeof(*data), GFP_KERNEL);
+ /* We can be called in atomic context via ftrace_dump() */
+ gfpflags = (in_atomic() || irqs_disabled()) ? GFP_ATOMIC : GFP_KERNEL;
+
+ data = kzalloc(sizeof(*data), gfpflags);
if (!data)
goto out_err;
- data->cpu_data = alloc_percpu(struct fgraph_cpu_data);
+ data->cpu_data = alloc_percpu_gfp(struct fgraph_cpu_data, gfpflags);
if (!data->cpu_data)
goto out_err_free;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 152/222] i2c: rk3x: report number of messages transmitted
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (150 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 151/222] tracing: Handle ftrace_dump() atomic context in graph_trace_open() Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 153/222] i2c: core: Export bus recovery functions Sasha Levin
` (70 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit c6cbfb91b878224e78408a2e15901c79de77115a ]
master_xfer() method should return number of i2c messages transferred,
but on Rockchip we were usually returning just 1, which caused trouble
with users that actually check number of transferred messages vs.
checking for negative error codes.
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/i2c/busses/i2c-rk3x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-rk3x.c b/drivers/i2c/busses/i2c-rk3x.c
index f486d0e..3ba9333 100644
--- a/drivers/i2c/busses/i2c-rk3x.c
+++ b/drivers/i2c/busses/i2c-rk3x.c
@@ -588,7 +588,7 @@ static int rk3x_i2c_xfer(struct i2c_adapter *adap,
clk_disable(i2c->clk);
spin_unlock_irqrestore(&i2c->lock, flags);
- return ret;
+ return ret < 0 ? ret : num;
}
static u32 rk3x_i2c_func(struct i2c_adapter *adap)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 153/222] i2c: core: Export bus recovery functions
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (151 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 152/222] i2c: rk3x: report number of messages transmitted Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 154/222] drm/radeon: fix doublescan modes (v2) Sasha Levin
` (69 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Mark Brown <broonie@kernel.org>
[ Upstream commit c1c21f4e60ed4523292f1a89ff45a208bddd3849 ]
Current -next fails to link an ARM allmodconfig because drivers that use
the core recovery functions can be built as modules but those functions
are not exported:
ERROR: "i2c_generic_gpio_recovery" [drivers/i2c/busses/i2c-davinci.ko] undefined!
ERROR: "i2c_generic_scl_recovery" [drivers/i2c/busses/i2c-davinci.ko] undefined!
ERROR: "i2c_recover_bus" [drivers/i2c/busses/i2c-davinci.ko] undefined!
Add exports to fix this.
Fixes: 5f9296ba21b3c (i2c: Add bus recovery infrastructure)
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/i2c/i2c-core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
index 17a1853..7bd1b5cf 100644
--- a/drivers/i2c/i2c-core.c
+++ b/drivers/i2c/i2c-core.c
@@ -593,6 +593,7 @@ int i2c_generic_scl_recovery(struct i2c_adapter *adap)
adap->bus_recovery_info->set_scl(adap, 1);
return i2c_generic_recovery(adap);
}
+EXPORT_SYMBOL_GPL(i2c_generic_scl_recovery);
int i2c_generic_gpio_recovery(struct i2c_adapter *adap)
{
@@ -607,6 +608,7 @@ int i2c_generic_gpio_recovery(struct i2c_adapter *adap)
return ret;
}
+EXPORT_SYMBOL_GPL(i2c_generic_gpio_recovery);
int i2c_recover_bus(struct i2c_adapter *adap)
{
@@ -616,6 +618,7 @@ int i2c_recover_bus(struct i2c_adapter *adap)
dev_dbg(&adap->dev, "Trying i2c bus recovery\n");
return adap->bus_recovery_info->recover_bus(adap);
}
+EXPORT_SYMBOL_GPL(i2c_recover_bus);
static int i2c_device_probe(struct device *dev)
{
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 154/222] drm/radeon: fix doublescan modes (v2)
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (152 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 153/222] i2c: core: Export bus recovery functions Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 155/222] drm/i915: Dont enable CS_PARSER_ERROR interrupts at all Sasha Levin
` (68 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Alex Deucher <alexander.deucher@amd.com>
[ Upstream commit fd99a0943ffaa0320ea4f69d09ed188f950c0432 ]
Use the correct flags for atom.
v2: handle DRM_MODE_FLAG_DBLCLK
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpu/drm/radeon/atombios_crtc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c
index 9f0e625..ce8cab5 100644
--- a/drivers/gpu/drm/radeon/atombios_crtc.c
+++ b/drivers/gpu/drm/radeon/atombios_crtc.c
@@ -330,8 +330,10 @@ atombios_set_crtc_dtd_timing(struct drm_crtc *crtc,
misc |= ATOM_COMPOSITESYNC;
if (mode->flags & DRM_MODE_FLAG_INTERLACE)
misc |= ATOM_INTERLACE;
- if (mode->flags & DRM_MODE_FLAG_DBLSCAN)
+ if (mode->flags & DRM_MODE_FLAG_DBLCLK)
misc |= ATOM_DOUBLE_CLOCK_MODE;
+ if (mode->flags & DRM_MODE_FLAG_DBLSCAN)
+ misc |= ATOM_H_REPLICATIONBY2 | ATOM_V_REPLICATIONBY2;
args.susModeMiscInfo.usAccess = cpu_to_le16(misc);
args.ucCRTC = radeon_crtc->crtc_id;
@@ -374,8 +376,10 @@ static void atombios_crtc_set_timing(struct drm_crtc *crtc,
misc |= ATOM_COMPOSITESYNC;
if (mode->flags & DRM_MODE_FLAG_INTERLACE)
misc |= ATOM_INTERLACE;
- if (mode->flags & DRM_MODE_FLAG_DBLSCAN)
+ if (mode->flags & DRM_MODE_FLAG_DBLCLK)
misc |= ATOM_DOUBLE_CLOCK_MODE;
+ if (mode->flags & DRM_MODE_FLAG_DBLSCAN)
+ misc |= ATOM_H_REPLICATIONBY2 | ATOM_V_REPLICATIONBY2;
args.susModeMiscInfo.usAccess = cpu_to_le16(misc);
args.ucCRTC = radeon_crtc->crtc_id;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 155/222] drm/i915: Dont enable CS_PARSER_ERROR interrupts at all
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (153 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 154/222] drm/radeon: fix doublescan modes (v2) Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 156/222] drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg Sasha Levin
` (67 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Daniel Vetter <daniel.vetter@ffwll.ch>
[ Upstream commit 37ef01ab5d24d1d520dc79f6a98099d451c2a901 ]
We stopped handling them in
commit aaecdf611a05cac26a94713bad25297e60225c29
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Tue Nov 4 15:52:22 2014 +0100
drm/i915: Stop gathering error states for CS error interrupts
but just clearing is apparently not enough: A sufficiently dead gpu
left behind by firmware (*cough* coreboot *cough*) can keep the gpu in
an endless loop of such interrupts, eventually leading to the nmi
firing. And definitely to what looks like a machine hang.
Since we don't even enable these interrupts on gen5+ let's do the same
on earlier platforms.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=93171
Tested-by: Mono <mono-for-kernel-org@donderklumpen.de>
Tested-by: info@gluglug.org.uk
Cc: stable@vger.kernel.org
Reviewed-by: Mika Kuoppala <mika.kuoppala@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpu/drm/i915/i915_irq.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
index 0ab77f3..23329b4 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -3998,14 +3998,12 @@ static int i8xx_irq_postinstall(struct drm_device *dev)
~(I915_DISPLAY_PIPE_A_EVENT_INTERRUPT |
I915_DISPLAY_PIPE_B_EVENT_INTERRUPT |
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
- I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT |
- I915_RENDER_COMMAND_PARSER_ERROR_INTERRUPT);
+ I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT);
I915_WRITE16(IMR, dev_priv->irq_mask);
I915_WRITE16(IER,
I915_DISPLAY_PIPE_A_EVENT_INTERRUPT |
I915_DISPLAY_PIPE_B_EVENT_INTERRUPT |
- I915_RENDER_COMMAND_PARSER_ERROR_INTERRUPT |
I915_USER_INTERRUPT);
POSTING_READ16(IER);
@@ -4173,14 +4171,12 @@ static int i915_irq_postinstall(struct drm_device *dev)
I915_DISPLAY_PIPE_A_EVENT_INTERRUPT |
I915_DISPLAY_PIPE_B_EVENT_INTERRUPT |
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
- I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT |
- I915_RENDER_COMMAND_PARSER_ERROR_INTERRUPT);
+ I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT);
enable_mask =
I915_ASLE_INTERRUPT |
I915_DISPLAY_PIPE_A_EVENT_INTERRUPT |
I915_DISPLAY_PIPE_B_EVENT_INTERRUPT |
- I915_RENDER_COMMAND_PARSER_ERROR_INTERRUPT |
I915_USER_INTERRUPT;
if (I915_HAS_HOTPLUG(dev)) {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 156/222] drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (154 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 155/222] drm/i915: Dont enable CS_PARSER_ERROR interrupts at all Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 157/222] drm/i915: cope with large i2c transfers Sasha Levin
` (66 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Imre Deak <imre.deak@intel.com>
[ Upstream commit b5f1c97f944482e98e6e39208af356630389d1ea ]
Due this typo we don't save/restore the GFX_MAX_REQ_COUNT register across
suspend/resume, so fix this.
This was introduced in
commit ddeea5b0c36f3665446518c609be91f9336ef674
Author: Imre Deak <imre.deak@intel.com>
Date: Mon May 5 15:19:56 2014 +0300
drm/i915: vlv: add runtime PM support
I noticed this only by reading the code. To my knowledge it shouldn't
cause any real problems at the moment, since the power well backing this
register remains on across a runtime s/r. This may change once
system-wide s0ix functionality is enabled in the kernel.
v2:
- resend after a missing git add -u :/
Cc: stable@vger.kernel.org
Signed-off-by: Imre Deak <imre.deak@intel.com>
Tested-By: PRC QA PRTS (Patch Regression Test System Contact: shuang.he@intel.com)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: Mika Kuoppala <mika.kuoppala@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpu/drm/i915/i915_drv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
index 59f23fc..b51f027 100644
--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -1088,7 +1088,7 @@ static void vlv_save_gunit_s0ix_state(struct drm_i915_private *dev_priv)
s->lra_limits[i] = I915_READ(GEN7_LRA_LIMITS_BASE + i * 4);
s->media_max_req_count = I915_READ(GEN7_MEDIA_MAX_REQ_COUNT);
- s->gfx_max_req_count = I915_READ(GEN7_MEDIA_MAX_REQ_COUNT);
+ s->gfx_max_req_count = I915_READ(GEN7_GFX_MAX_REQ_COUNT);
s->render_hwsp = I915_READ(RENDER_HWS_PGA_GEN7);
s->ecochk = I915_READ(GAM_ECOCHK);
@@ -1170,7 +1170,7 @@ static void vlv_restore_gunit_s0ix_state(struct drm_i915_private *dev_priv)
I915_WRITE(GEN7_LRA_LIMITS_BASE + i * 4, s->lra_limits[i]);
I915_WRITE(GEN7_MEDIA_MAX_REQ_COUNT, s->media_max_req_count);
- I915_WRITE(GEN7_MEDIA_MAX_REQ_COUNT, s->gfx_max_req_count);
+ I915_WRITE(GEN7_GFX_MAX_REQ_COUNT, s->gfx_max_req_count);
I915_WRITE(RENDER_HWS_PGA_GEN7, s->render_hwsp);
I915_WRITE(GAM_ECOCHK, s->ecochk);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 157/222] drm/i915: cope with large i2c transfers
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (155 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 156/222] drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 158/222] RCU pathwalk breakage when running into a symlink overmounting something Sasha Levin
` (65 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 9535c4757b881e06fae72a857485ad57c422b8d2 ]
The hardware, according to the specs, is limited to 256 byte transfers,
and current driver has no protections in case users attempt to do larger
transfers. The code will just stomp over status register and mayhem
ensues.
Let's split larger transfers into digestable chunks. Doing this allows
Atmel MXT driver on Pixel 1 function properly (it hasn't since commit
9d8dc3e529a19e427fd379118acd132520935c5d "Input: atmel_mxt_ts -
implement T44 message handling" which tries to consume multiple
touchscreen/touchpad reports in a single transaction).
Cc: stable@vger.kernel.org
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpu/drm/i915/i915_reg.h | 1 +
drivers/gpu/drm/i915/intel_i2c.c | 66 ++++++++++++++++++++++++++++++++++------
2 files changed, 57 insertions(+), 10 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
index 3f1e54b..e08a472 100644
--- a/drivers/gpu/drm/i915/i915_reg.h
+++ b/drivers/gpu/drm/i915/i915_reg.h
@@ -1657,6 +1657,7 @@ enum punit_power_well {
#define GMBUS_CYCLE_INDEX (2<<25)
#define GMBUS_CYCLE_STOP (4<<25)
#define GMBUS_BYTE_COUNT_SHIFT 16
+#define GMBUS_BYTE_COUNT_MAX 256U
#define GMBUS_SLAVE_INDEX_SHIFT 8
#define GMBUS_SLAVE_ADDR_SHIFT 1
#define GMBUS_SLAVE_READ (1<<0)
diff --git a/drivers/gpu/drm/i915/intel_i2c.c b/drivers/gpu/drm/i915/intel_i2c.c
index b31088a..56e437e 100644
--- a/drivers/gpu/drm/i915/intel_i2c.c
+++ b/drivers/gpu/drm/i915/intel_i2c.c
@@ -270,18 +270,17 @@ gmbus_wait_idle(struct drm_i915_private *dev_priv)
}
static int
-gmbus_xfer_read(struct drm_i915_private *dev_priv, struct i2c_msg *msg,
- u32 gmbus1_index)
+gmbus_xfer_read_chunk(struct drm_i915_private *dev_priv,
+ unsigned short addr, u8 *buf, unsigned int len,
+ u32 gmbus1_index)
{
int reg_offset = dev_priv->gpio_mmio_base;
- u16 len = msg->len;
- u8 *buf = msg->buf;
I915_WRITE(GMBUS1 + reg_offset,
gmbus1_index |
GMBUS_CYCLE_WAIT |
(len << GMBUS_BYTE_COUNT_SHIFT) |
- (msg->addr << GMBUS_SLAVE_ADDR_SHIFT) |
+ (addr << GMBUS_SLAVE_ADDR_SHIFT) |
GMBUS_SLAVE_READ | GMBUS_SW_RDY);
while (len) {
int ret;
@@ -303,11 +302,35 @@ gmbus_xfer_read(struct drm_i915_private *dev_priv, struct i2c_msg *msg,
}
static int
-gmbus_xfer_write(struct drm_i915_private *dev_priv, struct i2c_msg *msg)
+gmbus_xfer_read(struct drm_i915_private *dev_priv, struct i2c_msg *msg,
+ u32 gmbus1_index)
{
- int reg_offset = dev_priv->gpio_mmio_base;
- u16 len = msg->len;
u8 *buf = msg->buf;
+ unsigned int rx_size = msg->len;
+ unsigned int len;
+ int ret;
+
+ do {
+ len = min(rx_size, GMBUS_BYTE_COUNT_MAX);
+
+ ret = gmbus_xfer_read_chunk(dev_priv, msg->addr,
+ buf, len, gmbus1_index);
+ if (ret)
+ return ret;
+
+ rx_size -= len;
+ buf += len;
+ } while (rx_size != 0);
+
+ return 0;
+}
+
+static int
+gmbus_xfer_write_chunk(struct drm_i915_private *dev_priv,
+ unsigned short addr, u8 *buf, unsigned int len)
+{
+ int reg_offset = dev_priv->gpio_mmio_base;
+ unsigned int chunk_size = len;
u32 val, loop;
val = loop = 0;
@@ -319,8 +342,8 @@ gmbus_xfer_write(struct drm_i915_private *dev_priv, struct i2c_msg *msg)
I915_WRITE(GMBUS3 + reg_offset, val);
I915_WRITE(GMBUS1 + reg_offset,
GMBUS_CYCLE_WAIT |
- (msg->len << GMBUS_BYTE_COUNT_SHIFT) |
- (msg->addr << GMBUS_SLAVE_ADDR_SHIFT) |
+ (chunk_size << GMBUS_BYTE_COUNT_SHIFT) |
+ (addr << GMBUS_SLAVE_ADDR_SHIFT) |
GMBUS_SLAVE_WRITE | GMBUS_SW_RDY);
while (len) {
int ret;
@@ -337,6 +360,29 @@ gmbus_xfer_write(struct drm_i915_private *dev_priv, struct i2c_msg *msg)
if (ret)
return ret;
}
+
+ return 0;
+}
+
+static int
+gmbus_xfer_write(struct drm_i915_private *dev_priv, struct i2c_msg *msg)
+{
+ u8 *buf = msg->buf;
+ unsigned int tx_size = msg->len;
+ unsigned int len;
+ int ret;
+
+ do {
+ len = min(tx_size, GMBUS_BYTE_COUNT_MAX);
+
+ ret = gmbus_xfer_write_chunk(dev_priv, msg->addr, buf, len);
+ if (ret)
+ return ret;
+
+ buf += len;
+ tx_size -= len;
+ } while (tx_size != 0);
+
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 158/222] RCU pathwalk breakage when running into a symlink overmounting something
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (156 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 157/222] drm/i915: cope with large i2c transfers Sasha Levin
@ 2015-05-17 1:04 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 159/222] nfsd4: fix READ permission checking Sasha Levin
` (64 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:04 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Al Viro <viro@zeniv.linux.org.uk>
[ Upstream commit 3cab989afd8d8d1bc3d99fef0e7ed87c31e7b647 ]
Calling unlazy_walk() in walk_component() and do_last() when we find
a symlink that needs to be followed doesn't acquire a reference to vfsmount.
That's fine when the symlink is on the same vfsmount as the parent directory
(which is almost always the case), but it's not always true - one _can_
manage to bind a symlink on top of something. And in such cases we end up
with excessive mntput().
Cc: stable@vger.kernel.org # since 2.6.39
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/namei.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index db5fe86..890d358 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1560,7 +1560,8 @@ static inline int walk_component(struct nameidata *nd, struct path *path,
if (should_follow_link(path->dentry, follow)) {
if (nd->flags & LOOKUP_RCU) {
- if (unlikely(unlazy_walk(nd, path->dentry))) {
+ if (unlikely(nd->path.mnt != path->mnt ||
+ unlazy_walk(nd, path->dentry))) {
err = -ECHILD;
goto out_err;
}
@@ -3015,7 +3016,8 @@ finish_lookup:
if (should_follow_link(path->dentry, !symlink_ok)) {
if (nd->flags & LOOKUP_RCU) {
- if (unlikely(unlazy_walk(nd, path->dentry))) {
+ if (unlikely(nd->path.mnt != path->mnt ||
+ unlazy_walk(nd, path->dentry))) {
error = -ECHILD;
goto out;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 159/222] nfsd4: fix READ permission checking
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (157 preceding siblings ...)
2015-05-17 1:04 ` [PATCH 3.18 158/222] RCU pathwalk breakage when running into a symlink overmounting something Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 160/222] nfsd4: disallow SEEK with special stateids Sasha Levin
` (63 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "J. Bruce Fields" <bfields@redhat.com>
[ Upstream commit 6e4891dc289cd191d46ab7ba1dcb29646644f9ca ]
In the case we already have a struct file (derived from a stateid), we
still need to do permission-checking; otherwise an unauthorized user
could gain access to a file by sniffing or guessing somebody else's
stateid.
Cc: stable@vger.kernel.org
Fixes: dc97618ddda9 "nfsd4: separate splice and readv cases"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/nfsd/nfs4xdr.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 2a77603..6abe965 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3229,6 +3229,7 @@ nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
unsigned long maxcount;
struct xdr_stream *xdr = &resp->xdr;
struct file *file = read->rd_filp;
+ struct svc_fh *fhp = read->rd_fhp;
int starting_len = xdr->buf->len;
struct raparms *ra;
__be32 *p;
@@ -3252,12 +3253,15 @@ nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
maxcount = min_t(unsigned long, maxcount, (xdr->buf->buflen - xdr->buf->len));
maxcount = min_t(unsigned long, maxcount, read->rd_length);
- if (!read->rd_filp) {
+ if (read->rd_filp)
+ err = nfsd_permission(resp->rqstp, fhp->fh_export,
+ fhp->fh_dentry,
+ NFSD_MAY_READ|NFSD_MAY_OWNER_OVERRIDE);
+ else
err = nfsd_get_tmp_read_open(resp->rqstp, read->rd_fhp,
&file, &ra);
- if (err)
- goto err_truncate;
- }
+ if (err)
+ goto err_truncate;
if (file->f_op->splice_read && resp->rqstp->rq_splice_ok)
err = nfsd4_encode_splice_read(resp, read, file, maxcount);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 160/222] nfsd4: disallow SEEK with special stateids
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (158 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 159/222] nfsd4: fix READ permission checking Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 161/222] NFS: Add a stub for GETDEVICELIST Sasha Levin
` (62 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "J. Bruce Fields" <bfields@redhat.com>
[ Upstream commit 980608fb50aea34993ba956b71cd4602aa42b14b ]
If the client uses a special stateid then we'll pass a NULL file to
vfs_llseek.
Fixes: 24bab491220f " NFSD: Implement SEEK"
Cc: Anna Schumaker <Anna.Schumaker@Netapp.com>
Cc: stable@vger.kernel.org
Reported-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/nfsd/nfs4proc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 0beb023..6ed5859 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1028,6 +1028,8 @@ nfsd4_seek(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
dprintk("NFSD: nfsd4_seek: couldn't process stateid!\n");
return status;
}
+ if (!file)
+ return nfserr_bad_stateid;
switch (seek->seek_whence) {
case NFS4_CONTENT_DATA:
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 161/222] NFS: Add a stub for GETDEVICELIST
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (159 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 160/222] nfsd4: disallow SEEK with special stateids Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 162/222] e1000: add dummy allocator to fix race condition between mtu change and netpoll Sasha Levin
` (61 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Anna Schumaker <Anna.Schumaker@netapp.com>
[ Upstream commit 7c61f0d3897eeeff6f3294adb9f910ddefa8035a ]
d4b18c3e (pnfs: remove GETDEVICELIST implementation) removed the
GETDEVICELIST operation from the NFS client, but left a "hole" in the
nfs4_procedures array. This caused /proc/self/mountstats to report an
operation named "51" where GETDEVICELIST used to be. This patch adds a
stub to fix mountstats.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Fixes: d4b18c3e (pnfs: remove GETDEVICELIST implementation)
Cc: stable@vger.kernel.org # 3.17+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/nfs/nfs4xdr.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 206c08a..22bd1d6 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -7336,6 +7336,11 @@ nfs4_stat_to_errno(int stat)
.p_name = #proc, \
}
+#define STUB(proc) \
+[NFSPROC4_CLNT_##proc] = { \
+ .p_name = #proc, \
+}
+
struct rpc_procinfo nfs4_procedures[] = {
PROC(READ, enc_read, dec_read),
PROC(WRITE, enc_write, dec_write),
@@ -7388,6 +7393,7 @@ struct rpc_procinfo nfs4_procedures[] = {
PROC(SECINFO_NO_NAME, enc_secinfo_no_name, dec_secinfo_no_name),
PROC(TEST_STATEID, enc_test_stateid, dec_test_stateid),
PROC(FREE_STATEID, enc_free_stateid, dec_free_stateid),
+ STUB(GETDEVICELIST),
PROC(BIND_CONN_TO_SESSION,
enc_bind_conn_to_session, dec_bind_conn_to_session),
PROC(DESTROY_CLIENTID, enc_destroy_clientid, dec_destroy_clientid),
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 162/222] e1000: add dummy allocator to fix race condition between mtu change and netpoll
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (160 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 161/222] NFS: Add a stub for GETDEVICELIST Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 163/222] ebpf: verifier: check that call reg with ARG_ANYTHING is initialized Sasha Levin
` (60 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit 08e8331654d1d7b2c58045e549005bc356aa7810 ]
There is a race condition between e1000_change_mtu's cleanups and
netpoll, when we change the MTU across jumbo size:
Changing MTU frees all the rx buffers:
e1000_change_mtu -> e1000_down -> e1000_clean_all_rx_rings ->
e1000_clean_rx_ring
Then, close to the end of e1000_change_mtu:
pr_info -> ... -> netpoll_poll_dev -> e1000_clean ->
e1000_clean_rx_irq -> e1000_alloc_rx_buffers -> e1000_alloc_frag
And when we come back to do the rest of the MTU change:
e1000_up -> e1000_configure -> e1000_configure_rx ->
e1000_alloc_jumbo_rx_buffers
alloc_jumbo finds the buffers already != NULL, since data (shared with
page in e1000_rx_buffer->rxbuf) has been re-alloc'd, but it's garbage,
or at least not what is expected when in jumbo state.
This results in an unusable adapter (packets don't get through), and a
NULL pointer dereference on the next call to e1000_clean_rx_ring
(other mtu change, link down, shutdown):
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff81194d6e>] put_compound_page+0x7e/0x330
[...]
Call Trace:
[<ffffffff81195445>] put_page+0x55/0x60
[<ffffffff815d9f44>] e1000_clean_rx_ring+0x134/0x200
[<ffffffff815da055>] e1000_clean_all_rx_rings+0x45/0x60
[<ffffffff815df5e0>] e1000_down+0x1c0/0x1d0
[<ffffffff811e2260>] ? deactivate_slab+0x7f0/0x840
[<ffffffff815e21bc>] e1000_change_mtu+0xdc/0x170
[<ffffffff81647050>] dev_set_mtu+0xa0/0x140
[<ffffffff81664218>] do_setlink+0x218/0xac0
[<ffffffff814459e9>] ? nla_parse+0xb9/0x120
[<ffffffff816652d0>] rtnl_newlink+0x6d0/0x890
[<ffffffff8104f000>] ? kvm_clock_read+0x20/0x40
[<ffffffff810a2068>] ? sched_clock_cpu+0xa8/0x100
[<ffffffff81663802>] rtnetlink_rcv_msg+0x92/0x260
By setting the allocator to a dummy version, netpoll can't mess up our
rx buffers. The allocator is set back to a sane value in
e1000_configure_rx.
Fixes: edbbb3ca1077 ("e1000: implement jumbo receive with partial descriptors")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c
index 24f3986..3a06cae 100644
--- a/drivers/net/ethernet/intel/e1000/e1000_main.c
+++ b/drivers/net/ethernet/intel/e1000/e1000_main.c
@@ -144,6 +144,11 @@ static bool e1000_clean_rx_irq(struct e1000_adapter *adapter,
static bool e1000_clean_jumbo_rx_irq(struct e1000_adapter *adapter,
struct e1000_rx_ring *rx_ring,
int *work_done, int work_to_do);
+static void e1000_alloc_dummy_rx_buffers(struct e1000_adapter *adapter,
+ struct e1000_rx_ring *rx_ring,
+ int cleaned_count)
+{
+}
static void e1000_alloc_rx_buffers(struct e1000_adapter *adapter,
struct e1000_rx_ring *rx_ring,
int cleaned_count);
@@ -3552,8 +3557,11 @@ static int e1000_change_mtu(struct net_device *netdev, int new_mtu)
msleep(1);
/* e1000_down has a dependency on max_frame_size */
hw->max_frame_size = max_frame;
- if (netif_running(netdev))
+ if (netif_running(netdev)) {
+ /* prevent buffers from being reallocated */
+ adapter->alloc_rx_buf = e1000_alloc_dummy_rx_buffers;
e1000_down(adapter);
+ }
/* NOTE: netdev_alloc_skb reserves 16 bytes, and typically NET_IP_ALIGN
* means we reserve 2 more, this pushes us to allocate from the next
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 163/222] ebpf: verifier: check that call reg with ARG_ANYTHING is initialized
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (161 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 162/222] e1000: add dummy allocator to fix race condition between mtu change and netpoll Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 164/222] lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR Sasha Levin
` (59 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Daniel Borkmann <daniel@iogearbox.net>
[ Upstream commit 80f1d68ccba70b1060c9c7360ca83da430f66bed ]
I noticed that a helper function with argument type ARG_ANYTHING does
not need to have an initialized value (register).
This can worst case lead to unintented stack memory leakage in future
helper functions if they are not carefully designed, or unintended
application behaviour in case the application developer was not careful
enough to match a correct helper function signature in the API.
The underlying issue is that ARG_ANYTHING should actually be split
into two different semantics:
1) ARG_DONTCARE for function arguments that the helper function
does not care about (in other words: the default for unused
function arguments), and
2) ARG_ANYTHING that is an argument actually being used by a
helper function and *guaranteed* to be an initialized register.
The current risk is low: ARG_ANYTHING is only used for the 'flags'
argument (r4) in bpf_map_update_elem() that internally does strict
checking.
Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/linux/bpf.h | 4 +++-
kernel/bpf/verifier.c | 5 ++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 3cf9175..cb4156a 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -48,7 +48,7 @@ struct bpf_map *bpf_map_get(struct fd f);
/* function argument constraints */
enum bpf_arg_type {
- ARG_ANYTHING = 0, /* any argument is ok */
+ ARG_DONTCARE = 0, /* unused argument in helper function */
/* the following constraints used to prototype
* bpf_map_lookup/update/delete_elem() functions
@@ -62,6 +62,8 @@ enum bpf_arg_type {
*/
ARG_PTR_TO_STACK, /* any pointer to eBPF program stack */
ARG_CONST_STACK_SIZE, /* number of bytes accessed from stack */
+
+ ARG_ANYTHING, /* any (initialized) argument is ok */
};
/* type of values returned from helper functions */
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d8dcc80..055ae6a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -763,7 +763,7 @@ static int check_func_arg(struct verifier_env *env, u32 regno,
enum bpf_reg_type expected_type;
int err = 0;
- if (arg_type == ARG_ANYTHING)
+ if (arg_type == ARG_DONTCARE)
return 0;
if (reg->type == NOT_INIT) {
@@ -771,6 +771,9 @@ static int check_func_arg(struct verifier_env *env, u32 regno,
return -EACCES;
}
+ if (arg_type == ARG_ANYTHING)
+ return 0;
+
if (arg_type == ARG_PTR_TO_STACK || arg_type == ARG_PTR_TO_MAP_KEY ||
arg_type == ARG_PTR_TO_MAP_VALUE) {
expected_type = PTR_TO_STACK;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 164/222] lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (162 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 163/222] ebpf: verifier: check that call reg with ARG_ANYTHING is initialized Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 165/222] wl18xx: show rx_frames_per_rates as an array as it really is Sasha Levin
` (58 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: mancha security <mancha1@zoho.com>
[ Upstream commit 0b053c9518292705736329a8fe20ef4686ffc8e9 ]
OPTIMIZER_HIDE_VAR(), as defined when using gcc, is insufficient to
ensure protection from dead store optimization.
For the random driver and crypto drivers, calls are emitted ...
$ gdb vmlinux
(gdb) disassemble memzero_explicit
Dump of assembler code for function memzero_explicit:
0xffffffff813a18b0 <+0>: push %rbp
0xffffffff813a18b1 <+1>: mov %rsi,%rdx
0xffffffff813a18b4 <+4>: xor %esi,%esi
0xffffffff813a18b6 <+6>: mov %rsp,%rbp
0xffffffff813a18b9 <+9>: callq 0xffffffff813a7120 <memset>
0xffffffff813a18be <+14>: pop %rbp
0xffffffff813a18bf <+15>: retq
End of assembler dump.
(gdb) disassemble extract_entropy
[...]
0xffffffff814a5009 <+313>: mov %r12,%rdi
0xffffffff814a500c <+316>: mov $0xa,%esi
0xffffffff814a5011 <+321>: callq 0xffffffff813a18b0 <memzero_explicit>
0xffffffff814a5016 <+326>: mov -0x48(%rbp),%rax
[...]
... but in case in future we might use facilities such as LTO, then
OPTIMIZER_HIDE_VAR() is not sufficient to protect gcc from a possible
eviction of the memset(). We have to use a compiler barrier instead.
Minimal test example when we assume memzero_explicit() would *not* be
a call, but would have been *inlined* instead:
static inline void memzero_explicit(void *s, size_t count)
{
memset(s, 0, count);
<foo>
}
int main(void)
{
char buff[20];
snprintf(buff, sizeof(buff) - 1, "test");
printf("%s", buff);
memzero_explicit(buff, sizeof(buff));
return 0;
}
With <foo> := OPTIMIZER_HIDE_VAR():
(gdb) disassemble main
Dump of assembler code for function main:
[...]
0x0000000000400464 <+36>: callq 0x400410 <printf@plt>
0x0000000000400469 <+41>: xor %eax,%eax
0x000000000040046b <+43>: add $0x28,%rsp
0x000000000040046f <+47>: retq
End of assembler dump.
With <foo> := barrier():
(gdb) disassemble main
Dump of assembler code for function main:
[...]
0x0000000000400464 <+36>: callq 0x400410 <printf@plt>
0x0000000000400469 <+41>: movq $0x0,(%rsp)
0x0000000000400471 <+49>: movq $0x0,0x8(%rsp)
0x000000000040047a <+58>: movl $0x0,0x10(%rsp)
0x0000000000400482 <+66>: xor %eax,%eax
0x0000000000400484 <+68>: add $0x28,%rsp
0x0000000000400488 <+72>: retq
End of assembler dump.
As can be seen, movq, movq, movl are being emitted inlined
via memset().
Reference: http://thread.gmane.org/gmane.linux.kernel.cryptoapi/13764/
Fixes: d4c5efdb9777 ("random: add and use memzero_explicit() for clearing data")
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: mancha security <mancha1@zoho.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
lib/string.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/string.c b/lib/string.c
index 1006330..643b0a9 100644
--- a/lib/string.c
+++ b/lib/string.c
@@ -610,7 +610,7 @@ EXPORT_SYMBOL(memset);
void memzero_explicit(void *s, size_t count)
{
memset(s, 0, count);
- OPTIMIZER_HIDE_VAR(s);
+ barrier();
}
EXPORT_SYMBOL(memzero_explicit);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 165/222] wl18xx: show rx_frames_per_rates as an array as it really is
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (163 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 164/222] lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 166/222] crypto: omap-aes - Fix support for unequal lengths Sasha Levin
` (57 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
[ Upstream commit a3fa71c40f1853d0c27e8f5bc01a722a705d9682 ]
In struct wl18xx_acx_rx_rate_stat, rx_frames_per_rates field is an
array, not a number. This means WL18XX_DEBUGFS_FWSTATS_FILE can't be
used to display this field in debugfs (it would display a pointer, not
the actual data). Use WL18XX_DEBUGFS_FWSTATS_FILE_ARRAY instead.
This bug has been found by adding a __printf attribute to
wl1271_format_buffer. gcc complained about "format '%u' expects
argument of type 'unsigned int', but argument 5 has type 'u32 *'".
Fixes: c5d94169e818 ("wl18xx: use new fw stats structures")
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/wireless/ti/wl18xx/debugfs.c | 2 +-
drivers/net/wireless/ti/wlcore/debugfs.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ti/wl18xx/debugfs.c b/drivers/net/wireless/ti/wl18xx/debugfs.c
index 7f1669c..779dc2b 100644
--- a/drivers/net/wireless/ti/wl18xx/debugfs.c
+++ b/drivers/net/wireless/ti/wl18xx/debugfs.c
@@ -136,7 +136,7 @@ WL18XX_DEBUGFS_FWSTATS_FILE(rx_filter, protection_filter, "%u");
WL18XX_DEBUGFS_FWSTATS_FILE(rx_filter, accum_arp_pend_requests, "%u");
WL18XX_DEBUGFS_FWSTATS_FILE(rx_filter, max_arp_queue_dep, "%u");
-WL18XX_DEBUGFS_FWSTATS_FILE(rx_rate, rx_frames_per_rates, "%u");
+WL18XX_DEBUGFS_FWSTATS_FILE_ARRAY(rx_rate, rx_frames_per_rates, 50);
WL18XX_DEBUGFS_FWSTATS_FILE_ARRAY(aggr_size, tx_agg_vs_rate,
AGGR_STATS_TX_AGG*AGGR_STATS_TX_RATE);
diff --git a/drivers/net/wireless/ti/wlcore/debugfs.h b/drivers/net/wireless/ti/wlcore/debugfs.h
index 0f2cfb0..bf14676 100644
--- a/drivers/net/wireless/ti/wlcore/debugfs.h
+++ b/drivers/net/wireless/ti/wlcore/debugfs.h
@@ -26,8 +26,8 @@
#include "wlcore.h"
-int wl1271_format_buffer(char __user *userbuf, size_t count,
- loff_t *ppos, char *fmt, ...);
+__printf(4, 5) int wl1271_format_buffer(char __user *userbuf, size_t count,
+ loff_t *ppos, char *fmt, ...);
int wl1271_debugfs_init(struct wl1271 *wl);
void wl1271_debugfs_exit(struct wl1271 *wl);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 166/222] crypto: omap-aes - Fix support for unequal lengths
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (164 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 165/222] wl18xx: show rx_frames_per_rates as an array as it really is Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 167/222] C6x: time: Ensure consistency in __init Sasha Levin
` (56 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "Vutla, Lokesh" <lokeshvutla@ti.com>
[ Upstream commit 6d7e7e02a044025237b6f62a20521170b794537f ]
For cases where total length of an input SGs is not same as
length of the input data for encryption, omap-aes driver
crashes. This happens in the case when IPsec is trying to use
omap-aes driver.
To avoid this, we copy all the pages from the input SG list
into a contiguous buffer and prepare a single element SG list
for this buffer with length as the total bytes to crypt, which is
similar thing that is done in case of unaligned lengths.
Fixes: 6242332ff2f3 ("crypto: omap-aes - Add support for cases of unaligned lengths")
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/crypto/omap-aes.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index cb98fa5..f7826ee 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -554,15 +554,23 @@ static int omap_aes_crypt_dma_stop(struct omap_aes_dev *dd)
return err;
}
-static int omap_aes_check_aligned(struct scatterlist *sg)
+static int omap_aes_check_aligned(struct scatterlist *sg, int total)
{
+ int len = 0;
+
while (sg) {
if (!IS_ALIGNED(sg->offset, 4))
return -1;
if (!IS_ALIGNED(sg->length, AES_BLOCK_SIZE))
return -1;
+
+ len += sg->length;
sg = sg_next(sg);
}
+
+ if (len != total)
+ return -1;
+
return 0;
}
@@ -633,8 +641,8 @@ static int omap_aes_handle_queue(struct omap_aes_dev *dd,
dd->in_sg = req->src;
dd->out_sg = req->dst;
- if (omap_aes_check_aligned(dd->in_sg) ||
- omap_aes_check_aligned(dd->out_sg)) {
+ if (omap_aes_check_aligned(dd->in_sg, dd->total) ||
+ omap_aes_check_aligned(dd->out_sg, dd->total)) {
if (omap_aes_copy_sgs(dd))
pr_err("Failed to copy SGs for unaligned cases\n");
dd->sgs_copied = 1;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 167/222] C6x: time: Ensure consistency in __init
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (165 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 166/222] crypto: omap-aes - Fix support for unequal lengths Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 168/222] memstick: mspro_block: add missing curly braces Sasha Levin
` (55 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Nishanth Menon <nm@ti.com>
[ Upstream commit f4831605f2dacd12730fe73961c77253cc2ea425 ]
time_init invokes timer64_init (which is __init annotation)
since all of these are invoked at init time, lets maintain
consistency by ensuring time_init is marked appropriately
as well.
This fixes the following warning with CONFIG_DEBUG_SECTION_MISMATCH=y
WARNING: vmlinux.o(.text+0x3bfc): Section mismatch in reference from the function time_init() to the function .init.text:timer64_init()
The function time_init() references
the function __init timer64_init().
This is often because time_init lacks a __init
annotation or the annotation of timer64_init is wrong.
Fixes: 546a39546c64 ("C6X: time management")
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Mark Salter <msalter@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/c6x/kernel/time.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/c6x/kernel/time.c b/arch/c6x/kernel/time.c
index 356ee84..04845aa 100644
--- a/arch/c6x/kernel/time.c
+++ b/arch/c6x/kernel/time.c
@@ -49,7 +49,7 @@ u64 sched_clock(void)
return (tsc * sched_clock_multiplier) >> SCHED_CLOCK_SHIFT;
}
-void time_init(void)
+void __init time_init(void)
{
u64 tmp = (u64)NSEC_PER_SEC << SCHED_CLOCK_SHIFT;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 168/222] memstick: mspro_block: add missing curly braces
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (166 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 167/222] C6x: time: Ensure consistency in __init Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 169/222] drivers: platform: parse IRQ flags from resources Sasha Levin
` (54 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 13f6b191aaa11c7fd718d35a0c565f3c16bc1d99 ]
Using the indenting we can see the curly braces were obviously intended.
This is a static checker fix, but my guess is that we don't read enough
bytes, because we don't calculate "t_len" correctly.
Fixes: f1d82698029b ('memstick: use fully asynchronous request processing')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Alex Dubov <oakad@yahoo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/memstick/core/mspro_block.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/memstick/core/mspro_block.c b/drivers/memstick/core/mspro_block.c
index fc145d2..922a750 100644
--- a/drivers/memstick/core/mspro_block.c
+++ b/drivers/memstick/core/mspro_block.c
@@ -758,7 +758,7 @@ static int mspro_block_complete_req(struct memstick_dev *card, int error)
if (error || (card->current_mrq.tpc == MSPRO_CMD_STOP)) {
if (msb->data_dir == READ) {
- for (cnt = 0; cnt < msb->current_seg; cnt++)
+ for (cnt = 0; cnt < msb->current_seg; cnt++) {
t_len += msb->req_sg[cnt].length
/ msb->page_size;
@@ -766,6 +766,7 @@ static int mspro_block_complete_req(struct memstick_dev *card, int error)
t_len += msb->current_page - 1;
t_len *= msb->page_size;
+ }
}
} else
t_len = blk_rq_bytes(msb->block_req);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 169/222] drivers: platform: parse IRQ flags from resources
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (167 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 168/222] memstick: mspro_block: add missing curly braces Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 170/222] driver core: bus: Goto appropriate labels on failure in bus_add_device Sasha Levin
` (53 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit 7085a7401ba54e92bbb5aa24d6f428071e18e509 ]
This fixes a regression from the net subsystem:
After commit d52fdbb735c36a209f36a628d40ca9185b349ba7
"smc91x: retrieve IRQ and trigger flags in a modern way"
a regression would appear on some legacy platforms such
as the ARM PXA Zylonite that specify IRQ resources like
this:
static struct resource r = {
.start = X,
.end = X,
.flags = IORESOURCE_IRQ | IORESOURCE_IRQ_HIGHEDGE,
};
The previous code would retrieve the resource and parse
the high edge setting in the SMC91x driver, a use pattern
that means every driver specifying an IRQ flag from a
static resource need to parse resource flags and apply
them at runtime.
As we switched the code to use IRQ descriptors to retrieve
the the trigger type like this:
irqd_get_trigger_type(irq_get_irq_data(...));
the code would work for new platforms using e.g. device
tree as the backing irq descriptor would have its flags
properly set, whereas this kind of oldstyle static
resources at no point assign the trigger flags to the
corresponding IRQ descriptor.
To make the behaviour identical on modern device tree
and legacy static platform data platforms, modify
platform_get_irq() to assign the trigger flags to the
irq descriptor when a client looks up an IRQ from static
resources.
Fixes: d52fdbb735c3 ("smc91x: retrieve IRQ and trigger flags in a modern way")
Tested-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/base/platform.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/base/platform.c b/drivers/base/platform.c
index b2afc29..360272c 100644
--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -101,6 +101,15 @@ int platform_get_irq(struct platform_device *dev, unsigned int num)
}
r = platform_get_resource(dev, IORESOURCE_IRQ, num);
+ /*
+ * The resources may pass trigger flags to the irqs that need
+ * to be set up. It so happens that the trigger flags for
+ * IORESOURCE_BITS correspond 1-to-1 to the IRQF_TRIGGER*
+ * settings.
+ */
+ if (r && r->flags & IORESOURCE_BITS)
+ irqd_set_trigger_type(irq_get_irq_data(r->start),
+ r->flags & IORESOURCE_BITS);
return r ? r->start : -ENXIO;
#endif
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 170/222] driver core: bus: Goto appropriate labels on failure in bus_add_device
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (168 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 169/222] drivers: platform: parse IRQ flags from resources Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 171/222] netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING Sasha Levin
` (52 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Junjie Mao <junjie_mao@yeah.net>
[ Upstream commit 1c34203a1496d1849ba978021b878b3447d433c8 ]
It is not necessary to call device_remove_groups() when device_add_groups()
fails.
The group added by device_add_groups() should be removed if sysfs_create_link()
fails.
Fixes: fa6fdb33b486 ("driver core: bus_type: add dev_groups")
Signed-off-by: Junjie Mao <junjie_mao@yeah.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/base/bus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index 876bae5..79bc203 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -515,11 +515,11 @@ int bus_add_device(struct device *dev)
goto out_put;
error = device_add_groups(dev, bus->dev_groups);
if (error)
- goto out_groups;
+ goto out_id;
error = sysfs_create_link(&bus->p->devices_kset->kobj,
&dev->kobj, dev_name(dev));
if (error)
- goto out_id;
+ goto out_groups;
error = sysfs_create_link(&dev->kobj,
&dev->bus->p->subsys.kobj, "subsystem");
if (error)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 171/222] netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (169 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 170/222] driver core: bus: Goto appropriate labels on failure in bus_add_device Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 172/222] KVM: nVMX: mask unrestricted_guest if disabled on L0 Sasha Levin
` (51 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 0b67c43ce36a9964f1d5e3f973ee19eefd3f9f8f ]
We also need to save/store in forward, else br_parse_ip_options call
will zero frag_max_size as well.
Fixes: 93fdd47e5 ('bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING')
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
net/bridge/br_netfilter.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 1a4f32c..f076a8e 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -650,6 +650,13 @@ static int br_nf_forward_finish(struct sk_buff *skb)
struct net_device *in;
if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) {
+ int frag_max_size;
+
+ if (skb->protocol == htons(ETH_P_IP)) {
+ frag_max_size = IPCB(skb)->frag_max_size;
+ BR_INPUT_SKB_CB(skb)->frag_max_size = frag_max_size;
+ }
+
in = nf_bridge->physindev;
if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST;
@@ -709,8 +716,14 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops,
nf_bridge->mask |= BRNF_PKT_TYPE;
}
- if (pf == NFPROTO_IPV4 && br_parse_ip_options(skb))
- return NF_DROP;
+ if (pf == NFPROTO_IPV4) {
+ int frag_max = BR_INPUT_SKB_CB(skb)->frag_max_size;
+
+ if (br_parse_ip_options(skb))
+ return NF_DROP;
+
+ IPCB(skb)->frag_max_size = frag_max;
+ }
/* The physdev module checks on this */
nf_bridge->mask |= BRNF_BRIDGED;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 172/222] KVM: nVMX: mask unrestricted_guest if disabled on L0
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (170 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 171/222] netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 173/222] staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel Sasha Levin
` (50 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Radim Krčmář <rkrcmar@redhat.com>
[ Upstream commit 0790ec172de1bd2e23f1dbd4925426b6cc3c1b72 ]
If EPT was enabled, unrestricted_guest was allowed in L1 regardless of
L0. L1 triple faulted when running L2 guest that required emulation.
Another side effect was 'WARN_ON_ONCE(vmx->nested.nested_run_pending)'
in L0's dmesg:
WARNING: CPU: 0 PID: 0 at arch/x86/kvm/vmx.c:9190 nested_vmx_vmexit+0x96e/0xb00 [kvm_intel] ()
Prevent this scenario by masking SECONDARY_EXEC_UNRESTRICTED_GUEST when
the host doesn't have it enabled.
Fixes: 78051e3b7e35 ("KVM: nVMX: Disable unrestricted mode if ept=0")
Cc: stable@vger.kernel.org
Tested-By: Kashyap Chamarthy <kchamart@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/x86/kvm/vmx.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index ed70394..47843b0 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2381,8 +2381,7 @@ static __init void nested_vmx_setup_ctls_msrs(void)
if (enable_ept) {
/* nested EPT: emulate EPT also to L1 */
- nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT |
- SECONDARY_EXEC_UNRESTRICTED_GUEST;
+ nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT;
nested_vmx_ept_caps = VMX_EPT_PAGE_WALK_4_BIT |
VMX_EPTP_WB_BIT | VMX_EPT_2MB_PAGE_BIT |
VMX_EPT_INVEPT_BIT;
@@ -2396,6 +2395,10 @@ static __init void nested_vmx_setup_ctls_msrs(void)
} else
nested_vmx_ept_caps = 0;
+ if (enable_unrestricted_guest)
+ nested_vmx_secondary_ctls_high |=
+ SECONDARY_EXEC_UNRESTRICTED_GUEST;
+
/* miscellaneous data */
rdmsr(MSR_IA32_VMX_MISC, nested_vmx_misc_low, nested_vmx_misc_high);
nested_vmx_misc_low &= VMX_MISC_SAVE_EFER_LMA;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 173/222] staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (171 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 172/222] KVM: nVMX: mask unrestricted_guest if disabled on L0 Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 174/222] mm/hugetlb: use pmd_page() in follow_huge_pmd() Sasha Levin
` (49 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ian Abbott <abbotti@mev.co.uk>
[ Upstream commit abe46b8932dd9a6dfc3698e3eb121809b7b9ed28 ]
Reading of analog input channels by the `INSN_READ` comedi instruction
is broken for all except channel 0. `pci171x_ai_insn_read()` calls
`pci171x_ai_read_sample()` with the wrong value for the third parameter.
It is supposed to be the current index in a channel list (which is
always of length 1 in this case, so the index should be 0), but instead
it is passing the actual channel number. `pci171x_ai_read_sample()`
checks the channel number encoded in the raw sample value read from the
hardware matches the channel number stored in the specified index of the
previously set up channel list and returns `-ENODATA` if it doesn't
match. Since the index should always be 0 in this case, the match will
fail unless the channel number is also 0. Fix it by passing 0 as the
channel index.
Note that when the bug first appeared, it was `pci171x_ai_dropout()`
that was called with the wrong parameter value. `pci171x_ai_dropout()`
got replaced with `pci171x_ai_read_sample()` in commit 7fd2dae2500d
("staging: comedi: adv_pci1710: introduce pci171x_ai_read_sample()").
Fixes: 16c7eb6047bb ("staging: comedi: adv_pci1710: always enable PCI171x_PARANOIDCHECK code")
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: stable <stable@vger.kernel.org> # 3.16+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/staging/comedi/drivers/adv_pci1710.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/staging/comedi/drivers/adv_pci1710.c b/drivers/staging/comedi/drivers/adv_pci1710.c
index 5539bd2..a65fa9f 100644
--- a/drivers/staging/comedi/drivers/adv_pci1710.c
+++ b/drivers/staging/comedi/drivers/adv_pci1710.c
@@ -456,7 +456,6 @@ static int pci171x_insn_read_ai(struct comedi_device *dev,
struct comedi_insn *insn, unsigned int *data)
{
struct pci1710_private *devpriv = dev->private;
- unsigned int chan = CR_CHAN(insn->chanspec);
int ret = 0;
int i;
@@ -478,7 +477,7 @@ static int pci171x_insn_read_ai(struct comedi_device *dev,
break;
val = inw(dev->iobase + PCI171x_AD_DATA);
- ret = pci171x_ai_dropout(dev, s, chan, val);
+ ret = pci171x_ai_dropout(dev, s, 0, val);
if (ret)
break;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 174/222] mm/hugetlb: use pmd_page() in follow_huge_pmd()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (172 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 173/222] staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 175/222] mm/hugetlb: take page table lock " Sasha Levin
` (48 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
[ Upstream commit 97534127012f0e396eddea4691f4c9b170aed74b ]
Commit 61f77eda9bbf ("mm/hugetlb: reduce arch dependent code around
follow_huge_*") broke follow_huge_pmd() on s390, where pmd and pte
layout differ and using pte_page() on a huge pmd will return wrong
results. Using pmd_page() instead fixes this.
All architectures that were touched by that commit have pmd_page()
defined, so this should not break anything on other architectures.
Fixes: 61f77eda "mm/hugetlb: reduce arch dependent code around follow_huge_*"
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Acked-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Michal Hocko <mhocko@suse.cz>, Andrea Arcangeli <aarcange@redhat.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/mm/hugetlbpage.c | 6 ------
arch/arm64/mm/hugetlbpage.c | 6 ------
arch/ia64/mm/hugetlbpage.c | 6 ------
arch/metag/mm/hugetlbpage.c | 6 ------
arch/mips/mm/hugetlbpage.c | 18 ------------------
arch/powerpc/mm/hugetlbpage.c | 8 ++++++++
arch/s390/mm/hugetlbpage.c | 20 --------------------
arch/sh/mm/hugetlbpage.c | 12 ------------
arch/sparc/mm/hugetlbpage.c | 12 ------------
arch/tile/mm/hugetlbpage.c | 28 ----------------------------
arch/x86/mm/hugetlbpage.c | 12 ------------
mm/hugetlb.c | 30 +++++++++++++++---------------
12 files changed, 23 insertions(+), 141 deletions(-)
diff --git a/arch/arm/mm/hugetlbpage.c b/arch/arm/mm/hugetlbpage.c
index 66781bf..c724124 100644
--- a/arch/arm/mm/hugetlbpage.c
+++ b/arch/arm/mm/hugetlbpage.c
@@ -36,12 +36,6 @@
* of type casting from pmd_t * to pte_t *.
*/
-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
- int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pud_huge(pud_t pud)
{
return 0;
diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
index 023747b..2de9d2e 100644
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -38,12 +38,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
}
#endif
-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
- int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pmd_huge(pmd_t pmd)
{
return !(pmd_val(pmd) & PMD_TABLE_BIT);
diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c
index 76069c1..52b7604 100644
--- a/arch/ia64/mm/hugetlbpage.c
+++ b/arch/ia64/mm/hugetlbpage.c
@@ -114,12 +114,6 @@ int pud_huge(pud_t pud)
return 0;
}
-struct page *
-follow_huge_pmd(struct mm_struct *mm, unsigned long address, pmd_t *pmd, int write)
-{
- return NULL;
-}
-
void hugetlb_free_pgd_range(struct mmu_gather *tlb,
unsigned long addr, unsigned long end,
unsigned long floor, unsigned long ceiling)
diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
index 3c32075..7ca80ac 100644
--- a/arch/metag/mm/hugetlbpage.c
+++ b/arch/metag/mm/hugetlbpage.c
@@ -94,12 +94,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
return 0;
}
-struct page *follow_huge_addr(struct mm_struct *mm,
- unsigned long address, int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pmd_huge(pmd_t pmd)
{
return pmd_page_shift(pmd) > PAGE_SHIFT;
diff --git a/arch/mips/mm/hugetlbpage.c b/arch/mips/mm/hugetlbpage.c
index 4ec8ee1..06e0f42 100644
--- a/arch/mips/mm/hugetlbpage.c
+++ b/arch/mips/mm/hugetlbpage.c
@@ -68,12 +68,6 @@ int is_aligned_hugepage_range(unsigned long addr, unsigned long len)
return 0;
}
-struct page *
-follow_huge_addr(struct mm_struct *mm, unsigned long address, int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pmd_huge(pmd_t pmd)
{
return (pmd_val(pmd) & _PAGE_HUGE) != 0;
@@ -83,15 +77,3 @@ int pud_huge(pud_t pud)
{
return (pud_val(pud) & _PAGE_HUGE) != 0;
}
-
-struct page *
-follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int write)
-{
- struct page *page;
-
- page = pte_page(*(pte_t *)pmd);
- if (page)
- page += ((address & ~HPAGE_MASK) >> PAGE_SHIFT);
- return page;
-}
diff --git a/arch/powerpc/mm/hugetlbpage.c b/arch/powerpc/mm/hugetlbpage.c
index 6a4a5fc..17e83a0 100644
--- a/arch/powerpc/mm/hugetlbpage.c
+++ b/arch/powerpc/mm/hugetlbpage.c
@@ -704,6 +704,14 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address,
return NULL;
}
+struct page *
+follow_huge_pud(struct mm_struct *mm, unsigned long address,
+ pud_t *pud, int write)
+{
+ BUG();
+ return NULL;
+}
+
static unsigned long hugepte_addr_end(unsigned long addr, unsigned long end,
unsigned long sz)
{
diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c
index 3c80d2e..210ffed 100644
--- a/arch/s390/mm/hugetlbpage.c
+++ b/arch/s390/mm/hugetlbpage.c
@@ -192,12 +192,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
return 0;
}
-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
- int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pmd_huge(pmd_t pmd)
{
if (!MACHINE_HAS_HPAGE)
@@ -210,17 +204,3 @@ int pud_huge(pud_t pud)
{
return 0;
}
-
-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmdp, int write)
-{
- struct page *page;
-
- if (!MACHINE_HAS_HPAGE)
- return NULL;
-
- page = pmd_page(*pmdp);
- if (page)
- page += ((address & ~HPAGE_MASK) >> PAGE_SHIFT);
- return page;
-}
diff --git a/arch/sh/mm/hugetlbpage.c b/arch/sh/mm/hugetlbpage.c
index d776234..534bc97 100644
--- a/arch/sh/mm/hugetlbpage.c
+++ b/arch/sh/mm/hugetlbpage.c
@@ -67,12 +67,6 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
return 0;
}
-struct page *follow_huge_addr(struct mm_struct *mm,
- unsigned long address, int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pmd_huge(pmd_t pmd)
{
return 0;
@@ -82,9 +76,3 @@ int pud_huge(pud_t pud)
{
return 0;
}
-
-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int write)
-{
- return NULL;
-}
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
index d329537..4242eab 100644
--- a/arch/sparc/mm/hugetlbpage.c
+++ b/arch/sparc/mm/hugetlbpage.c
@@ -215,12 +215,6 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
return entry;
}
-struct page *follow_huge_addr(struct mm_struct *mm,
- unsigned long address, int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pmd_huge(pmd_t pmd)
{
return 0;
@@ -230,9 +224,3 @@ int pud_huge(pud_t pud)
{
return 0;
}
-
-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int write)
-{
- return NULL;
-}
diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
index e514899..8a00c7b 100644
--- a/arch/tile/mm/hugetlbpage.c
+++ b/arch/tile/mm/hugetlbpage.c
@@ -150,12 +150,6 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
return NULL;
}
-struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
- int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
int pmd_huge(pmd_t pmd)
{
return !!(pmd_val(pmd) & _PAGE_HUGE_PAGE);
@@ -166,28 +160,6 @@ int pud_huge(pud_t pud)
return !!(pud_val(pud) & _PAGE_HUGE_PAGE);
}
-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int write)
-{
- struct page *page;
-
- page = pte_page(*(pte_t *)pmd);
- if (page)
- page += ((address & ~PMD_MASK) >> PAGE_SHIFT);
- return page;
-}
-
-struct page *follow_huge_pud(struct mm_struct *mm, unsigned long address,
- pud_t *pud, int write)
-{
- struct page *page;
-
- page = pte_page(*(pte_t *)pud);
- if (page)
- page += ((address & ~PUD_MASK) >> PAGE_SHIFT);
- return page;
-}
-
int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
{
return 0;
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
index 006cc91..9161f76 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
@@ -52,20 +52,8 @@ int pud_huge(pud_t pud)
return 0;
}
-struct page *
-follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int write)
-{
- return NULL;
-}
#else
-struct page *
-follow_huge_addr(struct mm_struct *mm, unsigned long address, int write)
-{
- return ERR_PTR(-EINVAL);
-}
-
/*
* pmd_huge() returns 1 if @pmd is hugetlb related entry, that is normal
* hugetlb entry or non-present (migration or hwpoisoned) hugetlb entry.
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 4cacc6a..e8c0078 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -3693,7 +3693,20 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
return (pte_t *) pmd;
}
-struct page *
+#endif /* CONFIG_ARCH_WANT_GENERAL_HUGETLB */
+
+/*
+ * These functions are overwritable if your architecture needs its own
+ * behavior.
+ */
+struct page * __weak
+follow_huge_addr(struct mm_struct *mm, unsigned long address,
+ int write)
+{
+ return ERR_PTR(-EINVAL);
+}
+
+struct page * __weak
follow_huge_pmd(struct mm_struct *mm, unsigned long address,
pmd_t *pmd, int write)
{
@@ -3707,7 +3720,7 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address,
return page;
}
-struct page *
+struct page * __weak
follow_huge_pud(struct mm_struct *mm, unsigned long address,
pud_t *pud, int write)
{
@@ -3719,19 +3732,6 @@ follow_huge_pud(struct mm_struct *mm, unsigned long address,
return page;
}
-#else /* !CONFIG_ARCH_WANT_GENERAL_HUGETLB */
-
-/* Can be overriden by architectures */
-struct page * __weak
-follow_huge_pud(struct mm_struct *mm, unsigned long address,
- pud_t *pud, int write)
-{
- BUG();
- return NULL;
-}
-
-#endif /* CONFIG_ARCH_WANT_GENERAL_HUGETLB */
-
#ifdef CONFIG_MEMORY_FAILURE
/* Should be called in hugetlb_lock */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 175/222] mm/hugetlb: take page table lock in follow_huge_pmd()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (173 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 174/222] mm/hugetlb: use pmd_page() in follow_huge_pmd() Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 176/222] rtlwifi: rtl8192ee: Fix handling of new style descriptors Sasha Levin
` (47 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
[ Upstream commit e66f17ff71772b209eed39de35aaa99ba819c93d ]
We have a race condition between move_pages() and freeing hugepages, where
move_pages() calls follow_page(FOLL_GET) for hugepages internally and
tries to get its refcount without preventing concurrent freeing. This
race crashes the kernel, so this patch fixes it by moving FOLL_GET code
for hugepages into follow_huge_pmd() with taking the page table lock.
This patch intentionally removes page==NULL check after pte_page.
This is justified because pte_page() never returns NULL for any
architectures or configurations.
This patch changes the behavior of follow_huge_pmd() for tail pages and
then tail pages can be pinned/returned. So the caller must be changed to
properly handle the returned tail pages.
We could have a choice to add the similar locking to
follow_huge_(addr|pud) for consistency, but it's not necessary because
currently these functions don't support FOLL_GET flag, so let's leave it
for future development.
Here is the reproducer:
$ cat movepages.c
#include <stdio.h>
#include <stdlib.h>
#include <numaif.h>
#define ADDR_INPUT 0x700000000000UL
#define HPS 0x200000
#define PS 0x1000
int main(int argc, char *argv[]) {
int i;
int nr_hp = strtol(argv[1], NULL, 0);
int nr_p = nr_hp * HPS / PS;
int ret;
void **addrs;
int *status;
int *nodes;
pid_t pid;
pid = strtol(argv[2], NULL, 0);
addrs = malloc(sizeof(char *) * nr_p + 1);
status = malloc(sizeof(char *) * nr_p + 1);
nodes = malloc(sizeof(char *) * nr_p + 1);
while (1) {
for (i = 0; i < nr_p; i++) {
addrs[i] = (void *)ADDR_INPUT + i * PS;
nodes[i] = 1;
status[i] = 0;
}
ret = numa_move_pages(pid, nr_p, addrs, nodes, status,
MPOL_MF_MOVE_ALL);
if (ret == -1)
err("move_pages");
for (i = 0; i < nr_p; i++) {
addrs[i] = (void *)ADDR_INPUT + i * PS;
nodes[i] = 0;
status[i] = 0;
}
ret = numa_move_pages(pid, nr_p, addrs, nodes, status,
MPOL_MF_MOVE_ALL);
if (ret == -1)
err("move_pages");
}
return 0;
}
$ cat hugepage.c
#include <stdio.h>
#include <sys/mman.h>
#include <string.h>
#define ADDR_INPUT 0x700000000000UL
#define HPS 0x200000
int main(int argc, char *argv[]) {
int nr_hp = strtol(argv[1], NULL, 0);
char *p;
while (1) {
p = mmap((void *)ADDR_INPUT, nr_hp * HPS, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB, -1, 0);
if (p != (void *)ADDR_INPUT) {
perror("mmap");
break;
}
memset(p, 0, nr_hp * HPS);
munmap(p, nr_hp * HPS);
}
}
$ sysctl vm.nr_hugepages=40
$ ./hugepage 10 &
$ ./movepages 10 $(pgrep -f hugepage)
Fixes: e632a938d914 ("mm: migrate: add hugepage migration code to move_pages()")
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Reported-by: Hugh Dickins <hughd@google.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Steve Capper <steve.capper@linaro.org>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/linux/hugetlb.h | 8 ++++----
include/linux/swapops.h | 4 ++++
mm/gup.c | 25 ++++++++-----------------
mm/hugetlb.c | 48 ++++++++++++++++++++++++++++++++++--------------
mm/migrate.c | 5 +++--
5 files changed, 53 insertions(+), 37 deletions(-)
diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
index 6e6d338..14020c7 100644
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -99,9 +99,9 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep);
struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
int write);
struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int write);
+ pmd_t *pmd, int flags);
struct page *follow_huge_pud(struct mm_struct *mm, unsigned long address,
- pud_t *pud, int write);
+ pud_t *pud, int flags);
int pmd_huge(pmd_t pmd);
int pud_huge(pud_t pmd);
unsigned long hugetlb_change_protection(struct vm_area_struct *vma,
@@ -133,8 +133,8 @@ static inline void hugetlb_report_meminfo(struct seq_file *m)
static inline void hugetlb_show_meminfo(void)
{
}
-#define follow_huge_pmd(mm, addr, pmd, write) NULL
-#define follow_huge_pud(mm, addr, pud, write) NULL
+#define follow_huge_pmd(mm, addr, pmd, flags) NULL
+#define follow_huge_pud(mm, addr, pud, flags) NULL
#define prepare_hugepage_range(file, addr, len) (-EINVAL)
#define pmd_huge(x) 0
#define pud_huge(x) 0
diff --git a/include/linux/swapops.h b/include/linux/swapops.h
index 6adfb7b..e288d5c 100644
--- a/include/linux/swapops.h
+++ b/include/linux/swapops.h
@@ -137,6 +137,8 @@ static inline void make_migration_entry_read(swp_entry_t *entry)
*entry = swp_entry(SWP_MIGRATION_READ, swp_offset(*entry));
}
+extern void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
+ spinlock_t *ptl);
extern void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd,
unsigned long address);
extern void migration_entry_wait_huge(struct vm_area_struct *vma,
@@ -150,6 +152,8 @@ static inline int is_migration_entry(swp_entry_t swp)
}
#define migration_entry_to_page(swp) NULL
static inline void make_migration_entry_read(swp_entry_t *entryp) { }
+static inline void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
+ spinlock_t *ptl) { }
static inline void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd,
unsigned long address) { }
static inline void migration_entry_wait_huge(struct vm_area_struct *vma,
diff --git a/mm/gup.c b/mm/gup.c
index a0d57ec..377a5a7 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -167,10 +167,10 @@ struct page *follow_page_mask(struct vm_area_struct *vma,
if (pud_none(*pud))
return no_page_table(vma, flags);
if (pud_huge(*pud) && vma->vm_flags & VM_HUGETLB) {
- if (flags & FOLL_GET)
- return NULL;
- page = follow_huge_pud(mm, address, pud, flags & FOLL_WRITE);
- return page;
+ page = follow_huge_pud(mm, address, pud, flags);
+ if (page)
+ return page;
+ return no_page_table(vma, flags);
}
if (unlikely(pud_bad(*pud)))
return no_page_table(vma, flags);
@@ -179,19 +179,10 @@ struct page *follow_page_mask(struct vm_area_struct *vma,
if (pmd_none(*pmd))
return no_page_table(vma, flags);
if (pmd_huge(*pmd) && vma->vm_flags & VM_HUGETLB) {
- page = follow_huge_pmd(mm, address, pmd, flags & FOLL_WRITE);
- if (flags & FOLL_GET) {
- /*
- * Refcount on tail pages are not well-defined and
- * shouldn't be taken. The caller should handle a NULL
- * return when trying to follow tail pages.
- */
- if (PageHead(page))
- get_page(page);
- else
- page = NULL;
- }
- return page;
+ page = follow_huge_pmd(mm, address, pmd, flags);
+ if (page)
+ return page;
+ return no_page_table(vma, flags);
}
if ((flags & FOLL_NUMA) && pmd_numa(*pmd))
return no_page_table(vma, flags);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index e8c0078..da8fa4e 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -3708,28 +3708,48 @@ follow_huge_addr(struct mm_struct *mm, unsigned long address,
struct page * __weak
follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int write)
+ pmd_t *pmd, int flags)
{
- struct page *page;
-
- if (!pmd_present(*pmd))
- return NULL;
- page = pte_page(*(pte_t *)pmd);
- if (page)
- page += ((address & ~PMD_MASK) >> PAGE_SHIFT);
+ struct page *page = NULL;
+ spinlock_t *ptl;
+retry:
+ ptl = pmd_lockptr(mm, pmd);
+ spin_lock(ptl);
+ /*
+ * make sure that the address range covered by this pmd is not
+ * unmapped from other threads.
+ */
+ if (!pmd_huge(*pmd))
+ goto out;
+ if (pmd_present(*pmd)) {
+ page = pte_page(*(pte_t *)pmd) +
+ ((address & ~PMD_MASK) >> PAGE_SHIFT);
+ if (flags & FOLL_GET)
+ get_page(page);
+ } else {
+ if (is_hugetlb_entry_migration(huge_ptep_get((pte_t *)pmd))) {
+ spin_unlock(ptl);
+ __migration_entry_wait(mm, (pte_t *)pmd, ptl);
+ goto retry;
+ }
+ /*
+ * hwpoisoned entry is treated as no_page_table in
+ * follow_page_mask().
+ */
+ }
+out:
+ spin_unlock(ptl);
return page;
}
struct page * __weak
follow_huge_pud(struct mm_struct *mm, unsigned long address,
- pud_t *pud, int write)
+ pud_t *pud, int flags)
{
- struct page *page;
+ if (flags & FOLL_GET)
+ return NULL;
- page = pte_page(*(pte_t *)pud);
- if (page)
- page += ((address & ~PUD_MASK) >> PAGE_SHIFT);
- return page;
+ return pte_page(*(pte_t *)pud) + ((address & ~PUD_MASK) >> PAGE_SHIFT);
}
#ifdef CONFIG_MEMORY_FAILURE
diff --git a/mm/migrate.c b/mm/migrate.c
index 0143995..cd4fd10 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -229,7 +229,7 @@ static void remove_migration_ptes(struct page *old, struct page *new)
* get to the page and wait until migration is finished.
* When we return from this function the fault will be retried.
*/
-static void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
+void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep,
spinlock_t *ptl)
{
pte_t pte;
@@ -1260,7 +1260,8 @@ static int do_move_page_to_node_array(struct mm_struct *mm,
goto put_and_set;
if (PageHuge(page)) {
- isolate_huge_page(page, &pagelist);
+ if (PageHead(page))
+ isolate_huge_page(page, &pagelist);
goto put_and_set;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 176/222] rtlwifi: rtl8192ee: Fix handling of new style descriptors
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (174 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 175/222] mm/hugetlb: take page table lock " Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 177/222] fs: take i_mutex during prepare_binprm for set[ug]id executables Sasha Levin
` (46 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Troy Tan <troy_tan@realsil.com.cn>
[ Upstream commit d0311314d00298f83aa5450a1d4a92889e7cc2ea ]
The hardware and firmware for the RTL8192EE utilize a FIFO list of
descriptors. There were some problems with the initial implementation.
The worst of these failed to detect that the FIFO was becoming full,
which led to the device needing to be power cycled. As this condition
is not relevant to most of the devices supported by rtlwifi, a callback
routine was added to detect this situation. This patch implements the
necessary changes in the pci handler, and the linkage into the appropriate
rtl8192ee routine.
Signed-off-by: Troy Tan <troy_tan@realsil.com.cn>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [V3.18]
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/net/wireless/rtlwifi/pci.c | 31 +++++++++++++++++++++-------
drivers/net/wireless/rtlwifi/rtl8192ee/sw.c | 3 +--
drivers/net/wireless/rtlwifi/rtl8192ee/trx.c | 7 ++++---
drivers/net/wireless/rtlwifi/rtl8192ee/trx.h | 2 +-
drivers/net/wireless/rtlwifi/wifi.h | 1 +
5 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/drivers/net/wireless/rtlwifi/pci.c b/drivers/net/wireless/rtlwifi/pci.c
index a5186bb..8c45cf4 100644
--- a/drivers/net/wireless/rtlwifi/pci.c
+++ b/drivers/net/wireless/rtlwifi/pci.c
@@ -578,6 +578,13 @@ static void _rtl_pci_tx_isr(struct ieee80211_hw *hw, int prio)
else
entry = (u8 *)(&ring->desc[ring->idx]);
+ if (rtlpriv->cfg->ops->get_available_desc &&
+ rtlpriv->cfg->ops->get_available_desc(hw, prio) <= 1) {
+ RT_TRACE(rtlpriv, (COMP_INTR | COMP_SEND), DBG_DMESG,
+ "no available desc!\n");
+ return;
+ }
+
if (!rtlpriv->cfg->ops->is_tx_desc_closed(hw, prio, ring->idx))
return;
ring->idx = (ring->idx + 1) % ring->entries;
@@ -641,10 +648,9 @@ static void _rtl_pci_tx_isr(struct ieee80211_hw *hw, int prio)
ieee80211_tx_status_irqsafe(hw, skb);
- if ((ring->entries - skb_queue_len(&ring->queue))
- == 2) {
+ if ((ring->entries - skb_queue_len(&ring->queue)) <= 4) {
- RT_TRACE(rtlpriv, COMP_ERR, DBG_LOUD,
+ RT_TRACE(rtlpriv, COMP_ERR, DBG_DMESG,
"more desc left, wake skb_queue@%d, ring->idx = %d, skb_queue_len = 0x%x\n",
prio, ring->idx,
skb_queue_len(&ring->queue));
@@ -793,7 +799,7 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
rx_remained_cnt =
rtlpriv->cfg->ops->rx_desc_buff_remained_cnt(hw,
hw_queue);
- if (rx_remained_cnt < 1)
+ if (rx_remained_cnt == 0)
return;
} else { /* rx descriptor */
@@ -845,18 +851,18 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
else
skb_reserve(skb, stats.rx_drvinfo_size +
stats.rx_bufshift);
-
} else {
RT_TRACE(rtlpriv, COMP_ERR, DBG_WARNING,
"skb->end - skb->tail = %d, len is %d\n",
skb->end - skb->tail, len);
- break;
+ dev_kfree_skb_any(skb);
+ goto new_trx_end;
}
/* handle command packet here */
if (rtlpriv->cfg->ops->rx_command_packet &&
rtlpriv->cfg->ops->rx_command_packet(hw, stats, skb)) {
dev_kfree_skb_any(skb);
- goto end;
+ goto new_trx_end;
}
/*
@@ -906,6 +912,7 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
} else {
dev_kfree_skb_any(skb);
}
+new_trx_end:
if (rtlpriv->use_new_trx_flow) {
rtlpci->rx_ring[hw_queue].next_rx_rp += 1;
rtlpci->rx_ring[hw_queue].next_rx_rp %=
@@ -921,7 +928,6 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
rtlpriv->enter_ps = false;
schedule_work(&rtlpriv->works.lps_change_work);
}
-end:
skb = new_skb;
no_new:
if (rtlpriv->use_new_trx_flow) {
@@ -1695,6 +1701,15 @@ static int rtl_pci_tx(struct ieee80211_hw *hw,
}
}
+ if (rtlpriv->cfg->ops->get_available_desc &&
+ rtlpriv->cfg->ops->get_available_desc(hw, hw_queue) == 0) {
+ RT_TRACE(rtlpriv, COMP_ERR, DBG_WARNING,
+ "get_available_desc fail\n");
+ spin_unlock_irqrestore(&rtlpriv->locks.irq_th_lock,
+ flags);
+ return skb->len;
+ }
+
if (ieee80211_is_data_qos(fc)) {
tid = rtl_get_tid(skb);
if (sta) {
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c b/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c
index 9b5a7d5..c31c6bf 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/sw.c
@@ -113,8 +113,6 @@ int rtl92ee_init_sw_vars(struct ieee80211_hw *hw)
RCR_HTC_LOC_CTRL |
RCR_AMF |
RCR_ACF |
- RCR_ADF |
- RCR_AICV |
RCR_ACRC32 |
RCR_AB |
RCR_AM |
@@ -241,6 +239,7 @@ static struct rtl_hal_ops rtl8192ee_hal_ops = {
.set_desc = rtl92ee_set_desc,
.get_desc = rtl92ee_get_desc,
.is_tx_desc_closed = rtl92ee_is_tx_desc_closed,
+ .get_available_desc = rtl92ee_get_available_desc,
.tx_polling = rtl92ee_tx_polling,
.enable_hw_sec = rtl92ee_enable_hw_security_config,
.set_key = rtl92ee_set_key,
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
index 0069004..1f6d160 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.c
@@ -707,7 +707,7 @@ static u16 get_desc_addr_fr_q_idx(u16 queue_index)
return desc_address;
}
-void rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 q_idx)
+u16 rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 q_idx)
{
struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
struct rtl_priv *rtlpriv = rtl_priv(hw);
@@ -721,11 +721,12 @@ void rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 q_idx)
current_tx_write_point = (u16)((tmp_4byte) & 0x0fff);
point_diff = ((current_tx_read_point > current_tx_write_point) ?
- (current_tx_read_point - current_tx_write_point) :
- (TX_DESC_NUM_92E - current_tx_write_point +
+ (current_tx_read_point - current_tx_write_point - 1) :
+ (TX_DESC_NUM_92E - 1 - current_tx_write_point +
current_tx_read_point));
rtlpci->tx_ring[q_idx].avl_desc = point_diff;
+ return point_diff;
}
void rtl92ee_pre_fill_tx_bd_desc(struct ieee80211_hw *hw,
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
index 8effef9..b489dd9 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
+++ b/drivers/net/wireless/rtlwifi/rtl8192ee/trx.h
@@ -831,7 +831,7 @@ void rtl92ee_rx_check_dma_ok(struct ieee80211_hw *hw, u8 *header_desc,
u8 queue_index);
u16 rtl92ee_rx_desc_buff_remained_cnt(struct ieee80211_hw *hw,
u8 queue_index);
-void rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 queue_index);
+u16 rtl92ee_get_available_desc(struct ieee80211_hw *hw, u8 queue_index);
void rtl92ee_pre_fill_tx_bd_desc(struct ieee80211_hw *hw,
u8 *tx_bd_desc, u8 *desc, u8 queue_index,
struct sk_buff *skb, dma_addr_t addr);
diff --git a/drivers/net/wireless/rtlwifi/wifi.h b/drivers/net/wireless/rtlwifi/wifi.h
index 6866dcf..27822fe 100644
--- a/drivers/net/wireless/rtlwifi/wifi.h
+++ b/drivers/net/wireless/rtlwifi/wifi.h
@@ -2161,6 +2161,7 @@ struct rtl_hal_ops {
void (*add_wowlan_pattern)(struct ieee80211_hw *hw,
struct rtl_wow_pattern *rtl_pattern,
u8 index);
+ u16 (*get_available_desc)(struct ieee80211_hw *hw, u8 q_idx);
};
struct rtl_intf_ops {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 177/222] fs: take i_mutex during prepare_binprm for set[ug]id executables
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (175 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 176/222] rtlwifi: rtl8192ee: Fix handling of new style descriptors Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 178/222] bpf: fix 64-bit divide Sasha Levin
` (45 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Jann Horn <jann@thejh.net>
[ Upstream commit 8b01fc86b9f425899f8a3a8fc1c47d73c2c20543 ]
This prevents a race between chown() and execve(), where chowning a
setuid-user binary to root would momentarily make the binary setuid
root.
This patch was mostly written by Linus Torvalds.
Signed-off-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/exec.c | 76 ++++++++++++++++++++++++++++++++++++++++-----------------------
1 file changed, 48 insertions(+), 28 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 7302b75..2e83209 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1250,6 +1250,53 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
spin_unlock(&p->fs->lock);
}
+static void bprm_fill_uid(struct linux_binprm *bprm)
+{
+ struct inode *inode;
+ unsigned int mode;
+ kuid_t uid;
+ kgid_t gid;
+
+ /* clear any previous set[ug]id data from a previous binary */
+ bprm->cred->euid = current_euid();
+ bprm->cred->egid = current_egid();
+
+ if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
+ return;
+
+ if (task_no_new_privs(current))
+ return;
+
+ inode = file_inode(bprm->file);
+ mode = READ_ONCE(inode->i_mode);
+ if (!(mode & (S_ISUID|S_ISGID)))
+ return;
+
+ /* Be careful if suid/sgid is set */
+ mutex_lock(&inode->i_mutex);
+
+ /* reload atomically mode/uid/gid now that lock held */
+ mode = inode->i_mode;
+ uid = inode->i_uid;
+ gid = inode->i_gid;
+ mutex_unlock(&inode->i_mutex);
+
+ /* We ignore suid/sgid if there are no mappings for them in the ns */
+ if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
+ !kgid_has_mapping(bprm->cred->user_ns, gid))
+ return;
+
+ if (mode & S_ISUID) {
+ bprm->per_clear |= PER_CLEAR_ON_SETID;
+ bprm->cred->euid = uid;
+ }
+
+ if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+ bprm->per_clear |= PER_CLEAR_ON_SETID;
+ bprm->cred->egid = gid;
+ }
+}
+
/*
* Fill the binprm structure from the inode.
* Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
@@ -1258,36 +1305,9 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
*/
int prepare_binprm(struct linux_binprm *bprm)
{
- struct inode *inode = file_inode(bprm->file);
- umode_t mode = inode->i_mode;
int retval;
-
- /* clear any previous set[ug]id data from a previous binary */
- bprm->cred->euid = current_euid();
- bprm->cred->egid = current_egid();
-
- if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
- !task_no_new_privs(current) &&
- kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) &&
- kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) {
- /* Set-uid? */
- if (mode & S_ISUID) {
- bprm->per_clear |= PER_CLEAR_ON_SETID;
- bprm->cred->euid = inode->i_uid;
- }
-
- /* Set-gid? */
- /*
- * If setgid is set but no group execute bit then this
- * is a candidate for mandatory locking, not a setgid
- * executable.
- */
- if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
- bprm->per_clear |= PER_CLEAR_ON_SETID;
- bprm->cred->egid = inode->i_gid;
- }
- }
+ bprm_fill_uid(bprm);
/* fill in binprm security blob */
retval = security_bprm_set_creds(bprm);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 178/222] bpf: fix 64-bit divide
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (176 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 177/222] fs: take i_mutex during prepare_binprm for set[ug]id executables Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 179/222] MIPS: BCM63xx: Move bcm63xx_gpio_init() to bcm63xx_register_devices() Sasha Levin
` (44 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Alexei Starovoitov <ast@plumgrid.com>
[ Upstream commit 876a7ae65b86d8cec8efe7d15d050ac61116874e ]
ALU64_DIV instruction should be dividing 64-bit by 64-bit,
whereas do_div() does 64-bit by 32-bit divide.
x64 and arm64 JITs correctly implement 64 by 64 unsigned divide.
llvm BPF backend emits code assuming that ALU64_DIV does 64 by 64.
Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets")
Reported-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
kernel/bpf/core.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index d6594e4..71a9e5b 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -357,8 +357,8 @@ select_insn:
ALU64_MOD_X:
if (unlikely(SRC == 0))
return 0;
- tmp = DST;
- DST = do_div(tmp, SRC);
+ div64_u64_rem(DST, SRC, &tmp);
+ DST = tmp;
CONT;
ALU_MOD_X:
if (unlikely(SRC == 0))
@@ -367,8 +367,8 @@ select_insn:
DST = do_div(tmp, (u32) SRC);
CONT;
ALU64_MOD_K:
- tmp = DST;
- DST = do_div(tmp, IMM);
+ div64_u64_rem(DST, IMM, &tmp);
+ DST = tmp;
CONT;
ALU_MOD_K:
tmp = (u32) DST;
@@ -377,7 +377,7 @@ select_insn:
ALU64_DIV_X:
if (unlikely(SRC == 0))
return 0;
- do_div(DST, SRC);
+ DST = div64_u64(DST, SRC);
CONT;
ALU_DIV_X:
if (unlikely(SRC == 0))
@@ -387,7 +387,7 @@ select_insn:
DST = (u32) tmp;
CONT;
ALU64_DIV_K:
- do_div(DST, IMM);
+ DST = div64_u64(DST, IMM);
CONT;
ALU_DIV_K:
tmp = (u32) DST;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 179/222] MIPS: BCM63xx: Move bcm63xx_gpio_init() to bcm63xx_register_devices().
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (177 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 178/222] bpf: fix 64-bit divide Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 180/222] MIPS: OCTEON: dma-octeon: fix OHCI USB config check Sasha Levin
` (43 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Nicolas Schichan <nschichan@freebox.fr>
[ Upstream commit 2ec459f2a77b808c1e5a3616c88b613d3f720c8d ]
When called from prom init code, bcm63xx_gpio_init() will fail as it
will call gpiochip_add() which relies on a working kmalloc() to alloc
the gpio_desc array and kmalloc is not useable yet at prom init time.
Move bcm63xx_gpio_init() to bcm63xx_register_devices() (an
arch_initcall) where kmalloc works.
Fixes: 14e85c0e69d5 ("gpio: remove gpio_descs global array")
Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Cc: Alexandre Courbot <acourbot@nvidia.com>
Patchwork: https://patchwork.linux-mips.org/patch/9530/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/bcm63xx/prom.c | 4 ----
arch/mips/bcm63xx/setup.c | 4 ++++
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/mips/bcm63xx/prom.c b/arch/mips/bcm63xx/prom.c
index e1f27d6..7019e29 100644
--- a/arch/mips/bcm63xx/prom.c
+++ b/arch/mips/bcm63xx/prom.c
@@ -17,7 +17,6 @@
#include <bcm63xx_cpu.h>
#include <bcm63xx_io.h>
#include <bcm63xx_regs.h>
-#include <bcm63xx_gpio.h>
void __init prom_init(void)
{
@@ -53,9 +52,6 @@ void __init prom_init(void)
reg &= ~mask;
bcm_perf_writel(reg, PERF_CKCTL_REG);
- /* register gpiochip */
- bcm63xx_gpio_init();
-
/* do low level board init */
board_prom_init();
diff --git a/arch/mips/bcm63xx/setup.c b/arch/mips/bcm63xx/setup.c
index 6660c7d..240fb4f 100644
--- a/arch/mips/bcm63xx/setup.c
+++ b/arch/mips/bcm63xx/setup.c
@@ -20,6 +20,7 @@
#include <bcm63xx_cpu.h>
#include <bcm63xx_regs.h>
#include <bcm63xx_io.h>
+#include <bcm63xx_gpio.h>
void bcm63xx_machine_halt(void)
{
@@ -160,6 +161,9 @@ void __init plat_mem_setup(void)
int __init bcm63xx_register_devices(void)
{
+ /* register gpiochip */
+ bcm63xx_gpio_init();
+
return board_register_devices();
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 180/222] MIPS: OCTEON: dma-octeon: fix OHCI USB config check
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (178 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 179/222] MIPS: BCM63xx: Move bcm63xx_gpio_init() to bcm63xx_register_devices() Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 181/222] MIPS: OCTEON: Use correct CSR to soft reset Sasha Levin
` (42 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Aaro Koskinen <aaro.koskinen@iki.fi>
[ Upstream commit a8667d706dfa394ef9fe5f9013dee92d40a096e8 ]
CONFIG_USB_OCTEON_OHCI is deprecated and no longer needed to use OHCI
on OCTEON II. Instead, CONFIG_USB_OHCI_HCD_PLATFORM should be used.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Aleksey Makarov <aleksey.makarov@auriga.com>
Cc: David Daney <david.daney@cavium.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9421/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/cavium-octeon/dma-octeon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/cavium-octeon/dma-octeon.c b/arch/mips/cavium-octeon/dma-octeon.c
index 02f2444..c76a289 100644
--- a/arch/mips/cavium-octeon/dma-octeon.c
+++ b/arch/mips/cavium-octeon/dma-octeon.c
@@ -306,7 +306,7 @@ void __init plat_swiotlb_setup(void)
swiotlbsize = 64 * (1<<20);
}
#endif
-#ifdef CONFIG_USB_OCTEON_OHCI
+#ifdef CONFIG_USB_OHCI_HCD_PLATFORM
/* OCTEON II ohci is only 32-bit. */
if (OCTEON_IS_MODEL(OCTEON_CN6XXX) && max_addr >= 0x100000000ul)
swiotlbsize = 64 * (1<<20);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 181/222] MIPS: OCTEON: Use correct CSR to soft reset
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (179 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 180/222] MIPS: OCTEON: dma-octeon: fix OHCI USB config check Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 182/222] clk: at91: usb: fix determine_rate prototype Sasha Levin
` (41 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Chandrakala Chavva <cchavva@caviumnetworks.com>
[ Upstream commit fe2360f8f505ea8340f710f1c80a8f56462bdd62 ]
This fixes reboot for Octeon III boards
[ralf@linux-mips.org: Dropped segment for function cvmx_reset_octeon()
which was removed by the preceeding commit.]
Signed-off-by: Chandrakala Chavva <cchavva@caviumnetworks.com>
Signed-off-by: Aleksey Makarov <aleksey.makarov@auriga.com>
Cc: David Daney <david.daney@cavium.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/9464/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/cavium-octeon/setup.c | 5 ++++-
arch/mips/include/asm/octeon/cvmx.h | 8 --------
2 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/arch/mips/cavium-octeon/setup.c b/arch/mips/cavium-octeon/setup.c
index 5ebdb32..de9b625 100644
--- a/arch/mips/cavium-octeon/setup.c
+++ b/arch/mips/cavium-octeon/setup.c
@@ -412,7 +412,10 @@ static void octeon_restart(char *command)
mb();
while (1)
- cvmx_write_csr(CVMX_CIU_SOFT_RST, 1);
+ if (OCTEON_IS_OCTEON3())
+ cvmx_write_csr(CVMX_RST_SOFT_RST, 1);
+ else
+ cvmx_write_csr(CVMX_CIU_SOFT_RST, 1);
}
diff --git a/arch/mips/include/asm/octeon/cvmx.h b/arch/mips/include/asm/octeon/cvmx.h
index f991e77..f5ca449 100644
--- a/arch/mips/include/asm/octeon/cvmx.h
+++ b/arch/mips/include/asm/octeon/cvmx.h
@@ -436,14 +436,6 @@ static inline uint64_t cvmx_get_cycle_global(void)
/***************************************************************************/
-static inline void cvmx_reset_octeon(void)
-{
- union cvmx_ciu_soft_rst ciu_soft_rst;
- ciu_soft_rst.u64 = 0;
- ciu_soft_rst.s.soft_rst = 1;
- cvmx_write_csr(CVMX_CIU_SOFT_RST, ciu_soft_rst.u64);
-}
-
/* Return the number of cores available in the chip */
static inline uint32_t cvmx_octeon_num_cores(void)
{
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 182/222] clk: at91: usb: fix determine_rate prototype
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (180 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 181/222] MIPS: OCTEON: Use correct CSR to soft reset Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 183/222] MIPS: Octeon: Remove udelay() causing huge IRQ latency Sasha Levin
` (40 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Boris Brezillon <boris.brezillon@free-electrons.com>
Commit c67881fc890916206e723329e774391c6ed354ce is a backport of
0b67c43ce36a9964f1d5e3f973ee19eefd3f9f8f upstream commit, fixing a
bug on clk rate change propagation.
But in 4.0 ->determine_rate() prototype has changed, thus introducing
a prototype mismatch when applying it on 3.19.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/clk/at91/clk-usb.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/clk/at91/clk-usb.c b/drivers/clk/at91/clk-usb.c
index 0b7c3e8..0283a57 100644
--- a/drivers/clk/at91/clk-usb.c
+++ b/drivers/clk/at91/clk-usb.c
@@ -58,8 +58,6 @@ static unsigned long at91sam9x5_clk_usb_recalc_rate(struct clk_hw *hw,
static long at91sam9x5_clk_usb_determine_rate(struct clk_hw *hw,
unsigned long rate,
- unsigned long min_rate,
- unsigned long max_rate,
unsigned long *best_parent_rate,
struct clk_hw **best_parent_hw)
{
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 183/222] MIPS: Octeon: Remove udelay() causing huge IRQ latency
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (181 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 182/222] clk: at91: usb: fix determine_rate prototype Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 184/222] MIPS: OCTEON: fix PCI interrupt mapping for D-Link DSR-1000N Sasha Levin
` (39 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
[ Upstream commit 73bf3c2a500b2db8ac966469591196bf55afb409 ]
udelay() in PCI/PCIe read/write callbacks cause 30ms IRQ latency on Octeon
platforms because these operations are called from PCI_OP_READ() and
PCI_OP_WRITE() under raw_spin_lock_irqsave().
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Cc: linux-mips@linux-mips.org
Cc: David Daney <ddaney@cavium.com>
Cc: Rob Herring <robh@kernel.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Masanari Iida <standby24x7@gmail.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Mathias <mathias.rulf@nokia.com>
Patchwork: https://patchwork.linux-mips.org/patch/9576/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/include/asm/octeon/pci-octeon.h | 3 ---
arch/mips/pci/pci-octeon.c | 6 ------
arch/mips/pci/pcie-octeon.c | 8 --------
3 files changed, 17 deletions(-)
diff --git a/arch/mips/include/asm/octeon/pci-octeon.h b/arch/mips/include/asm/octeon/pci-octeon.h
index 64ba56a..1884609 100644
--- a/arch/mips/include/asm/octeon/pci-octeon.h
+++ b/arch/mips/include/asm/octeon/pci-octeon.h
@@ -11,9 +11,6 @@
#include <linux/pci.h>
-/* Some PCI cards require delays when accessing config space. */
-#define PCI_CONFIG_SPACE_DELAY 10000
-
/*
* The physical memory base mapped by BAR1. 256MB at the end of the
* first 4GB.
diff --git a/arch/mips/pci/pci-octeon.c b/arch/mips/pci/pci-octeon.c
index 59cccd9..1fa13ee 100644
--- a/arch/mips/pci/pci-octeon.c
+++ b/arch/mips/pci/pci-octeon.c
@@ -271,9 +271,6 @@ static int octeon_read_config(struct pci_bus *bus, unsigned int devfn,
pci_addr.s.func = devfn & 0x7;
pci_addr.s.reg = reg;
-#if PCI_CONFIG_SPACE_DELAY
- udelay(PCI_CONFIG_SPACE_DELAY);
-#endif
switch (size) {
case 4:
*val = le32_to_cpu(cvmx_read64_uint32(pci_addr.u64));
@@ -308,9 +305,6 @@ static int octeon_write_config(struct pci_bus *bus, unsigned int devfn,
pci_addr.s.func = devfn & 0x7;
pci_addr.s.reg = reg;
-#if PCI_CONFIG_SPACE_DELAY
- udelay(PCI_CONFIG_SPACE_DELAY);
-#endif
switch (size) {
case 4:
cvmx_write64_uint32(pci_addr.u64, cpu_to_le32(val));
diff --git a/arch/mips/pci/pcie-octeon.c b/arch/mips/pci/pcie-octeon.c
index 5e36c33..38335af 100644
--- a/arch/mips/pci/pcie-octeon.c
+++ b/arch/mips/pci/pcie-octeon.c
@@ -1762,14 +1762,6 @@ static int octeon_pcie_write_config(unsigned int pcie_port, struct pci_bus *bus,
default:
return PCIBIOS_FUNC_NOT_SUPPORTED;
}
-#if PCI_CONFIG_SPACE_DELAY
- /*
- * Delay on writes so that devices have time to come up. Some
- * bridges need this to allow time for the secondary busses to
- * work
- */
- udelay(PCI_CONFIG_SPACE_DELAY);
-#endif
return PCIBIOS_SUCCESSFUL;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 184/222] MIPS: OCTEON: fix PCI interrupt mapping for D-Link DSR-1000N
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (182 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 183/222] MIPS: Octeon: Remove udelay() causing huge IRQ latency Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 185/222] MIPS: Netlogic: Fix for SATA PHY init Sasha Levin
` (38 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Aaro Koskinen <aaro.koskinen@iki.fi>
[ Upstream commit b083518c52ab75a345d668ca7fa41e530df08d51 ]
Fix PCI interrupt mapping for DSR1000N. This will get the PCI slot
interrupts working. The mapping is based on D-Link GPL tarball.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9593/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/pci/pci-octeon.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/mips/pci/pci-octeon.c b/arch/mips/pci/pci-octeon.c
index 1fa13ee..14d3351 100644
--- a/arch/mips/pci/pci-octeon.c
+++ b/arch/mips/pci/pci-octeon.c
@@ -214,6 +214,8 @@ const char *octeon_get_pci_interrupts(void)
return "AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case CVMX_BOARD_TYPE_BBGW_REF:
return "AABCD";
+ case CVMX_BOARD_TYPE_CUST_DSR1000N:
+ return "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC";
case CVMX_BOARD_TYPE_THUNDER:
case CVMX_BOARD_TYPE_EBH3000:
default:
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 185/222] MIPS: Netlogic: Fix for SATA PHY init
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (183 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 184/222] MIPS: OCTEON: fix PCI interrupt mapping for D-Link DSR-1000N Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 186/222] MIPS: kernel: entry.S: Set correct ISA level for mips_ihb Sasha Levin
` (37 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ganesan Ramalingam <ganesanr@broadcom.com>
[ Upstream commit 872cd4c2c617bb3a203ebe18115fd0c697112b87 ]
Update to the SATA PHY initialization. This is needed for SATA detection
to succeed in all configurations.
Signed-off-by: Ganesan Ramalingam <ganesanr@broadcom.com>
Signed-off-by: Jayachandran C <jchandra@broadcom.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8886/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/netlogic/xlp/ahci-init-xlp2.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/mips/netlogic/xlp/ahci-init-xlp2.c b/arch/mips/netlogic/xlp/ahci-init-xlp2.c
index c83dbf3..7b066a4 100644
--- a/arch/mips/netlogic/xlp/ahci-init-xlp2.c
+++ b/arch/mips/netlogic/xlp/ahci-init-xlp2.c
@@ -203,6 +203,7 @@ static u8 read_phy_reg(u64 regbase, u32 addr, u32 physel)
static void config_sata_phy(u64 regbase)
{
u32 port, i, reg;
+ u8 val;
for (port = 0; port < 2; port++) {
for (i = 0, reg = RXCDRCALFOSC0; reg <= CALDUTY; reg++, i++)
@@ -210,6 +211,18 @@ static void config_sata_phy(u64 regbase)
for (i = 0, reg = RXDPIF; reg <= PPMDRIFTMAX_HI; reg++, i++)
write_phy_reg(regbase, reg, port, sata_phy_config2[i]);
+
+ /* Fix for PHY link up failures at lower temperatures */
+ write_phy_reg(regbase, 0x800F, port, 0x1f);
+
+ val = read_phy_reg(regbase, 0x0029, port);
+ write_phy_reg(regbase, 0x0029, port, val | (0x7 << 1));
+
+ val = read_phy_reg(regbase, 0x0056, port);
+ write_phy_reg(regbase, 0x0056, port, val & ~(1 << 3));
+
+ val = read_phy_reg(regbase, 0x0018, port);
+ write_phy_reg(regbase, 0x0018, port, val & ~(0x7 << 0));
}
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 186/222] MIPS: kernel: entry.S: Set correct ISA level for mips_ihb
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (184 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 185/222] MIPS: Netlogic: Fix for SATA PHY init Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 187/222] MIPS: Octeon: Delete override of cpu_has_mips_r2_exec_hazard Sasha Levin
` (36 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Markos Chandras <markos.chandras@imgtec.com>
[ Upstream commit aebac99384f7a6d83a3dcd42bf2481eed2670083 ]
Commit 6ebb496ffc7e("MIPS: kernel: entry.S: Add MIPS R6 related
definitions") added the MIPSR6 definition but it did not update the
ISA level of the actual assembly code so a pre-MIPSR6 jr.hb instruction
was generated instead. Fix this by using the MISP_ISA_LEVEL_RAW macro.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Fixes: 6ebb496ffc7e("MIPS: kernel: entry.S: Add MIPS R6 related definitions")
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9386/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/kernel/entry.S | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/mips/kernel/entry.S b/arch/mips/kernel/entry.S
index 4353d32..39d6829 100644
--- a/arch/mips/kernel/entry.S
+++ b/arch/mips/kernel/entry.S
@@ -10,6 +10,7 @@
#include <asm/asm.h>
#include <asm/asmmacro.h>
+#include <asm/compiler.h>
#include <asm/regdef.h>
#include <asm/mipsregs.h>
#include <asm/stackframe.h>
@@ -166,7 +167,7 @@ syscall_exit_work:
* For C code use the inline version named instruction_hazard().
*/
LEAF(mips_ihb)
- .set mips32r2
+ .set MIPS_ISA_LEVEL_RAW
jr.hb ra
nop
END(mips_ihb)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 187/222] MIPS: Octeon: Delete override of cpu_has_mips_r2_exec_hazard.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (185 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 186/222] MIPS: kernel: entry.S: Set correct ISA level for mips_ihb Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 188/222] SSB: fix Kconfig dependencies Sasha Levin
` (35 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ralf Baechle <ralf@linux-mips.org>
[ Upstream commit f05ff43355e6997c18f82ddcee370a6e5f8643ce ]
This is no longer needed with the fixed, new and improved definition
of cpu_has_mips_r2_exec_hazard in <asm/cpu-features.h>.
For a discussion, see http://patchwork.linux-mips.org/patch/9539/.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/include/asm/mach-cavium-octeon/cpu-feature-overrides.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/mips/include/asm/mach-cavium-octeon/cpu-feature-overrides.h b/arch/mips/include/asm/mach-cavium-octeon/cpu-feature-overrides.h
index fa1f3cf..d68e685 100644
--- a/arch/mips/include/asm/mach-cavium-octeon/cpu-feature-overrides.h
+++ b/arch/mips/include/asm/mach-cavium-octeon/cpu-feature-overrides.h
@@ -50,7 +50,6 @@
#define cpu_has_mips32r2 0
#define cpu_has_mips64r1 0
#define cpu_has_mips64r2 1
-#define cpu_has_mips_r2_exec_hazard 0
#define cpu_has_dsp 0
#define cpu_has_dsp2 0
#define cpu_has_mipsmt 0
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 188/222] SSB: fix Kconfig dependencies
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (186 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 187/222] MIPS: Octeon: Delete override of cpu_has_mips_r2_exec_hazard Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 189/222] MIPS: ralink: add missing symbol for RALINK_ILL_ACC Sasha Levin
` (34 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Adrien Schildknecht <adrien+dev@schischi.me>
[ Upstream commit 179fa46fb666c8f2aa2bbb1f3114d5d826d59d3d ]
The commit 21400f252a97 ("MIPS: BCM47XX: Make ssb init NVRAM instead of
bcm47xx polling it") introduces a dependency to SSB_SFLASH but did not
add it to the Kconfig.
drivers/ssb/driver_mipscore.c:216:36: error: 'struct ssb_mipscore' has no
member named 'sflash'
struct ssb_sflash *sflash = &mcore->sflash;
^
drivers/ssb/driver_mipscore.c:249:12: error: dereferencing pointer to
incomplete type
if (sflash->present) {
^
Signed-off-by: Adrien Schildknecht <adrien+dev@schischi.me>
Cc: m@bues.ch
Cc: zajec5@gmail.com
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/9598/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/ssb/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/ssb/Kconfig b/drivers/ssb/Kconfig
index 75b3603..f0d22cd 100644
--- a/drivers/ssb/Kconfig
+++ b/drivers/ssb/Kconfig
@@ -130,6 +130,7 @@ config SSB_DRIVER_MIPS
bool "SSB Broadcom MIPS core driver"
depends on SSB && MIPS
select SSB_SERIAL
+ select SSB_SFLASH
help
Driver for the Sonics Silicon Backplane attached
Broadcom MIPS core.
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 189/222] MIPS: ralink: add missing symbol for RALINK_ILL_ACC
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (187 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 188/222] SSB: fix Kconfig dependencies Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 190/222] MIPS: smp-cps: cpu_set FPU mask if FPU present Sasha Levin
` (33 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: John Crispin <blogic@openwrt.org>
[ Upstream commit a7b7aad383c5dd9221a06e378197350dd27c1163 ]
A driver was added in commit 5433acd81e87 ("MIPS: ralink: add illegal access
driver") without the Kconfig section being added. Fix this by adding the symbol
to the Kconfig file.
Signed-off-by: John Crispin <blogic@openwrt.org>
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9299/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/ralink/Kconfig | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/mips/ralink/Kconfig b/arch/mips/ralink/Kconfig
index 77e8a96..d50914d 100644
--- a/arch/mips/ralink/Kconfig
+++ b/arch/mips/ralink/Kconfig
@@ -7,6 +7,11 @@ config CLKEVT_RT3352
select CLKSRC_OF
select CLKSRC_MMIO
+config RALINK_ILL_ACC
+ bool
+ depends on SOC_RT305X
+ default y
+
choice
prompt "Ralink SoC selection"
default SOC_RT305X
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 190/222] MIPS: smp-cps: cpu_set FPU mask if FPU present
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (188 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 189/222] MIPS: ralink: add missing symbol for RALINK_ILL_ACC Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 191/222] MIPS: Kconfig: Disable SMP/CPS for 64-bit Sasha Levin
` (32 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Niklas Cassel <niklas.cassel@axis.com>
[ Upstream commit 90db024f140d0d6ad960cc5f090e3c8ed890ca55 ]
If we have an FPU, enroll ourselves in the FPU-full mask.
Matching the MT_SMP and CMP implementations of smp_setup.
Signed-off-by: Niklas Cassel <niklass@axis.com>
Cc: paul.burton@imgtec.com
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8948/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/kernel/smp-cps.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/mips/kernel/smp-cps.c b/arch/mips/kernel/smp-cps.c
index e6e16a1..0854f17 100644
--- a/arch/mips/kernel/smp-cps.c
+++ b/arch/mips/kernel/smp-cps.c
@@ -88,6 +88,12 @@ static void __init cps_smp_setup(void)
/* Make core 0 coherent with everything */
write_gcr_cl_coherence(0xff);
+
+#ifdef CONFIG_MIPS_MT_FPAFF
+ /* If we have an FPU, enroll ourselves in the FPU-full mask */
+ if (cpu_has_fpu)
+ cpu_set(0, mt_fpu_cpumask);
+#endif /* CONFIG_MIPS_MT_FPAFF */
}
static void __init cps_prepare_cpus(unsigned int max_cpus)
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 191/222] MIPS: Kconfig: Disable SMP/CPS for 64-bit
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (189 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 190/222] MIPS: smp-cps: cpu_set FPU mask if FPU present Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 192/222] MIPS: BCM47XX: Fix detecting Microsoft MN-700 & Asus WL500G Sasha Levin
` (31 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Markos Chandras <markos.chandras@imgtec.com>
[ Upstream commit 6ca716f2e5571d25a3899c6c5c91ff72ea6d6f5e ]
A 64-bit build for Malta produces far too many build problems
when SMP/CPS is selected. Moreover, there is currently no 64-bit
product with SMP/CPS so we disable SMP/CPS when building for
64-bit until it is properly supported.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8573/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 9536ef9..155bb7f 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -2048,7 +2048,7 @@ config MIPS_CMP
config MIPS_CPS
bool "MIPS Coherent Processing System support"
- depends on SYS_SUPPORTS_MIPS_CPS
+ depends on SYS_SUPPORTS_MIPS_CPS && !64BIT
select MIPS_CM
select MIPS_CPC
select MIPS_CPS_PM if HOTPLUG_CPU
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 192/222] MIPS: BCM47XX: Fix detecting Microsoft MN-700 & Asus WL500G
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (190 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 191/222] MIPS: Kconfig: Disable SMP/CPS for 64-bit Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 193/222] ALSA: emux: Fix mutex deadlock at unloading Sasha Levin
` (30 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Rafał Miłecki <zajec5@gmail.com>
[ Upstream commit 96f7c21363e0e0d19f3471f54a719ed06d708513 ]
Since the day of adding this code it was broken. We were iterating over
a wrong array and checking for wrong NVRAM entry.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Patchwork: https://patchwork.linux-mips.org/patch/9654/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/mips/bcm47xx/board.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/bcm47xx/board.c b/arch/mips/bcm47xx/board.c
index b3ae068..3fd369d 100644
--- a/arch/mips/bcm47xx/board.c
+++ b/arch/mips/bcm47xx/board.c
@@ -247,8 +247,8 @@ static __init const struct bcm47xx_board_type *bcm47xx_board_get_nvram(void)
}
if (bcm47xx_nvram_getenv("hardware_version", buf1, sizeof(buf1)) >= 0 &&
- bcm47xx_nvram_getenv("boardtype", buf2, sizeof(buf2)) >= 0) {
- for (e2 = bcm47xx_board_list_boot_hw; e2->value1; e2++) {
+ bcm47xx_nvram_getenv("boardnum", buf2, sizeof(buf2)) >= 0) {
+ for (e2 = bcm47xx_board_list_hw_version_num; e2->value1; e2++) {
if (!strstarts(buf1, e2->value1) &&
!strcmp(buf2, e2->value2))
return &e2->board;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 193/222] ALSA: emux: Fix mutex deadlock at unloading
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (191 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 192/222] MIPS: BCM47XX: Fix detecting Microsoft MN-700 & Asus WL500G Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 194/222] ALSA: emux: Fix mutex deadlock in OSS emulation Sasha Levin
` (29 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 07b0e5d49d227e3950cb13a3e8caf248ef2a310e ]
The emux-synth driver has a possible AB/BA mutex deadlock at unloading
the emu10k1 driver:
snd_emux_free() ->
snd_emux_detach_seq(): mutex_lock(&emu->register_mutex) ->
snd_seq_delete_kernel_client() ->
snd_seq_free_client(): mutex_lock(®ister_mutex)
snd_seq_release() ->
snd_seq_free_client(): mutex_lock(®ister_mutex) ->
snd_seq_delete_all_ports() ->
snd_emux_unuse(): mutex_lock(&emu->register_mutex)
Basically snd_emux_detach_seq() doesn't need a protection of
emu->register_mutex as it's already being unregistered. So, we can
get rid of this for avoiding the deadlock.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/synth/emux/emux_seq.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sound/synth/emux/emux_seq.c b/sound/synth/emux/emux_seq.c
index 7778b8e..188fda0e 100644
--- a/sound/synth/emux/emux_seq.c
+++ b/sound/synth/emux/emux_seq.c
@@ -124,12 +124,10 @@ snd_emux_detach_seq(struct snd_emux *emu)
if (emu->voices)
snd_emux_terminate_all(emu);
- mutex_lock(&emu->register_mutex);
if (emu->client >= 0) {
snd_seq_delete_kernel_client(emu->client);
emu->client = -1;
}
- mutex_unlock(&emu->register_mutex);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 194/222] ALSA: emux: Fix mutex deadlock in OSS emulation
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (192 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 193/222] ALSA: emux: Fix mutex deadlock at unloading Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 195/222] ALSA: emu10k1: Fix card shortname string buffer overflow Sasha Levin
` (28 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 1c94e65c668f44d2c69ae7e7fc268ab3268fba3e ]
The OSS emulation in synth-emux helper has a potential AB/BA deadlock
at the simultaneous closing and opening:
close ->
snd_seq_release() ->
sne_seq_free_client() ->
snd_seq_delete_all_ports(): takes client->ports_mutex ->
port_delete() ->
snd_emux_unuse(): takes emux->register_mutex
open ->
snd_seq_oss_open() ->
snd_emux_open_seq_oss(): takes emux->register_mutex ->
snd_seq_event_port_attach() ->
snd_seq_create_port(): takes client->ports_mutex
This patch addresses the deadlock by reducing the rance taking
emux->register_mutex in snd_emux_open_seq_oss(). The lock is needed
for the refcount handling, so move it locally. The calls in
emux_seq.c are already with the mutex, thus they are replaced with the
version without mutex lock/unlock.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/synth/emux/emux_oss.c | 11 +----------
sound/synth/emux/emux_seq.c | 27 +++++++++++++++++++++------
2 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/sound/synth/emux/emux_oss.c b/sound/synth/emux/emux_oss.c
index 319754c..daf61ab 100644
--- a/sound/synth/emux/emux_oss.c
+++ b/sound/synth/emux/emux_oss.c
@@ -118,12 +118,8 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure)
if (snd_BUG_ON(!arg || !emu))
return -ENXIO;
- mutex_lock(&emu->register_mutex);
-
- if (!snd_emux_inc_count(emu)) {
- mutex_unlock(&emu->register_mutex);
+ if (!snd_emux_inc_count(emu))
return -EFAULT;
- }
memset(&callback, 0, sizeof(callback));
callback.owner = THIS_MODULE;
@@ -135,7 +131,6 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure)
if (p == NULL) {
snd_printk(KERN_ERR "can't create port\n");
snd_emux_dec_count(emu);
- mutex_unlock(&emu->register_mutex);
return -ENOMEM;
}
@@ -148,8 +143,6 @@ snd_emux_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure)
reset_port_mode(p, arg->seq_mode);
snd_emux_reset_port(p);
-
- mutex_unlock(&emu->register_mutex);
return 0;
}
@@ -195,13 +188,11 @@ snd_emux_close_seq_oss(struct snd_seq_oss_arg *arg)
if (snd_BUG_ON(!emu))
return -ENXIO;
- mutex_lock(&emu->register_mutex);
snd_emux_sounds_off_all(p);
snd_soundfont_close_check(emu->sflist, SF_CLIENT_NO(p->chset.port));
snd_seq_event_port_detach(p->chset.client, p->chset.port);
snd_emux_dec_count(emu);
- mutex_unlock(&emu->register_mutex);
return 0;
}
diff --git a/sound/synth/emux/emux_seq.c b/sound/synth/emux/emux_seq.c
index 188fda0e..a020920 100644
--- a/sound/synth/emux/emux_seq.c
+++ b/sound/synth/emux/emux_seq.c
@@ -267,8 +267,8 @@ snd_emux_event_input(struct snd_seq_event *ev, int direct, void *private_data,
/*
* increment usage count
*/
-int
-snd_emux_inc_count(struct snd_emux *emu)
+static int
+__snd_emux_inc_count(struct snd_emux *emu)
{
emu->used++;
if (!try_module_get(emu->ops.owner))
@@ -282,12 +282,21 @@ snd_emux_inc_count(struct snd_emux *emu)
return 1;
}
+int snd_emux_inc_count(struct snd_emux *emu)
+{
+ int ret;
+
+ mutex_lock(&emu->register_mutex);
+ ret = __snd_emux_inc_count(emu);
+ mutex_unlock(&emu->register_mutex);
+ return ret;
+}
/*
* decrease usage count
*/
-void
-snd_emux_dec_count(struct snd_emux *emu)
+static void
+__snd_emux_dec_count(struct snd_emux *emu)
{
module_put(emu->card->module);
emu->used--;
@@ -296,6 +305,12 @@ snd_emux_dec_count(struct snd_emux *emu)
module_put(emu->ops.owner);
}
+void snd_emux_dec_count(struct snd_emux *emu)
+{
+ mutex_lock(&emu->register_mutex);
+ __snd_emux_dec_count(emu);
+ mutex_unlock(&emu->register_mutex);
+}
/*
* Routine that is called upon a first use of a particular port
@@ -315,7 +330,7 @@ snd_emux_use(void *private_data, struct snd_seq_port_subscribe *info)
mutex_lock(&emu->register_mutex);
snd_emux_init_port(p);
- snd_emux_inc_count(emu);
+ __snd_emux_inc_count(emu);
mutex_unlock(&emu->register_mutex);
return 0;
}
@@ -338,7 +353,7 @@ snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *info)
mutex_lock(&emu->register_mutex);
snd_emux_sounds_off_all(p);
- snd_emux_dec_count(emu);
+ __snd_emux_dec_count(emu);
mutex_unlock(&emu->register_mutex);
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 195/222] ALSA: emu10k1: Fix card shortname string buffer overflow
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (193 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 194/222] ALSA: emux: Fix mutex deadlock in OSS emulation Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 196/222] ALSA: emu10k1: Emu10k2 32 bit DMA mode Sasha Levin
` (27 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit d02260824e2cad626fb2a9d62e27006d34b6dedc ]
Some models provide too long string for the shortname that has 32bytes
including the terminator, and it results in a non-terminated string
exposed to the user-space. This isn't too critical, though, as the
string is stopped at the succeeding longname string.
This patch fixes such entries by dropping "SB" prefix (it's enough to
fit within 32 bytes, so far). Meanwhile, it also changes strcpy()
with strlcpy() to make sure that this kind of problem won't happen in
future, too.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/pci/emu10k1/emu10k1.c | 6 ++++--
sound/pci/emu10k1/emu10k1_main.c | 4 ++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/sound/pci/emu10k1/emu10k1.c b/sound/pci/emu10k1/emu10k1.c
index 4c17163..a432b4c 100644
--- a/sound/pci/emu10k1/emu10k1.c
+++ b/sound/pci/emu10k1/emu10k1.c
@@ -183,8 +183,10 @@ static int snd_card_emu10k1_probe(struct pci_dev *pci,
}
#endif
- strcpy(card->driver, emu->card_capabilities->driver);
- strcpy(card->shortname, emu->card_capabilities->name);
+ strlcpy(card->driver, emu->card_capabilities->driver,
+ sizeof(card->driver));
+ strlcpy(card->shortname, emu->card_capabilities->name,
+ sizeof(card->shortname));
snprintf(card->longname, sizeof(card->longname),
"%s (rev.%d, serial:0x%x) at 0x%lx, irq %i",
card->shortname, emu->revision, emu->serial, emu->port, emu->irq);
diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c
index 2292697..8204bf4 100644
--- a/sound/pci/emu10k1/emu10k1_main.c
+++ b/sound/pci/emu10k1/emu10k1_main.c
@@ -1424,7 +1424,7 @@ static struct snd_emu_chip_details emu_chip_details[] = {
*
*/
{.vendor = 0x1102, .device = 0x0008, .subsystem = 0x20011102,
- .driver = "Audigy2", .name = "SB Audigy 2 ZS Notebook [SB0530]",
+ .driver = "Audigy2", .name = "Audigy 2 ZS Notebook [SB0530]",
.id = "Audigy2",
.emu10k2_chip = 1,
.ca0108_chip = 1,
@@ -1574,7 +1574,7 @@ static struct snd_emu_chip_details emu_chip_details[] = {
.adc_1361t = 1, /* 24 bit capture instead of 16bit */
.ac97_chip = 1} ,
{.vendor = 0x1102, .device = 0x0004, .subsystem = 0x10051102,
- .driver = "Audigy2", .name = "SB Audigy 2 Platinum EX [SB0280]",
+ .driver = "Audigy2", .name = "Audigy 2 Platinum EX [SB0280]",
.id = "Audigy2",
.emu10k2_chip = 1,
.ca0102_chip = 1,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 196/222] ALSA: emu10k1: Emu10k2 32 bit DMA mode
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (194 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 195/222] ALSA: emu10k1: Fix card shortname string buffer overflow Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 197/222] ALSA: hda - Add mute-LED mode control to Thinkpad Sasha Levin
` (26 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Peter Zubaj <pzubaj@marticonet.sk>
[ Upstream commit 7241ea558c6715501e777396b5fc312c372e11d9 ]
Looks like audigy emu10k2 (probably emu10k1 - sb live too) support two
modes for DMA. Second mode is useful for 64 bit os with more then 2 GB
of ram (fixes problems with big soundfont loading)
1) 32MB from 2 GB address space using 8192 pages (used now as default)
2) 16MB from 4 GB address space using 4096 pages
Mode is set using HCFG_EXPANDED_MEM flag in HCFG register.
Also format of emu10k2 page table is then different.
Signed-off-by: Peter Zubaj <pzubaj@marticonet.sk>
Tested-by: Takashi Iwai <tiwai@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/sound/emu10k1.h | 14 +++++++++-----
sound/pci/emu10k1/emu10k1_callback.c | 4 ++--
sound/pci/emu10k1/emu10k1_main.c | 17 ++++++++++++-----
sound/pci/emu10k1/emupcm.c | 2 +-
sound/pci/emu10k1/memory.c | 11 ++++++-----
5 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/include/sound/emu10k1.h b/include/sound/emu10k1.h
index c46908c..8af2fff 100644
--- a/include/sound/emu10k1.h
+++ b/include/sound/emu10k1.h
@@ -41,7 +41,8 @@
#define EMUPAGESIZE 4096
#define MAXREQVOICES 8
-#define MAXPAGES 8192
+#define MAXPAGES0 4096 /* 32 bit mode */
+#define MAXPAGES1 8192 /* 31 bit mode */
#define RESERVED 0
#define NUM_MIDI 16
#define NUM_G 64 /* use all channels */
@@ -50,8 +51,7 @@
/* FIXME? - according to the OSS driver the EMU10K1 needs a 29 bit DMA mask */
#define EMU10K1_DMA_MASK 0x7fffffffUL /* 31bit */
-#define AUDIGY_DMA_MASK 0x7fffffffUL /* 31bit FIXME - 32 should work? */
- /* See ALSA bug #1276 - rlrevell */
+#define AUDIGY_DMA_MASK 0xffffffffUL /* 32bit mode */
#define TMEMSIZE 256*1024
#define TMEMSIZEREG 4
@@ -466,8 +466,11 @@
#define MAPB 0x0d /* Cache map B */
-#define MAP_PTE_MASK 0xffffe000 /* The 19 MSBs of the PTE indexed by the PTI */
-#define MAP_PTI_MASK 0x00001fff /* The 13 bit index to one of the 8192 PTE dwords */
+#define MAP_PTE_MASK0 0xfffff000 /* The 20 MSBs of the PTE indexed by the PTI */
+#define MAP_PTI_MASK0 0x00000fff /* The 12 bit index to one of the 4096 PTE dwords */
+
+#define MAP_PTE_MASK1 0xffffe000 /* The 19 MSBs of the PTE indexed by the PTI */
+#define MAP_PTI_MASK1 0x00001fff /* The 13 bit index to one of the 8192 PTE dwords */
/* 0x0e, 0x0f: Not used */
@@ -1704,6 +1707,7 @@ struct snd_emu10k1 {
unsigned short model; /* subsystem id */
unsigned int card_type; /* EMU10K1_CARD_* */
unsigned int ecard_ctrl; /* ecard control bits */
+ unsigned int address_mode; /* address mode */
unsigned long dma_mask; /* PCI DMA mask */
unsigned int delay_pcm_irq; /* in samples */
int max_cache_pages; /* max memory size / PAGE_SIZE */
diff --git a/sound/pci/emu10k1/emu10k1_callback.c b/sound/pci/emu10k1/emu10k1_callback.c
index 874cd76..d2c7ea3 100644
--- a/sound/pci/emu10k1/emu10k1_callback.c
+++ b/sound/pci/emu10k1/emu10k1_callback.c
@@ -415,7 +415,7 @@ start_voice(struct snd_emux_voice *vp)
snd_emu10k1_ptr_write(hw, Z2, ch, 0);
/* invalidate maps */
- temp = (hw->silent_page.addr << 1) | MAP_PTI_MASK;
+ temp = (hw->silent_page.addr << hw->address_mode) | (hw->address_mode ? MAP_PTI_MASK1 : MAP_PTI_MASK0);
snd_emu10k1_ptr_write(hw, MAPA, ch, temp);
snd_emu10k1_ptr_write(hw, MAPB, ch, temp);
#if 0
@@ -436,7 +436,7 @@ start_voice(struct snd_emux_voice *vp)
snd_emu10k1_ptr_write(hw, CDF, ch, sample);
/* invalidate maps */
- temp = ((unsigned int)hw->silent_page.addr << 1) | MAP_PTI_MASK;
+ temp = ((unsigned int)hw->silent_page.addr << hw_address_mode) | (hw->address_mode ? MAP_PTI_MASK1 : MAP_PTI_MASK0);
snd_emu10k1_ptr_write(hw, MAPA, ch, temp);
snd_emu10k1_ptr_write(hw, MAPB, ch, temp);
diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c
index 8204bf4..92f2371 100644
--- a/sound/pci/emu10k1/emu10k1_main.c
+++ b/sound/pci/emu10k1/emu10k1_main.c
@@ -282,7 +282,7 @@ static int snd_emu10k1_init(struct snd_emu10k1 *emu, int enable_ir, int resume)
snd_emu10k1_ptr_write(emu, TCB, 0, 0); /* taken from original driver */
snd_emu10k1_ptr_write(emu, TCBS, 0, 4); /* taken from original driver */
- silent_page = (emu->silent_page.addr << 1) | MAP_PTI_MASK;
+ silent_page = (emu->silent_page.addr << emu->address_mode) | (emu->address_mode ? MAP_PTI_MASK1 : MAP_PTI_MASK0);
for (ch = 0; ch < NUM_G; ch++) {
snd_emu10k1_ptr_write(emu, MAPA, ch, silent_page);
snd_emu10k1_ptr_write(emu, MAPB, ch, silent_page);
@@ -348,6 +348,11 @@ static int snd_emu10k1_init(struct snd_emu10k1 *emu, int enable_ir, int resume)
outl(reg | A_IOCFG_GPOUT0, emu->port + A_IOCFG);
}
+ if (emu->address_mode == 0) {
+ /* use 16M in 4G */
+ outl(inl(emu->port + HCFG) | HCFG_EXPANDED_MEM, emu->port + HCFG);
+ }
+
return 0;
}
@@ -1880,8 +1885,10 @@ int snd_emu10k1_create(struct snd_card *card,
is_audigy = emu->audigy = c->emu10k2_chip;
+ /* set addressing mode */
+ emu->address_mode = is_audigy ? 0 : 1;
/* set the DMA transfer mask */
- emu->dma_mask = is_audigy ? AUDIGY_DMA_MASK : EMU10K1_DMA_MASK;
+ emu->dma_mask = emu->address_mode ? EMU10K1_DMA_MASK : AUDIGY_DMA_MASK;
if (pci_set_dma_mask(pci, emu->dma_mask) < 0 ||
pci_set_consistent_dma_mask(pci, emu->dma_mask) < 0) {
dev_err(card->dev,
@@ -1906,7 +1913,7 @@ int snd_emu10k1_create(struct snd_card *card,
emu->max_cache_pages = max_cache_bytes >> PAGE_SHIFT;
if (snd_dma_alloc_pages(SNDRV_DMA_TYPE_DEV, snd_dma_pci_data(pci),
- 32 * 1024, &emu->ptb_pages) < 0) {
+ (emu->address_mode ? 32 : 16) * 1024, &emu->ptb_pages) < 0) {
err = -ENOMEM;
goto error;
}
@@ -2005,8 +2012,8 @@ int snd_emu10k1_create(struct snd_card *card,
/* Clear silent pages and set up pointers */
memset(emu->silent_page.area, 0, PAGE_SIZE);
- silent_page = emu->silent_page.addr << 1;
- for (idx = 0; idx < MAXPAGES; idx++)
+ silent_page = emu->silent_page.addr << emu->address_mode;
+ for (idx = 0; idx < (emu->address_mode ? MAXPAGES1 : MAXPAGES0); idx++)
((u32 *)emu->ptb_pages.area)[idx] = cpu_to_le32(silent_page | idx);
/* set up voice indices */
diff --git a/sound/pci/emu10k1/emupcm.c b/sound/pci/emu10k1/emupcm.c
index f82481b..36f0b86 100644
--- a/sound/pci/emu10k1/emupcm.c
+++ b/sound/pci/emu10k1/emupcm.c
@@ -380,7 +380,7 @@ static void snd_emu10k1_pcm_init_voice(struct snd_emu10k1 *emu,
snd_emu10k1_ptr_write(emu, Z1, voice, 0);
snd_emu10k1_ptr_write(emu, Z2, voice, 0);
/* invalidate maps */
- silent_page = ((unsigned int)emu->silent_page.addr << 1) | MAP_PTI_MASK;
+ silent_page = ((unsigned int)emu->silent_page.addr << emu->address_mode) | (emu->address_mode ? MAP_PTI_MASK1 : MAP_PTI_MASK0);
snd_emu10k1_ptr_write(emu, MAPA, voice, silent_page);
snd_emu10k1_ptr_write(emu, MAPB, voice, silent_page);
/* modulation envelope */
diff --git a/sound/pci/emu10k1/memory.c b/sound/pci/emu10k1/memory.c
index c68e6dd..4f1f69b 100644
--- a/sound/pci/emu10k1/memory.c
+++ b/sound/pci/emu10k1/memory.c
@@ -34,10 +34,11 @@
* aligned pages in others
*/
#define __set_ptb_entry(emu,page,addr) \
- (((u32 *)(emu)->ptb_pages.area)[page] = cpu_to_le32(((addr) << 1) | (page)))
+ (((u32 *)(emu)->ptb_pages.area)[page] = cpu_to_le32(((addr) << (emu->address_mode)) | (page)))
#define UNIT_PAGES (PAGE_SIZE / EMUPAGESIZE)
-#define MAX_ALIGN_PAGES (MAXPAGES / UNIT_PAGES)
+#define MAX_ALIGN_PAGES0 (MAXPAGES0 / UNIT_PAGES)
+#define MAX_ALIGN_PAGES1 (MAXPAGES1 / UNIT_PAGES)
/* get aligned page from offset address */
#define get_aligned_page(offset) ((offset) >> PAGE_SHIFT)
/* get offset address from aligned page */
@@ -124,7 +125,7 @@ static int search_empty_map_area(struct snd_emu10k1 *emu, int npages, struct lis
}
page = blk->mapped_page + blk->pages;
}
- size = MAX_ALIGN_PAGES - page;
+ size = (emu->address_mode ? MAX_ALIGN_PAGES1 : MAX_ALIGN_PAGES0) - page;
if (size >= max_size) {
*nextp = pos;
return page;
@@ -181,7 +182,7 @@ static int unmap_memblk(struct snd_emu10k1 *emu, struct snd_emu10k1_memblk *blk)
q = get_emu10k1_memblk(p, mapped_link);
end_page = q->mapped_page;
} else
- end_page = MAX_ALIGN_PAGES;
+ end_page = (emu->address_mode ? MAX_ALIGN_PAGES1 : MAX_ALIGN_PAGES0);
/* remove links */
list_del(&blk->mapped_link);
@@ -307,7 +308,7 @@ snd_emu10k1_alloc_pages(struct snd_emu10k1 *emu, struct snd_pcm_substream *subst
if (snd_BUG_ON(!emu))
return NULL;
if (snd_BUG_ON(runtime->dma_bytes <= 0 ||
- runtime->dma_bytes >= MAXPAGES * EMUPAGESIZE))
+ runtime->dma_bytes >= (emu->address_mode ? MAXPAGES1 : MAXPAGES0) * EMUPAGESIZE))
return NULL;
hdr = emu->memhdr;
if (snd_BUG_ON(!hdr))
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 197/222] ALSA: hda - Add mute-LED mode control to Thinkpad
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (195 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 196/222] ALSA: emu10k1: Emu10k2 32 bit DMA mode Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 198/222] cdc-acm: prevent infinite loop when parsing CDC headers Sasha Levin
` (25 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 7290006d8c0900c56d8c58428134f02c35109d17 ]
This patch adds the missing flag to enable "Mute-LED Mode" mixer enum
ctl for Thinkpads that have also the software mute-LED control.
Reported-and-tested-by: Pali Rohár <pali.rohar@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/pci/hda/thinkpad_helper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/thinkpad_helper.c b/sound/pci/hda/thinkpad_helper.c
index 6ba0b55..2341fc3 100644
--- a/sound/pci/hda/thinkpad_helper.c
+++ b/sound/pci/hda/thinkpad_helper.c
@@ -72,6 +72,7 @@ static void hda_fixup_thinkpad_acpi(struct hda_codec *codec,
if (led_set_func(TPACPI_LED_MUTE, false) >= 0) {
old_vmaster_hook = spec->vmaster_mute.hook;
spec->vmaster_mute.hook = update_tpacpi_mute_led;
+ spec->vmaster_mute_enum = 1;
removefunc = false;
}
if (led_set_func(TPACPI_LED_MICMUTE, false) >= 0) {
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 198/222] cdc-acm: prevent infinite loop when parsing CDC headers.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (196 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 197/222] ALSA: hda - Add mute-LED mode control to Thinkpad Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 199/222] serial: of-serial: Remove device_type = "serial" registration Sasha Levin
` (24 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
[ Upstream commit 0d3bba0287d4e284c3ec7d3397e81eec920d5e7e ]
Phil and I found out a problem with commit:
7e860a6e7aa6 ("cdc-acm: add sanity checks")
It added some sanity checks to ignore potential garbage in CDC headers but
also introduced a potential infinite loop. This can happen at the first
loop iteration (elength = 0 in that case) if the description isn't a
DT_CS_INTERFACE or later if 'buffer[0]' is zero.
It should also be noted that the wrong length was being added to 'buffer'
in case 'buffer[1]' was not a DT_CS_INTERFACE descriptor, since elength was
assigned after that check in the loop.
A specially crafted USB device could be used to trigger this infinite loop.
Fixes: 7e860a6e7aa6 ("cdc-acm: add sanity checks")
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
CC: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: Adam Lee <adam8157@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/class/cdc-acm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 64d9c3d..9bf22eb 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1132,6 +1132,12 @@ static int acm_probe(struct usb_interface *intf,
}
while (buflen > 0) {
+ elength = buffer[0];
+ if (!elength) {
+ dev_err(&intf->dev, "skipping garbage byte\n");
+ elength = 1;
+ goto next_desc;
+ }
if (buffer[1] != USB_DT_CS_INTERFACE) {
dev_err(&intf->dev, "skipping garbage\n");
goto next_desc;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 199/222] serial: of-serial: Remove device_type = "serial" registration
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (197 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 198/222] cdc-acm: prevent infinite loop when parsing CDC headers Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 200/222] serial: xilinx: Use platform_get_irq to get irq description structure Sasha Levin
` (23 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Michal Simek <michal.simek@xilinx.com>
[ Upstream commit 6befa9d883385c580369a2cc9e53fbf329771f6d ]
Do not probe all serial drivers by of_serial.c which are using
device_type = "serial"; property. Only drivers which have valid
compatible strings listed in the driver should be probed.
When PORT_UNKNOWN is setup probe will fail anyway.
Arnd quotation about driver historical background:
"when I wrote that driver initially, the idea was that it would
get used as a stub to hook up all other serial drivers but after
that, the common code learned to create platform devices from DT"
This patch fix the problem with on the system with xilinx_uartps and
16550a where of_serial failed to register for xilinx_uartps and because
of irq_dispose_mapping() removed irq_desc. Then when xilinx_uartps was asking
for irq with request_irq() EINVAL is returned.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
CC: <stable@vger.kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/tty/serial/of_serial.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/tty/serial/of_serial.c b/drivers/tty/serial/of_serial.c
index bf35505..2e4b545 100644
--- a/drivers/tty/serial/of_serial.c
+++ b/drivers/tty/serial/of_serial.c
@@ -262,7 +262,6 @@ static struct of_device_id of_platform_serial_table[] = {
{ .compatible = "ibm,qpace-nwp-serial",
.data = (void *)PORT_NWPSERIAL, },
#endif
- { .type = "serial", .data = (void *)PORT_UNKNOWN, },
{ /* end of list */ },
};
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 200/222] serial: xilinx: Use platform_get_irq to get irq description structure
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (198 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 199/222] serial: of-serial: Remove device_type = "serial" registration Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 201/222] arm64: dma-mapping: always clear allocated buffers Sasha Levin
` (22 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Michal Simek <michal.simek@xilinx.com>
[ Upstream commit 5c90c07b98c02198d9777a7c4f3047b0a94bf7ed ]
For systems with CONFIG_SERIAL_OF_PLATFORM=y and device_type =
"serial"; property in DT of_serial.c driver maps and unmaps IRQ (because
driver probe fails). Then a driver is called but irq mapping is not
created that's why driver is failing again in again on request_irq().
Based on this use platform_get_irq() instead of platform_get_resource()
which is doing irq_desc allocation and driver itself can request IRQ.
Fix both xilinx serial drivers in the tree.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/tty/serial/uartlite.c | 11 ++++++-----
drivers/tty/serial/xilinx_uartps.c | 12 ++++++------
2 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/drivers/tty/serial/uartlite.c b/drivers/tty/serial/uartlite.c
index 189f52e..a0099a7 100644
--- a/drivers/tty/serial/uartlite.c
+++ b/drivers/tty/serial/uartlite.c
@@ -632,7 +632,8 @@ MODULE_DEVICE_TABLE(of, ulite_of_match);
static int ulite_probe(struct platform_device *pdev)
{
- struct resource *res, *res2;
+ struct resource *res;
+ int irq;
int id = pdev->id;
#ifdef CONFIG_OF
const __be32 *prop;
@@ -646,11 +647,11 @@ static int ulite_probe(struct platform_device *pdev)
if (!res)
return -ENODEV;
- res2 = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
- if (!res2)
- return -ENODEV;
+ irq = platform_get_irq(pdev, 0);
+ if (irq <= 0)
+ return -ENXIO;
- return ulite_assign(&pdev->dev, id, res->start, res2->start);
+ return ulite_assign(&pdev->dev, id, res->start, irq);
}
static int ulite_remove(struct platform_device *pdev)
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index 200c1af..fabde0e 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -1303,9 +1303,9 @@ static SIMPLE_DEV_PM_OPS(cdns_uart_dev_pm_ops, cdns_uart_suspend,
*/
static int cdns_uart_probe(struct platform_device *pdev)
{
- int rc, id;
+ int rc, id, irq;
struct uart_port *port;
- struct resource *res, *res2;
+ struct resource *res;
struct cdns_uart *cdns_uart_data;
cdns_uart_data = devm_kzalloc(&pdev->dev, sizeof(*cdns_uart_data),
@@ -1352,9 +1352,9 @@ static int cdns_uart_probe(struct platform_device *pdev)
goto err_out_clk_disable;
}
- res2 = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
- if (!res2) {
- rc = -ENODEV;
+ irq = platform_get_irq(pdev, 0);
+ if (irq <= 0) {
+ rc = -ENXIO;
goto err_out_clk_disable;
}
@@ -1383,7 +1383,7 @@ static int cdns_uart_probe(struct platform_device *pdev)
* and triggers invocation of the config_port() entry point.
*/
port->mapbase = res->start;
- port->irq = res2->start;
+ port->irq = irq;
port->dev = &pdev->dev;
port->uartclk = clk_get_rate(cdns_uart_data->uartclk);
port->private_data = cdns_uart_data;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 201/222] arm64: dma-mapping: always clear allocated buffers
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (199 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 200/222] serial: xilinx: Use platform_get_irq to get irq description structure Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 202/222] usb: chipidea: otg: remove mutex unlock and lock while stop and start role Sasha Levin
` (21 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 6829e274a623187c24f7cfc0e3d35f25d087fcc5 ]
Buffers allocated by dma_alloc_coherent() are always zeroed on Alpha,
ARM (32bit), MIPS, PowerPC, x86/x86_64 and probably other architectures.
It turned out that some drivers rely on this 'feature'. Allocated buffer
might be also exposed to userspace with dma_mmap() call, so clearing it
is desired from security point of view to avoid exposing random memory
to userspace. This patch unifies dma_alloc_coherent() behavior on ARM64
architecture with other implementations by unconditionally zeroing
allocated buffer.
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm64/mm/dma-mapping.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
index df34a70..6efbb52 100644
--- a/arch/arm64/mm/dma-mapping.c
+++ b/arch/arm64/mm/dma-mapping.c
@@ -67,8 +67,7 @@ static void *__alloc_from_pool(size_t size, struct page **ret_page, gfp_t flags)
*ret_page = phys_to_page(phys);
ptr = (void *)val;
- if (flags & __GFP_ZERO)
- memset(ptr, 0, size);
+ memset(ptr, 0, size);
}
return ptr;
@@ -113,8 +112,7 @@ static void *__dma_alloc_coherent(struct device *dev, size_t size,
*dma_handle = phys_to_dma(dev, page_to_phys(page));
addr = page_address(page);
- if (flags & __GFP_ZERO)
- memset(addr, 0, size);
+ memset(addr, 0, size);
return addr;
} else {
return swiotlb_alloc_coherent(dev, size, dma_handle, flags);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 202/222] usb: chipidea: otg: remove mutex unlock and lock while stop and start role
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (200 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 201/222] arm64: dma-mapping: always clear allocated buffers Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 203/222] ASoC: samsung: s3c24xx-i2s: Fix return value check in s3c24xx_iis_dev_probe() Sasha Levin
` (20 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Li Jun <jun.li@freescale.com>
[ Upstream commit a5a356cee89f86ff86cc3ce24136ca1f802c1bf1 ]
Wrongly release mutex lock during otg_statemachine may result in re-enter
otg_statemachine, which is not allowed, we should do next state transtition
after previous one completed.
Fixes: 826cfe751f3e ("usb: chipidea: add OTG fsm operation functions implementation")
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Li Jun <jun.li@freescale.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/chipidea/otg_fsm.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/usb/chipidea/otg_fsm.c b/drivers/usb/chipidea/otg_fsm.c
index caaabc5..34a52cd 100644
--- a/drivers/usb/chipidea/otg_fsm.c
+++ b/drivers/usb/chipidea/otg_fsm.c
@@ -537,7 +537,6 @@ static int ci_otg_start_host(struct otg_fsm *fsm, int on)
{
struct ci_hdrc *ci = container_of(fsm, struct ci_hdrc, fsm);
- mutex_unlock(&fsm->lock);
if (on) {
ci_role_stop(ci);
ci_role_start(ci, CI_ROLE_HOST);
@@ -546,7 +545,6 @@ static int ci_otg_start_host(struct otg_fsm *fsm, int on)
hw_device_reset(ci, USBMODE_CM_DC);
ci_role_start(ci, CI_ROLE_GADGET);
}
- mutex_lock(&fsm->lock);
return 0;
}
@@ -554,12 +552,10 @@ static int ci_otg_start_gadget(struct otg_fsm *fsm, int on)
{
struct ci_hdrc *ci = container_of(fsm, struct ci_hdrc, fsm);
- mutex_unlock(&fsm->lock);
if (on)
usb_gadget_vbus_connect(&ci->gadget);
else
usb_gadget_vbus_disconnect(&ci->gadget);
- mutex_lock(&fsm->lock);
return 0;
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 203/222] ASoC: samsung: s3c24xx-i2s: Fix return value check in s3c24xx_iis_dev_probe()
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (201 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 202/222] usb: chipidea: otg: remove mutex unlock and lock while stop and start role Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 204/222] ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE Sasha Levin
` (19 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
[ Upstream commit c479163a1b6ab424786fbcd9225b4e3c1c58eb0b ]
In case of error, the function devm_ioremap_resource() returns
ERR_PTR() and never returns NULL. The NULL test in the return
value check should be replaced with IS_ERR().
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski.k@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/soc/samsung/s3c24xx-i2s.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/samsung/s3c24xx-i2s.c b/sound/soc/samsung/s3c24xx-i2s.c
index e87d9a2..fb1d393 100644
--- a/sound/soc/samsung/s3c24xx-i2s.c
+++ b/sound/soc/samsung/s3c24xx-i2s.c
@@ -461,8 +461,8 @@ static int s3c24xx_iis_dev_probe(struct platform_device *pdev)
return -ENOENT;
}
s3c24xx_i2s.regs = devm_ioremap_resource(&pdev->dev, res);
- if (s3c24xx_i2s.regs == NULL)
- return -ENXIO;
+ if (IS_ERR(s3c24xx_i2s.regs))
+ return PTR_ERR(s3c24xx_i2s.regs);
s3c24xx_i2s_pcm_stereo_out.dma_addr = res->start + S3C2410_IISFIFO;
s3c24xx_i2s_pcm_stereo_in.dma_addr = res->start + S3C2410_IISFIFO;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 204/222] ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (202 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 203/222] ASoC: samsung: s3c24xx-i2s: Fix return value check in s3c24xx_iis_dev_probe() Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 205/222] ASoC: rt5677: fixed wrong DMIC ref clock Sasha Levin
` (18 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
[ Upstream commit a2d97723cb3a7741af81868427b36bba274b681b ]
Correct small copy and paste error where autodisable was not being
enabled for the SOC_DAPM_SINGLE_TLV_AUTODISABLE control.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
include/sound/soc-dapm.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/sound/soc-dapm.h b/include/sound/soc-dapm.h
index 3a4d7da..525f313f 100644
--- a/include/sound/soc-dapm.h
+++ b/include/sound/soc-dapm.h
@@ -287,7 +287,7 @@ struct device;
.access = SNDRV_CTL_ELEM_ACCESS_TLV_READ | SNDRV_CTL_ELEM_ACCESS_READWRITE,\
.tlv.p = (tlv_array), \
.get = snd_soc_dapm_get_volsw, .put = snd_soc_dapm_put_volsw, \
- .private_value = SOC_SINGLE_VALUE(reg, shift, max, invert, 0) }
+ .private_value = SOC_SINGLE_VALUE(reg, shift, max, invert, 1) }
#define SOC_DAPM_SINGLE_TLV_VIRT(xname, max, tlv_array) \
SOC_DAPM_SINGLE(xname, SND_SOC_NOPM, 0, max, 0, tlv_array)
#define SOC_DAPM_ENUM(xname, xenum) \
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 205/222] ASoC: rt5677: fixed wrong DMIC ref clock
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (203 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 204/222] ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 206/222] btrfs: unlock i_mutex after attempting to delete subvolume during send Sasha Levin
` (17 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Bard Liao <bardliao@realtek.com>
[ Upstream commit 60a8d62b8497c23eb3d48149af7e55dac2dd83a2 ]
DMIC clock source is not from codec system clock directly. it is
generated from the division of system clock. And it should be 256 *
sample rate of AIF1.
Signed-off-by: Bard Liao <bardliao@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
sound/soc/codecs/rt5677.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/rt5677.c b/sound/soc/codecs/rt5677.c
index 16aa4d9..691237a 100644
--- a/sound/soc/codecs/rt5677.c
+++ b/sound/soc/codecs/rt5677.c
@@ -644,7 +644,7 @@ static int set_dmic_clk(struct snd_soc_dapm_widget *w,
{
struct snd_soc_codec *codec = w->codec;
struct rt5677_priv *rt5677 = snd_soc_codec_get_drvdata(codec);
- int idx = rl6231_calc_dmic_clk(rt5677->sysclk);
+ int idx = rl6231_calc_dmic_clk(rt5677->lrck[RT5677_AIF1] << 8);
if (idx < 0)
dev_err(codec->dev, "Failed to set DMIC clock\n");
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 206/222] btrfs: unlock i_mutex after attempting to delete subvolume during send
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (204 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 205/222] ASoC: rt5677: fixed wrong DMIC ref clock Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 207/222] ACPI / SBS: Enable battery manager when present Sasha Levin
` (16 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Omar Sandoval <osandov@osandov.com>
[ Upstream commit 909e26dce3f7600f5e293ac0522c28790a0c8c9c ]
Whenever the check for a send in progress introduced in commit
521e0546c970 (btrfs: protect snapshots from deleting during send) is
hit, we return without unlocking inode->i_mutex. This is easy to see
with lockdep enabled:
[ +0.000059] ================================================
[ +0.000028] [ BUG: lock held when returning to user space! ]
[ +0.000029] 4.0.0-rc5-00096-g3c435c1 #93 Not tainted
[ +0.000026] ------------------------------------------------
[ +0.000029] btrfs/211 is leaving the kernel with locks still held!
[ +0.000029] 1 lock held by btrfs/211:
[ +0.000023] #0: (&type->i_mutex_dir_key){+.+.+.}, at: [<ffffffff8135b8df>] btrfs_ioctl_snap_destroy+0x2df/0x7a0
Make sure we unlock it in the error path.
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.cz>
Cc: stable@vger.kernel.org
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/btrfs/ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 5c414fe..fce3b5b 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2431,7 +2431,7 @@ static noinline int btrfs_ioctl_snap_destroy(struct file *file,
"Attempt to delete subvolume %llu during send",
dest->root_key.objectid);
err = -EPERM;
- goto out_dput;
+ goto out_unlock_inode;
}
d_invalidate(dentry);
@@ -2526,6 +2526,7 @@ out_up_write:
root_flags & ~BTRFS_ROOT_SUBVOL_DEAD);
spin_unlock(&dest->root_item_lock);
}
+out_unlock_inode:
mutex_unlock(&inode->i_mutex);
if (!err) {
shrink_dcache_sb(root->fs_info->sb);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 207/222] ACPI / SBS: Enable battery manager when present
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (205 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 206/222] btrfs: unlock i_mutex after attempting to delete subvolume during send Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 208/222] tty/serial: at91: maxburst was missing for dma transfers Sasha Levin
` (15 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Chris Bainbridge <chris.bainbridge@gmail.com>
[ Upstream commit 61f8ff693923e4b19748b0e8287b99778f2661c7 ]
Commit 9faf6136ff46 (ACPI / SBS: Disable smart battery manager on
Apple) introduced a regression disabling the SBS battery manager.
The battery manager should be marked as present when
acpi_manager_get_info() returns 0.
Fixes: 9faf6136ff46 (ACPI / SBS: Disable smart battery manager on Apple)
Signed-off-by: Chris Bainbridge <chris.bainbridge@gmail.com>
Cc: 3.18+ <stable@vger.kernel.org> # 3.18+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/acpi/sbs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c
index a7a3edd..f23179e 100644
--- a/drivers/acpi/sbs.c
+++ b/drivers/acpi/sbs.c
@@ -670,7 +670,7 @@ static int acpi_sbs_add(struct acpi_device *device)
if (!sbs_manager_broken) {
result = acpi_manager_get_info(sbs);
if (!result) {
- sbs->manager_present = 0;
+ sbs->manager_present = 1;
for (id = 0; id < MAX_SBS_BAT; ++id)
if ((sbs->batteries_supported & (1 << id)))
acpi_battery_add(sbs, id);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 208/222] tty/serial: at91: maxburst was missing for dma transfers
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (206 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 207/222] ACPI / SBS: Enable battery manager when present Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 209/222] rbd: end I/O the entire obj_request on error Sasha Levin
` (14 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ludovic Desroches <ludovic.desroches@atmel.com>
[ Upstream commit a8d4e01637902311c5643b69a5c80e2805f04054 ]
Maxburst was not set when doing the dma slave configuration. This value
is checked by the recently introduced xdmac. It causes an error when
doing the slave configuration and so prevents from using dma.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Cc: <stable@vger.kernel.org> # 3.12 and later
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/tty/serial/atmel_serial.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
index 6ee5c6c..11300f7 100644
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -861,6 +861,7 @@ static int atmel_prepare_tx_dma(struct uart_port *port)
config.direction = DMA_MEM_TO_DEV;
config.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
config.dst_addr = port->mapbase + ATMEL_US_THR;
+ config.dst_maxburst = 1;
ret = dmaengine_device_control(atmel_port->chan_tx,
DMA_SLAVE_CONFIG,
@@ -1025,6 +1026,7 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
config.direction = DMA_DEV_TO_MEM;
config.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
config.src_addr = port->mapbase + ATMEL_US_RHR;
+ config.src_maxburst = 1;
ret = dmaengine_device_control(atmel_port->chan_rx,
DMA_SLAVE_CONFIG,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 209/222] rbd: end I/O the entire obj_request on error
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (207 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 208/222] tty/serial: at91: maxburst was missing for dma transfers Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 210/222] uas: Allow uas_use_uas_driver to return usb-storage flags Sasha Levin
` (13 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Ilya Dryomov <idryomov@gmail.com>
[ Upstream commit 082a75dad84d79d1c15ea9e50f31cb4bb4fa7fd6 ]
When we end I/O struct request with error, we need to pass
obj_request->length as @nr_bytes so that the entire obj_request worth
of bytes is completed. Otherwise block layer ends up confused and we
trip on
rbd_assert(more ^ (which == img_request->obj_request_count));
in rbd_img_obj_callback() due to more being true no matter what. We
already do it in most cases but we are missing some, in particular
those where we don't even get a chance to submit any obj_requests, due
to an early -ENOMEM for example.
A number of obj_request->xferred assignments seem to be redundant but
I haven't touched any of obj_request->xferred stuff to keep this small
and isolated.
Cc: Alex Elder <elder@linaro.org>
Cc: stable@vger.kernel.org # 3.10+
Reported-by: Shawn Edwards <lesser.evil@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/block/rbd.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 76b5be9..5d684d9 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -2261,6 +2261,11 @@ static bool rbd_img_obj_end_request(struct rbd_obj_request *obj_request)
result, xferred);
if (!img_request->result)
img_request->result = result;
+ /*
+ * Need to end I/O on the entire obj_request worth of
+ * bytes in case of error.
+ */
+ xferred = obj_request->length;
}
/* Image object requests don't own their page array */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 210/222] uas: Allow uas_use_uas_driver to return usb-storage flags
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (208 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 209/222] rbd: end I/O the entire obj_request on error Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 211/222] uas: Add US_FL_MAX_SECTORS_240 flag Sasha Levin
` (12 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit a5011d44f0e1117a6db14b19b57c51f8be5673a0 ]
uas_use_uas_driver may set some US_FL_foo flags during detection, currently
these are stored in a local variable and then throw away, but these may be
of interest to the caller, so add an extra parameter to (optionally) return
the detected flags, and use this in the uas driver.
Cc: stable@vger.kernel.org # 3.16
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/storage/uas-detect.h | 6 +++++-
drivers/usb/storage/uas.c | 6 +++---
drivers/usb/storage/usb.c | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/storage/uas-detect.h b/drivers/usb/storage/uas-detect.h
index 8a6f371..856cc1f 100644
--- a/drivers/usb/storage/uas-detect.h
+++ b/drivers/usb/storage/uas-detect.h
@@ -51,7 +51,8 @@ static int uas_find_endpoints(struct usb_host_interface *alt,
}
static int uas_use_uas_driver(struct usb_interface *intf,
- const struct usb_device_id *id)
+ const struct usb_device_id *id,
+ unsigned long *flags_ret)
{
struct usb_host_endpoint *eps[4] = { };
struct usb_device *udev = interface_to_usbdev(intf);
@@ -109,5 +110,8 @@ static int uas_use_uas_driver(struct usb_interface *intf,
return 0;
}
+ if (flags_ret)
+ *flags_ret = flags;
+
return 1;
}
diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
index 89b2434..d79bde6 100644
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -906,8 +906,9 @@ static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id)
struct Scsi_Host *shost = NULL;
struct uas_dev_info *devinfo;
struct usb_device *udev = interface_to_usbdev(intf);
+ unsigned long dev_flags;
- if (!uas_use_uas_driver(intf, id))
+ if (!uas_use_uas_driver(intf, id, &dev_flags))
return -ENODEV;
if (uas_switch_interface(udev, intf))
@@ -929,8 +930,7 @@ static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id)
devinfo->udev = udev;
devinfo->resetting = 0;
devinfo->shutdown = 0;
- devinfo->flags = id->driver_info;
- usb_stor_adjust_quirks(udev, &devinfo->flags);
+ devinfo->flags = dev_flags;
init_usb_anchor(&devinfo->cmd_urbs);
init_usb_anchor(&devinfo->sense_urbs);
init_usb_anchor(&devinfo->data_urbs);
diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
index 9d66ce6..89b5640 100644
--- a/drivers/usb/storage/usb.c
+++ b/drivers/usb/storage/usb.c
@@ -1062,7 +1062,7 @@ static int storage_probe(struct usb_interface *intf,
/* If uas is enabled and this device can do uas then ignore it. */
#if IS_ENABLED(CONFIG_USB_UAS)
- if (uas_use_uas_driver(intf, id))
+ if (uas_use_uas_driver(intf, id, NULL))
return -ENXIO;
#endif
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 211/222] uas: Add US_FL_MAX_SECTORS_240 flag
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (209 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 210/222] uas: Allow uas_use_uas_driver to return usb-storage flags Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 212/222] uas: Set max_sectors_240 quirk for ASM1053 devices Sasha Levin
` (11 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit ee136af4a064c2f61e2025873584d2c7ec93f4ae ]
The usb-storage driver sets max_sectors = 240 in its scsi-host template,
for uas we do not want to do that for all devices, but testing has shown
that some devices need it.
This commit adds a US_FL_MAX_SECTORS_240 flag for such devices, and
implements support for it in uas.c, while at it it also adds support
for US_FL_MAX_SECTORS_64 to uas.c.
Cc: stable@vger.kernel.org # 3.16
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
Documentation/kernel-parameters.txt | 2 ++
drivers/usb/storage/uas.c | 10 +++++++++-
drivers/usb/storage/usb.c | 6 +++++-
include/linux/usb_usual.h | 2 ++
4 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index f4c71d4..61f9273 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -3644,6 +3644,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
READ_CAPACITY_16 command);
f = NO_REPORT_OPCODES (don't use report opcodes
command, uas only);
+ g = MAX_SECTORS_240 (don't transfer more than
+ 240 sectors at a time, uas only);
h = CAPACITY_HEURISTICS (decrease the
reported device capacity by one
sector if the number is odd);
diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
index d79bde6..2ef0f0a 100644
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -770,7 +770,10 @@ static int uas_eh_bus_reset_handler(struct scsi_cmnd *cmnd)
static int uas_slave_alloc(struct scsi_device *sdev)
{
- sdev->hostdata = (void *)sdev->host->hostdata;
+ struct uas_dev_info *devinfo =
+ (struct uas_dev_info *)sdev->host->hostdata;
+
+ sdev->hostdata = devinfo;
/* USB has unusual DMA-alignment requirements: Although the
* starting address of each scatter-gather element doesn't matter,
@@ -789,6 +792,11 @@ static int uas_slave_alloc(struct scsi_device *sdev)
*/
blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
+ if (devinfo->flags & US_FL_MAX_SECTORS_64)
+ blk_queue_max_hw_sectors(sdev->request_queue, 64);
+ else if (devinfo->flags & US_FL_MAX_SECTORS_240)
+ blk_queue_max_hw_sectors(sdev->request_queue, 240);
+
return 0;
}
diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
index 89b5640..cda42cf 100644
--- a/drivers/usb/storage/usb.c
+++ b/drivers/usb/storage/usb.c
@@ -479,7 +479,8 @@ void usb_stor_adjust_quirks(struct usb_device *udev, unsigned long *fflags)
US_FL_SINGLE_LUN | US_FL_NO_WP_DETECT |
US_FL_NO_READ_DISC_INFO | US_FL_NO_READ_CAPACITY_16 |
US_FL_INITIAL_READ10 | US_FL_WRITE_CACHE |
- US_FL_NO_ATA_1X | US_FL_NO_REPORT_OPCODES);
+ US_FL_NO_ATA_1X | US_FL_NO_REPORT_OPCODES |
+ US_FL_MAX_SECTORS_240);
p = quirks;
while (*p) {
@@ -520,6 +521,9 @@ void usb_stor_adjust_quirks(struct usb_device *udev, unsigned long *fflags)
case 'f':
f |= US_FL_NO_REPORT_OPCODES;
break;
+ case 'g':
+ f |= US_FL_MAX_SECTORS_240;
+ break;
case 'h':
f |= US_FL_CAPACITY_HEURISTICS;
break;
diff --git a/include/linux/usb_usual.h b/include/linux/usb_usual.h
index a7f2604..7f5f78b 100644
--- a/include/linux/usb_usual.h
+++ b/include/linux/usb_usual.h
@@ -77,6 +77,8 @@
/* Cannot handle ATA_12 or ATA_16 CDBs */ \
US_FLAG(NO_REPORT_OPCODES, 0x04000000) \
/* Cannot handle MI_REPORT_SUPPORTED_OPERATION_CODES */ \
+ US_FLAG(MAX_SECTORS_240, 0x08000000) \
+ /* Sets max_sectors to 240 */ \
#define US_FLAG(name, value) US_FL_##name = value ,
enum { US_DO_ALL_FLAGS };
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 212/222] uas: Set max_sectors_240 quirk for ASM1053 devices
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (210 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 211/222] uas: Add US_FL_MAX_SECTORS_240 flag Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 213/222] ext4: fix data corruption caused by unwritten and delayed extents Sasha Levin
` (10 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 8e779c6c4a398763c21371fe40f649206041dc1e ]
Testing has shown that ASM1053 devices do not work properly with transfers
larger than 240 sectors, so set max_sectors to 240 on these.
Cc: stable@vger.kernel.org # 3.16
Reported-by: Steve Bangert <sbangert@frontier.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Steve Bangert <sbangert@frontier.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/usb/storage/uas-detect.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/storage/uas-detect.h b/drivers/usb/storage/uas-detect.h
index 856cc1f..a451903 100644
--- a/drivers/usb/storage/uas-detect.h
+++ b/drivers/usb/storage/uas-detect.h
@@ -81,6 +81,9 @@ static int uas_use_uas_driver(struct usb_interface *intf,
flags |= US_FL_IGNORE_UAS;
} else if (usb_ss_max_streams(&eps[1]->ss_ep_comp) == 32) {
flags |= US_FL_IGNORE_UAS;
+ } else {
+ /* ASM1053, these have issues with large transfers */
+ flags |= US_FL_MAX_SECTORS_240;
}
}
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 213/222] ext4: fix data corruption caused by unwritten and delayed extents
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (211 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 212/222] uas: Set max_sectors_240 quirk for ASM1053 devices Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 214/222] ext4: move check under lock scope to close a race Sasha Levin
` (9 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Lukas Czerner <lczerner@redhat.com>
[ Upstream commit d2dc317d564a46dfc683978a2e5a4f91434e9711 ]
Currently it is possible to lose whole file system block worth of data
when we hit the specific interaction with unwritten and delayed extents
in status extent tree.
The problem is that when we insert delayed extent into extent status
tree the only way to get rid of it is when we write out delayed buffer.
However there is a limitation in the extent status tree implementation
so that when inserting unwritten extent should there be even a single
delayed block the whole unwritten extent would be marked as delayed.
At this point, there is no way to get rid of the delayed extents,
because there are no delayed buffers to write out. So when a we write
into said unwritten extent we will convert it to written, but it still
remains delayed.
When we try to write into that block later ext4_da_map_blocks() will set
the buffer new and delayed and map it to invalid block which causes
the rest of the block to be zeroed loosing already written data.
For now we can fix this by simply not allowing to set delayed status on
written extent in the extent status tree. Also add WARN_ON() to make
sure that we notice if this happens in the future.
This problem can be easily reproduced by running the following xfs_io.
xfs_io -f -c "pwrite -S 0xaa 4096 2048" \
-c "falloc 0 131072" \
-c "pwrite -S 0xbb 65536 2048" \
-c "fsync" /mnt/test/fff
echo 3 > /proc/sys/vm/drop_caches
xfs_io -c "pwrite -S 0xdd 67584 2048" /mnt/test/fff
This can be theoretically also reproduced by at random by running fsx,
but it's not very reliable, though on machines with bigger page size
(like ppc) this can be seen more often (especially xfstest generic/127)
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/ext4/extents_status.c | 8 ++++++++
fs/ext4/inode.c | 2 ++
2 files changed, 10 insertions(+)
diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
index 94e7855..b860603 100644
--- a/fs/ext4/extents_status.c
+++ b/fs/ext4/extents_status.c
@@ -670,6 +670,14 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
BUG_ON(end < lblk);
+ if ((status & EXTENT_STATUS_DELAYED) &&
+ (status & EXTENT_STATUS_WRITTEN)) {
+ ext4_warning(inode->i_sb, "Inserting extent [%u/%u] as "
+ " delayed and written which can potentially "
+ " cause data loss.\n", lblk, len);
+ WARN_ON(1);
+ }
+
newes.es_lblk = lblk;
newes.es_len = len;
ext4_es_store_pblock_status(&newes, pblk, status);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 3356ab5..842cdd1 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -540,6 +540,7 @@ int ext4_map_blocks(handle_t *handle, struct inode *inode,
status = map->m_flags & EXT4_MAP_UNWRITTEN ?
EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN;
if (!(flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE) &&
+ !(status & EXTENT_STATUS_WRITTEN) &&
ext4_find_delalloc_range(inode, map->m_lblk,
map->m_lblk + map->m_len - 1))
status |= EXTENT_STATUS_DELAYED;
@@ -644,6 +645,7 @@ found:
status = map->m_flags & EXT4_MAP_UNWRITTEN ?
EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN;
if (!(flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE) &&
+ !(status & EXTENT_STATUS_WRITTEN) &&
ext4_find_delalloc_range(inode, map->m_lblk,
map->m_lblk + map->m_len - 1))
status |= EXTENT_STATUS_DELAYED;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 214/222] ext4: move check under lock scope to close a race.
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (212 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 213/222] ext4: fix data corruption caused by unwritten and delayed extents Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 215/222] 3w-xxxx: fix command completion race Sasha Levin
` (8 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Davide Italiano <dccitaliano@gmail.com>
[ Upstream commit 280227a75b56ab5d35854f3a77ef74a7ad56a203 ]
fallocate() checks that the file is extent-based and returns
EOPNOTSUPP in case is not. Other tasks can convert from and to
indirect and extent so it's safe to check only after grabbing
the inode mutex.
Signed-off-by: Davide Italiano <dccitaliano@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/ext4/extents.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 0b16fb4..6cfacbb 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4923,13 +4923,6 @@ long ext4_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
if (ret)
return ret;
- /*
- * currently supporting (pre)allocate mode for extent-based
- * files _only_
- */
- if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)))
- return -EOPNOTSUPP;
-
if (mode & FALLOC_FL_COLLAPSE_RANGE)
return ext4_collapse_range(inode, offset, len);
@@ -4951,6 +4944,14 @@ long ext4_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
mutex_lock(&inode->i_mutex);
+ /*
+ * We only support preallocation for extent-based files only
+ */
+ if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
+ ret = -EOPNOTSUPP;
+ goto out;
+ }
+
if (!(mode & FALLOC_FL_KEEP_SIZE) &&
offset + len > i_size_read(inode)) {
new_size = offset + len;
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 215/222] 3w-xxxx: fix command completion race
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (213 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 214/222] ext4: move check under lock scope to close a race Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 216/222] 3w-9xxx: " Sasha Levin
` (7 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 9cd9554615cba14f0877cc9972a6537ad2bdde61 ]
The 3w-xxxx driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point. Also remove the dma mapping helpers
which have another inherent race due to the request_id index.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/scsi/3w-xxxx.c | 42 ++++++------------------------------------
drivers/scsi/3w-xxxx.h | 5 -----
2 files changed, 6 insertions(+), 41 deletions(-)
diff --git a/drivers/scsi/3w-xxxx.c b/drivers/scsi/3w-xxxx.c
index 752624e..b327742 100644
--- a/drivers/scsi/3w-xxxx.c
+++ b/drivers/scsi/3w-xxxx.c
@@ -1284,32 +1284,6 @@ static int tw_initialize_device_extension(TW_Device_Extension *tw_dev)
return 0;
} /* End tw_initialize_device_extension() */
-static int tw_map_scsi_sg_data(struct pci_dev *pdev, struct scsi_cmnd *cmd)
-{
- int use_sg;
-
- dprintk(KERN_WARNING "3w-xxxx: tw_map_scsi_sg_data()\n");
-
- use_sg = scsi_dma_map(cmd);
- if (use_sg < 0) {
- printk(KERN_WARNING "3w-xxxx: tw_map_scsi_sg_data(): pci_map_sg() failed.\n");
- return 0;
- }
-
- cmd->SCp.phase = TW_PHASE_SGLIST;
- cmd->SCp.have_data_in = use_sg;
-
- return use_sg;
-} /* End tw_map_scsi_sg_data() */
-
-static void tw_unmap_scsi_data(struct pci_dev *pdev, struct scsi_cmnd *cmd)
-{
- dprintk(KERN_WARNING "3w-xxxx: tw_unmap_scsi_data()\n");
-
- if (cmd->SCp.phase == TW_PHASE_SGLIST)
- scsi_dma_unmap(cmd);
-} /* End tw_unmap_scsi_data() */
-
/* This function will reset a device extension */
static int tw_reset_device_extension(TW_Device_Extension *tw_dev)
{
@@ -1332,8 +1306,8 @@ static int tw_reset_device_extension(TW_Device_Extension *tw_dev)
srb = tw_dev->srb[i];
if (srb != NULL) {
srb->result = (DID_RESET << 16);
- tw_dev->srb[i]->scsi_done(tw_dev->srb[i]);
- tw_unmap_scsi_data(tw_dev->tw_pci_dev, tw_dev->srb[i]);
+ scsi_dma_unmap(srb);
+ srb->scsi_done(srb);
}
}
}
@@ -1780,8 +1754,8 @@ static int tw_scsiop_read_write(TW_Device_Extension *tw_dev, int request_id)
command_packet->byte8.io.lba = lba;
command_packet->byte6.block_count = num_sectors;
- use_sg = tw_map_scsi_sg_data(tw_dev->tw_pci_dev, tw_dev->srb[request_id]);
- if (!use_sg)
+ use_sg = scsi_dma_map(srb);
+ if (use_sg <= 0)
return 1;
scsi_for_each_sg(tw_dev->srb[request_id], sg, use_sg, i) {
@@ -1968,9 +1942,6 @@ static int tw_scsi_queue_lck(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_c
/* Save the scsi command for use by the ISR */
tw_dev->srb[request_id] = SCpnt;
- /* Initialize phase to zero */
- SCpnt->SCp.phase = TW_PHASE_INITIAL;
-
switch (*command) {
case READ_10:
case READ_6:
@@ -2198,12 +2169,11 @@ static irqreturn_t tw_interrupt(int irq, void *dev_instance)
/* Now complete the io */
if ((error != TW_ISR_DONT_COMPLETE)) {
+ scsi_dma_unmap(tw_dev->srb[request_id]);
+ tw_dev->srb[request_id]->scsi_done(tw_dev->srb[request_id]);
tw_dev->state[request_id] = TW_S_COMPLETED;
tw_state_request_finish(tw_dev, request_id);
tw_dev->posted_request_count--;
- tw_dev->srb[request_id]->scsi_done(tw_dev->srb[request_id]);
-
- tw_unmap_scsi_data(tw_dev->tw_pci_dev, tw_dev->srb[request_id]);
}
}
diff --git a/drivers/scsi/3w-xxxx.h b/drivers/scsi/3w-xxxx.h
index 29b0b84e..6f65e66 100644
--- a/drivers/scsi/3w-xxxx.h
+++ b/drivers/scsi/3w-xxxx.h
@@ -195,11 +195,6 @@ static unsigned char tw_sense_table[][4] =
#define TW_AEN_SMART_FAIL 0x000F
#define TW_AEN_SBUF_FAIL 0x0024
-/* Phase defines */
-#define TW_PHASE_INITIAL 0
-#define TW_PHASE_SINGLE 1
-#define TW_PHASE_SGLIST 2
-
/* Misc defines */
#define TW_ALIGNMENT_6000 64 /* 64 bytes */
#define TW_ALIGNMENT_7000 4 /* 4 bytes */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 216/222] 3w-9xxx: fix command completion race
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (214 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 215/222] 3w-xxxx: fix command completion race Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 217/222] 3w-sas: " Sasha Levin
` (6 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 118c855b5623f3e2e6204f02623d88c09e0c34de ]
The 3w-9xxx driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point. Also remove the dma mapping helpers
which have another inherent race due to the request_id index.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/scsi/3w-9xxx.c | 57 ++++++++++++--------------------------------------
drivers/scsi/3w-9xxx.h | 5 -----
2 files changed, 13 insertions(+), 49 deletions(-)
diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
index 0a73253..5f57e3d 100644
--- a/drivers/scsi/3w-9xxx.c
+++ b/drivers/scsi/3w-9xxx.c
@@ -149,7 +149,6 @@ static int twa_reset_sequence(TW_Device_Extension *tw_dev, int soft_reset);
static int twa_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id, char *cdb, int use_sg, TW_SG_Entry *sglistarg);
static void twa_scsiop_execute_scsi_complete(TW_Device_Extension *tw_dev, int request_id);
static char *twa_string_lookup(twa_message_type *table, unsigned int aen_code);
-static void twa_unmap_scsi_data(TW_Device_Extension *tw_dev, int request_id);
/* Functions */
@@ -1352,11 +1351,11 @@ static irqreturn_t twa_interrupt(int irq, void *dev_instance)
}
/* Now complete the io */
+ scsi_dma_unmap(cmd);
+ cmd->scsi_done(cmd);
tw_dev->state[request_id] = TW_S_COMPLETED;
twa_free_request_id(tw_dev, request_id);
tw_dev->posted_request_count--;
- tw_dev->srb[request_id]->scsi_done(tw_dev->srb[request_id]);
- twa_unmap_scsi_data(tw_dev, request_id);
}
/* Check for valid status after each drain */
@@ -1414,26 +1413,6 @@ static void twa_load_sgl(TW_Device_Extension *tw_dev, TW_Command_Full *full_comm
}
} /* End twa_load_sgl() */
-/* This function will perform a pci-dma mapping for a scatter gather list */
-static int twa_map_scsi_sg_data(TW_Device_Extension *tw_dev, int request_id)
-{
- int use_sg;
- struct scsi_cmnd *cmd = tw_dev->srb[request_id];
-
- use_sg = scsi_dma_map(cmd);
- if (!use_sg)
- return 0;
- else if (use_sg < 0) {
- TW_PRINTK(tw_dev->host, TW_DRIVER, 0x1c, "Failed to map scatter gather list");
- return 0;
- }
-
- cmd->SCp.phase = TW_PHASE_SGLIST;
- cmd->SCp.have_data_in = use_sg;
-
- return use_sg;
-} /* End twa_map_scsi_sg_data() */
-
/* This function will poll for a response interrupt of a request */
static int twa_poll_response(TW_Device_Extension *tw_dev, int request_id, int seconds)
{
@@ -1612,9 +1591,11 @@ static int twa_reset_device_extension(TW_Device_Extension *tw_dev)
(tw_dev->state[i] != TW_S_INITIAL) &&
(tw_dev->state[i] != TW_S_COMPLETED)) {
if (tw_dev->srb[i]) {
- tw_dev->srb[i]->result = (DID_RESET << 16);
- tw_dev->srb[i]->scsi_done(tw_dev->srb[i]);
- twa_unmap_scsi_data(tw_dev, i);
+ struct scsi_cmnd *cmd = tw_dev->srb[i];
+
+ cmd->result = (DID_RESET << 16);
+ scsi_dma_unmap(cmd);
+ cmd->scsi_done(cmd);
}
}
}
@@ -1793,21 +1774,18 @@ static int twa_scsi_queue_lck(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_
/* Save the scsi command for use by the ISR */
tw_dev->srb[request_id] = SCpnt;
- /* Initialize phase to zero */
- SCpnt->SCp.phase = TW_PHASE_INITIAL;
-
retval = twa_scsiop_execute_scsi(tw_dev, request_id, NULL, 0, NULL);
switch (retval) {
case SCSI_MLQUEUE_HOST_BUSY:
+ scsi_dma_unmap(SCpnt);
twa_free_request_id(tw_dev, request_id);
- twa_unmap_scsi_data(tw_dev, request_id);
break;
case 1:
- tw_dev->state[request_id] = TW_S_COMPLETED;
- twa_free_request_id(tw_dev, request_id);
- twa_unmap_scsi_data(tw_dev, request_id);
SCpnt->result = (DID_ERROR << 16);
+ scsi_dma_unmap(SCpnt);
done(SCpnt);
+ tw_dev->state[request_id] = TW_S_COMPLETED;
+ twa_free_request_id(tw_dev, request_id);
retval = 0;
}
out:
@@ -1875,8 +1853,8 @@ static int twa_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id,
command_packet->sg_list[0].address = TW_CPU_TO_SGL(tw_dev->generic_buffer_phys[request_id]);
command_packet->sg_list[0].length = cpu_to_le32(TW_MIN_SGL_LENGTH);
} else {
- sg_count = twa_map_scsi_sg_data(tw_dev, request_id);
- if (sg_count == 0)
+ sg_count = scsi_dma_map(srb);
+ if (sg_count < 0)
goto out;
scsi_for_each_sg(srb, sg, sg_count, i) {
@@ -1991,15 +1969,6 @@ static char *twa_string_lookup(twa_message_type *table, unsigned int code)
return(table[index].text);
} /* End twa_string_lookup() */
-/* This function will perform a pci-dma unmap */
-static void twa_unmap_scsi_data(TW_Device_Extension *tw_dev, int request_id)
-{
- struct scsi_cmnd *cmd = tw_dev->srb[request_id];
-
- if (cmd->SCp.phase == TW_PHASE_SGLIST)
- scsi_dma_unmap(cmd);
-} /* End twa_unmap_scsi_data() */
-
/* This function gets called when a disk is coming on-line */
static int twa_slave_configure(struct scsi_device *sdev)
{
diff --git a/drivers/scsi/3w-9xxx.h b/drivers/scsi/3w-9xxx.h
index 040f721..0fdc83c 100644
--- a/drivers/scsi/3w-9xxx.h
+++ b/drivers/scsi/3w-9xxx.h
@@ -324,11 +324,6 @@ static twa_message_type twa_error_table[] = {
#define TW_CURRENT_DRIVER_BUILD 0
#define TW_CURRENT_DRIVER_BRANCH 0
-/* Phase defines */
-#define TW_PHASE_INITIAL 0
-#define TW_PHASE_SINGLE 1
-#define TW_PHASE_SGLIST 2
-
/* Misc defines */
#define TW_9550SX_DRAIN_COMPLETED 0xFFFF
#define TW_SECTOR_SIZE 512
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 217/222] 3w-sas: fix command completion race
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (215 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 216/222] 3w-9xxx: " Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 218/222] drm/radeon: adjust pll when audio is not enabled Sasha Levin
` (5 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 579d69bc1fd56d5af5761969aa529d1d1c188300 ]
The 3w-sas driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point. Also remove the dma mapping helpers
which have another inherent race due to the request_id index.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Torsten Luettgert <ml-lkml@enda.eu>
Tested-by: Bernd Kardatzki <Bernd.Kardatzki@med.uni-tuebingen.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/scsi/3w-sas.c | 50 ++++++++++----------------------------------------
drivers/scsi/3w-sas.h | 4 ----
2 files changed, 10 insertions(+), 44 deletions(-)
diff --git a/drivers/scsi/3w-sas.c b/drivers/scsi/3w-sas.c
index 6da6cec..2ee2e54 100644
--- a/drivers/scsi/3w-sas.c
+++ b/drivers/scsi/3w-sas.c
@@ -303,26 +303,6 @@ static int twl_post_command_packet(TW_Device_Extension *tw_dev, int request_id)
return 0;
} /* End twl_post_command_packet() */
-/* This function will perform a pci-dma mapping for a scatter gather list */
-static int twl_map_scsi_sg_data(TW_Device_Extension *tw_dev, int request_id)
-{
- int use_sg;
- struct scsi_cmnd *cmd = tw_dev->srb[request_id];
-
- use_sg = scsi_dma_map(cmd);
- if (!use_sg)
- return 0;
- else if (use_sg < 0) {
- TW_PRINTK(tw_dev->host, TW_DRIVER, 0x1, "Failed to map scatter gather list");
- return 0;
- }
-
- cmd->SCp.phase = TW_PHASE_SGLIST;
- cmd->SCp.have_data_in = use_sg;
-
- return use_sg;
-} /* End twl_map_scsi_sg_data() */
-
/* This function hands scsi cdb's to the firmware */
static int twl_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id, char *cdb, int use_sg, TW_SG_Entry_ISO *sglistarg)
{
@@ -370,8 +350,8 @@ static int twl_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id,
if (!sglistarg) {
/* Map sglist from scsi layer to cmd packet */
if (scsi_sg_count(srb)) {
- sg_count = twl_map_scsi_sg_data(tw_dev, request_id);
- if (sg_count == 0)
+ sg_count = scsi_dma_map(srb);
+ if (sg_count <= 0)
goto out;
scsi_for_each_sg(srb, sg, sg_count, i) {
@@ -1115,15 +1095,6 @@ out:
return retval;
} /* End twl_initialize_device_extension() */
-/* This function will perform a pci-dma unmap */
-static void twl_unmap_scsi_data(TW_Device_Extension *tw_dev, int request_id)
-{
- struct scsi_cmnd *cmd = tw_dev->srb[request_id];
-
- if (cmd->SCp.phase == TW_PHASE_SGLIST)
- scsi_dma_unmap(cmd);
-} /* End twl_unmap_scsi_data() */
-
/* This function will handle attention interrupts */
static int twl_handle_attention_interrupt(TW_Device_Extension *tw_dev)
{
@@ -1264,11 +1235,11 @@ static irqreturn_t twl_interrupt(int irq, void *dev_instance)
}
/* Now complete the io */
+ scsi_dma_unmap(cmd);
+ cmd->scsi_done(cmd);
tw_dev->state[request_id] = TW_S_COMPLETED;
twl_free_request_id(tw_dev, request_id);
tw_dev->posted_request_count--;
- tw_dev->srb[request_id]->scsi_done(tw_dev->srb[request_id]);
- twl_unmap_scsi_data(tw_dev, request_id);
}
/* Check for another response interrupt */
@@ -1413,10 +1384,12 @@ static int twl_reset_device_extension(TW_Device_Extension *tw_dev, int ioctl_res
if ((tw_dev->state[i] != TW_S_FINISHED) &&
(tw_dev->state[i] != TW_S_INITIAL) &&
(tw_dev->state[i] != TW_S_COMPLETED)) {
- if (tw_dev->srb[i]) {
- tw_dev->srb[i]->result = (DID_RESET << 16);
- tw_dev->srb[i]->scsi_done(tw_dev->srb[i]);
- twl_unmap_scsi_data(tw_dev, i);
+ struct scsi_cmnd *cmd = tw_dev->srb[i];
+
+ if (cmd) {
+ cmd->result = (DID_RESET << 16);
+ scsi_dma_unmap(cmd);
+ cmd->scsi_done(cmd);
}
}
}
@@ -1520,9 +1493,6 @@ static int twl_scsi_queue_lck(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_
/* Save the scsi command for use by the ISR */
tw_dev->srb[request_id] = SCpnt;
- /* Initialize phase to zero */
- SCpnt->SCp.phase = TW_PHASE_INITIAL;
-
retval = twl_scsiop_execute_scsi(tw_dev, request_id, NULL, 0, NULL);
if (retval) {
tw_dev->state[request_id] = TW_S_COMPLETED;
diff --git a/drivers/scsi/3w-sas.h b/drivers/scsi/3w-sas.h
index d474892..fec6449 100644
--- a/drivers/scsi/3w-sas.h
+++ b/drivers/scsi/3w-sas.h
@@ -103,10 +103,6 @@ static char *twl_aen_severity_table[] =
#define TW_CURRENT_DRIVER_BUILD 0
#define TW_CURRENT_DRIVER_BRANCH 0
-/* Phase defines */
-#define TW_PHASE_INITIAL 0
-#define TW_PHASE_SGLIST 2
-
/* Misc defines */
#define TW_SECTOR_SIZE 512
#define TW_MAX_UNITS 32
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 218/222] drm/radeon: adjust pll when audio is not enabled
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (216 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 217/222] 3w-sas: " Sasha Levin
@ 2015-05-17 1:05 ` Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 219/222] drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5 Sasha Levin
` (4 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:05 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Alex Deucher <alexander.deucher@amd.com>
[ Upstream commit 7fe04d6fa824ccea704535a597dc417c8687f990 ]
Fixes display problems with some monitors when audio
is not enabled.
Bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=89505
https://bugzilla.kernel.org/show_bug.cgi?id=94171
Plus several reports on IRC.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpu/drm/radeon/atombios_crtc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c
index ce8cab5..5d73e5f 100644
--- a/drivers/gpu/drm/radeon/atombios_crtc.c
+++ b/drivers/gpu/drm/radeon/atombios_crtc.c
@@ -580,6 +580,9 @@ static u32 atombios_adjust_pll(struct drm_crtc *crtc,
else
radeon_crtc->pll_flags |= RADEON_PLL_PREFER_LOW_REF_DIV;
+ /* if there is no audio, set MINM_OVER_MAXP */
+ if (!drm_detect_monitor_audio(radeon_connector_edid(connector)))
+ radeon_crtc->pll_flags |= RADEON_PLL_PREFER_MINM_OVER_MAXP;
if (rdev->family < CHIP_RV770)
radeon_crtc->pll_flags |= RADEON_PLL_PREFER_MINM_OVER_MAXP;
/* use frac fb div on APUs */
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 219/222] drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (217 preceding siblings ...)
2015-05-17 1:05 ` [PATCH 3.18 218/222] drm/radeon: adjust pll when audio is not enabled Sasha Levin
@ 2015-05-17 1:06 ` Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 220/222] drm/radeon: check new address before removing old one Sasha Levin
` (3 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:06 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Alex Deucher <alexander.deucher@amd.com>
[ Upstream commit cd17e02ff4db58ec32d35cf331c705d295779930 ]
Seems to have problems with high mclks.
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=76490
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpu/drm/radeon/si_dpm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
index 2b70d3e..534edaa 100644
--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -2921,6 +2921,7 @@ struct si_dpm_quirk {
static struct si_dpm_quirk si_dpm_quirk_list[] = {
/* PITCAIRN - https://bugs.freedesktop.org/show_bug.cgi?id=76490 */
{ PCI_VENDOR_ID_ATI, 0x6810, 0x1462, 0x3036, 0, 120000 },
+ { PCI_VENDOR_ID_ATI, 0x6811, 0x174b, 0xe271, 0, 120000 },
{ 0, 0, 0, 0 },
};
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 220/222] drm/radeon: check new address before removing old one
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (218 preceding siblings ...)
2015-05-17 1:06 ` [PATCH 3.18 219/222] drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5 Sasha Levin
@ 2015-05-17 1:06 ` Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 221/222] hfsplus: don't store special "osx" xattr prefix on-disk Sasha Levin
` (2 subsequent siblings)
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:06 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Christian König <christian.koenig@amd.com>
[ Upstream commit c29c0876ec05d51a93508a39b90b92c29ba6423d ]
Otherwise the change isn't atomic.
Signed-off-by: Christian König <christian.koenig@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/gpu/drm/radeon/radeon_vm.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_vm.c b/drivers/gpu/drm/radeon/radeon_vm.c
index afbdf9e..2ab80a5 100644
--- a/drivers/gpu/drm/radeon/radeon_vm.c
+++ b/drivers/gpu/drm/radeon/radeon_vm.c
@@ -481,6 +481,23 @@ int radeon_vm_bo_set_addr(struct radeon_device *rdev,
}
mutex_lock(&vm->mutex);
+ soffset /= RADEON_GPU_PAGE_SIZE;
+ eoffset /= RADEON_GPU_PAGE_SIZE;
+ if (soffset || eoffset) {
+ struct interval_tree_node *it;
+ it = interval_tree_iter_first(&vm->va, soffset, eoffset - 1);
+ if (it && it != &bo_va->it) {
+ struct radeon_bo_va *tmp;
+ tmp = container_of(it, struct radeon_bo_va, it);
+ /* bo and tmp overlap, invalid offset */
+ dev_err(rdev->dev, "bo %p va 0x%010Lx conflict with "
+ "(bo %p 0x%010lx 0x%010lx)\n", bo_va->bo,
+ soffset, tmp->bo, tmp->it.start, tmp->it.last);
+ mutex_unlock(&vm->mutex);
+ return -EINVAL;
+ }
+ }
+
if (bo_va->it.start || bo_va->it.last) {
if (bo_va->addr) {
/* add a clone of the bo_va to clear the old address */
@@ -503,21 +520,7 @@ int radeon_vm_bo_set_addr(struct radeon_device *rdev,
bo_va->it.last = 0;
}
- soffset /= RADEON_GPU_PAGE_SIZE;
- eoffset /= RADEON_GPU_PAGE_SIZE;
if (soffset || eoffset) {
- struct interval_tree_node *it;
- it = interval_tree_iter_first(&vm->va, soffset, eoffset - 1);
- if (it) {
- struct radeon_bo_va *tmp;
- tmp = container_of(it, struct radeon_bo_va, it);
- /* bo and tmp overlap, invalid offset */
- dev_err(rdev->dev, "bo %p va 0x%010Lx conflict with "
- "(bo %p 0x%010lx 0x%010lx)\n", bo_va->bo,
- soffset, tmp->bo, tmp->it.start, tmp->it.last);
- mutex_unlock(&vm->mutex);
- return -EINVAL;
- }
bo_va->it.start = soffset;
bo_va->it.last = eoffset - 1;
interval_tree_insert(&bo_va->it, &vm->va);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 221/222] hfsplus: don't store special "osx" xattr prefix on-disk
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (219 preceding siblings ...)
2015-05-17 1:06 ` [PATCH 3.18 220/222] drm/radeon: check new address before removing old one Sasha Levin
@ 2015-05-17 1:06 ` Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 222/222] Drivers: hv: vmbus: Don't wait after requesting offers Sasha Levin
2015-05-17 4:21 ` [PATCH 3.18 000/222] 3.18.14-review (build errors) Guenter Roeck
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:06 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: Thomas Hebb <tommyhebb@gmail.com>
[ Upstream commit db579e76f06e78de011b2cb7e028740a82f5558c ]
On Mac OS X, HFS+ extended attributes are not namespaced. Since we want
to be compatible with OS X filesystems and yet still support the Linux
namespacing system, the hfsplus driver implements a special "osx"
namespace that is reported for any attribute that is not namespaced
on-disk. However, the current code for getting and setting these
unprefixed attributes is broken.
hfsplus_osx_setattr() and hfsplus_osx_getattr() are passed names that have
already had their "osx." prefixes stripped by the generic functions. The
functions first, quite correctly, check those names to make sure that they
aren't prefixed with a known namespace, which would allow namespace access
restrictions to be bypassed. However, the functions then prepend "osx."
to the name they're given before passing it on to hfsplus_getattr() and
hfsplus_setattr(). Not only does this cause the "osx." prefix to be
stored on-disk, defeating its purpose, it also breaks the check for the
special "com.apple.FinderInfo" attribute, which is reported for all files,
and as a consequence makes some userspace applications (e.g. GNU patch)
fail even when extended attributes are not otherwise in use.
There are five commits which have touched this particular code:
127e5f5ae51e ("hfsplus: rework functionality of getting, setting and deleting of extended attributes")
b168fff72109 ("hfsplus: use xattr handlers for removexattr")
bf29e886b242 ("hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes")
fcacbd95e121 ("fs/hfsplus: move xattr_name allocation in hfsplus_getxattr()")
ec1bbd346f18 ("fs/hfsplus: move xattr_name allocation in hfsplus_setxattr()")
The first commit creates the functions to begin with. The namespace is
prepended by the original code, which I believe was correct at the time,
since hfsplus_?etattr() stripped the prefix if found. The second commit
removes this behavior from hfsplus_?etattr() and appears to have been
intended to also remove the prefixing from hfsplus_osx_?etattr().
However, what it actually does is remove a necessary strncpy() call
completely, breaking the osx namespace entirely. The third commit re-adds
the strncpy() call as it was originally, but doesn't mention it in its
commit message. The final two commits refactor the code and don't affect
its functionality.
This commit does what b168fff attempted to do (prevent the prefix from
being added), but does it properly, instead of passing in an empty buffer
(which is what b168fff actually did).
Fixes: b168fff72109 ("hfsplus: use xattr handlers for removexattr")
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Cc: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Sergei Antonov <saproj@gmail.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Fabian Frederick <fabf@skynet.be>
Cc: Christian Kujau <lists@nerdbynature.de>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
fs/hfsplus/xattr.c | 38 ++++++++++++++------------------------
1 file changed, 14 insertions(+), 24 deletions(-)
diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c
index d98094a..ff10f3d 100644
--- a/fs/hfsplus/xattr.c
+++ b/fs/hfsplus/xattr.c
@@ -806,9 +806,6 @@ end_removexattr:
static int hfsplus_osx_getxattr(struct dentry *dentry, const char *name,
void *buffer, size_t size, int type)
{
- char *xattr_name;
- int res;
-
if (!strcmp(name, ""))
return -EINVAL;
@@ -818,24 +815,19 @@ static int hfsplus_osx_getxattr(struct dentry *dentry, const char *name,
*/
if (is_known_namespace(name))
return -EOPNOTSUPP;
- xattr_name = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN
- + XATTR_MAC_OSX_PREFIX_LEN + 1, GFP_KERNEL);
- if (!xattr_name)
- return -ENOMEM;
- strcpy(xattr_name, XATTR_MAC_OSX_PREFIX);
- strcpy(xattr_name + XATTR_MAC_OSX_PREFIX_LEN, name);
- res = hfsplus_getxattr(dentry, xattr_name, buffer, size);
- kfree(xattr_name);
- return res;
+ /*
+ * osx is the namespace we use to indicate an unprefixed
+ * attribute on the filesystem (like the ones that OS X
+ * creates), so we pass the name through unmodified (after
+ * ensuring it doesn't conflict with another namespace).
+ */
+ return hfsplus_getxattr(dentry, name, buffer, size);
}
static int hfsplus_osx_setxattr(struct dentry *dentry, const char *name,
const void *buffer, size_t size, int flags, int type)
{
- char *xattr_name;
- int res;
-
if (!strcmp(name, ""))
return -EINVAL;
@@ -845,16 +837,14 @@ static int hfsplus_osx_setxattr(struct dentry *dentry, const char *name,
*/
if (is_known_namespace(name))
return -EOPNOTSUPP;
- xattr_name = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN
- + XATTR_MAC_OSX_PREFIX_LEN + 1, GFP_KERNEL);
- if (!xattr_name)
- return -ENOMEM;
- strcpy(xattr_name, XATTR_MAC_OSX_PREFIX);
- strcpy(xattr_name + XATTR_MAC_OSX_PREFIX_LEN, name);
- res = hfsplus_setxattr(dentry, xattr_name, buffer, size, flags);
- kfree(xattr_name);
- return res;
+ /*
+ * osx is the namespace we use to indicate an unprefixed
+ * attribute on the filesystem (like the ones that OS X
+ * creates), so we pass the name through unmodified (after
+ * ensuring it doesn't conflict with another namespace).
+ */
+ return hfsplus_setxattr(dentry, name, buffer, size, flags);
}
static size_t hfsplus_osx_listxattr(struct dentry *dentry, char *list,
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* [PATCH 3.18 222/222] Drivers: hv: vmbus: Don't wait after requesting offers
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (220 preceding siblings ...)
2015-05-17 1:06 ` [PATCH 3.18 221/222] hfsplus: don't store special "osx" xattr prefix on-disk Sasha Levin
@ 2015-05-17 1:06 ` Sasha Levin
2015-05-17 4:21 ` [PATCH 3.18 000/222] 3.18.14-review (build errors) Guenter Roeck
222 siblings, 0 replies; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 1:06 UTC (permalink / raw)
To: stable, stable-commits; +Cc: sasha.levin
From: "K. Y. Srinivasan" <kys@microsoft.com>
[ Upstream commit 73cffdb65e679b98893f484063462c045adcf212 ]
Don't wait after sending request for offers to the host. This wait is
unnecessary and simply adds 5 seconds to the boot time.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
drivers/hv/channel_mgmt.c | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
index d36ce68..08b58de 100644
--- a/drivers/hv/channel_mgmt.c
+++ b/drivers/hv/channel_mgmt.c
@@ -767,7 +767,7 @@ int vmbus_request_offers(void)
{
struct vmbus_channel_message_header *msg;
struct vmbus_channel_msginfo *msginfo;
- int ret, t;
+ int ret;
msginfo = kmalloc(sizeof(*msginfo) +
sizeof(struct vmbus_channel_message_header),
@@ -775,8 +775,6 @@ int vmbus_request_offers(void)
if (!msginfo)
return -ENOMEM;
- init_completion(&msginfo->waitevent);
-
msg = (struct vmbus_channel_message_header *)msginfo->msg;
msg->msgtype = CHANNELMSG_REQUESTOFFERS;
@@ -790,14 +788,6 @@ int vmbus_request_offers(void)
goto cleanup;
}
- t = wait_for_completion_timeout(&msginfo->waitevent, 5*HZ);
- if (t == 0) {
- ret = -ETIMEDOUT;
- goto cleanup;
- }
-
-
-
cleanup:
kfree(msginfo);
--
2.1.0
^ permalink raw reply related [flat|nested] 228+ messages in thread
* Re: [PATCH 3.18 000/222] 3.18.14-review (build errors)
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
` (221 preceding siblings ...)
2015-05-17 1:06 ` [PATCH 3.18 222/222] Drivers: hv: vmbus: Don't wait after requesting offers Sasha Levin
@ 2015-05-17 4:21 ` Guenter Roeck
2015-05-17 14:42 ` Sasha Levin
222 siblings, 1 reply; 228+ messages in thread
From: Guenter Roeck @ 2015-05-17 4:21 UTC (permalink / raw)
To: Sasha Levin
Cc: stable, stable-commits, Andy Lutomirski, Ingo Molnar,
Quentin Casasnovas, Phil Turnbull
On Sat, May 16, 2015 at 09:02:21PM -0400, Sasha Levin wrote:
> This is the start of the stable review cycle for the 3.18.14 release.
> There are 222 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Build results:
total: 125 pass: 110 fail: 15
Failed builds:
alpha:allmodconfig
arm64:allmodconfig
i386:defconfig
i386:allyesconfig
i386:allmodconfig
i386:allnoconfig
m68k:allmodconfig
mips:allmodconfig
mips:fuloong2e_defconfig
mips:cavium_octeon_defconfig
powerpc:allmodconfig
powerpc:ppc6xx_defconfig
s390:allmodconfig
sparc64:allmodconfig
xtensa:allmodconfig
Qemu test results:
total: 30 pass: 28 fail: 2
Failed tests:
x86_64:x86_64_pc_defconfig
x86_64:x86_64_pc_nosmp_defconfig
---
x86_64 (qemu), i386:
arch/x86/lib/insn.c: In function 'insn_init':
arch/x86/lib/insn.c:59:6: error: 'buf_len' undeclared
Caused by commit d597f507791d ("x86/asm/decoder: Fix and enforce max instruction
size in the insn decoder"). Something must have gone wrong with the back-port,
or some other commit is missing; the variable is not declared.
---
xtensa, sparc64, s390, powerpc, mips, m68k, i386, arm64, alpha:
drivers/usb/class/cdc-acm.c: In function ‘acm_probe’:
drivers/usb/class/cdc-acm.c:1135:3: error: ‘elength’ undeclared
Caused by commit bf2996daa6d2 ("cdc-acm: prevent infinite loop when parsing CDC
headers"). Same thing - the variable is not declared.
Guenter
^ permalink raw reply [flat|nested] 228+ messages in thread
* Re: [PATCH 3.18 000/222] 3.18.14-review (build errors)
2015-05-17 4:21 ` [PATCH 3.18 000/222] 3.18.14-review (build errors) Guenter Roeck
@ 2015-05-17 14:42 ` Sasha Levin
2015-05-17 16:10 ` Guenter Roeck
0 siblings, 1 reply; 228+ messages in thread
From: Sasha Levin @ 2015-05-17 14:42 UTC (permalink / raw)
To: Guenter Roeck
Cc: stable, stable-commits, Andy Lutomirski, Ingo Molnar,
Quentin Casasnovas, Phil Turnbull
Thanks for testing!
On 05/17/2015 12:21 AM, Guenter Roeck wrote:
> x86_64 (qemu), i386:
>
> arch/x86/lib/insn.c: In function 'insn_init':
> arch/x86/lib/insn.c:59:6: error: 'buf_len' undeclared
>
> Caused by commit d597f507791d ("x86/asm/decoder: Fix and enforce max instruction
> size in the insn decoder"). Something must have gone wrong with the back-port,
> or some other commit is missing; the variable is not declared.
I've removed d597f507791d, it doesn't fix a real bug.
> ---
> xtensa, sparc64, s390, powerpc, mips, m68k, i386, arm64, alpha:
>
> drivers/usb/class/cdc-acm.c: In function ‘acm_probe’:
> drivers/usb/class/cdc-acm.c:1135:3: error: ‘elength’ undeclared
>
> Caused by commit bf2996daa6d2 ("cdc-acm: prevent infinite loop when parsing CDC
> headers"). Same thing - the variable is not declared.
I've backported 7e860a6e7a ("cdc-acm: add sanity checks").
Re-pushed the branch.
Thanks,
Sasha
^ permalink raw reply [flat|nested] 228+ messages in thread
* Re: [PATCH 3.18 000/222] 3.18.14-review (build errors)
2015-05-17 14:42 ` Sasha Levin
@ 2015-05-17 16:10 ` Guenter Roeck
2015-05-18 1:25 ` Sasha Levin
0 siblings, 1 reply; 228+ messages in thread
From: Guenter Roeck @ 2015-05-17 16:10 UTC (permalink / raw)
To: Sasha Levin
Cc: stable, stable-commits, Andy Lutomirski, Ingo Molnar,
Quentin Casasnovas, Phil Turnbull, Chandrakala Chavva,
David Daney
On 05/17/2015 07:42 AM, Sasha Levin wrote:
> Thanks for testing!
>
> On 05/17/2015 12:21 AM, Guenter Roeck wrote:
>> x86_64 (qemu), i386:
>>
>> arch/x86/lib/insn.c: In function 'insn_init':
>> arch/x86/lib/insn.c:59:6: error: 'buf_len' undeclared
>>
>> Caused by commit d597f507791d ("x86/asm/decoder: Fix and enforce max instruction
>> size in the insn decoder"). Something must have gone wrong with the back-port,
>> or some other commit is missing; the variable is not declared.
>
> I've removed d597f507791d, it doesn't fix a real bug.
>
>> ---
>> xtensa, sparc64, s390, powerpc, mips, m68k, i386, arm64, alpha:
>>
>> drivers/usb/class/cdc-acm.c: In function ‘acm_probe’:
>> drivers/usb/class/cdc-acm.c:1135:3: error: ‘elength’ undeclared
>>
>> Caused by commit bf2996daa6d2 ("cdc-acm: prevent infinite loop when parsing CDC
>> headers"). Same thing - the variable is not declared.
>
> I've backported 7e860a6e7a ("cdc-acm: add sanity checks").
>
> Re-pushed the branch.
>
This is a bit better. However,
Building mips:cavium_octeon_defconfig ... failed
--------------
Error log:
arch/mips/cavium-octeon/setup.c: In function 'octeon_restart':
arch/mips/cavium-octeon/setup.c:415:3: error: implicit declaration of function 'OCTEON_IS_OCTEON3' [-Werror=implicit-function-declaration]
arch/mips/cavium-octeon/setup.c:416:19: error: 'CVMX_RST_SOFT_RST' undeclared (first use in this function)
due to commit 03dc9c96d0e0 ("MIPS: OCTEON: Use correct CSR to soft reset").
This patch fixes Octeon III support, which I think is not in 3.18, so maybe
you can just drop it.
Also, I still see:
arch/x86/lib/insn.c: In function 'insn_init':
arch/x86/lib/insn.c:59:6: error: 'buf_len' undeclared
for all x86_64 and i386 builds (d597f507791d is still in the image).
Guenter
^ permalink raw reply [flat|nested] 228+ messages in thread
* Re: [PATCH 3.18 000/222] 3.18.14-review (build errors)
2015-05-17 16:10 ` Guenter Roeck
@ 2015-05-18 1:25 ` Sasha Levin
2015-05-18 4:19 ` Guenter Roeck
0 siblings, 1 reply; 228+ messages in thread
From: Sasha Levin @ 2015-05-18 1:25 UTC (permalink / raw)
To: Guenter Roeck
Cc: stable, stable-commits, Andy Lutomirski, Ingo Molnar,
Quentin Casasnovas, Phil Turnbull, Chandrakala Chavva,
David Daney
On 05/17/2015 12:10 PM, Guenter Roeck wrote:
> Building mips:cavium_octeon_defconfig ... failed
> --------------
> Error log:
>
> arch/mips/cavium-octeon/setup.c: In function 'octeon_restart':
> arch/mips/cavium-octeon/setup.c:415:3: error: implicit declaration of function 'OCTEON_IS_OCTEON3' [-Werror=implicit-function-declaration]
> arch/mips/cavium-octeon/setup.c:416:19: error: 'CVMX_RST_SOFT_RST' undeclared (first use in this function)
>
> due to commit 03dc9c96d0e0 ("MIPS: OCTEON: Use correct CSR to soft reset").
> This patch fixes Octeon III support, which I think is not in 3.18, so maybe
> you can just drop it.
>
> Also, I still see:
>
> arch/x86/lib/insn.c: In function 'insn_init':
> arch/x86/lib/insn.c:59:6: error: 'buf_len' undeclared
>
> for all x86_64 and i386 builds (d597f507791d is still in the image).
Fixed, thanks again.
Thanks,
Sasha
^ permalink raw reply [flat|nested] 228+ messages in thread
* Re: [PATCH 3.18 000/222] 3.18.14-review (build errors)
2015-05-18 1:25 ` Sasha Levin
@ 2015-05-18 4:19 ` Guenter Roeck
0 siblings, 0 replies; 228+ messages in thread
From: Guenter Roeck @ 2015-05-18 4:19 UTC (permalink / raw)
To: Sasha Levin
Cc: stable, stable-commits, Andy Lutomirski, Ingo Molnar,
Quentin Casasnovas, Phil Turnbull, Chandrakala Chavva,
David Daney
On 05/17/2015 06:25 PM, Sasha Levin wrote:
> On 05/17/2015 12:10 PM, Guenter Roeck wrote:
>> Building mips:cavium_octeon_defconfig ... failed
>> --------------
>> Error log:
>>
>> arch/mips/cavium-octeon/setup.c: In function 'octeon_restart':
>> arch/mips/cavium-octeon/setup.c:415:3: error: implicit declaration of function 'OCTEON_IS_OCTEON3' [-Werror=implicit-function-declaration]
>> arch/mips/cavium-octeon/setup.c:416:19: error: 'CVMX_RST_SOFT_RST' undeclared (first use in this function)
>>
>> due to commit 03dc9c96d0e0 ("MIPS: OCTEON: Use correct CSR to soft reset").
>> This patch fixes Octeon III support, which I think is not in 3.18, so maybe
>> you can just drop it.
>>
>> Also, I still see:
>>
>> arch/x86/lib/insn.c: In function 'insn_init':
>> arch/x86/lib/insn.c:59:6: error: 'buf_len' undeclared
>>
>> for all x86_64 and i386 builds (d597f507791d is still in the image).
>
> Fixed, thanks again.
>
Yep, this time all is well.
Guenter
^ permalink raw reply [flat|nested] 228+ messages in thread
end of thread, other threads:[~2015-05-18 4:19 UTC | newest]
Thread overview: 228+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-17 1:02 [PATCH 3.18 000/222] 3.18.14-review Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 001/222] kvm: add a memslot flag for incoherent memory regions Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 002/222] arm, arm64: KVM: allow forced dcache flush on page faults Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 003/222] arm, arm64: KVM: handle potential incoherency of readonly memslots Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 004/222] arm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 005/222] arm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 006/222] arm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 007/222] arm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 008/222] arm/arm64: KVM: Introduce stage2_unmap_vm Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 009/222] arm/arm64: KVM: vgic: move reset initialization into vgic_init_maps() Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 010/222] arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 011/222] arm/arm64: KVM: vgic: kick the specific vcpu instead of iterating through all Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 012/222] arm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 013/222] arm/arm64: KVM: Require in-kernel vgic for the arch timers Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 014/222] KVM: arm/arm64: vgic: vgic_init returns -ENODEV when no online vcpu Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 015/222] arm64: KVM: Fix TLB invalidation by IPA/VMID Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 016/222] arm64: KVM: Fix HCR setting for 32bit guests Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 017/222] arm/arm64: KVM: Invalidate data cache on unmap Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 018/222] arm/arm64: KVM: Use kernel mapping to perform invalidation on page fault Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 019/222] ARM: KVM: Fix size check in __coherent_cache_guest_page Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 020/222] arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 021/222] arm64: KVM: Do not use pgd_index to index stage-2 pgd Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 022/222] arm/arm64: KVM: Keep elrsr/aisr in sync with software model Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 023/222] mlx4: Fix tx ring affinity_mask creation Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 024/222] net/mlx4_en: Schedule napi when RX buffers allocation fails Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 025/222] ipv4: Missing sk_nulls_node_init() in ping_unhash() Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 026/222] ip_forward: Drop frames with attached skb->sk Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 027/222] net: add skb_checksum_complete_unset Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 028/222] ppp: call skb_checksum_complete_unset in ppp_receive_frame Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 029/222] tcp: fix possible deadlock in tcp_send_fin() Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 030/222] tcp: avoid looping " Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 031/222] net: do not deplete pfmemalloc reserve Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 032/222] net: fix crash in build_skb() Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 033/222] x86/asm/decoder: Fix and enforce max instruction size in the insn decoder Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 034/222] sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve power savings and to improve performance Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 035/222] sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 036/222] KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 037/222] Btrfs: fix log tree corruption when fs mounted with -o discard Sasha Levin
2015-05-17 1:02 ` [PATCH 3.18 038/222] btrfs: don't accept bare namespace as a valid xattr Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 039/222] Btrfs: fix inode eviction infinite loop after cloning into it Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 040/222] Btrfs: fix inode eviction infinite loop after extent_same ioctl Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 041/222] usb: gadget: printer: enqueue printer's response for setup request Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 042/222] KVM: s390: fix handling of write errors in the tpi handler Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 043/222] KVM: s390: reinjection of irqs can fail " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 044/222] KVM: s390: Zero out current VMDB of STSI before including level3 data Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 045/222] KVM: s390: no need to hold the kvm->mutex for floating interrupts Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 046/222] KVM: s390: fix get_all_floating_irqs Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 047/222] s390/hibernate: fix save and restore of kernel text section Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 048/222] KVM: use slowpath for cross page cached accesses Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 049/222] KVM: arm/arm64: check IRQ number on userland injection Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 050/222] MIPS: KVM: Handle MSA Disabled exceptions from guest Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 051/222] MIPS: lose_fpu(): Disable FPU when MSA enabled Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 052/222] MIPS: Malta: Detect and fix bad memsize values Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 053/222] MIPS: asm: asm-eva: Introduce kernel load/store variants Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 054/222] MIPS: Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 055/222] MIPS: Hibernate: flush TLB entries earlier Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 056/222] staging: panel: fix lcd type Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 057/222] staging: android: sync: Fix memory corruption in sync_timeline_signal() Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 058/222] md/raid0: fix bug with chunksize not a power of 2 Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 059/222] cdc-wdm: fix endianness bug in debug statements Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 060/222] mmc: sunxi: Use devm_reset_control_get_optional() for reset control Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 061/222] spi: imx: read back the RX/TX watermark levels earlier Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 062/222] spi: spidev: fix possible arithmetic overflow for multi-transfer message Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 063/222] compal-laptop: Fix leaking hwmon device Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 064/222] compal-laptop: Check return value of power_supply_register Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 065/222] ring-buffer: Replace this_cpu_*() with __this_cpu_*() Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 066/222] power_supply: twl4030_madc: Check return value of power_supply_register Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 067/222] power_supply: lp8788-charger: Fix leaked power supply on probe fail Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 068/222] power_supply: ipaq_micro_battery: Fix leaking workqueue Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 069/222] power_supply: ipaq_micro_battery: Check return values in probe Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 070/222] NFS: fix BUG() crash in notify_change() with patch to chown_common() Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 071/222] ARM: fix broken hibernation Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 072/222] ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 073/222] ARM: mvebu: Disable CPU Idle on Armada 38x Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 074/222] ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 075/222] ARM: dts: dove: Fix uart[23] reg property Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 076/222] usb: musb: core: fix TX/RX endpoint order Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 077/222] usb: phy: Find the right match in devm_usb_phy_match Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 078/222] usb: define a generic USB_RESUME_TIMEOUT macro Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 079/222] usb: musb: use new USB_RESUME_TIMEOUT Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 080/222] usb: host: oxu210hp: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 081/222] usb: host: fusbh200: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 082/222] usb: host: uhci: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 083/222] usb: host: fotg210: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 084/222] usb: host: r8a66597: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 085/222] usb: host: isp116x: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 086/222] usb: host: xhci: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 087/222] usb: host: ehci: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 088/222] usb: host: sl811: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 089/222] usb: core: hub: " Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 090/222] clk: at91: usb: propagate rate modification to the parent clk Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 091/222] ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 092/222] ALSA: emu10k1: don't deadlock in proc-functions Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 093/222] ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 094/222] ALSA: hda - fix "num_steps = 0" error on ALC256 Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 095/222] ALSA: hda/realtek - Fix Headphone Mic doesn't recording for ALC256 Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 096/222] Input: elantech - fix absolute mode setting on some ASUS laptops Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 097/222] fs/binfmt_elf.c: fix bug in loading of PIE binaries Sasha Levin
2015-05-17 1:03 ` [PATCH 3.18 098/222] ptrace: fix race between ptrace_resume() and wait_task_stopped() Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 099/222] NFC: st21nfcb: Retry i2c_master_send if it returns a negative value Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 100/222] rtlwifi: rtl8192cu: Add new USB ID Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 101/222] rtlwifi: rtl8192cu: Add new device ID Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 102/222] ext4: make fsync to sync parent dir in no-journal for real this time Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 103/222] mnt: Improve the umount_tree flags Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 104/222] mnt: Don't propagate umounts in __detach_mounts Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 105/222] perf symbols: Define STT_GNU_IFUNC for glibc 2.9 and older Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 106/222] perf tools: Work around lack of sched_getcpu in glibc < 2.6 Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 107/222] powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 108/222] tools lib traceevent kbuffer: Remove extra update to data pointer in PADDING Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 109/222] tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support for O= option in Makefile Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 110/222] UBI: account for bitflips in both the VID header and data Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 111/222] UBI: fix out of bounds write Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 112/222] UBI: initialize LEB number variable Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 113/222] UBI: fix check for "too many bytes" Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 114/222] scsi: storvsc: Fix a bug in copy_from_bounce_buffer() Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 115/222] target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 116/222] target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 117/222] target/file: Fix UNMAP with DIF protection support Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 118/222] target/file: Fix SG table for prot_buf initialization Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 119/222] iser-target: Fix session hang in case of an rdma read DIF error Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 120/222] Bluetooth: ath3k: Add support Atheros AR5B195 combo Mini PCIe card Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 121/222] powerpc/powernv: Don't map M64 segments using M32DT Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 122/222] powerpc: Fix missing L2 cache size in /sys/devices/system/cpu Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 123/222] powerpc/cell: Fix crash in iic_setup_cpu() after per_cpu changes Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 124/222] powerpc/cell: Fix cell iommu after it_page_shift changes Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 125/222] ASoC: cs4271: Increase delay time after reset Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 126/222] ASoC: wm8741: Fix rates constraints values Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 127/222] ASoC: davinci-evm: drop un-necessary remove function Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 128/222] ASoC: pcm512x: Add 'Analogue' prefix to analogue volume controls Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 129/222] ACPICA: Utilities: split IO address types from data type models Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 130/222] ACPICA: Tables: Don't release ACPI_MTX_TABLES in acpi_tb_install_standard_table() Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 131/222] ACPI / scan: Annotate physical_node_lock in acpi_scan_is_offline() Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 132/222] xtensa: xtfpga: fix hardware lockup caused by LCD driver Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 133/222] xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 134/222] xtensa: ISS: fix locking in TAP network adapter Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 135/222] gpio: mvebu: Fix mask/unmask managment per irq chip type Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 136/222] clk: samsung: exynos4: Disable ARMCLK down feature on Exynos4210 SoC Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 137/222] clk: tegra: Register the proper number of resets Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 138/222] clk: qcom: Fix i2c frequency table Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 139/222] clk: qcom: fix RCG M/N counter configuration Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 140/222] Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY" Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 141/222] sd: Unregister integrity profile Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 142/222] sd: Fix missing ATO tag check Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 143/222] Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open() Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 144/222] mvsas: fix panic on expander attached SATA devices Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 145/222] [media] rc: img-ir: fix error in parameters passed to irq_free() Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 146/222] [media] stk1160: Make sure current buffer is released Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 147/222] IB/core: disallow registering 0-sized memory region Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 148/222] IB/core: don't disallow registering region starting at 0x0 Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 149/222] IB/mlx4: Fix WQE LSO segment calculation Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 150/222] IB/iser: Fix wrong calculation of protection buffer length Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 151/222] tracing: Handle ftrace_dump() atomic context in graph_trace_open() Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 152/222] i2c: rk3x: report number of messages transmitted Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 153/222] i2c: core: Export bus recovery functions Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 154/222] drm/radeon: fix doublescan modes (v2) Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 155/222] drm/i915: Dont enable CS_PARSER_ERROR interrupts at all Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 156/222] drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 157/222] drm/i915: cope with large i2c transfers Sasha Levin
2015-05-17 1:04 ` [PATCH 3.18 158/222] RCU pathwalk breakage when running into a symlink overmounting something Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 159/222] nfsd4: fix READ permission checking Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 160/222] nfsd4: disallow SEEK with special stateids Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 161/222] NFS: Add a stub for GETDEVICELIST Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 162/222] e1000: add dummy allocator to fix race condition between mtu change and netpoll Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 163/222] ebpf: verifier: check that call reg with ARG_ANYTHING is initialized Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 164/222] lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 165/222] wl18xx: show rx_frames_per_rates as an array as it really is Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 166/222] crypto: omap-aes - Fix support for unequal lengths Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 167/222] C6x: time: Ensure consistency in __init Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 168/222] memstick: mspro_block: add missing curly braces Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 169/222] drivers: platform: parse IRQ flags from resources Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 170/222] driver core: bus: Goto appropriate labels on failure in bus_add_device Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 171/222] netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 172/222] KVM: nVMX: mask unrestricted_guest if disabled on L0 Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 173/222] staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 174/222] mm/hugetlb: use pmd_page() in follow_huge_pmd() Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 175/222] mm/hugetlb: take page table lock " Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 176/222] rtlwifi: rtl8192ee: Fix handling of new style descriptors Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 177/222] fs: take i_mutex during prepare_binprm for set[ug]id executables Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 178/222] bpf: fix 64-bit divide Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 179/222] MIPS: BCM63xx: Move bcm63xx_gpio_init() to bcm63xx_register_devices() Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 180/222] MIPS: OCTEON: dma-octeon: fix OHCI USB config check Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 181/222] MIPS: OCTEON: Use correct CSR to soft reset Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 182/222] clk: at91: usb: fix determine_rate prototype Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 183/222] MIPS: Octeon: Remove udelay() causing huge IRQ latency Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 184/222] MIPS: OCTEON: fix PCI interrupt mapping for D-Link DSR-1000N Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 185/222] MIPS: Netlogic: Fix for SATA PHY init Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 186/222] MIPS: kernel: entry.S: Set correct ISA level for mips_ihb Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 187/222] MIPS: Octeon: Delete override of cpu_has_mips_r2_exec_hazard Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 188/222] SSB: fix Kconfig dependencies Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 189/222] MIPS: ralink: add missing symbol for RALINK_ILL_ACC Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 190/222] MIPS: smp-cps: cpu_set FPU mask if FPU present Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 191/222] MIPS: Kconfig: Disable SMP/CPS for 64-bit Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 192/222] MIPS: BCM47XX: Fix detecting Microsoft MN-700 & Asus WL500G Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 193/222] ALSA: emux: Fix mutex deadlock at unloading Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 194/222] ALSA: emux: Fix mutex deadlock in OSS emulation Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 195/222] ALSA: emu10k1: Fix card shortname string buffer overflow Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 196/222] ALSA: emu10k1: Emu10k2 32 bit DMA mode Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 197/222] ALSA: hda - Add mute-LED mode control to Thinkpad Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 198/222] cdc-acm: prevent infinite loop when parsing CDC headers Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 199/222] serial: of-serial: Remove device_type = "serial" registration Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 200/222] serial: xilinx: Use platform_get_irq to get irq description structure Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 201/222] arm64: dma-mapping: always clear allocated buffers Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 202/222] usb: chipidea: otg: remove mutex unlock and lock while stop and start role Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 203/222] ASoC: samsung: s3c24xx-i2s: Fix return value check in s3c24xx_iis_dev_probe() Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 204/222] ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 205/222] ASoC: rt5677: fixed wrong DMIC ref clock Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 206/222] btrfs: unlock i_mutex after attempting to delete subvolume during send Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 207/222] ACPI / SBS: Enable battery manager when present Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 208/222] tty/serial: at91: maxburst was missing for dma transfers Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 209/222] rbd: end I/O the entire obj_request on error Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 210/222] uas: Allow uas_use_uas_driver to return usb-storage flags Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 211/222] uas: Add US_FL_MAX_SECTORS_240 flag Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 212/222] uas: Set max_sectors_240 quirk for ASM1053 devices Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 213/222] ext4: fix data corruption caused by unwritten and delayed extents Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 214/222] ext4: move check under lock scope to close a race Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 215/222] 3w-xxxx: fix command completion race Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 216/222] 3w-9xxx: " Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 217/222] 3w-sas: " Sasha Levin
2015-05-17 1:05 ` [PATCH 3.18 218/222] drm/radeon: adjust pll when audio is not enabled Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 219/222] drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5 Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 220/222] drm/radeon: check new address before removing old one Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 221/222] hfsplus: don't store special "osx" xattr prefix on-disk Sasha Levin
2015-05-17 1:06 ` [PATCH 3.18 222/222] Drivers: hv: vmbus: Don't wait after requesting offers Sasha Levin
2015-05-17 4:21 ` [PATCH 3.18 000/222] 3.18.14-review (build errors) Guenter Roeck
2015-05-17 14:42 ` Sasha Levin
2015-05-17 16:10 ` Guenter Roeck
2015-05-18 1:25 ` Sasha Levin
2015-05-18 4:19 ` Guenter Roeck
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.