* [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review
@ 2016-01-05 19:41 Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 001/211] mxc_nand: fix copy_spare Kamal Mostafa
` (210 more replies)
0 siblings, 211 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Kamal Mostafa
This is the start of the review cycle for the Linux 4.2.8-ckt1 stable kernel.
This version contains 211 new patches, summarized below. The new patches are
posted as replies to this message and also available in this git branch:
http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-4.2.y-review
git://kernel.ubuntu.com/ubuntu/linux.git linux-4.2.y-review
The review period for version 4.2.8-ckt1 will be open for the next three days.
To report a problem, please reply to the relevant follow-up patch message.
For more information about the Linux 4.2.y-ckt extended stable kernel version,
see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable .
-Kamal
--
.../devicetree/bindings/mmc/renesas,mmcif.txt | 4 +-
MAINTAINERS | 1 +
arch/arm/mach-omap2/board-generic.c | 7 -
arch/arm64/net/bpf_jit.h | 3 +-
arch/arm64/net/bpf_jit_comp.c | 54 ++++--
arch/mips/include/asm/atomic.h | 2 +-
arch/parisc/include/asm/compat.h | 4 +-
arch/parisc/include/uapi/asm/ipcbuf.h | 19 +-
arch/parisc/include/uapi/asm/msgbuf.h | 10 +-
arch/parisc/include/uapi/asm/posix_types.h | 2 +
arch/parisc/include/uapi/asm/sembuf.h | 6 +-
arch/parisc/include/uapi/asm/shmbuf.h | 8 +-
arch/parisc/mm/init.c | 16 ++
arch/sparc/kernel/pci.c | 7 +-
arch/sparc/kernel/pci_common.c | 17 +-
arch/sparc/kernel/pci_impl.h | 1 +
arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 2 +-
arch/x86/kvm/svm.c | 14 +-
arch/x86/kvm/vmx.c | 19 +-
arch/x86/kvm/x86.c | 8 +-
arch/x86/xen/setup.c | 2 +-
arch/xtensa/include/asm/asmmacro.h | 7 +-
arch/xtensa/include/asm/vectors.h | 9 +-
arch/xtensa/kernel/Makefile | 1 +
arch/xtensa/kernel/entry.S | 8 +-
arch/xtensa/kernel/head.S | 2 +-
arch/xtensa/kernel/setup.c | 9 +-
arch/xtensa/kernel/vectors.S | 4 +-
arch/xtensa/kernel/vmlinux.lds.S | 12 +-
arch/xtensa/lib/usercopy.S | 6 +-
arch/xtensa/platforms/iss/setup.c | 2 +
arch/xtensa/platforms/xt2000/setup.c | 2 +
arch/xtensa/platforms/xtfpga/setup.c | 2 +
crypto/algif_hash.c | 12 +-
drivers/acpi/osl.c | 13 +-
drivers/acpi/sleep.c | 6 +-
drivers/char/tpm/tpm-chip.c | 2 +-
drivers/char/tpm/tpm.h | 7 +
drivers/char/tpm/tpm_crb.c | 39 ++--
drivers/char/tpm/tpm_ibmvtpm.c | 2 +-
drivers/char/tpm/tpm_of.c | 3 +-
drivers/char/tpm/tpm_tis.c | 194 ++++++++++++++++---
drivers/cpufreq/arm_big_little.c | 22 ++-
drivers/dma/dw/core.c | 12 +-
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 +-
drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 8 +
drivers/gpu/drm/ast/ast_drv.h | 1 +
drivers/gpu/drm/ast/ast_fb.c | 7 +
drivers/gpu/drm/ast/ast_main.c | 1 +
drivers/gpu/drm/ast/ast_mode.c | 2 +
drivers/gpu/drm/drm_crtc.c | 5 +-
drivers/gpu/drm/i915/i915_gem_userptr.c | 207 +++++++++++++--------
drivers/gpu/drm/i915/intel_display.c | 3 +
drivers/gpu/drm/radeon/si_dpm.c | 2 +
drivers/hid/hid-core.c | 2 +-
drivers/hsi/controllers/omap_ssi_port.c | 2 +-
drivers/hsi/hsi.c | 1 -
drivers/i2c/busses/i2c-at91.c | 82 ++++++--
drivers/i2c/busses/i2c-img-scb.c | 71 ++++---
drivers/iio/magnetometer/Kconfig | 33 ++--
drivers/iio/magnetometer/Makefile | 3 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/core/uverbs_cmd.c | 2 +-
drivers/infiniband/core/verbs.c | 4 +-
drivers/infiniband/hw/cxgb4/mem.c | 2 +-
drivers/input/mouse/elantech.c | 7 +
drivers/iommu/arm-smmu-v3.c | 9 +-
drivers/iommu/intel-iommu.c | 9 +-
drivers/isdn/i4l/isdn_ppp.c | 12 +-
drivers/md/Kconfig | 2 +-
drivers/md/dm-mpath.c | 7 +-
drivers/md/dm.c | 10 +-
drivers/media/platform/vivid/vivid-core.c | 5 +-
drivers/media/platform/vivid/vivid-osd.c | 1 +
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 9 +-
drivers/media/v4l2-core/v4l2-ctrls.c | 12 +-
drivers/media/v4l2-core/videobuf2-dma-contig.c | 5 +-
drivers/media/v4l2-core/videobuf2-dma-sg.c | 5 +-
drivers/misc/cxl/native.c | 2 +-
drivers/mtd/mtd_blkdevs.c | 10 +-
drivers/mtd/mtdpart.c | 4 +-
drivers/mtd/nand/mxc_nand.c | 2 +-
drivers/mtd/ubi/fastmap-wl.c | 29 +++
drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 14 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.h | 1 +
drivers/net/ethernet/broadcom/genet/bcmmii.c | 37 ++--
drivers/net/ethernet/freescale/gianfar.c | 8 +-
drivers/net/ethernet/freescale/gianfar.h | 1 +
drivers/net/ethernet/marvell/Kconfig | 1 +
drivers/net/ethernet/qualcomm/qca_spi.c | 5 +-
drivers/net/ethernet/renesas/sh_eth.c | 4 +-
drivers/net/phy/micrel.c | 15 +-
drivers/net/ppp/ppp_generic.c | 6 +-
drivers/net/ppp/pppoe.c | 14 +-
drivers/net/ppp/pptp.c | 6 +
drivers/net/slip/slhc.c | 12 +-
drivers/net/slip/slip.c | 2 +-
drivers/net/usb/cdc_mbim.c | 26 ++-
drivers/net/usb/cdc_ncm.c | 10 +-
drivers/net/usb/qmi_wwan.c | 5 +-
drivers/net/usb/r8152.c | 21 +--
drivers/net/vxlan.c | 10 +-
drivers/ntb/ntb_transport.c | 4 +-
drivers/of/fdt.c | 5 +-
drivers/of/of_reserved_mem.c | 4 +
drivers/pci/host/pcie-spear13xx.c | 26 +--
drivers/pci/iov.c | 41 ++--
drivers/pinctrl/pinctrl-single.c | 1 -
drivers/platform/x86/ideapad-laptop.c | 7 +
drivers/platform/x86/toshiba_acpi.c | 1 +
drivers/power/wm831x_power.c | 6 +-
drivers/regulator/arizona-ldo1.c | 18 +-
drivers/rtc/rtc-ds1307.c | 4 +-
drivers/scsi/megaraid/megaraid_sas.h | 3 +
drivers/scsi/megaraid/megaraid_sas_base.c | 34 +++-
drivers/scsi/scsi_sysfs.c | 18 +-
drivers/scsi/storvsc_drv.c | 3 +-
drivers/spi/spi-atmel.c | 3 +-
drivers/spi/spi-dw.c | 6 +-
drivers/spi/spi-omap2-mcspi.c | 28 +++
drivers/spi/spi-ti-qspi.c | 3 +-
drivers/spi/spi-xilinx.c | 38 ++--
drivers/staging/dgnc/dgnc_mgmt.c | 1 +
drivers/thermal/samsung/exynos_tmu.c | 57 +++---
drivers/usb/host/ehci-fsl.c | 13 ++
drivers/usb/host/ehci-hub.c | 7 +
drivers/usb/host/ehci.h | 12 ++
drivers/usb/host/fsl-mph-dr-of.c | 10 +
drivers/usb/host/xhci-ring.c | 10 +
drivers/vfio/platform/vfio_platform_common.c | 36 ++--
drivers/vfio/vfio.c | 7 +-
fs/binfmt_elf.c | 10 +-
fs/cachefiles/rdwr.c | 67 ++++---
fs/dax.c | 4 +-
fs/ext4/resize.c | 4 +-
fs/f2fs/dir.c | 13 +-
fs/f2fs/namei.c | 10 +-
fs/fscache/netfs.c | 38 ++--
fs/fscache/page.c | 2 +-
fs/jbd2/checkpoint.c | 8 +-
fs/lockd/host.c | 7 +-
fs/lockd/mon.c | 36 ++--
fs/lockd/netns.h | 1 +
fs/lockd/svc.c | 1 +
fs/lockd/svc4proc.c | 2 +-
fs/lockd/svcproc.c | 2 +-
fs/pipe.c | 9 +-
fs/proc/fd.c | 14 +-
fs/seq_file.c | 11 +-
fs/tracefs/inode.c | 6 +-
include/linux/acpi.h | 6 +
include/linux/fsl_devices.h | 2 +
include/linux/lockd/lockd.h | 9 +-
include/linux/netlink.h | 13 +-
include/linux/tracepoint.h | 9 +-
include/net/dst.h | 33 ++++
include/net/inet_frag.h | 15 +-
include/net/netfilter/nf_conntrack.h | 4 -
include/net/sock.h | 5 +-
include/net/vxlan.h | 2 +-
include/rdma/ib_verbs.h | 4 +-
include/rdma/rdma_cm.h | 2 +-
include/sound/pcm.h | 6 -
include/uapi/drm/drm_fourcc.h | 2 +-
kernel/bpf/syscall.c | 12 +-
kernel/events/core.c | 4 +
kernel/printk/printk.c | 13 +-
kernel/task_work.c | 12 +-
kernel/time/timer.c | 22 ++-
kernel/trace/trace.c | 2 +-
lib/devres.c | 2 +-
lib/hexdump.c | 6 +-
lib/rhashtable.c | 25 ++-
mm/memcontrol.c | 11 +-
mm/oom_kill.c | 7 +-
mm/slab.c | 5 +-
net/ax25/af_ax25.c | 3 +
net/bluetooth/sco.c | 3 +
net/bridge/br_netlink.c | 2 +-
net/core/net-sysfs.c | 9 +-
net/core/skbuff.c | 6 +-
net/core/sock.c | 5 +-
net/decnet/af_decnet.c | 3 +
net/ieee802154/6lowpan/reassembly.c | 11 +-
net/ipv4/af_inet.c | 3 +
net/ipv4/fou.c | 3 +-
net/ipv4/igmp.c | 12 +-
net/ipv4/inet_fragment.c | 6 -
net/ipv4/ip_fragment.c | 12 +-
net/ipv4/ip_output.c | 4 +-
net/ipv4/ip_sockglue.c | 45 +++--
net/ipv4/tcp_input.c | 5 +-
net/ipv4/tcp_ipv4.c | 7 +-
net/ipv4/tcp_output.c | 23 +--
net/ipv6/addrconf.c | 8 +-
net/ipv6/af_inet6.c | 3 +
net/ipv6/ip6_gre.c | 8 +-
net/ipv6/ip6_output.c | 70 ++++---
net/ipv6/netfilter/nf_conntrack_reasm.c | 12 +-
net/ipv6/reassembly.c | 12 +-
net/ipv6/tcp_ipv6.c | 5 +-
net/ipv6/tunnel6.c | 12 +-
net/ipv6/xfrm6_output.c | 17 +-
net/irda/af_irda.c | 3 +
net/netfilter/nf_nat_redirect.c | 2 +-
net/netfilter/nfnetlink.c | 2 +-
net/netfilter/nfnetlink_queue_core.c | 5 +-
net/netlink/af_netlink.c | 18 +-
net/packet/af_packet.c | 6 +-
net/sched/sch_api.c | 2 +-
net/sctp/ipv6.c | 8 +
net/sctp/sm_make_chunk.c | 4 +-
net/sctp/socket.c | 4 +
net/socket.c | 1 +
net/sunrpc/auth_gss/auth_gss.c | 13 +-
net/sunrpc/xprtrdma/verbs.c | 136 +++++---------
net/sunrpc/xprtrdma/xprt_rdma.h | 5 -
net/unix/af_unix.c | 13 +-
scripts/kconfig/expr.c | 2 +-
scripts/recordmcount.c | 24 ++-
scripts/recordmcount.h | 2 +-
security/integrity/digsig.c | 2 +-
security/keys/gc.c | 10 +-
security/keys/keyctl.c | 18 +-
security/keys/request_key.c | 3 +
sound/core/pcm.c | 3 -
sound/firewire/bebob/Makefile | 2 +-
sound/firewire/bebob/bebob_maudio.c | 2 +-
sound/firewire/dice/Makefile | 2 +-
sound/firewire/dice/dice-stream.c | 12 +-
sound/firewire/dice/dice.c | 3 +-
sound/firewire/fireworks/Makefile | 2 +-
sound/firewire/fireworks/fireworks_command.c | 2 +-
sound/firewire/oxfw/Makefile | 2 +-
sound/pci/hda/hda_controller.c | 3 +
sound/pci/hda/hda_intel.c | 8 +
sound/pci/hda/patch_realtek.c | 13 ++
sound/pci/hda/patch_sigmatel.c | 1 +
sound/soc/spear/spear_pcm.c | 2 +-
tools/build/Makefile.feature | 2 +-
tools/perf/Documentation/perf-trace.txt | 1 -
tools/perf/ui/browsers/annotate.c | 2 +-
.../ftrace/test.d/kprobe/add_and_remove.tc | 2 +-
.../selftests/ftrace/test.d/kprobe/busy_check.tc | 2 +-
.../selftests/ftrace/test.d/kprobe/kprobe_args.tc | 2 +-
.../ftrace/test.d/kprobe/kprobe_ftrace.tc | 14 +-
.../ftrace/test.d/kprobe/kretprobe_args.tc | 2 +-
tools/testing/selftests/memfd/run_fuse_test.sh | 0
249 files changed, 1856 insertions(+), 1075 deletions(-)
Al Viro (1):
dax_io(): don't let non-error value escape via retval instead of EFAULT
Alex Deucher (3):
drm/radeon: add quirk for ASUS R7 370
drm/amdgpu/gfx8: set TC_WB_ACTION_EN in RELEASE_MEM packet
drm/amdgpu: add some additional CZ revisions
Alexander Duyck (1):
PCI: Set SR-IOV NumVFs to zero after enumeration
Alexandra Yates (1):
ALSA: hda - Add Intel Lewisburg device IDs Audio
Andrew Honig (1):
KVM: x86: Reload pit counters for all channels when restoring state
Andrew Lunn (1):
phy: micrel: Fix finding PHY properties in MAC node.
Andrey Ryabinin (1):
lockd: create NSM handles per net namespace
Andrzej Hajda (1):
[media] v4l2-compat-ioctl32: fix alignment for ARM64
Andy Leiserson (1):
fix calculation of meta_bg descriptor backups
Andy Shevchenko (3):
spi: dw: explicitly free IRQ handler in dw_spi_remove_host()
lib/hexdump.c: truncate output in case of overflow
dmaengine: dw: convert to __ffs()
Antonio Ospite (1):
[media] media/v4l2-ctrls: fix setting autocluster to manual with VIDIOC_S_CTRL
Arnaldo Carvalho de Melo (1):
tools build: Fixup feature detection display function name
Arnd Bergmann (5):
RDMA/cxgb4: re-fix 32-bit build warning
IB/core: avoid 32-bit warning
sunrpc: avoid warning in gss_key_timeout
NTB: fix 32-bit compiler warning
mvneta: add FIXED_PHY dependency
Axel Lin (1):
ASoC: spear_pcm: Use devm_snd_dmaengine_pcm_register to fix resource leak
Azael Avalos (1):
toshiba_acpi: Initialize hotkey_event_type variable
Bart Van Assche (1):
IB/core, cma: Make __attribute_const__ declarations sparse-friendly
Ben Hutchings (4):
isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
ppp, slip: Validate VJ compression slot parameters completely
selftests: kprobe: Choose an always-defined function to probe
selftests: Make scripts executable
Benoit Parrot (1):
[media] media: v4l2-ctrls: Fix 64bit support in get_ctrl()
Bjørn Mork (3):
qmi_wwan: fix entry for HP lt4112 LTE/HSPA+ Gobi 4G Module
ipv6: keep existing flags when setting IFA_F_OPTIMISTIC
net: cdc_mbim: add "NDP to end" quirk for Huawei E3372
Boris BREZILLON (1):
mtd: mtdpart: fix add_mtd_partitions error path
Brian Norris (1):
mtd: blkdevs: fix potential deadlock + lockdep warnings
Catalin Marinas (1):
mm: slab: only move management objects off-slab for sizes larger than KMALLOC_MIN_SIZE
Charles Keepax (1):
regulator: arizona-ldo1: Fix handling of GPIO 0
Chen Yu (3):
ACPI: Use correct IRQ when uninstalling ACPI interrupt handler
ACPI: Using correct irq when waiting for events
ACPI / PM: Fix incorrect wakeup IRQ setting during suspend-to-idle
Chris Wilson (2):
drm/i915: Only update the current userptr worker
drm/i915: Fix userptr deadlock with aliased GTT mmappings
Christoph Hellwig (2):
scsi_dh: fix randconfig build error
scsi: restart list search after unlock in scsi_remove_target
Christophe JAILLET (1):
TPM: Avoid reference to potentially freed memory
Christophe Lombard (1):
cxl: Fix number of allocated pages in SPA
Chuck Lever (2):
xprtrdma: Re-arm after missed events
xprtrdma: Prevent loss of completion signals
Cyrille Pitchen (1):
i2c: at91: fix write transfers by clearing pending interrupt first
Dan Carpenter (1):
devres: fix a for loop bounds check
Daniel Borkmann (3):
ebpf: fix fd refcount leaks related to maps in bpf syscall
netlink, mmap: fix edge-case leakages in nf queue zero-copy
tracefs: Fix refcount imbalance in start_creating()
David Howells (5):
KEYS: Fix race between key destruction and finding a keyring by name
KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring
KEYS: Don't permit request_key() to construct a new keyring
FS-Cache: Handle a write to the page immediately beyond the EOF marker
KEYS: Fix race between read and revoke
David Mosberger-Tang (1):
spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word
David S. Miller (1):
bluetooth: Validate socket address length in sco_sock_bind().
David Woodhouse (1):
iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints
Dmitry Kasatkin (1):
integrity: prevent loading untrusted certificates on the IMA trusted keyring
Egbert Eich (1):
drm/ast: Initialized data needed to map fbdev memory
Eric Benard (1):
mxc_nand: fix copy_spare
Eric Biggers (1):
fs/pipe.c: return error code rather than 0 in pipe_write()
Eric Dumazet (8):
task_work: remove fifo ordering guarantee
tcp: call sk_mark_napi_id() on the child, not the listener
packet: fix match_fanout_group()
net: fix percpu memory leaks
ipv6: sctp: clone options to avoid use after free
net: fix IP early demux races
net_sched: make qdisc_tree_decrease_qlen() work for non mq
tcp: restore fastopen with no data in SYN packet
Eric W. Biederman (2):
ipv4: Fix ip_local_out_sk by passing the sk into __ip_local_out_sk
ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk
Ezequiel Garcia (1):
[media] vivid: Fix iteration in driver removal path
Flavio Leitner (1):
netfilter: remove dead code
Florian Fainelli (2):
net: bcmgenet: Use correct dev_id for free_irq
net: bcmgenet: Delay PHY initialization to bcmgenet_open()
Florian Westphal (1):
netfilter: nfnetlink: don't probe module if it exists
Gabriele Paoloni (1):
PCI: spear: Fix dw_pcie_cfg_read/write() usage
Geliang Tang (1):
hsi: fix double kfree
Greg Thelen (1):
fs, seqfile: always allow oom killer
Grygorii Strashko (1):
pinctrl: single: dra7: remove PCS_QUIRK_SHARED_IRQ
Guillaume Nault (1):
pppoe: fix memory corruption in padt work structure
Hamish Martin (1):
gianfar: Don't enable RX Filer if not supported
Hannes Frederic Sowa (4):
ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets
net: add validation for the socket syscall protocol argument
ipv6: automatically enable stable privacy mode if stable_secret set
fou: clean up socket with kfree_rcu
Hans Verkuil (1):
[media] v4l2-ctrls: arrays are also considered compound controls
Hans de Goede (1):
ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list
Harry Wentland (1):
drm/amdgpu: Make amdgpu_mn functions inline
Hartmut Knaack (1):
iio:magnetometer:bmc150_magn: sort entry alphabetically
Helge Deller (1):
parisc: Fixes and cleanups in kernel uapi header files
Herbert Xu (4):
ipv6: Fix IPsec pre-encap fragmentation check
crypto: algif_hash - Only export and import on sockets with data
rhashtable: Enforce minimum size on initial hash table
rhashtable: Fix walker list corruption
Hon Ching \\(Vicky\\) Lo (1):
vTPM: fix memory allocation flag for rtce buffer at kernel boot
Jaegeuk Kim (1):
f2fs crypto: allocate buffer for decrypting filename
James Morse (1):
vfio/platform: store mapped memory in region, instead of an on-stack copy
Jan Kara (1):
jbd2: fix checkpoint list cleanup
Jani Nikula (1):
drm/i915: add quirk to enable backlight on Dell Chromebook 11 (2015)
Jarkko Sakkinen (3):
tpm, tpm_crb: fix unaligned read of the command buffer address
tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0
TPM: revert the list handling logic fixed in 398a1e7
Jason Liu (1):
drivers: of: of_reserved_mem: fixup the alignment with CMA setup
Jiaxing Wang (1):
tracing: Update instance_rmdir() to use tracefs_remove_recursive
Jiri Benc (2):
vxlan: set needed headroom correctly
vxlan: fix incorrect RCO bit in VXLAN header
Joerg Roedel (1):
vfio: Fix bug in vfio_device_get_from_name()
Jon Medhurst \(Tixy\) (1):
cpufreq: arm_big_little: fix frequency check when bL switcher is active
K. Y. Srinivasan (1):
storvsc: Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag
Kailang Yang (1):
ALSA: hda/realtek - Dell XPS one ALC3260 speaker no sound after resume back
Kinglong Mee (2):
FS-Cache: Increase reference of parent after registering, netfs success
FS-Cache: Don't override netfs's primary_index if registering failed
Krzysztof Kozlowski (2):
thermal: exynos: Fix unbalanced regulator disable on probe failure
thermal: exynos: Fix first temperature read after registering sensor
Li Bin (1):
recordmcount: arm64: Replace the ignored mcount call into nop
Ludovic Desroches (1):
i2c: at91: manage unexpected RXRDY flag when starting a transfer
Lukas Wunner (1):
drm: Fix return value of drm_framebuffer_init()
Maciej W. Rozycki (1):
binfmt_elf: Don't clobber passed executable's file header
Malcolm Crossley (1):
x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map
Marcelo Ricardo Leitner (3):
sctp: use the same clock as if sock source timestamps were on
sctp: update the netstamp_needed counter when copying sockets
sctp: also copy sk_tsflags when copying the socket
Martin Wilck (1):
tpm_tis: free irq after probing
Masahiro Yamada (1):
of/fdt: fix error checking for earlycon address
Mathias Krause (1):
printk: prevent userland from spoofing kernel messages
Mathias Nyman (1):
xhci: don't finish a TD if we get a short transfer event mid TD
Mathieu Desnoyers (1):
tracepoints: Fix documentation of RCU lockdep checks
Mauricio Faria de Oliveira (1):
Revert "dm mpath: fix stalls when handling invalid ioctls"
Max Filippov (2):
xtensa: fixes for configs without loop option
xtensa: fix secondary core boot in SMP
Maxim Sheviakov (2):
drm/radeon: add quirk for MSI R7 370
drm/radeon: fix quirk for MSI R7 370 Armor 2X
Michal Hocko (1):
memcg: fix thresholds for 32b architectures.
Michal Kubeček (1):
ipv6: fix tunnel error handling
Michal Sojka (1):
kconfig: Fix copy&paste error
Mikulas Patocka (1):
dm: initialize non-blk-mq queue data before queue is used
Munehisa Kamata (1):
netfilter: nf_nat_redirect: add missing NULL pointer check
Namhyung Kim (1):
perf annotate: Fix 'annotate.use_offset' config variable usage
Neil Armstrong (1):
spi: omap2-mcspi: disable other channels CHCONF_FORCE in prepare_message
Nicolas Dichtel (1):
gre6: allow to update all parameters via rtnl
Nicolas Iooss (1):
crypto: crc32c-pclmul - use .rodata instead of .rotata
Nikhil Badola (2):
drivers: usb :fsl: Implement Workaround for USB Erratum A007792
drivers: usb: fsl: Workaround for USB erratum-A005275
Nishanth Menon (1):
ARM: OMAP2+: board-generic: Remove stale of_irq macros
Oleg Nesterov (1):
proc: actually make proc_fd_permission() thread-friendly
Paolo Bonzini (1):
KVM: svm: unconditionally intercept #DB
Pavel Machek (1):
atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
Peter Feiner (1):
perf trace: Fix documentation for -i
Peter Oberparleiter (1):
scsi_sysfs: Fix queue_ramp_up_period return code
Peter Wu (1):
r8152: fix lockup when runtime PM is enabled
Peter Zijlstra (1):
perf: Fix inherited events vs. tracepoint filters
Radim Krčmář (1):
KVM: VMX: fix SMEP and SMAP without EPT
Rainer Weikusat (1):
af_unix: Revert 'lock_interruptible' in stream receive code
Ralf Baechle (1):
MIPS: atomic: Fix comment describing atomic64_add_unless's return value.
Ricardo Ribalda Delgado (1):
spi/spi-xilinx: Fix race condition on last word read
Richard Purdie (1):
HID: core: Avoid uninitialized buffer access
Richard Weinberger (1):
ubi: fastmap: Implement produce_free_peb()
Roger Quadros (1):
hsi: omap_ssi_port: Prevent warning if cawake_gpio is not defined.
Salva Peiró (2):
[media] media/vivid-osd: fix info leak in ioctl
staging/dgnc: fix info leak in ioctl
Scott Feldman (1):
bridge: fix netlink max attr size
Sergei Shtylyov (2):
DT: mmc: sh_mmcif: fix "compatible" property text
sh_eth: fix kernel oops in skb_put()
Sifan Naeem (6):
i2c: img-scb: enable fencing for all versions of the ip
i2c: img-scb: do dummy writes before fifo access
i2c: img-scb: use DIV_ROUND_UP to round divisor values
i2c: img-scb: fix LOW and HIGH period values for the SCL clock
i2c: img-scb: Clear line and interrupt status before starting a transfer
i2c: img-scb: verify support for requested bit rate
Stefan Wahren (1):
net: qca_spi: fix transmit queue timeout handling
Sumit Saxena (1):
megaraid_sas: Make tape drives visible on PERC5 controllers
Takashi Iwai (4):
ALSA: hda - Disable 64bit address for Creative HDA controllers
ALSA: hda - Fix lost 4k BDL boundary workaround
ALSA: hda - Apply pin fixup for HP ProBook 6550b
Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled
Takashi Sakamoto (6):
ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed
ALSA: fireworks/bebob/oxfw/dice: enable to make as built-in
ALSA: dice: correct variable types for __be32 data
ALSA: dice: assign converted data to the same type of variable
ALSA: fireworks: use u32 type for be32_to_cpup() macro
ALSA: bebob: use correct type for __be32 data
Tejun Heo (1):
timers: Use proper base migration in add_timer_on()
Tero Kristo (1):
rtc: ds1307: Fix alarm programming for mcp794xx
Tetsuo Handa (1):
mm/oom_kill.c: reverse the order of setting TIF_MEMDIE and sending SIGKILL
Thadeu Lima de Souza Cascardo (1):
net-sysfs: get_netdev_queue_index() cleanup
Tiffany Lin (2):
[media] media: vb2 dma-contig: Fully cache synchronise buffers in prepare and finish
[media] media: vb2 dma-sg: Fully cache synchronise buffers in prepare and finish
Tvrtko Ursulin (1):
drm: Use userspace compatible type in fourcc_mod_code macro
Valentin Rothberg (1):
wm831x_power: Use IRQF_ONESHOT to request threaded IRQs
Vignesh R (1):
spi: ti-qspi: Fix data corruption seen on r/w stress test
Vineet Gupta (2):
MAINTAINERS: Add public mailing list for ARC
ARC: Fix silly typo in MAINTAINERS file
Vlad Yasevich (2):
vlan: Fix untag operations of stacked vlans with REORDER_HEADER off
skbuff: Fix offset error in skb_reorder_vlan_header
WANG Cong (3):
ipv4: fix a potential deadlock in mcast getsockopt() path
pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
net: check both type and procotol for tcp sockets
Will Deacon (1):
iommu/arm-smmu: Fix error checking for ASID and VMID allocation
Yinghai Lu (1):
sparc/PCI: Add mem64 resource parsing for root bus
Yuchung Cheng (1):
tcp: apply Kern's check on RTTs used for congestion control
Zi Shen Lim (2):
arm64: bpf: fix div-by-zero case
arm64: bpf: fix mod-by-zero case
libin (1):
recordmcount: Fix endianness handling bug for nop_mcount
sumit.saxena@avagotech.com (3):
megaraid_sas: Expose TAPE drives unconditionally
megaraid_sas: Do not use PAGE_SIZE for max_sectors
megaraid_sas : SMAP restriction--do not access user memory from IOCTL code
tadeusz.struk@intel.com (1):
net: fix uninitialized variable issue
^ permalink raw reply [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 001/211] mxc_nand: fix copy_spare
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 002/211] drivers: usb :fsl: Implement Workaround for USB Erratum A007792 Kamal Mostafa
` (209 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Bénard, Brian Norris, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Benard <eric@eukrea.com>
commit e5a5d92d9dc36055b971d79e408e345f5ce88701 upstream.
it was broken by 35d5d20efad8a04c8c002c7f31241dff973977a6
"mtd: mxc_nand: cleanup copy_spare function"
else we get the following error :
[ 22.709507] ubi0: attaching mtd3
[ 23.613470] ubi0: scanning is finished
[ 23.617278] ubi0: empty MTD device detected
[ 23.623219] Unhandled fault: imprecise external abort (0x1c06) at 0x9e62f0ec
[ 23.630291] pgd = 9df80000
[ 23.633005] [9e62f0ec] *pgd=8e60041e(bad)
[ 23.637064] Internal error: : 1c06 [#1] SMP ARM
[ 23.641605] Modules linked in:
[ 23.644687] CPU: 0 PID: 99 Comm: ubiattach Not tainted 4.2.0-dirty #22
[ 23.651222] Hardware name: Freescale i.MX53 (Device Tree Support)
[ 23.657322] task: 9e687300 ti: 9dcfc000 task.ti: 9dcfc000
[ 23.662744] PC is at memcpy16_toio+0x4c/0x74
[ 23.667026] LR is at mxc_nand_command+0x484/0x640
[ 23.671739] pc : [<803f9c08>] lr : [<803faeb0>] psr: 60000013
[ 23.671739] sp : 9dcfdb10 ip : 9e62f0ea fp : 9dcfdb1c
[ 23.683222] r10: a09c1000 r9 : 0000001a r8 : ffffffff
[ 23.688453] r7 : ffffffff r6 : 9e674810 r5 : 9e674810 r4 : 000000b6
[ 23.694985] r3 : a09c16a4 r2 : a09c16a4 r1 : a09c16a4 r0 : 0000ffff
[ 23.701521] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 23.708662] Control: 10c5387d Table: 8df80019 DAC: 00000015
[ 23.714413] Process ubiattach (pid: 99, stack limit = 0x9dcfc210)
[ 23.720514] Stack: (0x9dcfdb10 to 0x9dcfe000)
[ 23.724881] db00: 9dcfdb6c 9dcfdb20 803faeb0 803f9bc8
[ 23.733069] db20: 803f227c 803f9b74 ffffffff 9e674810 9e674810 9e674810 00000040 9e62f010
[ 23.741255] db40: 803faa2c 9e674b40 9e674810 803faa2c 00000400 803faa2c 00000000 9df42800
[ 23.749441] db60: 9dcfdb9c 9dcfdb70 803f2024 803faa38 9e4201cc 00000000 803f0a78 9e674b40
[ 23.757627] db80: 803f1f80 9e674810 00000400 00000400 9dcfdc14 9dcfdba0 803f3bd8 803f1f8c
[ 23.765814] dba0: 9e4201cc 00000000 00000580 00000000 00000000 800718c0 0000007f 00001000
[ 23.774000] dbc0: 9df42800 000000e0 00000000 00000000 9e4201cc 00000000 00000000 00000000
[ 23.782186] dbe0: 00000580 00000580 00000000 9e674810 9dcfdc20 9dcfdce8 9df42800 00580000
[ 23.790372] dc00: 00000000 00000400 9dcfdc6c 9dcfdc18 803f3f94 803f39a4 9dcfdc20 00000000
[ 23.798558] dc20: 00000000 00000400 00000000 00000000 00000000 00000000 9df42800 00000000
[ 23.806744] dc40: 9dcfdd0c 00580000 00000000 00000400 00000000 9df42800 9dee1000 9d802000
[ 23.814930] dc60: 9dcfdc94 9dcfdc70 803eb63c 803f3f38 00000400 9dcfdce8 9df42800 dead4ead
[ 23.823116] dc80: 803eb5f4 00000000 9dcfdcc4 9dcfdc98 803e82ac 803eb600 00000400 9dcfdce8
[ 23.831301] dca0: 9df42800 00000400 9dee0000 00000000 00000400 00000000 9dcfdd1c 9dcfdcc8
[ 23.839488] dcc0: 80406048 803e8230 00000400 9dcfdce8 9df42800 9dcfdc78 00000008 00000000
[ 23.847673] dce0: 00000000 00000000 00000000 00000004 00000000 9df42800 9dee0000 00000000
[ 23.855859] dd00: 9d802030 00000000 9dc8b214 9d802000 9dcfdd44 9dcfdd20 804066cc 80405f50
[ 23.864047] dd20: 00000400 9dc8b200 9d802030 9df42800 9dee0000 9dc8b200 9dcfdd84 9dcfdd48
[ 23.872233] dd40: 8040a544 804065ac 9e401c80 000080d0 9dcfdd84 00000001 800fc828 9df42400
[ 23.880418] dd60: 00000000 00000080 9dc8b200 9dc8b200 9dc8b200 9dee0000 9dcfdddc 9dcfdd88
[ 23.888605] dd80: 803fb560 8040a440 9dcfddc4 9dcfdd98 800f1428 9dee1000 a0acf000 00000000
[ 23.896792] dda0: 00000000 ffffffff 00000006 00000000 9dee0000 9dee0000 00005600 00000080
[ 23.904979] ddc0: 9dc8b200 a0acf000 9dc8b200 8112514c 9dcfde24 9dcfdde0 803fc08c 803fb4f0
[ 23.913165] dde0: 9e401c80 00000013 9dcfde04 9dcfddf8 8006bbf8 8006ba00 9dcfde24 00000000
[ 23.921351] de00: 9dee0000 00000065 9dee0000 00000001 9dc8b200 8112514c 9dcfde84 9dcfde28
[ 23.929538] de20: 8040afa0 803fb948 ffffffff 00000000 9dc8b214 9dcfde40 800f1428 800f11dc
[ 23.937724] de40: 9dc8b21c 9dc8b20c 9dc8b204 9dee1000 9dc8b214 8069bb60 fffff000 fffff000
[ 23.945911] de60: 9e7b5400 00000000 9dee0000 9dee1000 00001000 9e7b5400 9dcfdecc 9dcfde88
[ 23.954097] de80: 803ff1bc 8040a630 9dcfdea4 9dcfde98 00000800 00000800 9dcfdecc 9dcfdea8
[ 23.962284] dea0: 803e8f6c 00000000 7e87ab70 9e7b5400 80113e30 00000003 9dcfc000 00000000
[ 23.970470] dec0: 9dcfdf04 9dcfded0 804008cc 803feb98 ffffffff 00000003 00000000 00000000
[ 23.978656] dee0: 00000000 00000000 9e7cb000 9dc193e0 7e87ab70 9dd92140 9dcfdf7c 9dcfdf08
[ 23.986842] df00: 80113b5c 8040080c 800fbed8 8006bbf0 9e7cb000 00000003 9e7cb000 9dd92140
[ 23.995029] df20: 9dc193e0 9dd92148 9dcfdf4c 9dcfdf38 8011022c 800fbe78 8000f9cc 9e687300
[ 24.003216] df40: 9dcfdf6c 9dcfdf50 8011f798 8007ffe8 7e87ab70 9dd92140 00000003 9dd92140
[ 24.011402] df60: 40186f40 7e87ab70 9dcfc000 00000000 9dcfdfa4 9dcfdf80 80113e30 8011373c
[ 24.019588] df80: 7e87ab70 7e87ab70 7e87aea9 00000036 8000fb84 9dcfc000 00000000 9dcfdfa8
[ 24.027775] dfa0: 8000f9a0 80113e00 7e87ab70 7e87ab70 00000003 40186f40 7e87ab70 00000000
[ 24.035962] dfc0: 7e87ab70 7e87ab70 7e87aea9 00000036 00000000 00000000 76fd1f70 00000000
[ 24.044148] dfe0: 76f80f8c 7e87ab28 00009810 76f80fc4 60000010 00000003 00000000 00000000
[ 24.052328] Backtrace:
[ 24.054806] [<803f9bbc>] (memcpy16_toio) from [<803faeb0>] (mxc_nand_command+0x484/0x640)
[ 24.062996] [<803faa2c>] (mxc_nand_command) from [<803f2024>] (nand_write_page+0xa4/0x154)
[ 24.071264] r10:9df42800 r9:00000000 r8:803faa2c r7:00000400 r6:803faa2c r5:9e674810
[ 24.079180] r4:9e674b40
[ 24.081738] [<803f1f80>] (nand_write_page) from [<803f3bd8>] (nand_do_write_ops+0x240/0x444)
[ 24.090180] r8:00000400 r7:00000400 r6:9e674810 r5:803f1f80 r4:9e674b40
[ 24.096970] [<803f3998>] (nand_do_write_ops) from [<803f3f94>] (nand_write+0x68/0x88)
[ 24.104804] r10:00000400 r9:00000000 r8:00580000 r7:9df42800 r6:9dcfdce8 r5:9dcfdc20
[ 24.112719] r4:9e674810
[ 24.115287] [<803f3f2c>] (nand_write) from [<803eb63c>] (part_write+0x48/0x50)
[ 24.122514] r10:9d802000 r9:9dee1000 r8:9df42800 r7:00000000 r6:00000400 r5:00000000
[ 24.130429] r4:00580000
[ 24.132989] [<803eb5f4>] (part_write) from [<803e82ac>] (mtd_write+0x88/0xa0)
[ 24.140129] r5:00000000 r4:803eb5f4
[ 24.143748] [<803e8224>] (mtd_write) from [<80406048>] (ubi_io_write+0x104/0x65c)
[ 24.151235] r7:00000000 r6:00000400 r5:00000000 r4:9dee0000
[ 24.156968] [<80405f44>] (ubi_io_write) from [<804066cc>] (ubi_io_write_ec_hdr+0x12c/0x190)
[ 24.165323] r10:9d802000 r9:9dc8b214 r8:00000000 r7:9d802030 r6:00000000 r5:9dee0000
[ 24.173239] r4:9df42800
[ 24.175798] [<804065a0>] (ubi_io_write_ec_hdr) from [<8040a544>] (ubi_early_get_peb+0x110/0x1f0)
[ 24.184587] r6:9dc8b200 r5:9dee0000 r4:9df42800
[ 24.189262] [<8040a434>] (ubi_early_get_peb) from [<803fb560>] (create_vtbl+0x7c/0x238)
[ 24.197271] r10:9dee0000 r9:9dc8b200 r8:9dc8b200 r7:9dc8b200 r6:00000080 r5:00000000
[ 24.205187] r4:9df42400
[ 24.207746] [<803fb4e4>] (create_vtbl) from [<803fc08c>] (ubi_read_volume_table+0x750/0xa64)
[ 24.216187] r10:8112514c r9:9dc8b200 r8:a0acf000 r7:9dc8b200 r6:00000080 r5:00005600
[ 24.224103] r4:9dee0000
[ 24.226662] [<803fb93c>] (ubi_read_volume_table) from [<8040afa0>] (ubi_attach+0x97c/0x152c)
[ 24.235103] r10:8112514c r9:9dc8b200 r8:00000001 r7:9dee0000 r6:00000065 r5:9dee0000
[ 24.243018] r4:00000000
[ 24.245579] [<8040a624>] (ubi_attach) from [<803ff1bc>] (ubi_attach_mtd_dev+0x630/0xbac)
[ 24.253673] r10:9e7b5400 r9:00001000 r8:9dee1000 r7:9dee0000 r6:00000000 r5:9e7b5400
[ 24.261588] r4:fffff000
[ 24.264148] [<803feb8c>] (ubi_attach_mtd_dev) from [<804008cc>] (ctrl_cdev_ioctl+0xcc/0x1cc)
[ 24.272589] r10:00000000 r9:9dcfc000 r8:00000003 r7:80113e30 r6:9e7b5400 r5:7e87ab70
[ 24.280505] r4:00000000
[ 24.283070] [<80400800>] (ctrl_cdev_ioctl) from [<80113b5c>] (do_vfs_ioctl+0x42c/0x6c4)
[ 24.291077] r6:9dd92140 r5:7e87ab70 r4:9dc193e0
[ 24.295753] [<80113730>] (do_vfs_ioctl) from [<80113e30>] (SyS_ioctl+0x3c/0x64)
[ 24.303066] r10:00000000 r9:9dcfc000 r8:7e87ab70 r7:40186f40 r6:9dd92140 r5:00000003
[ 24.310981] r4:9dd92140
[ 24.313549] [<80113df4>] (SyS_ioctl) from [<8000f9a0>] (ret_fast_syscall+0x0/0x54)
[ 24.321123] r9:9dcfc000 r8:8000fb84 r7:00000036 r6:7e87aea9 r5:7e87ab70 r4:7e87ab70
[ 24.328957] Code: e1c300b0 e1510002 e1a03001 1afffff9 (e89da800)
[ 24.335066] ---[ end trace ab1cb17887f21bbb ]---
[ 24.340249] Unhandled fault: imprecise external abort (0x1c06) at 0x7ee8bcf0
[ 24.347310] pgd = 9df3c000
[ 24.350023] [7ee8bcf0] *pgd=8dcbf831, *pte=8eb3334f, *ppte=8eb3383f
Segmentation fault
Fixes: 35d5d20efad8 ("mtd: mxc_nand: cleanup copy_spare function")
Signed-off-by: Eric Bénard <eric@eukrea.com>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/nand/mxc_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/mxc_nand.c b/drivers/mtd/nand/mxc_nand.c
index 2426db8..f04445b 100644
--- a/drivers/mtd/nand/mxc_nand.c
+++ b/drivers/mtd/nand/mxc_nand.c
@@ -879,7 +879,7 @@ static void copy_spare(struct mtd_info *mtd, bool bfrom)
oob_chunk_size);
/* the last chunk */
- memcpy16_toio(&s[oob_chunk_size * sparebuf_size],
+ memcpy16_toio(&s[i * sparebuf_size],
&d[i * oob_chunk_size],
host->used_oobsize - i * oob_chunk_size);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 002/211] drivers: usb :fsl: Implement Workaround for USB Erratum A007792
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 001/211] mxc_nand: fix copy_spare Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 003/211] drivers: usb: fsl: Workaround for USB erratum-A005275 Kamal Mostafa
` (208 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nikhil Badola, Suresh Gupta, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikhil Badola <nikhil.badola@freescale.com>
commit 523f1dec58408b36e7683a3d61a0286eed1fc1c8 upstream.
USB controller version-2.5 requires to enable internal UTMI
phy and program PTS field in PORTSC register before asserting
controller reset. This is must for successful resetting of the
controller and subsequent enumeration of usb devices
Signed-off-by: Nikhil Badola <nikhil.badola@freescale.com>
Signed-off-by: Suresh Gupta <suresh.gupta@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/ehci-fsl.c | 9 +++++++++
drivers/usb/host/fsl-mph-dr-of.c | 6 ++++++
include/linux/fsl_devices.h | 1 +
3 files changed, 16 insertions(+)
diff --git a/drivers/usb/host/ehci-fsl.c b/drivers/usb/host/ehci-fsl.c
index 5352e74..716aa8b 100644
--- a/drivers/usb/host/ehci-fsl.c
+++ b/drivers/usb/host/ehci-fsl.c
@@ -129,6 +129,15 @@ static int fsl_ehci_drv_probe(struct platform_device *pdev)
if (pdata->have_sysif_regs && pdata->controller_ver < FSL_USB_VER_1_6)
setbits32(hcd->regs + FSL_SOC_USB_CTRL, 0x4);
+ /*
+ * Enable UTMI phy and program PTS field in UTMI mode before asserting
+ * controller reset for USB Controller version 2.5
+ */
+ if (pdata->has_fsl_erratum_a007792) {
+ writel_be(CTRL_UTMI_PHY_EN, hcd->regs + FSL_SOC_USB_CTRL);
+ writel(PORT_PTS_UTMI, hcd->regs + FSL_SOC_USB_PORTSC1);
+ }
+
/* Don't need to set host mode here. It will be done by tdi_reset() */
retval = usb_add_hcd(hcd, irq, IRQF_SHARED);
diff --git a/drivers/usb/host/fsl-mph-dr-of.c b/drivers/usb/host/fsl-mph-dr-of.c
index 5e0d600..2ade376 100644
--- a/drivers/usb/host/fsl-mph-dr-of.c
+++ b/drivers/usb/host/fsl-mph-dr-of.c
@@ -214,6 +214,12 @@ static int fsl_usb2_mph_dr_of_probe(struct platform_device *ofdev)
pdata->phy_mode = determine_usb_phy(prop);
pdata->controller_ver = usb_get_ver_info(np);
+ /* Activate Erratum by reading property in device tree */
+ if (of_get_property(np, "fsl,usb-erratum-a007792", NULL))
+ pdata->has_fsl_erratum_a007792 = 1;
+ else
+ pdata->has_fsl_erratum_a007792 = 0;
+
if (pdata->have_sysif_regs) {
if (pdata->controller_ver < 0) {
dev_warn(&ofdev->dev, "Could not get controller version\n");
diff --git a/include/linux/fsl_devices.h b/include/linux/fsl_devices.h
index 2a2f56b..dfcf101397a 100644
--- a/include/linux/fsl_devices.h
+++ b/include/linux/fsl_devices.h
@@ -93,6 +93,7 @@ struct fsl_usb2_platform_data {
unsigned suspended:1;
unsigned already_suspended:1;
+ unsigned has_fsl_erratum_a007792:1;
/* register save area for suspend/resume */
u32 pm_command;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 003/211] drivers: usb: fsl: Workaround for USB erratum-A005275
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 001/211] mxc_nand: fix copy_spare Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 002/211] drivers: usb :fsl: Implement Workaround for USB Erratum A007792 Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 004/211] x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map Kamal Mostafa
` (207 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ramneek Mehresh, Nikhil Badola, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikhil Badola <nikhil.badola@freescale.com>
commit f8786a91548df6930643a052e40e5c0b7a8403a5 upstream.
Incoming packets in high speed are randomly corrupted by h/w
resulting in multiple errors. This workaround makes FS as
default mode in all affected socs by disabling HS chirp
signalling.This errata does not affect FS and LS mode.
Forces all HS devices to connect in FS mode for all socs
affected by this erratum:
P3041 and P2041 rev 1.0 and 1.1
P5020 and P5010 rev 1.0 and 2.0
P5040, P1010 and T4240 rev 1.0
Signed-off-by: Ramneek Mehresh <ramneek.mehresh@freescale.com>
Signed-off-by: Nikhil Badola <nikhil.badola@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/ehci-fsl.c | 4 ++++
drivers/usb/host/ehci-hub.c | 7 +++++++
drivers/usb/host/ehci.h | 12 ++++++++++++
drivers/usb/host/fsl-mph-dr-of.c | 4 ++++
include/linux/fsl_devices.h | 1 +
5 files changed, 28 insertions(+)
diff --git a/drivers/usb/host/ehci-fsl.c b/drivers/usb/host/ehci-fsl.c
index 716aa8b..358df00 100644
--- a/drivers/usb/host/ehci-fsl.c
+++ b/drivers/usb/host/ehci-fsl.c
@@ -270,6 +270,10 @@ static int ehci_fsl_usb_setup(struct ehci_hcd *ehci)
out_be32(non_ehci + FSL_SOC_USB_SNOOP2, 0x80000000 | SNOOP_SIZE_2GB);
}
+ /* Deal with USB erratum A-005275 */
+ if (pdata->has_fsl_erratum_a005275 == 1)
+ ehci->has_fsl_hs_errata = 1;
+
if ((pdata->operating_mode == FSL_USB2_DR_HOST) ||
(pdata->operating_mode == FSL_USB2_DR_OTG))
if (ehci_fsl_setup_phy(hcd, pdata->phy_mode, 0))
diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c
index 22abb68..086a711 100644
--- a/drivers/usb/host/ehci-hub.c
+++ b/drivers/usb/host/ehci-hub.c
@@ -1221,6 +1221,13 @@ int ehci_hub_control(
*/
ehci->reset_done [wIndex] = jiffies
+ msecs_to_jiffies (50);
+
+ /*
+ * Force full-speed connect for FSL high-speed
+ * erratum; disable HS Chirp by setting PFSC bit
+ */
+ if (ehci_has_fsl_hs_errata(ehci))
+ temp |= (1 << PORTSC_FSL_PFSC);
}
ehci_writel(ehci, temp, status_reg);
break;
diff --git a/drivers/usb/host/ehci.h b/drivers/usb/host/ehci.h
index f700157..46f62e4 100644
--- a/drivers/usb/host/ehci.h
+++ b/drivers/usb/host/ehci.h
@@ -215,6 +215,7 @@ struct ehci_hcd { /* one per controller */
/* SILICON QUIRKS */
unsigned no_selective_suspend:1;
unsigned has_fsl_port_bug:1; /* FreeScale */
+ unsigned has_fsl_hs_errata:1; /* Freescale HS quirk */
unsigned big_endian_mmio:1;
unsigned big_endian_desc:1;
unsigned big_endian_capbase:1;
@@ -686,6 +687,17 @@ ehci_port_speed(struct ehci_hcd *ehci, unsigned int portsc)
#define ehci_has_fsl_portno_bug(e) (0)
#endif
+#define PORTSC_FSL_PFSC 24 /* Port Force Full-Speed Connect */
+
+#if defined(CONFIG_PPC_85xx)
+/* Some Freescale processors have an erratum (USB A-005275) in which
+ * incoming packets get corrupted in HS mode
+ */
+#define ehci_has_fsl_hs_errata(e) ((e)->has_fsl_hs_errata)
+#else
+#define ehci_has_fsl_hs_errata(e) (0)
+#endif
+
/*
* While most USB host controllers implement their registers in
* little-endian format, a minority (celleb companion chip) implement
diff --git a/drivers/usb/host/fsl-mph-dr-of.c b/drivers/usb/host/fsl-mph-dr-of.c
index 2ade376..56cca8f 100644
--- a/drivers/usb/host/fsl-mph-dr-of.c
+++ b/drivers/usb/host/fsl-mph-dr-of.c
@@ -219,6 +219,10 @@ static int fsl_usb2_mph_dr_of_probe(struct platform_device *ofdev)
pdata->has_fsl_erratum_a007792 = 1;
else
pdata->has_fsl_erratum_a007792 = 0;
+ if (of_get_property(np, "fsl,usb-erratum-a005275", NULL))
+ pdata->has_fsl_erratum_a005275 = 1;
+ else
+ pdata->has_fsl_erratum_a005275 = 0;
if (pdata->have_sysif_regs) {
if (pdata->controller_ver < 0) {
diff --git a/include/linux/fsl_devices.h b/include/linux/fsl_devices.h
index dfcf101397a..1266031 100644
--- a/include/linux/fsl_devices.h
+++ b/include/linux/fsl_devices.h
@@ -94,6 +94,7 @@ struct fsl_usb2_platform_data {
unsigned suspended:1;
unsigned already_suspended:1;
unsigned has_fsl_erratum_a007792:1;
+ unsigned has_fsl_erratum_a005275:1;
/* register save area for suspend/resume */
u32 pm_command;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 004/211] x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (2 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 003/211] drivers: usb: fsl: Workaround for USB erratum-A005275 Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 005/211] drm/radeon: add quirk for MSI R7 370 Kamal Mostafa
` (206 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Malcolm Crossley, David Vrabel, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Malcolm Crossley <malcolm.crossley@citrix.com>
commit 64c98e7f49100b637cd20a6c63508caed6bbba7a upstream.
Sanitizing the e820 map may produce extra E820 entries which would result in
the topmost E820 entries being removed. The removed entries would typically
include the top E820 usable RAM region and thus result in the domain having
signicantly less RAM available to it.
Fix by allowing sanitize_e820_map to use the full size of the allocated E820
array.
Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
[ kamal: backport to 3.19-stable: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/xen/setup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
index 55f388e..de7a8d7 100644
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -612,7 +612,7 @@ char * __init xen_memory_setup(void)
xen_ignore_unusable(map, memmap.nr_entries);
/* Make sure the Xen-supplied memory map is well-ordered. */
- sanitize_e820_map(map, memmap.nr_entries, &memmap.nr_entries);
+ sanitize_e820_map(map, ARRAY_SIZE(map), &memmap.nr_entries);
max_pages = xen_get_max_pages();
if (max_pages > max_pfn)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 005/211] drm/radeon: add quirk for MSI R7 370
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (3 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 004/211] x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 006/211] drm/radeon: add quirk for ASUS " Kamal Mostafa
` (205 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Maxim Sheviakov, Alex Deucher, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxim Sheviakov <mrader3940@yandex.ru>
commit e78654799135a788a941bacad3452fbd7083e518 upstream.
Just adds the quirk for MSI R7 370 Armor 2X
Bug:
https://bugs.freedesktop.org/show_bug.cgi?id=91294
Signed-off-by: Maxim Sheviakov <mrader3940@yandex.ru>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/si_dpm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
index 787cd8f..e9115d3 100644
--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -2927,6 +2927,7 @@ static struct si_dpm_quirk si_dpm_quirk_list[] = {
{ PCI_VENDOR_ID_ATI, 0x6810, 0x1462, 0x3036, 0, 120000 },
{ PCI_VENDOR_ID_ATI, 0x6811, 0x174b, 0xe271, 0, 120000 },
{ PCI_VENDOR_ID_ATI, 0x6810, 0x174b, 0xe271, 85000, 90000 },
+ { PCI_VENDOR_ID_ATI, 0x6811, 0x1762, 0x2015, 0, 120000 },
{ 0, 0, 0, 0 },
};
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 006/211] drm/radeon: add quirk for ASUS R7 370
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (4 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 005/211] drm/radeon: add quirk for MSI R7 370 Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 007/211] drm/radeon: fix quirk for MSI R7 370 Armor 2X Kamal Mostafa
` (204 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 2b02ec79004388a8c65e227bc289ed891b5ac8c6 upstream.
Bug:
https://bugs.freedesktop.org/show_bug.cgi?id=92260
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/si_dpm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
index e9115d3..e72bf46 100644
--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -2928,6 +2928,7 @@ static struct si_dpm_quirk si_dpm_quirk_list[] = {
{ PCI_VENDOR_ID_ATI, 0x6811, 0x174b, 0xe271, 0, 120000 },
{ PCI_VENDOR_ID_ATI, 0x6810, 0x174b, 0xe271, 85000, 90000 },
{ PCI_VENDOR_ID_ATI, 0x6811, 0x1762, 0x2015, 0, 120000 },
+ { PCI_VENDOR_ID_ATI, 0x6811, 0x1043, 0x2015, 0, 120000 },
{ 0, 0, 0, 0 },
};
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 007/211] drm/radeon: fix quirk for MSI R7 370 Armor 2X
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (5 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 006/211] drm/radeon: add quirk for ASUS " Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 008/211] cxl: Fix number of allocated pages in SPA Kamal Mostafa
` (203 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Maxim Sheviakov, Alex Deucher, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxim Sheviakov <mrader3940@yandex.ru>
commit 515c752dabee9945c1e8686c87f7cdeb3935eea4 upstream.
There was a typo in the original.
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=92865
Signed-off-by: Maxim Sheviakov <mrader3940@yandex.ru>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/si_dpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
index e72bf46..a82b891 100644
--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -2927,7 +2927,7 @@ static struct si_dpm_quirk si_dpm_quirk_list[] = {
{ PCI_VENDOR_ID_ATI, 0x6810, 0x1462, 0x3036, 0, 120000 },
{ PCI_VENDOR_ID_ATI, 0x6811, 0x174b, 0xe271, 0, 120000 },
{ PCI_VENDOR_ID_ATI, 0x6810, 0x174b, 0xe271, 85000, 90000 },
- { PCI_VENDOR_ID_ATI, 0x6811, 0x1762, 0x2015, 0, 120000 },
+ { PCI_VENDOR_ID_ATI, 0x6811, 0x1462, 0x2015, 0, 120000 },
{ PCI_VENDOR_ID_ATI, 0x6811, 0x1043, 0x2015, 0, 120000 },
{ 0, 0, 0, 0 },
};
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 008/211] cxl: Fix number of allocated pages in SPA
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (6 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 007/211] drm/radeon: fix quirk for MSI R7 370 Armor 2X Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD Kamal Mostafa
` (202 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christophe Lombard, Ian Munsie, Michael Ellerman, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Lombard <clombard@linux.vnet.ibm.com>
commit 4108efb02daa09cbb5db048ada55a5b021b5183d upstream.
The scheduled process area is currently allocated before assigning the
correct maximum processes to the AFU, which will mean we only ever
allocate a fixed number of pages for the scheduled process area. This
will limit us to 958 processes with 2 x 64K pages. If we try to use more
processes than that we'd probably overrun the buffer and corrupt memory
or crash.
AFUs that require three or more interrupts per process will not be
affected as they are already limited to less processes than that, but we
could hit it on an AFU that requires 0, 1 or 2 interrupts per process,
or when using 4K pages.
This patch moves the initialisation of the num_procs to before the SPA
allocation so that enough pages will be allocated for the number of
processes that the AFU supports.
Signed-off-by: Christophe Lombard <clombard@linux.vnet.ibm.com>
Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
[ kamal: backport to 4.2-stable: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/misc/cxl/native.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/cxl/native.c b/drivers/misc/cxl/native.c
index 10567f2..8339eb2 100644
--- a/drivers/misc/cxl/native.c
+++ b/drivers/misc/cxl/native.c
@@ -397,6 +397,7 @@ static int activate_afu_directed(struct cxl_afu *afu)
dev_info(&afu->dev, "Activating AFU directed mode\n");
+ afu->num_procs = afu->max_procs_virtualised;
if (alloc_spa(afu))
return -ENOMEM;
@@ -405,7 +406,6 @@ static int activate_afu_directed(struct cxl_afu *afu)
cxl_p1n_write(afu, CXL_PSL_ID_An, CXL_PSL_ID_An_F | CXL_PSL_ID_An_L);
afu->current_mode = CXL_MODE_DIRECTED;
- afu->num_procs = afu->max_procs_virtualised;
if ((rc = cxl_chardev_m_afu_add(afu)))
return rc;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (7 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 008/211] cxl: Fix number of allocated pages in SPA Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-06 17:05 ` Ben Hutchings
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 010/211] pinctrl: single: dra7: remove PCS_QUIRK_SHARED_IRQ Kamal Mostafa
` (201 subsequent siblings)
210 siblings, 1 reply; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mathias Nyman, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit e210c422b6fdd2dc123bedc588f399aefd8bf9de upstream.
If the difference is big enough between the bytes asked and received
in a bulk transfer we can get a short transfer event pointing to a TRB in
the middle of the TD. We don't want to handle the TD yet as we will anyway
receive a new event for the last TRB in the TD.
Hold off from finishing the TD and removing it from the list until we
receive an event for the last TRB in the TD
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ kamal: backport to 4.2-stable: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/xhci-ring.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 63041c1..d08d1f1 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -2156,6 +2156,10 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)));
/* Fast path - was this the last TRB in the TD for this URB? */
if (event_trb == td->last_trb) {
+ if (td->urb_length_set && trb_comp_code == COMP_SHORT_TX)
+ return finish_td(xhci, td, event_trb, event, ep,
+ status, false);
+
if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) {
td->urb->actual_length =
td->urb->transfer_buffer_length -
@@ -2207,6 +2211,12 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
td->urb->actual_length +=
TRB_LEN(le32_to_cpu(cur_trb->generic.field[2])) -
EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
+
+ if (trb_comp_code == COMP_SHORT_TX) {
+ xhci_dbg(xhci, "mid bulk/intr SP, wait for last TRB event\n");
+ td->urb_length_set = true;
+ return 0;
+ }
}
return finish_td(xhci, td, event_trb, event, ep, status, false);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 010/211] pinctrl: single: dra7: remove PCS_QUIRK_SHARED_IRQ
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (8 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 011/211] net: bcmgenet: Use correct dev_id for free_irq Kamal Mostafa
` (200 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nishanth Menon, Grygorii Strashko, Linus Walleij, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Grygorii Strashko <grygorii.strashko@ti.com>
commit 6417049f662d85a6f3a6b7cb8bc98bae3edae0a4 upstream.
On DRA7 there is one pinctrl domain (dra7_pmx_core) and
PRCM wake-up IRQ is not shared, so remove quirk.
Cc: Nishanth Menon <nm@ti.com>
Fixes: 31320beaa3d3 ('pinctrl: single: Add DRA7 pinctrl compatibility')
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Tero Kristo <t-kristo@ti.com>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/pinctrl/pinctrl-single.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index 0b8d480..9b24b343 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -1983,7 +1983,6 @@ static const struct pcs_soc_data pinctrl_single_omap_wkup = {
};
static const struct pcs_soc_data pinctrl_single_dra7 = {
- .flags = PCS_QUIRK_SHARED_IRQ,
.irq_enable_mask = (1 << 24), /* WAKEUPENABLE */
.irq_status_mask = (1 << 25), /* WAKEUPEVENT */
};
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 011/211] net: bcmgenet: Use correct dev_id for free_irq
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (9 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 010/211] pinctrl: single: dra7: remove PCS_QUIRK_SHARED_IRQ Kamal Mostafa
@ 2016-01-05 19:41 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 012/211] net: bcmgenet: Delay PHY initialization to bcmgenet_open() Kamal Mostafa
` (199 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:41 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Florian Fainelli, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <f.fainelli@gmail.com>
commit 978ffac4189e8bb7e74bce6463e501a7b92555af upstream.
bcmgenet_open()'s error path call free_irq() with a dev_id argument
different from the one we used to call request_irq() with, this will
make us trip over the warning in kernel/irq/manage.c:__free_irq()
Fixes: 1c1008c793fa4 ("net: bcmgenet: add main driver file")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
index 09ff09f..f7bdbc5 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -2714,7 +2714,7 @@ static int bcmgenet_open(struct net_device *dev)
return 0;
err_irq0:
- free_irq(priv->irq0, dev);
+ free_irq(priv->irq0, priv);
err_fini_dma:
bcmgenet_fini_dma(priv);
err_clk_disable:
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 012/211] net: bcmgenet: Delay PHY initialization to bcmgenet_open()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (10 preceding siblings ...)
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 011/211] net: bcmgenet: Use correct dev_id for free_irq Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 013/211] bridge: fix netlink max attr size Kamal Mostafa
` (198 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Florian Fainelli, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <f.fainelli@gmail.com>
commit 6cc8e6d4dcb3651eea9b01db3e195fffb19fb24f upstream.
We are currently doing a full PHY initialization and even starting the
pHY state machine during bcmgenet_mii_init() which is executed in the
driver's probe function. This is convenient to determine whether we can
attach to a proper PHY device but comes at the expense of spending up to
10ms per MDIO transactions (to reach the waitqueue timeout), which slows
things down.
This also creates a sitaution where we end-up attaching twice to the
PHY, which is not quite correct either.
Fix this by moving bcmgenet_mii_probe() into bcmgenet_open() and update
its error path accordingly.
Avoid printing the message "attached PHY at address 1 [...]" every time
we bring up/down the interface and remove this print since it duplicates
what the PHY driver already does for us.
Fixes: 1c1008c793fa4 ("net: bcmgenet: add main driver file")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++----
drivers/net/ethernet/broadcom/genet/bcmgenet.h | 1 +
drivers/net/ethernet/broadcom/genet/bcmmii.c | 37 +++++++++-----------------
3 files changed, 20 insertions(+), 30 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
index f7bdbc5..93b673b 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -2703,16 +2703,18 @@ static int bcmgenet_open(struct net_device *dev)
goto err_irq0;
}
- /* Re-configure the port multiplexer towards the PHY device */
- bcmgenet_mii_config(priv->dev, false);
-
- phy_connect_direct(dev, priv->phydev, bcmgenet_mii_setup,
- priv->phy_interface);
+ ret = bcmgenet_mii_probe(dev);
+ if (ret) {
+ netdev_err(dev, "failed to connect to PHY\n");
+ goto err_irq1;
+ }
bcmgenet_netif_start(dev);
return 0;
+err_irq1:
+ free_irq(priv->irq1, priv);
err_irq0:
free_irq(priv->irq0, priv);
err_fini_dma:
diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h
index 6159dea..fc6893b 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h
@@ -671,6 +671,7 @@ GENET_IO_MACRO(rbuf, GENET_RBUF_OFF);
/* MDIO routines */
int bcmgenet_mii_init(struct net_device *dev);
int bcmgenet_mii_config(struct net_device *dev, bool init);
+int bcmgenet_mii_probe(struct net_device *dev);
void bcmgenet_mii_exit(struct net_device *dev);
void bcmgenet_mii_reset(struct net_device *dev);
void bcmgenet_phy_power_set(struct net_device *dev, bool enable);
diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c
index adf23d2..42bdff1 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
@@ -327,7 +327,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init)
return 0;
}
-static int bcmgenet_mii_probe(struct net_device *dev)
+int bcmgenet_mii_probe(struct net_device *dev)
{
struct bcmgenet_priv *priv = netdev_priv(dev);
struct device_node *dn = priv->pdev->dev.of_node;
@@ -345,22 +345,6 @@ static int bcmgenet_mii_probe(struct net_device *dev)
priv->old_pause = -1;
if (dn) {
- if (priv->phydev) {
- pr_info("PHY already attached\n");
- return 0;
- }
-
- /* In the case of a fixed PHY, the DT node associated
- * to the PHY is the Ethernet MAC DT node.
- */
- if (!priv->phy_dn && of_phy_is_fixed_link(dn)) {
- ret = of_phy_register_fixed_link(dn);
- if (ret)
- return ret;
-
- priv->phy_dn = of_node_get(dn);
- }
-
phydev = of_phy_connect(dev, priv->phy_dn, bcmgenet_mii_setup,
phy_flags, priv->phy_interface);
if (!phydev) {
@@ -402,9 +386,6 @@ static int bcmgenet_mii_probe(struct net_device *dev)
else
priv->mii_bus->irq[phydev->addr] = PHY_POLL;
- pr_info("attached PHY at address %d [%s]\n",
- phydev->addr, phydev->drv->name);
-
return 0;
}
@@ -513,6 +494,17 @@ static int bcmgenet_mii_of_init(struct bcmgenet_priv *priv)
/* Fetch the PHY phandle */
priv->phy_dn = of_parse_phandle(dn, "phy-handle", 0);
+ /* In the case of a fixed PHY, the DT node associated
+ * to the PHY is the Ethernet MAC DT node.
+ */
+ if (!priv->phy_dn && of_phy_is_fixed_link(dn)) {
+ ret = of_phy_register_fixed_link(dn);
+ if (ret)
+ return ret;
+
+ priv->phy_dn = of_node_get(dn);
+ }
+
/* Get the link mode */
priv->phy_interface = of_get_phy_mode(dn);
@@ -615,10 +607,6 @@ int bcmgenet_mii_init(struct net_device *dev)
ret = bcmgenet_mii_bus_init(priv);
if (ret)
- goto out_free;
-
- ret = bcmgenet_mii_probe(dev);
- if (ret)
goto out;
return 0;
@@ -626,7 +614,6 @@ int bcmgenet_mii_init(struct net_device *dev)
out:
of_node_put(priv->phy_dn);
mdiobus_unregister(priv->mii_bus);
-out_free:
kfree(priv->mii_bus->irq);
mdiobus_free(priv->mii_bus);
return ret;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 013/211] bridge: fix netlink max attr size
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (11 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 012/211] net: bcmgenet: Delay PHY initialization to bcmgenet_open() Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 014/211] ASoC: spear_pcm: Use devm_snd_dmaengine_pcm_register to fix resource leak Kamal Mostafa
` (197 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Scott Feldman, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Scott Feldman <sfeldma@gmail.com>
commit eb4cb85180cd3baee4a01fd32e296fc28c2cffc1 upstream.
.maxtype should match .policy. Probably just been getting lucky here
because IFLA_BRPORT_MAX > IFLA_BR_MAX.
Fixes: 13323516 ("bridge: implement rtnl_link_ops->changelink")
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/bridge/br_netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 4d74a06..b72be49 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -839,7 +839,7 @@ struct rtnl_link_ops br_link_ops __read_mostly = {
.kind = "bridge",
.priv_size = sizeof(struct net_bridge),
.setup = br_dev_setup,
- .maxtype = IFLA_BRPORT_MAX,
+ .maxtype = IFLA_BR_MAX,
.policy = br_policy,
.validate = br_validate,
.newlink = br_dev_newlink,
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 014/211] ASoC: spear_pcm: Use devm_snd_dmaengine_pcm_register to fix resource leak
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (12 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 013/211] bridge: fix netlink max attr size Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 015/211] task_work: remove fifo ordering guarantee Kamal Mostafa
` (196 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Mark Brown, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit 2c3f4b97eea5ce405baf2591715445da6ed05851 upstream.
All the callers assume devm_spear_pcm_platform_register is a devm_ API, so
use devm_snd_dmaengine_pcm_register in devm_spear_pcm_platform_register.
Fixes: e1771bcf99b0 ("ASoC: SPEAr: remove custom DMA alloc compat function")
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/spear/spear_pcm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/spear/spear_pcm.c b/sound/soc/spear/spear_pcm.c
index a7dc3c5..e8476da 100644
--- a/sound/soc/spear/spear_pcm.c
+++ b/sound/soc/spear/spear_pcm.c
@@ -44,7 +44,7 @@ int devm_spear_pcm_platform_register(struct device *dev,
*config = spear_dmaengine_pcm_config;
config->compat_filter_fn = filter;
- return snd_dmaengine_pcm_register(dev, config,
+ return devm_snd_dmaengine_pcm_register(dev, config,
SND_DMAENGINE_PCM_FLAG_NO_DT |
SND_DMAENGINE_PCM_FLAG_COMPAT);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 015/211] task_work: remove fifo ordering guarantee
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (13 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 014/211] ASoC: spear_pcm: Use devm_snd_dmaengine_pcm_register to fix resource leak Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 016/211] ebpf: fix fd refcount leaks related to maps in bpf syscall Kamal Mostafa
` (195 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Linus Torvalds, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit c82199061009d1561e31e17fca5e47a87cb7ff4c upstream.
In commit f341861fb0b ("task_work: add a scheduling point in
task_work_run()") I fixed a latency problem adding a cond_resched()
call.
Later, commit ac3d0da8f329 added yet another loop to reverse a list,
bringing back the latency spike :
I've seen in some cases this loop taking 275 ms, if for example a
process with 2,000,000 files is killed.
We could add yet another cond_resched() in the reverse loop, or we
can simply remove the reversal, as I do not think anything
would depend on order of task_work_add() submitted works.
Fixes: ac3d0da8f329 ("task_work: Make task_work_add() lockless")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Maciej Żenczykowski <maze@google.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/task_work.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/kernel/task_work.c b/kernel/task_work.c
index 8727032..53fa971 100644
--- a/kernel/task_work.c
+++ b/kernel/task_work.c
@@ -18,6 +18,8 @@ static struct callback_head work_exited; /* all we need is ->next == NULL */
* This is like the signal handler which runs in kernel mode, but it doesn't
* try to wake up the @task.
*
+ * Note: there is no ordering guarantee on works queued here.
+ *
* RETURNS:
* 0 if succeeds or -ESRCH.
*/
@@ -108,16 +110,6 @@ void task_work_run(void)
raw_spin_unlock_wait(&task->pi_lock);
smp_mb();
- /* Reverse the list to run the works in fifo order */
- head = NULL;
- do {
- next = work->next;
- work->next = head;
- head = work;
- work = next;
- } while (work);
-
- work = head;
do {
next = work->next;
work->func(work);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 016/211] ebpf: fix fd refcount leaks related to maps in bpf syscall
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (14 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 015/211] task_work: remove fifo ordering guarantee Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` Kamal Mostafa
` (194 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Borkmann, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <daniel@iogearbox.net>
commit 592867bfabe2fcb449393ba7eb0de4f972a08c63 upstream.
We may already have gotten a proper fd struct through fdget(), so
whenever we return at the end of an map operation, we need to call
fdput(). However, each map operation from syscall side first probes
CHECK_ATTR() to verify that unused fields in the bpf_attr union are
zero.
In case of malformed input, we return with error, but the lookup to
the map_fd was already performed at that time, so that we return
without an corresponding fdput(). Fix it by performing an fdget()
only right before bpf_map_get(). The fdget() invocation on maps in
the verifier is not affected.
Fixes: db20fd2b0108 ("bpf: add lookup/update/delete/iterate methods to BPF maps")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/bpf/syscall.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index a1b14d1..57d4f28 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -155,14 +155,15 @@ static int map_lookup_elem(union bpf_attr *attr)
void __user *ukey = u64_to_ptr(attr->key);
void __user *uvalue = u64_to_ptr(attr->value);
int ufd = attr->map_fd;
- struct fd f = fdget(ufd);
struct bpf_map *map;
void *key, *value, *ptr;
+ struct fd f;
int err;
if (CHECK_ATTR(BPF_MAP_LOOKUP_ELEM))
return -EINVAL;
+ f = fdget(ufd);
map = bpf_map_get(f);
if (IS_ERR(map))
return PTR_ERR(map);
@@ -213,14 +214,15 @@ static int map_update_elem(union bpf_attr *attr)
void __user *ukey = u64_to_ptr(attr->key);
void __user *uvalue = u64_to_ptr(attr->value);
int ufd = attr->map_fd;
- struct fd f = fdget(ufd);
struct bpf_map *map;
void *key, *value;
+ struct fd f;
int err;
if (CHECK_ATTR(BPF_MAP_UPDATE_ELEM))
return -EINVAL;
+ f = fdget(ufd);
map = bpf_map_get(f);
if (IS_ERR(map))
return PTR_ERR(map);
@@ -265,14 +267,15 @@ static int map_delete_elem(union bpf_attr *attr)
{
void __user *ukey = u64_to_ptr(attr->key);
int ufd = attr->map_fd;
- struct fd f = fdget(ufd);
struct bpf_map *map;
+ struct fd f;
void *key;
int err;
if (CHECK_ATTR(BPF_MAP_DELETE_ELEM))
return -EINVAL;
+ f = fdget(ufd);
map = bpf_map_get(f);
if (IS_ERR(map))
return PTR_ERR(map);
@@ -305,14 +308,15 @@ static int map_get_next_key(union bpf_attr *attr)
void __user *ukey = u64_to_ptr(attr->key);
void __user *unext_key = u64_to_ptr(attr->next_key);
int ufd = attr->map_fd;
- struct fd f = fdget(ufd);
struct bpf_map *map;
void *key, *next_key;
+ struct fd f;
int err;
if (CHECK_ATTR(BPF_MAP_GET_NEXT_KEY))
return -EINVAL;
+ f = fdget(ufd);
map = bpf_map_get(f);
if (IS_ERR(map))
return PTR_ERR(map);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 017/211] netlink, mmap: fix edge-case leakages in nf queue zero-copy
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 002/211] drivers: usb :fsl: Implement Workaround for USB Erratum A007792 Kamal Mostafa
` (209 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Borkmann, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <daniel@iogearbox.net>
commit 6bb0fef489f667cf701853054f44579754f00a06 upstream.
When netlink mmap on receive side is the consumer of nf queue data,
it can happen that in some edge cases, we write skb shared info into
the user space mmap buffer:
Assume a possible rx ring frame size of only 4096, and the network skb,
which is being zero-copied into the netlink skb, contains page frags
with an overall skb->len larger than the linear part of the netlink
skb.
skb_zerocopy(), which is generic and thus not aware of the fact that
shared info cannot be accessed for such skbs then tries to write and
fill frags, thus leaking kernel data/pointers and in some corner cases
possibly writing out of bounds of the mmap area (when filling the
last slot in the ring buffer this way).
I.e. the ring buffer slot is then of status NL_MMAP_STATUS_VALID, has
an advertised length larger than 4096, where the linear part is visible
at the slot beginning, and the leaked sizeof(struct skb_shared_info)
has been written to the beginning of the next slot (also corrupting
the struct nl_mmap_hdr slot header incl. status etc), since skb->end
points to skb->data + ring->frame_size - NL_MMAP_HDRLEN.
The fix adds and lets __netlink_alloc_skb() take the actual needed
linear room for the network skb + meta data into account. It's completely
irrelevant for non-mmaped netlink sockets, but in case mmap sockets
are used, it can be decided whether the available skb_tailroom() is
really large enough for the buffer, or whether it needs to internally
fallback to a normal alloc_skb().
>From nf queue side, the information whether the destination port is
an mmap RX ring is not really available without extra port-to-socket
lookup, thus it can only be determined in lower layers i.e. when
__netlink_alloc_skb() is called that checks internally for this. I
chose to add the extra ldiff parameter as mmap will then still work:
We have data_len and hlen in nfqnl_build_packet_message(), data_len
is the full length (capped at queue->copy_range) for skb_zerocopy()
and hlen some possible part of data_len that needs to be copied; the
rem_len variable indicates the needed remaining linear mmap space.
The only other workaround in nf queue internally would be after
allocation time by f.e. cap'ing the data_len to the skb_tailroom()
iff we deal with an mmap skb, but that would 1) expose the fact that
we use a mmap skb to upper layers, and 2) trim the skb where we
otherwise could just have moved the full skb into the normal receive
queue.
After the patch, in my test case the ring slot doesn't fit and therefore
shows NL_MMAP_STATUS_COPY, where a full skb carries all the data and
thus needs to be picked up via recv().
Fixes: 3ab1f683bf8b ("nfnetlink: add support for memory mapped netlink")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/netlink.h | 13 +++++++++++--
net/netfilter/nfnetlink_queue_core.c | 5 +++--
net/netlink/af_netlink.c | 18 ++++++++++++------
3 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index 9120edb..639e9b8 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -68,8 +68,17 @@ extern int netlink_change_ngroups(struct sock *sk, unsigned int groups);
extern void __netlink_clear_multicast_users(struct sock *sk, unsigned int group);
extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err);
extern int netlink_has_listeners(struct sock *sk, unsigned int group);
-extern struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
- u32 dst_portid, gfp_t gfp_mask);
+
+extern struct sk_buff *__netlink_alloc_skb(struct sock *ssk, unsigned int size,
+ unsigned int ldiff, u32 dst_portid,
+ gfp_t gfp_mask);
+static inline struct sk_buff *
+netlink_alloc_skb(struct sock *ssk, unsigned int size, u32 dst_portid,
+ gfp_t gfp_mask)
+{
+ return __netlink_alloc_skb(ssk, size, 0, dst_portid, gfp_mask);
+}
+
extern int netlink_unicast(struct sock *ssk, struct sk_buff *skb, __u32 portid, int nonblock);
extern int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, __u32 portid,
__u32 group, gfp_t allocation);
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 685cc6a..a5cd6d9 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -301,7 +301,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
__be32 **packet_id_ptr)
{
size_t size;
- size_t data_len = 0, cap_len = 0;
+ size_t data_len = 0, cap_len = 0, rem_len = 0;
unsigned int hlen = 0;
struct sk_buff *skb;
struct nlattr *nla;
@@ -360,6 +360,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
hlen = min_t(unsigned int, hlen, data_len);
size += sizeof(struct nlattr) + hlen;
cap_len = entskb->len;
+ rem_len = data_len - hlen;
break;
}
@@ -377,7 +378,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
size += nla_total_size(seclen);
}
- skb = nfnetlink_alloc_skb(net, size, queue->peer_portid,
+ skb = __netlink_alloc_skb(net->nfnl, size, rem_len, queue->peer_portid,
GFP_ATOMIC);
if (!skb) {
skb_tx_error(entskb);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 8b158f7..a7fc3d4 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1864,15 +1864,16 @@ retry:
}
EXPORT_SYMBOL(netlink_unicast);
-struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
- u32 dst_portid, gfp_t gfp_mask)
+struct sk_buff *__netlink_alloc_skb(struct sock *ssk, unsigned int size,
+ unsigned int ldiff, u32 dst_portid,
+ gfp_t gfp_mask)
{
#ifdef CONFIG_NETLINK_MMAP
+ unsigned int maxlen, linear_size;
struct sock *sk = NULL;
struct sk_buff *skb;
struct netlink_ring *ring;
struct nl_mmap_hdr *hdr;
- unsigned int maxlen;
sk = netlink_getsockbyportid(ssk, dst_portid);
if (IS_ERR(sk))
@@ -1883,7 +1884,11 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
if (ring->pg_vec == NULL)
goto out_put;
- if (ring->frame_size - NL_MMAP_HDRLEN < size)
+ /* We need to account the full linear size needed as a ring
+ * slot cannot have non-linear parts.
+ */
+ linear_size = size + ldiff;
+ if (ring->frame_size - NL_MMAP_HDRLEN < linear_size)
goto out_put;
skb = alloc_skb_head(gfp_mask);
@@ -1897,13 +1902,14 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
/* check again under lock */
maxlen = ring->frame_size - NL_MMAP_HDRLEN;
- if (maxlen < size)
+ if (maxlen < linear_size)
goto out_free;
netlink_forward_ring(ring);
hdr = netlink_current_frame(ring, NL_MMAP_STATUS_UNUSED);
if (hdr == NULL)
goto err2;
+
netlink_ring_setup_skb(skb, sk, ring, hdr);
netlink_set_status(hdr, NL_MMAP_STATUS_RESERVED);
atomic_inc(&ring->pending);
@@ -1929,7 +1935,7 @@ out:
#endif
return alloc_skb(size, gfp_mask);
}
-EXPORT_SYMBOL_GPL(netlink_alloc_skb);
+EXPORT_SYMBOL_GPL(__netlink_alloc_skb);
int netlink_has_listeners(struct sock *sk, unsigned int group)
{
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 017/211] netlink, mmap: fix edge-case leakages in nf queue zero-copy
@ 2016-01-05 19:42 ` Kamal Mostafa
0 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Borkmann, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <daniel@iogearbox.net>
commit 6bb0fef489f667cf701853054f44579754f00a06 upstream.
When netlink mmap on receive side is the consumer of nf queue data,
it can happen that in some edge cases, we write skb shared info into
the user space mmap buffer:
Assume a possible rx ring frame size of only 4096, and the network skb,
which is being zero-copied into the netlink skb, contains page frags
with an overall skb->len larger than the linear part of the netlink
skb.
skb_zerocopy(), which is generic and thus not aware of the fact that
shared info cannot be accessed for such skbs then tries to write and
fill frags, thus leaking kernel data/pointers and in some corner cases
possibly writing out of bounds of the mmap area (when filling the
last slot in the ring buffer this way).
I.e. the ring buffer slot is then of status NL_MMAP_STATUS_VALID, has
an advertised length larger than 4096, where the linear part is visible
at the slot beginning, and the leaked sizeof(struct skb_shared_info)
has been written to the beginning of the next slot (also corrupting
the struct nl_mmap_hdr slot header incl. status etc), since skb->end
points to skb->data + ring->frame_size - NL_MMAP_HDRLEN.
The fix adds and lets __netlink_alloc_skb() take the actual needed
linear room for the network skb + meta data into account. It's completely
irrelevant for non-mmaped netlink sockets, but in case mmap sockets
are used, it can be decided whether the available skb_tailroom() is
really large enough for the buffer, or whether it needs to internally
fallback to a normal alloc_skb().
>>From nf queue side, the information whether the destination port is
an mmap RX ring is not really available without extra port-to-socket
lookup, thus it can only be determined in lower layers i.e. when
__netlink_alloc_skb() is called that checks internally for this. I
chose to add the extra ldiff parameter as mmap will then still work:
We have data_len and hlen in nfqnl_build_packet_message(), data_len
is the full length (capped at queue->copy_range) for skb_zerocopy()
and hlen some possible part of data_len that needs to be copied; the
rem_len variable indicates the needed remaining linear mmap space.
The only other workaround in nf queue internally would be after
allocation time by f.e. cap'ing the data_len to the skb_tailroom()
iff we deal with an mmap skb, but that would 1) expose the fact that
we use a mmap skb to upper layers, and 2) trim the skb where we
otherwise could just have moved the full skb into the normal receive
queue.
After the patch, in my test case the ring slot doesn't fit and therefore
shows NL_MMAP_STATUS_COPY, where a full skb carries all the data and
thus needs to be picked up via recv().
Fixes: 3ab1f683bf8b ("nfnetlink: add support for memory mapped netlink")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/netlink.h | 13 +++++++++++--
net/netfilter/nfnetlink_queue_core.c | 5 +++--
net/netlink/af_netlink.c | 18 ++++++++++++------
3 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index 9120edb..639e9b8 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -68,8 +68,17 @@ extern int netlink_change_ngroups(struct sock *sk, unsigned int groups);
extern void __netlink_clear_multicast_users(struct sock *sk, unsigned int group);
extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err);
extern int netlink_has_listeners(struct sock *sk, unsigned int group);
-extern struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
- u32 dst_portid, gfp_t gfp_mask);
+
+extern struct sk_buff *__netlink_alloc_skb(struct sock *ssk, unsigned int size,
+ unsigned int ldiff, u32 dst_portid,
+ gfp_t gfp_mask);
+static inline struct sk_buff *
+netlink_alloc_skb(struct sock *ssk, unsigned int size, u32 dst_portid,
+ gfp_t gfp_mask)
+{
+ return __netlink_alloc_skb(ssk, size, 0, dst_portid, gfp_mask);
+}
+
extern int netlink_unicast(struct sock *ssk, struct sk_buff *skb, __u32 portid, int nonblock);
extern int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, __u32 portid,
__u32 group, gfp_t allocation);
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 685cc6a..a5cd6d9 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -301,7 +301,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
__be32 **packet_id_ptr)
{
size_t size;
- size_t data_len = 0, cap_len = 0;
+ size_t data_len = 0, cap_len = 0, rem_len = 0;
unsigned int hlen = 0;
struct sk_buff *skb;
struct nlattr *nla;
@@ -360,6 +360,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
hlen = min_t(unsigned int, hlen, data_len);
size += sizeof(struct nlattr) + hlen;
cap_len = entskb->len;
+ rem_len = data_len - hlen;
break;
}
@@ -377,7 +378,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
size += nla_total_size(seclen);
}
- skb = nfnetlink_alloc_skb(net, size, queue->peer_portid,
+ skb = __netlink_alloc_skb(net->nfnl, size, rem_len, queue->peer_portid,
GFP_ATOMIC);
if (!skb) {
skb_tx_error(entskb);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 8b158f7..a7fc3d4 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1864,15 +1864,16 @@ retry:
}
EXPORT_SYMBOL(netlink_unicast);
-struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
- u32 dst_portid, gfp_t gfp_mask)
+struct sk_buff *__netlink_alloc_skb(struct sock *ssk, unsigned int size,
+ unsigned int ldiff, u32 dst_portid,
+ gfp_t gfp_mask)
{
#ifdef CONFIG_NETLINK_MMAP
+ unsigned int maxlen, linear_size;
struct sock *sk = NULL;
struct sk_buff *skb;
struct netlink_ring *ring;
struct nl_mmap_hdr *hdr;
- unsigned int maxlen;
sk = netlink_getsockbyportid(ssk, dst_portid);
if (IS_ERR(sk))
@@ -1883,7 +1884,11 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
if (ring->pg_vec == NULL)
goto out_put;
- if (ring->frame_size - NL_MMAP_HDRLEN < size)
+ /* We need to account the full linear size needed as a ring
+ * slot cannot have non-linear parts.
+ */
+ linear_size = size + ldiff;
+ if (ring->frame_size - NL_MMAP_HDRLEN < linear_size)
goto out_put;
skb = alloc_skb_head(gfp_mask);
@@ -1897,13 +1902,14 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
/* check again under lock */
maxlen = ring->frame_size - NL_MMAP_HDRLEN;
- if (maxlen < size)
+ if (maxlen < linear_size)
goto out_free;
netlink_forward_ring(ring);
hdr = netlink_current_frame(ring, NL_MMAP_STATUS_UNUSED);
if (hdr == NULL)
goto err2;
+
netlink_ring_setup_skb(skb, sk, ring, hdr);
netlink_set_status(hdr, NL_MMAP_STATUS_RESERVED);
atomic_inc(&ring->pending);
@@ -1929,7 +1935,7 @@ out:
#endif
return alloc_skb(size, gfp_mask);
}
-EXPORT_SYMBOL_GPL(netlink_alloc_skb);
+EXPORT_SYMBOL_GPL(__netlink_alloc_skb);
int netlink_has_listeners(struct sock *sk, unsigned int group)
{
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 018/211] scsi_dh: fix randconfig build error
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (16 preceding siblings ...)
2016-01-05 19:42 ` Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 019/211] KEYS: Fix race between key destruction and finding a keyring by name Kamal Mostafa
` (192 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christoph Hellwig, James Bottomley, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit 294ab783ad98066b87296db1311c7ba2a60206a5 upstream.
It looks like the Kconfig check that was meant to fix this (commit
fe9233fb6914a0eb20166c967e3020f7f0fba2c9 [SCSI] scsi_dh: fix kconfig related
build errors) was actually reversed, but no-one noticed until the new set of
patches which separated DM and SCSI_DH).
Fixes: fe9233fb6914a0eb20166c967e3020f7f0fba2c9
Signed-off-by: Christoph Hellwig <hch@lst.de>
Tested-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig
index bfec3bd..19fd680 100644
--- a/drivers/md/Kconfig
+++ b/drivers/md/Kconfig
@@ -393,7 +393,7 @@ config DM_MULTIPATH
# of SCSI_DH if the latter isn't defined but if
# it is, DM_MULTIPATH must depend on it. We get a build
# error if SCSI_DH=m and DM_MULTIPATH=y
- depends on SCSI_DH || !SCSI_DH
+ depends on !SCSI_DH || SCSI
---help---
Allow volume managers to support multipath hardware.
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 019/211] KEYS: Fix race between key destruction and finding a keyring by name
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (17 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 018/211] scsi_dh: fix randconfig build error Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 020/211] KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring Kamal Mostafa
` (191 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Howells, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
commit 94c4554ba07adbdde396748ee7ae01e86cf2d8d7 upstream.
There appears to be a race between:
(1) key_gc_unused_keys() which frees key->security and then calls
keyring_destroy() to unlink the name from the name list
(2) find_keyring_by_name() which calls key_permission(), thus accessing
key->security, on a key before checking to see whether the key usage is 0
(ie. the key is dead and might be cleaned up).
Fix this by calling ->destroy() before cleaning up the core key data -
including key->security.
Reported-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
security/keys/gc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/keys/gc.c b/security/keys/gc.c
index c795237..39eac1f 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -134,6 +134,10 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
kdebug("- %u", key->serial);
key_check(key);
+ /* Throw away the key data */
+ if (key->type->destroy)
+ key->type->destroy(key);
+
security_key_free(key);
/* deal with the user's key tracking and quota */
@@ -148,10 +152,6 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
atomic_dec(&key->user->nikeys);
- /* now throw away the key memory */
- if (key->type->destroy)
- key->type->destroy(key);
-
key_user_put(key->user);
kfree(key->description);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 020/211] KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (18 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 019/211] KEYS: Fix race between key destruction and finding a keyring by name Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 021/211] KEYS: Don't permit request_key() to construct a new keyring Kamal Mostafa
` (190 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Howells, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
commit f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 upstream.
The following sequence of commands:
i=`keyctl add user a a @s`
keyctl request2 keyring foo bar @t
keyctl unlink $i @s
tries to invoke an upcall to instantiate a keyring if one doesn't already
exist by that name within the user's keyring set. However, if the upcall
fails, the code sets keyring->type_data.reject_error to -ENOKEY or some
other error code. When the key is garbage collected, the key destroy
function is called unconditionally and keyring_destroy() uses list_empty()
on keyring->type_data.link - which is in a union with reject_error.
Subsequently, the kernel tries to unlink the keyring from the keyring names
list - which oopses like this:
BUG: unable to handle kernel paging request at 00000000ffffff8a
IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88
...
Workqueue: events key_garbage_collector
...
RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88
RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203
RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40
RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000
R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900
R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000
...
CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0
...
Call Trace:
[<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f
[<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351
[<ffffffff8105ec9b>] process_one_work+0x28e/0x547
[<ffffffff8105fd17>] worker_thread+0x26e/0x361
[<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8
[<ffffffff810648ad>] kthread+0xf3/0xfb
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
[<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
Note the value in RAX. This is a 32-bit representation of -ENOKEY.
The solution is to only call ->destroy() if the key was successfully
instantiated.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
security/keys/gc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/keys/gc.c b/security/keys/gc.c
index 39eac1f..addf060 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -134,8 +134,10 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
kdebug("- %u", key->serial);
key_check(key);
- /* Throw away the key data */
- if (key->type->destroy)
+ /* Throw away the key data if the key is instantiated */
+ if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
+ !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
+ key->type->destroy)
key->type->destroy(key);
security_key_free(key);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 021/211] KEYS: Don't permit request_key() to construct a new keyring
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (19 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 020/211] KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 022/211] ARM: OMAP2+: board-generic: Remove stale of_irq macros Kamal Mostafa
` (189 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Howells, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
commit 911b79cde95c7da0ec02f48105358a36636b7a71 upstream.
If request_key() is used to find a keyring, only do the search part - don't
do the construction part if the keyring was not found by the search. We
don't really want keyrings in the negative instantiated state since the
rejected/negative instantiation error value in the payload is unioned with
keyring metadata.
Now the kernel gives an error:
request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
security/keys/request_key.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 486ef6f..0d62531 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
kenter("");
+ if (ctx->index_key.type == &key_type_keyring)
+ return ERR_PTR(-EPERM);
+
user = key_user_lookup(current_fsuid());
if (!user)
return ERR_PTR(-ENOMEM);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 022/211] ARM: OMAP2+: board-generic: Remove stale of_irq macros
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (20 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 021/211] KEYS: Don't permit request_key() to construct a new keyring Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 023/211] vxlan: set needed headroom correctly Kamal Mostafa
` (188 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nishanth Menon, Tony Lindgren, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nishanth Menon <nm@ti.com>
commit a3b7470951ab49e5592d20c2bcfe5ee675221591 upstream.
When commit c4082d499fa2 ("ARM: omap2+: board-generic: clean up the
irq data from board file") cleaned up the direct usage of gic_of_init
and omap_intc_of_init, it failed to clean up the macros properly.
Since these macros are no longer used, lets just remove them.
Fixes: c4082d499fa2 ("ARM: omap2+: board-generic: clean up the irq data from board file")
Reported-by: Carlos Hernandez <ceh@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mach-omap2/board-generic.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/arch/arm/mach-omap2/board-generic.c b/arch/arm/mach-omap2/board-generic.c
index 34ff14b..22a8e01 100644
--- a/arch/arm/mach-omap2/board-generic.c
+++ b/arch/arm/mach-omap2/board-generic.c
@@ -20,13 +20,6 @@
#include "common.h"
-#if !(defined(CONFIG_ARCH_OMAP2) || defined(CONFIG_ARCH_OMAP3))
-#define intc_of_init NULL
-#endif
-#ifndef CONFIG_ARCH_OMAP4
-#define gic_of_init NULL
-#endif
-
static const struct of_device_id omap_dt_match_table[] __initconst = {
{ .compatible = "simple-bus", },
{ .compatible = "ti,omap-infra", },
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 023/211] vxlan: set needed headroom correctly
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (21 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 022/211] ARM: OMAP2+: board-generic: Remove stale of_irq macros Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 024/211] isdn_ppp: Add checks for allocation failure in isdn_ppp_open() Kamal Mostafa
` (187 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Cong Wang, Jiri Benc, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Benc <jbenc@redhat.com>
commit 9dc2ad1008c9f91f55ec6c89ec0f8639dfc91596 upstream.
vxlan_setup is called when allocating the net_device, i.e. way before
vxlan_newlink (or vxlan_dev_configure) is called. This means
vxlan->default_dst is actually unset in vxlan_setup and the condition that
sets needed_headroom always takes the else branch.
Set the needed_headrom at the point when we have the information about
the address family available.
Fixes: e4c7ed415387c ("vxlan: add ipv6 support")
Fixes: 2853af6a2ea1a ("vxlan: use dev->needed_headroom instead of dev->hard_header_len")
CC: Cong Wang <cwang@twopensource.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/vxlan.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 5bc4b1e..025250b 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2352,10 +2352,6 @@ static void vxlan_setup(struct net_device *dev)
eth_hw_addr_random(dev);
ether_setup(dev);
- if (vxlan->default_dst.remote_ip.sa.sa_family == AF_INET6)
- dev->needed_headroom = ETH_HLEN + VXLAN6_HEADROOM;
- else
- dev->needed_headroom = ETH_HLEN + VXLAN_HEADROOM;
dev->netdev_ops = &vxlan_netdev_ops;
dev->destructor = free_netdev;
@@ -2651,8 +2647,12 @@ static int vxlan_newlink(struct net *src_net, struct net_device *dev,
dev->needed_headroom = lowerdev->hard_header_len +
(use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
- } else if (use_ipv6)
+ } else if (use_ipv6) {
vxlan->flags |= VXLAN_F_IPV6;
+ dev->needed_headroom = ETH_HLEN + VXLAN6_HEADROOM;
+ } else {
+ dev->needed_headroom = ETH_HLEN + VXLAN_HEADROOM;
+ }
if (data[IFLA_VXLAN_TOS])
vxlan->tos = nla_get_u8(data[IFLA_VXLAN_TOS]);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 024/211] isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (22 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 023/211] vxlan: set needed headroom correctly Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 025/211] ppp, slip: Validate VJ compression slot parameters completely Kamal Mostafa
` (186 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ben Hutchings, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 0baa57d8dc32db78369d8b5176ef56c5e2e18ab3 upstream.
Compile-tested only.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/isdn/i4l/isdn_ppp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index c4198fa..86f9abe 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -301,6 +301,8 @@ isdn_ppp_open(int min, struct file *file)
is->compflags = 0;
is->reset = isdn_ppp_ccp_reset_alloc(is);
+ if (!is->reset)
+ return -ENOMEM;
is->lp = NULL;
is->mp_seqno = 0; /* MP sequence number */
@@ -320,6 +322,10 @@ isdn_ppp_open(int min, struct file *file)
* VJ header compression init
*/
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
+ if (!is->slcomp) {
+ isdn_ppp_ccp_reset_free(is);
+ return -ENOMEM;
+ }
#endif
#ifdef CONFIG_IPPP_FILTER
is->pass_filter = NULL;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 025/211] ppp, slip: Validate VJ compression slot parameters completely
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (23 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 024/211] isdn_ppp: Add checks for allocation failure in isdn_ppp_open() Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 026/211] [media] media/vivid-osd: fix info leak in ioctl Kamal Mostafa
` (185 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ben Hutchings, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 4ab42d78e37a294ac7bc56901d563c642e03c4ae upstream.
Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).
Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL. Change the callers accordingly.
Compile-tested only.
Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/isdn/i4l/isdn_ppp.c | 10 ++++------
drivers/net/ppp/ppp_generic.c | 6 ++----
drivers/net/slip/slhc.c | 12 ++++++++----
drivers/net/slip/slip.c | 2 +-
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index 86f9abe..9c1e8ad 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -322,9 +322,9 @@ isdn_ppp_open(int min, struct file *file)
* VJ header compression init
*/
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
- if (!is->slcomp) {
+ if (IS_ERR(is->slcomp)) {
isdn_ppp_ccp_reset_free(is);
- return -ENOMEM;
+ return PTR_ERR(is->slcomp);
}
#endif
#ifdef CONFIG_IPPP_FILTER
@@ -573,10 +573,8 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
is->maxcid = val;
#ifdef CONFIG_ISDN_PPP_VJ
sltmp = slhc_init(16, val);
- if (!sltmp) {
- printk(KERN_ERR "ippp, can't realloc slhc struct\n");
- return -ENOMEM;
- }
+ if (IS_ERR(sltmp))
+ return PTR_ERR(sltmp);
if (is->slcomp)
slhc_free(is->slcomp);
is->slcomp = sltmp;
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 487be20..3f3bda8 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -719,10 +719,8 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
val &= 0xffff;
}
vj = slhc_init(val2+1, val+1);
- if (!vj) {
- netdev_err(ppp->dev,
- "PPP: no memory (VJ compressor)\n");
- err = -ENOMEM;
+ if (IS_ERR(vj)) {
+ err = PTR_ERR(vj);
break;
}
ppp_lock(ppp);
diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
index 079f7ad..27ed252 100644
--- a/drivers/net/slip/slhc.c
+++ b/drivers/net/slip/slhc.c
@@ -84,8 +84,9 @@ static long decode(unsigned char **cpp);
static unsigned char * put16(unsigned char *cp, unsigned short x);
static unsigned short pull16(unsigned char **cpp);
-/* Initialize compression data structure
+/* Allocate compression data structure
* slots must be in range 0 to 255 (zero meaning no compression)
+ * Returns pointer to structure or ERR_PTR() on error.
*/
struct slcompress *
slhc_init(int rslots, int tslots)
@@ -94,11 +95,14 @@ slhc_init(int rslots, int tslots)
register struct cstate *ts;
struct slcompress *comp;
+ if (rslots < 0 || rslots > 255 || tslots < 0 || tslots > 255)
+ return ERR_PTR(-EINVAL);
+
comp = kzalloc(sizeof(struct slcompress), GFP_KERNEL);
if (! comp)
goto out_fail;
- if ( rslots > 0 && rslots < 256 ) {
+ if (rslots > 0) {
size_t rsize = rslots * sizeof(struct cstate);
comp->rstate = kzalloc(rsize, GFP_KERNEL);
if (! comp->rstate)
@@ -106,7 +110,7 @@ slhc_init(int rslots, int tslots)
comp->rslot_limit = rslots - 1;
}
- if ( tslots > 0 && tslots < 256 ) {
+ if (tslots > 0) {
size_t tsize = tslots * sizeof(struct cstate);
comp->tstate = kzalloc(tsize, GFP_KERNEL);
if (! comp->tstate)
@@ -141,7 +145,7 @@ out_free2:
out_free:
kfree(comp);
out_fail:
- return NULL;
+ return ERR_PTR(-ENOMEM);
}
diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c
index 05387b1..a17d86a 100644
--- a/drivers/net/slip/slip.c
+++ b/drivers/net/slip/slip.c
@@ -164,7 +164,7 @@ static int sl_alloc_bufs(struct slip *sl, int mtu)
if (cbuff == NULL)
goto err_exit;
slcomp = slhc_init(16, 16);
- if (slcomp == NULL)
+ if (IS_ERR(slcomp))
goto err_exit;
#endif
spin_lock_bh(&sl->lock);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 026/211] [media] media/vivid-osd: fix info leak in ioctl
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (24 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 025/211] ppp, slip: Validate VJ compression slot parameters completely Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 027/211] staging/dgnc: " Kamal Mostafa
` (184 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Salva Peiró, Hans Verkuil, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speirofr@gmail.com>
commit eda98796aff0d9bf41094b06811f5def3b4c333c upstream.
The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of
struct fb_vblank after the ->hcount member. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Salva Peiró <speirofr@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/platform/vivid/vivid-osd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/vivid/vivid-osd.c b/drivers/media/platform/vivid/vivid-osd.c
index 084d346..e15eef6 100644
--- a/drivers/media/platform/vivid/vivid-osd.c
+++ b/drivers/media/platform/vivid/vivid-osd.c
@@ -85,6 +85,7 @@ static int vivid_fb_ioctl(struct fb_info *info, unsigned cmd, unsigned long arg)
case FBIOGET_VBLANK: {
struct fb_vblank vblank;
+ memset(&vblank, 0, sizeof(vblank));
vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT |
FB_VBLANK_HAVE_VSYNC;
vblank.count = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 027/211] staging/dgnc: fix info leak in ioctl
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (25 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 026/211] [media] media/vivid-osd: fix info leak in ioctl Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 028/211] ipv6: Fix IPsec pre-encap fragmentation check Kamal Mostafa
` (183 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Salva Peiró, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speirofr@gmail.com>
commit 4b6184336ebb5c8dc1eae7f7ab46ee608a748b05 upstream.
The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of
struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Salva Peiró <speirofr@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/staging/dgnc/dgnc_mgmt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/dgnc/dgnc_mgmt.c b/drivers/staging/dgnc/dgnc_mgmt.c
index b13318a..883e2a8 100644
--- a/drivers/staging/dgnc/dgnc_mgmt.c
+++ b/drivers/staging/dgnc/dgnc_mgmt.c
@@ -115,6 +115,7 @@ long dgnc_mgmt_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
spin_lock_irqsave(&dgnc_global_lock, flags);
+ memset(&ddi, 0, sizeof(ddi));
ddi.dinfo_nboards = dgnc_NumBoards;
sprintf(ddi.dinfo_version, "%s", DG_PART);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 028/211] ipv6: Fix IPsec pre-encap fragmentation check
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (26 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 027/211] staging/dgnc: " Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 029/211] KVM: svm: unconditionally intercept #DB Kamal Mostafa
` (182 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Herbert Xu, Steffen Klassert, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 93efac3f2e03321129de67a3c0ba53048bb53e31 upstream.
The IPv6 IPsec pre-encap path performs fragmentation for tunnel-mode
packets. That is, we perform fragmentation pre-encap rather than
post-encap.
A check was added later to ensure that proper MTU information is
passed back for locally generated traffic. Unfortunately this
check was performed on all IPsec packets, including transport-mode
packets.
What's more, the check failed to take GSO into account.
The end result is that transport-mode GSO packets get dropped at
the check.
This patch fixes it by moving the tunnel mode check forward as well
as adding the GSO check.
Fixes: dd767856a36e ("xfrm6: Don't call icmpv6_send on local error")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/xfrm6_output.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 09c76a7..be033f2 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -136,6 +136,7 @@ static int __xfrm6_output(struct sock *sk, struct sk_buff *skb)
struct dst_entry *dst = skb_dst(skb);
struct xfrm_state *x = dst->xfrm;
int mtu;
+ bool toobig;
#ifdef CONFIG_NETFILTER
if (!x) {
@@ -144,25 +145,29 @@ static int __xfrm6_output(struct sock *sk, struct sk_buff *skb)
}
#endif
+ if (x->props.mode != XFRM_MODE_TUNNEL)
+ goto skip_frag;
+
if (skb->protocol == htons(ETH_P_IPV6))
mtu = ip6_skb_dst_mtu(skb);
else
mtu = dst_mtu(skb_dst(skb));
- if (skb->len > mtu && xfrm6_local_dontfrag(skb)) {
+ toobig = skb->len > mtu && !skb_is_gso(skb);
+
+ if (toobig && xfrm6_local_dontfrag(skb)) {
xfrm6_local_rxpmtu(skb, mtu);
return -EMSGSIZE;
- } else if (!skb->ignore_df && skb->len > mtu && skb->sk) {
+ } else if (!skb->ignore_df && toobig && skb->sk) {
xfrm_local_error(skb, mtu);
return -EMSGSIZE;
}
- if (x->props.mode == XFRM_MODE_TUNNEL &&
- ((skb->len > mtu && !skb_is_gso(skb)) ||
- dst_allfrag(skb_dst(skb)))) {
+ if (toobig || dst_allfrag(skb_dst(skb)))
return ip6_fragment(sk, skb,
x->outer_mode->afinfo->output_finish);
- }
+
+skip_frag:
return x->outer_mode->afinfo->output_finish(sk, skb);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 029/211] KVM: svm: unconditionally intercept #DB
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (27 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 028/211] ipv6: Fix IPsec pre-encap fragmentation check Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` Kamal Mostafa
` (181 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paolo Bonzini, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit cbdb967af3d54993f5814f1cee0ed311a055377d upstream.
This is needed to avoid the possibility that the guest triggers
an infinite stream of #DB exceptions (CVE-2015-8104).
VMX is not affected: because it does not save DR6 in the VMCS,
it already intercepts #DB unconditionally.
Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/svm.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 00da6e8..5e203b3 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1107,6 +1107,7 @@ static void init_vmcb(struct vcpu_svm *svm)
set_exception_intercept(svm, UD_VECTOR);
set_exception_intercept(svm, MC_VECTOR);
set_exception_intercept(svm, AC_VECTOR);
+ set_exception_intercept(svm, DB_VECTOR);
set_intercept(svm, INTERCEPT_INTR);
set_intercept(svm, INTERCEPT_NMI);
@@ -1641,20 +1642,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
mark_dirty(svm->vmcb, VMCB_SEG);
}
-static void update_db_bp_intercept(struct kvm_vcpu *vcpu)
+static void update_bp_intercept(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
- clr_exception_intercept(svm, DB_VECTOR);
clr_exception_intercept(svm, BP_VECTOR);
- if (svm->nmi_singlestep)
- set_exception_intercept(svm, DB_VECTOR);
-
if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
- if (vcpu->guest_debug &
- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
- set_exception_intercept(svm, DB_VECTOR);
if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
set_exception_intercept(svm, BP_VECTOR);
} else
@@ -1760,7 +1754,6 @@ static int db_interception(struct vcpu_svm *svm)
if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
svm->vmcb->save.rflags &=
~(X86_EFLAGS_TF | X86_EFLAGS_RF);
- update_db_bp_intercept(&svm->vcpu);
}
if (svm->vcpu.guest_debug &
@@ -3759,7 +3752,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
*/
svm->nmi_singlestep = true;
svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
- update_db_bp_intercept(vcpu);
}
static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
@@ -4381,7 +4373,7 @@ static struct kvm_x86_ops svm_x86_ops = {
.vcpu_load = svm_vcpu_load,
.vcpu_put = svm_vcpu_put,
- .update_db_bp_intercept = update_db_bp_intercept,
+ .update_db_bp_intercept = update_bp_intercept,
.get_msr = svm_get_msr,
.set_msr = svm_set_msr,
.get_segment_base = svm_get_segment_base,
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 030/211] HID: core: Avoid uninitialized buffer access
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 002/211] drivers: usb :fsl: Implement Workaround for USB Erratum A007792 Kamal Mostafa
` (209 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Richard Purdie, Jiri Kosina, linux-input, Darren Hart,
Jiri Kosina, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Purdie <richard.purdie@linuxfoundation.org>
commit 79b568b9d0c7c5d81932f4486d50b38efdd6da6d upstream.
hid_connect adds various strings to the buffer but they're all
conditional. You can find circumstances where nothing would be written
to it but the kernel will still print the supposedly empty buffer with
printk. This leads to corruption on the console/in the logs.
Ensure buf is initialized to an empty string.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[dvhart: Initialize string to "" rather than assign buf[0] = NULL;]
Cc: Jiri Kosina <jikos@kernel.org>
Cc: linux-input@vger.kernel.org
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hid/hid-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index e6fce23..e3edddd 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1591,7 +1591,7 @@ int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
"Multi-Axis Controller"
};
const char *type, *bus;
- char buf[64];
+ char buf[64] = "";
unsigned int i;
int len;
int ret;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 030/211] HID: core: Avoid uninitialized buffer access
@ 2016-01-05 19:42 ` Kamal Mostafa
0 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jiri Kosina, Kamal Mostafa, Jiri Kosina, Richard Purdie,
linux-input, Darren Hart
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Purdie <richard.purdie@linuxfoundation.org>
commit 79b568b9d0c7c5d81932f4486d50b38efdd6da6d upstream.
hid_connect adds various strings to the buffer but they're all
conditional. You can find circumstances where nothing would be written
to it but the kernel will still print the supposedly empty buffer with
printk. This leads to corruption on the console/in the logs.
Ensure buf is initialized to an empty string.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[dvhart: Initialize string to "" rather than assign buf[0] = NULL;]
Cc: Jiri Kosina <jikos@kernel.org>
Cc: linux-input@vger.kernel.org
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hid/hid-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index e6fce23..e3edddd 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1591,7 +1591,7 @@ int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
"Multi-Axis Controller"
};
const char *type, *bus;
- char buf[64];
+ char buf[64] = "";
unsigned int i;
int len;
int ret;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 031/211] [media] v4l2-compat-ioctl32: fix alignment for ARM64
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (29 preceding siblings ...)
2016-01-05 19:42 ` Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 032/211] mtd: mtdpart: fix add_mtd_partitions error path Kamal Mostafa
` (179 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrzej Hajda, Hans Verkuil, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrzej Hajda <a.hajda@samsung.com>
commit 655e9780ab913a3a06d4a164d55e3b755524186d upstream.
Alignment/padding rules on AMD64 and ARM64 differs. To allow properly match
compatible ioctls on ARM64 kernels without breaking AMD64 some fields
should be aligned using compat_s64 type and in one case struct should be
unpacked.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
[hans.verkuil@cisco.com: use compat_u64 instead of compat_s64 in v4l2_input32]
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index af63543..788b31c 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -266,7 +266,7 @@ static int put_v4l2_create32(struct v4l2_create_buffers *kp, struct v4l2_create_
struct v4l2_standard32 {
__u32 index;
- __u32 id[2]; /* __u64 would get the alignment wrong */
+ compat_u64 id;
__u8 name[24];
struct v4l2_fract frameperiod; /* Frames, not fields */
__u32 framelines;
@@ -286,7 +286,7 @@ static int put_v4l2_standard32(struct v4l2_standard *kp, struct v4l2_standard32
{
if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_standard32)) ||
put_user(kp->index, &up->index) ||
- copy_to_user(up->id, &kp->id, sizeof(__u64)) ||
+ put_user(kp->id, &up->id) ||
copy_to_user(up->name, kp->name, 24) ||
copy_to_user(&up->frameperiod, &kp->frameperiod, sizeof(kp->frameperiod)) ||
put_user(kp->framelines, &up->framelines) ||
@@ -587,10 +587,10 @@ struct v4l2_input32 {
__u32 type; /* Type of input */
__u32 audioset; /* Associated audios (bitfield) */
__u32 tuner; /* Associated tuner */
- v4l2_std_id std;
+ compat_u64 std;
__u32 status;
__u32 reserved[4];
-} __attribute__ ((packed));
+};
/* The 64-bit v4l2_input struct has extra padding at the end of the struct.
Otherwise it is identical to the 32-bit version. */
@@ -738,6 +738,7 @@ static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
struct v4l2_event32 {
__u32 type;
union {
+ compat_s64 value64;
__u8 data[64];
} u;
__u32 pending;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 032/211] mtd: mtdpart: fix add_mtd_partitions error path
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (30 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 031/211] [media] v4l2-compat-ioctl32: fix alignment for ARM64 Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 033/211] [media] v4l2-ctrls: arrays are also considered compound controls Kamal Mostafa
` (178 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Boris Brezillon, Brian Norris, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris BREZILLON <boris.brezillon@free-electrons.com>
commit e5bae86797141e4a95e42d825f737cb36d7b8c37 upstream.
If we fail to allocate a partition structure in the middle of the partition
creation process, the already allocated partitions are never removed, which
means they are still present in the partition list and their resources are
never freed.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/mtdpart.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c
index cafdb88..919a936 100644
--- a/drivers/mtd/mtdpart.c
+++ b/drivers/mtd/mtdpart.c
@@ -664,8 +664,10 @@ int add_mtd_partitions(struct mtd_info *master,
for (i = 0; i < nbparts; i++) {
slave = allocate_partition(master, parts + i, i, cur_offset);
- if (IS_ERR(slave))
+ if (IS_ERR(slave)) {
+ del_mtd_partitions(master);
return PTR_ERR(slave);
+ }
mutex_lock(&mtd_partitions_mutex);
list_add(&slave->list, &mtd_partitions);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 033/211] [media] v4l2-ctrls: arrays are also considered compound controls
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (31 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 032/211] mtd: mtdpart: fix add_mtd_partitions error path Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 034/211] [media] media: v4l2-ctrls: Fix 64bit support in get_ctrl() Kamal Mostafa
` (177 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hans Verkuil, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hans.verkuil@cisco.com>
commit 35204e2e84f2dae72012f8ca319659c12f428430 upstream.
Array controls weren't skipped when only V4L2_CTRL_FLAG_NEXT_CTRL was
provided (so no V4L2_CTRL_FLAG_NEXT_COMPOUND was set). This is wrong
since arrays are also considered compound controls (i.e. with more than
one value), and applications that do not know about arrays will not
be able to handle such controls.
Fix the test to include arrays.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Reported-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/v4l2-core/v4l2-ctrls.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c
index e3a3468..57864c7 100644
--- a/drivers/media/v4l2-core/v4l2-ctrls.c
+++ b/drivers/media/v4l2-core/v4l2-ctrls.c
@@ -2513,7 +2513,7 @@ int v4l2_query_ext_ctrl(struct v4l2_ctrl_handler *hdl, struct v4l2_query_ext_ctr
/* We found a control with the given ID, so just get
the next valid one in the list. */
list_for_each_entry_continue(ref, &hdl->ctrl_refs, node) {
- is_compound =
+ is_compound = ref->ctrl->is_array ||
ref->ctrl->type >= V4L2_CTRL_COMPOUND_TYPES;
if (id < ref->ctrl->id &&
(is_compound & mask) == match)
@@ -2527,7 +2527,7 @@ int v4l2_query_ext_ctrl(struct v4l2_ctrl_handler *hdl, struct v4l2_query_ext_ctr
is one, otherwise the first 'if' above would have
been true. */
list_for_each_entry(ref, &hdl->ctrl_refs, node) {
- is_compound =
+ is_compound = ref->ctrl->is_array ||
ref->ctrl->type >= V4L2_CTRL_COMPOUND_TYPES;
if (id < ref->ctrl->id &&
(is_compound & mask) == match)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 034/211] [media] media: v4l2-ctrls: Fix 64bit support in get_ctrl()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (32 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 033/211] [media] v4l2-ctrls: arrays are also considered compound controls Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 035/211] ubi: fastmap: Implement produce_free_peb() Kamal Mostafa
` (176 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Benoit Parrot, Hans Verkuil, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Benoit Parrot <bparrot@ti.com>
commit a8077734055f870ba630563868a6349671ca8dfc upstream.
When trying to use v4l2_ctrl_g_ctrl_int64() to retrieve a
V4L2_CTRL_TYPE_INTEGER64 type value the internal helper function
get_ctrl() would prematurely exit because for this control type
the 'is_int' flag is not set. This would result in v4l2_ctrl_g_ctrl_int64
always returning 0.
Also v4l2_ctrl_g_ctrl_int64() is reading and returning the 32bit value
member instead of the 64bit version, so fixing that as well.
This patch extends the condition check to allow the V4L2_CTRL_TYPE_INTEGER64
type to continue processing instead of exiting.
Signed-off-by: Benoit Parrot <bparrot@ti.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/v4l2-core/v4l2-ctrls.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c
index 57864c7..78e7ca7 100644
--- a/drivers/media/v4l2-core/v4l2-ctrls.c
+++ b/drivers/media/v4l2-core/v4l2-ctrls.c
@@ -2899,7 +2899,7 @@ static int get_ctrl(struct v4l2_ctrl *ctrl, struct v4l2_ext_control *c)
* cur_to_user() calls below would need to be modified not to access
* userspace memory when called from get_ctrl().
*/
- if (!ctrl->is_int)
+ if (!ctrl->is_int && ctrl->type != V4L2_CTRL_TYPE_INTEGER64)
return -EINVAL;
if (ctrl->flags & V4L2_CTRL_FLAG_WRITE_ONLY)
@@ -2957,9 +2957,9 @@ s64 v4l2_ctrl_g_ctrl_int64(struct v4l2_ctrl *ctrl)
/* It's a driver bug if this happens. */
WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64);
- c.value = 0;
+ c.value64 = 0;
get_ctrl(ctrl, &c);
- return c.value;
+ return c.value64;
}
EXPORT_SYMBOL(v4l2_ctrl_g_ctrl_int64);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 035/211] ubi: fastmap: Implement produce_free_peb()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (33 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 034/211] [media] media: v4l2-ctrls: Fix 64bit support in get_ctrl() Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 036/211] drm/i915: Only update the current userptr worker Kamal Mostafa
` (175 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Richard Weinberger, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Weinberger <richard@nod.at>
commit 1cb8f9776c7dcadc57885c6653943511d282633b upstream.
If fastmap requests a free PEB for a pool and UBI is busy
with erasing PEBs we need to offer a function to wait for one.
We can reuse produce_free_peb() from the non-fastmap WL code
but with different locking semantics.
Reported-and-tested-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/ubi/fastmap-wl.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/drivers/mtd/ubi/fastmap-wl.c b/drivers/mtd/ubi/fastmap-wl.c
index b2a6653..30d3999 100644
--- a/drivers/mtd/ubi/fastmap-wl.c
+++ b/drivers/mtd/ubi/fastmap-wl.c
@@ -172,6 +172,30 @@ void ubi_refill_pools(struct ubi_device *ubi)
}
/**
+ * produce_free_peb - produce a free physical eraseblock.
+ * @ubi: UBI device description object
+ *
+ * This function tries to make a free PEB by means of synchronous execution of
+ * pending works. This may be needed if, for example the background thread is
+ * disabled. Returns zero in case of success and a negative error code in case
+ * of failure.
+ */
+static int produce_free_peb(struct ubi_device *ubi)
+{
+ int err;
+
+ while (!ubi->free.rb_node && ubi->works_count) {
+ dbg_wl("do one work synchronously");
+ err = do_work(ubi);
+
+ if (err)
+ return err;
+ }
+
+ return 0;
+}
+
+/**
* ubi_wl_get_peb - get a physical eraseblock.
* @ubi: UBI device description object
*
@@ -213,6 +237,11 @@ again:
}
retried = 1;
up_read(&ubi->fm_eba_sem);
+ ret = produce_free_peb(ubi);
+ if (ret < 0) {
+ down_read(&ubi->fm_eba_sem);
+ goto out;
+ }
goto again;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 036/211] drm/i915: Only update the current userptr worker
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (34 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 035/211] ubi: fastmap: Implement produce_free_peb() Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 037/211] drm/i915: Fix userptr deadlock with aliased GTT mmappings Kamal Mostafa
` (174 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chris Wilson, Daniel Vetter, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit 68d6c840595849c0d29f6c52bc75b44ded66b41f upstream.
The userptr worker allows for a slight race condition where upon there
may two or more threads calling get_user_pages for the same object. When
we have the array of pages, then we serialise the update of the object.
However, the worker should only overwrite the obj->userptr.work pointer
if and only if it is the active one. Currently we clear it for a
secondary worker with the effect that we may rarely force a second
lookup.
v2: Rebase and rename a variable to avoid 80cols
v3: Mention v2
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
[ kamal: 4.2-stable prereq for
e4b946b "drm/i915: Fix userptr deadlock with aliased GTT mmappings" ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/i915_gem_userptr.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem_userptr.c b/drivers/gpu/drm/i915/i915_gem_userptr.c
index a96b900..203a569 100644
--- a/drivers/gpu/drm/i915/i915_gem_userptr.c
+++ b/drivers/gpu/drm/i915/i915_gem_userptr.c
@@ -571,25 +571,25 @@ __i915_gem_userptr_get_pages_worker(struct work_struct *_work)
struct get_pages_work *work = container_of(_work, typeof(*work), work);
struct drm_i915_gem_object *obj = work->obj;
struct drm_device *dev = obj->base.dev;
- const int num_pages = obj->base.size >> PAGE_SHIFT;
+ const int npages = obj->base.size >> PAGE_SHIFT;
struct page **pvec;
int pinned, ret;
ret = -ENOMEM;
pinned = 0;
- pvec = kmalloc(num_pages*sizeof(struct page *),
+ pvec = kmalloc(npages*sizeof(struct page *),
GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
if (pvec == NULL)
- pvec = drm_malloc_ab(num_pages, sizeof(struct page *));
+ pvec = drm_malloc_ab(npages, sizeof(struct page *));
if (pvec != NULL) {
struct mm_struct *mm = obj->userptr.mm->mm;
down_read(&mm->mmap_sem);
- while (pinned < num_pages) {
+ while (pinned < npages) {
ret = get_user_pages(work->task, mm,
obj->userptr.ptr + pinned * PAGE_SIZE,
- num_pages - pinned,
+ npages - pinned,
!obj->userptr.read_only, 0,
pvec + pinned, NULL);
if (ret < 0)
@@ -601,20 +601,20 @@ __i915_gem_userptr_get_pages_worker(struct work_struct *_work)
}
mutex_lock(&dev->struct_mutex);
- if (obj->userptr.work != &work->work) {
- ret = 0;
- } else if (pinned == num_pages) {
- ret = __i915_gem_userptr_set_pages(obj, pvec, num_pages);
- if (ret == 0) {
- list_add_tail(&obj->global_list, &to_i915(dev)->mm.unbound_list);
- obj->get_page.sg = obj->pages->sgl;
- obj->get_page.last = 0;
-
- pinned = 0;
+ if (obj->userptr.work == &work->work) {
+ if (pinned == npages) {
+ ret = __i915_gem_userptr_set_pages(obj, pvec, npages);
+ if (ret == 0) {
+ list_add_tail(&obj->global_list,
+ &to_i915(dev)->mm.unbound_list);
+ obj->get_page.sg = obj->pages->sgl;
+ obj->get_page.last = 0;
+ pinned = 0;
+ }
}
+ obj->userptr.work = ERR_PTR(ret);
}
- obj->userptr.work = ERR_PTR(ret);
obj->userptr.workers--;
drm_gem_object_unreference(&obj->base);
mutex_unlock(&dev->struct_mutex);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 037/211] drm/i915: Fix userptr deadlock with aliased GTT mmappings
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (35 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 036/211] drm/i915: Only update the current userptr worker Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 038/211] integrity: prevent loading untrusted certificates on the IMA trusted keyring Kamal Mostafa
` (173 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chris Wilson, Michał Winiarski, Tvrtko Ursulin,
Daniel Vetter, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit e4b946bfe1e36680e27a5f39163980979fa61a5d upstream.
Michał Winiarski found a really evil way to trigger a struct_mutex
deadlock with userptr. He found that if he allocated a userptr bo and
then GTT mmaped another bo, or even itself, at the same address as the
userptr using MAP_FIXED, he could then cause a deadlock any time we then
had to invalidate the GTT mmappings (so at will). Tvrtko then found by
repeatedly allocating GTT mmappings he could alias with an old userptr
mmap and also trigger the deadlock.
To counter act the deadlock, we make the observation that we only need
to take the struct_mutex if the object has any pages to revoke, and that
before userspace can alias with the userptr address space, it must have
invalidated the userptr->pages. Thus if we can check for those pages
outside of the struct_mutex, we can avoid the deadlock. To do so we
introduce a separate flag for userptr objects that we can inspect from
the mmu-notifier underneath its spinlock.
The patch makes one eye-catching change. That is the removal serial=0
after detecting a to-be-freed object inside the invalidate walker. I
felt setting serial=0 was a questionable pessimisation: it denies us the
chance to reuse the current iterator for the next loop (before it is
freed) and being explicit makes the reader question the validity of the
locking (since the object-free race could occur elsewhere). The
serialisation of the iterator is through the spinlock, if the object is
freed before the next loop then the notifier.serial will be incremented
and we start the walk from the beginning as we detect the invalid cache.
To try and tame the error paths and interactions with the userptr->active
flag, we have to do a fair amount of rearranging of get_pages_userptr().
v2: Grammar fixes
v3: Reorder set-active so that it is only set when obj->pages is set
(and so needs cancellation). Only the order of setting obj->pages and
the active-flag is crucial. Calling gup after invalidate-range begin
means the userptr sees the new set of backing storage (and so will not
need to invalidate its new pages), but we have to be careful not to set
the active-flag prior to successfully establishing obj->pages.
v4: Take the active->flag early so we know in the mmu-notifier when we
have to cancel a pending gup-worker.
v5: Rearrange the error path so that is not so convoluted
v6: Set pinned to 0 when negative before calling release_pages()
Reported-by: Michał Winiarski <michal.winiarski@intel.com>
Testcase: igt/gem_userptr_blits/map-fixed*
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Michał Winiarski <michal.winiarski@intel.com>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/i915_gem_userptr.c | 175 ++++++++++++++++++++------------
1 file changed, 109 insertions(+), 66 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem_userptr.c b/drivers/gpu/drm/i915/i915_gem_userptr.c
index 203a569..4037f89 100644
--- a/drivers/gpu/drm/i915/i915_gem_userptr.c
+++ b/drivers/gpu/drm/i915/i915_gem_userptr.c
@@ -59,6 +59,7 @@ struct i915_mmu_object {
struct interval_tree_node it;
struct list_head link;
struct drm_i915_gem_object *obj;
+ bool active;
bool is_linear;
};
@@ -114,7 +115,8 @@ restart:
obj = mo->obj;
- if (!kref_get_unless_zero(&obj->base.refcount))
+ if (!mo->active ||
+ !kref_get_unless_zero(&obj->base.refcount))
continue;
spin_unlock(&mn->lock);
@@ -151,7 +153,8 @@ static void i915_gem_userptr_mn_invalidate_range_start(struct mmu_notifier *_mn,
else
it = interval_tree_iter_first(&mn->objects, start, end);
if (it != NULL) {
- obj = container_of(it, struct i915_mmu_object, it)->obj;
+ struct i915_mmu_object *mo =
+ container_of(it, struct i915_mmu_object, it);
/* The mmu_object is released late when destroying the
* GEM object so it is entirely possible to gain a
@@ -160,11 +163,9 @@ static void i915_gem_userptr_mn_invalidate_range_start(struct mmu_notifier *_mn,
* the struct_mutex - and consequently use it after it
* is freed and then double free it.
*/
- if (!kref_get_unless_zero(&obj->base.refcount)) {
- spin_unlock(&mn->lock);
- serial = 0;
- continue;
- }
+ if (mo->active &&
+ kref_get_unless_zero(&mo->obj->base.refcount))
+ obj = mo->obj;
serial = mn->serial;
}
@@ -566,6 +567,30 @@ __i915_gem_userptr_set_pages(struct drm_i915_gem_object *obj,
}
static void
+__i915_gem_userptr_set_active(struct drm_i915_gem_object *obj,
+ bool value)
+{
+ /* During mm_invalidate_range we need to cancel any userptr that
+ * overlaps the range being invalidated. Doing so requires the
+ * struct_mutex, and that risks recursion. In order to cause
+ * recursion, the user must alias the userptr address space with
+ * a GTT mmapping (possible with a MAP_FIXED) - then when we have
+ * to invalidate that mmaping, mm_invalidate_range is called with
+ * the userptr address *and* the struct_mutex held. To prevent that
+ * we set a flag under the i915_mmu_notifier spinlock to indicate
+ * whether this object is valid.
+ */
+#if defined(CONFIG_MMU_NOTIFIER)
+ if (obj->userptr.mmu_object == NULL)
+ return;
+
+ spin_lock(&obj->userptr.mmu_object->mn->lock);
+ obj->userptr.mmu_object->active = value;
+ spin_unlock(&obj->userptr.mmu_object->mn->lock);
+#endif
+}
+
+static void
__i915_gem_userptr_get_pages_worker(struct work_struct *_work)
{
struct get_pages_work *work = container_of(_work, typeof(*work), work);
@@ -613,6 +638,8 @@ __i915_gem_userptr_get_pages_worker(struct work_struct *_work)
}
}
obj->userptr.work = ERR_PTR(ret);
+ if (ret)
+ __i915_gem_userptr_set_active(obj, false);
}
obj->userptr.workers--;
@@ -627,11 +654,60 @@ __i915_gem_userptr_get_pages_worker(struct work_struct *_work)
}
static int
+__i915_gem_userptr_get_pages_schedule(struct drm_i915_gem_object *obj,
+ bool *active)
+{
+ struct get_pages_work *work;
+
+ /* Spawn a worker so that we can acquire the
+ * user pages without holding our mutex. Access
+ * to the user pages requires mmap_sem, and we have
+ * a strict lock ordering of mmap_sem, struct_mutex -
+ * we already hold struct_mutex here and so cannot
+ * call gup without encountering a lock inversion.
+ *
+ * Userspace will keep on repeating the operation
+ * (thanks to EAGAIN) until either we hit the fast
+ * path or the worker completes. If the worker is
+ * cancelled or superseded, the task is still run
+ * but the results ignored. (This leads to
+ * complications that we may have a stray object
+ * refcount that we need to be wary of when
+ * checking for existing objects during creation.)
+ * If the worker encounters an error, it reports
+ * that error back to this function through
+ * obj->userptr.work = ERR_PTR.
+ */
+ if (obj->userptr.workers >= I915_GEM_USERPTR_MAX_WORKERS)
+ return -EAGAIN;
+
+ work = kmalloc(sizeof(*work), GFP_KERNEL);
+ if (work == NULL)
+ return -ENOMEM;
+
+ obj->userptr.work = &work->work;
+ obj->userptr.workers++;
+
+ work->obj = obj;
+ drm_gem_object_reference(&obj->base);
+
+ work->task = current;
+ get_task_struct(work->task);
+
+ INIT_WORK(&work->work, __i915_gem_userptr_get_pages_worker);
+ schedule_work(&work->work);
+
+ *active = true;
+ return -EAGAIN;
+}
+
+static int
i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj)
{
const int num_pages = obj->base.size >> PAGE_SHIFT;
struct page **pvec;
int pinned, ret;
+ bool active;
/* If userspace should engineer that these pages are replaced in
* the vma between us binding this page into the GTT and completion
@@ -649,6 +725,18 @@ i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj)
* to the vma (discard or cloning) which should prevent the more
* egregious cases from causing harm.
*/
+ if (IS_ERR(obj->userptr.work)) {
+ /* active flag will have been dropped already by the worker */
+ ret = PTR_ERR(obj->userptr.work);
+ obj->userptr.work = NULL;
+ return ret;
+ }
+ if (obj->userptr.work)
+ /* active flag should still be held for the pending work */
+ return -EAGAIN;
+
+ /* Let the mmu-notifier know that we have begun and need cancellation */
+ __i915_gem_userptr_set_active(obj, true);
pvec = NULL;
pinned = 0;
@@ -657,73 +745,27 @@ i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj)
GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
if (pvec == NULL) {
pvec = drm_malloc_ab(num_pages, sizeof(struct page *));
- if (pvec == NULL)
+ if (pvec == NULL) {
+ __i915_gem_userptr_set_active(obj, false);
return -ENOMEM;
+ }
}
pinned = __get_user_pages_fast(obj->userptr.ptr, num_pages,
!obj->userptr.read_only, pvec);
}
- if (pinned < num_pages) {
- if (pinned < 0) {
- ret = pinned;
- pinned = 0;
- } else {
- /* Spawn a worker so that we can acquire the
- * user pages without holding our mutex. Access
- * to the user pages requires mmap_sem, and we have
- * a strict lock ordering of mmap_sem, struct_mutex -
- * we already hold struct_mutex here and so cannot
- * call gup without encountering a lock inversion.
- *
- * Userspace will keep on repeating the operation
- * (thanks to EAGAIN) until either we hit the fast
- * path or the worker completes. If the worker is
- * cancelled or superseded, the task is still run
- * but the results ignored. (This leads to
- * complications that we may have a stray object
- * refcount that we need to be wary of when
- * checking for existing objects during creation.)
- * If the worker encounters an error, it reports
- * that error back to this function through
- * obj->userptr.work = ERR_PTR.
- */
- ret = -EAGAIN;
- if (obj->userptr.work == NULL &&
- obj->userptr.workers < I915_GEM_USERPTR_MAX_WORKERS) {
- struct get_pages_work *work;
-
- work = kmalloc(sizeof(*work), GFP_KERNEL);
- if (work != NULL) {
- obj->userptr.work = &work->work;
- obj->userptr.workers++;
-
- work->obj = obj;
- drm_gem_object_reference(&obj->base);
-
- work->task = current;
- get_task_struct(work->task);
-
- INIT_WORK(&work->work, __i915_gem_userptr_get_pages_worker);
- schedule_work(&work->work);
- } else
- ret = -ENOMEM;
- } else {
- if (IS_ERR(obj->userptr.work)) {
- ret = PTR_ERR(obj->userptr.work);
- obj->userptr.work = NULL;
- }
- }
- }
- } else {
+
+ active = false;
+ if (pinned < 0)
+ ret = pinned, pinned = 0;
+ else if (pinned < num_pages)
+ ret = __i915_gem_userptr_get_pages_schedule(obj, &active);
+ else
ret = __i915_gem_userptr_set_pages(obj, pvec, num_pages);
- if (ret == 0) {
- obj->userptr.work = NULL;
- pinned = 0;
- }
+ if (ret) {
+ __i915_gem_userptr_set_active(obj, active);
+ release_pages(pvec, pinned, 0);
}
-
- release_pages(pvec, pinned, 0);
drm_free_large(pvec);
return ret;
}
@@ -734,6 +776,7 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj)
struct sg_page_iter sg_iter;
BUG_ON(obj->userptr.work != NULL);
+ __i915_gem_userptr_set_active(obj, false);
if (obj->madv != I915_MADV_WILLNEED)
obj->dirty = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 038/211] integrity: prevent loading untrusted certificates on the IMA trusted keyring
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (36 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 037/211] drm/i915: Fix userptr deadlock with aliased GTT mmappings Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 039/211] f2fs crypto: allocate buffer for decrypting filename Kamal Mostafa
` (172 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dmitry Kasatkin, Mimi Zohar, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
commit 72e1eed8abb11c79749266d433c817ce36732893 upstream.
If IMA_LOAD_X509 is enabled, either directly or indirectly via
IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA
trusted keyring by the kernel via key_create_or_update(). When
the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded
without first verifying the certificate is properly signed by a
trusted key on the system keyring. This patch removes the
KEY_ALLOC_TRUSTED flag.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
security/integrity/digsig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 36fb6b5..5be9ffb 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -105,7 +105,7 @@ int __init integrity_load_x509(const unsigned int id, const char *path)
rc,
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ),
- KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_TRUSTED);
+ KEY_ALLOC_NOT_IN_QUOTA);
if (IS_ERR(key)) {
rc = PTR_ERR(key);
pr_err("Problem loading X.509 certificate (%d): %s\n",
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 039/211] f2fs crypto: allocate buffer for decrypting filename
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (37 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 038/211] integrity: prevent loading untrusted certificates on the IMA trusted keyring Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 040/211] spi: ti-qspi: Fix data corruption seen on r/w stress test Kamal Mostafa
` (171 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Jaegeuk Kim, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 569cf1876a32e574ba8a7fb825cd91bafd003882 upstream.
We got dentry pages from high_mem, and its address space directly goes into the
decryption path via f2fs_fname_disk_to_usr.
But, sg_init_one assumes the address is not from high_mem, so we can get this
panic since it doesn't call kmap_high but kunmap_high is triggered at the end.
kernel BUG at ../../../../../../kernel/mm/highmem.c:290!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
...
(kunmap_high+0xb0/0xb8) from [<c0114534>] (__kunmap_atomic+0xa0/0xa4)
(__kunmap_atomic+0xa0/0xa4) from [<c035f028>] (blkcipher_walk_done+0x128/0x1ec)
(blkcipher_walk_done+0x128/0x1ec) from [<c0366c24>] (crypto_cbc_decrypt+0xc0/0x170)
(crypto_cbc_decrypt+0xc0/0x170) from [<c0367148>] (crypto_cts_decrypt+0xc0/0x114)
(crypto_cts_decrypt+0xc0/0x114) from [<c035ea98>] (async_decrypt+0x40/0x48)
(async_decrypt+0x40/0x48) from [<c032ca34>] (f2fs_fname_disk_to_usr+0x124/0x304)
(f2fs_fname_disk_to_usr+0x124/0x304) from [<c03056fc>] (f2fs_fill_dentries+0xac/0x188)
(f2fs_fill_dentries+0xac/0x188) from [<c03059c8>] (f2fs_readdir+0x1f0/0x300)
(f2fs_readdir+0x1f0/0x300) from [<c0218054>] (vfs_readdir+0x90/0xb4)
(vfs_readdir+0x90/0xb4) from [<c0218418>] (SyS_getdents64+0x64/0xcc)
(SyS_getdents64+0x64/0xcc) from [<c0105ba0>] (ret_fast_syscall+0x0/0x30)
Reviewed-by: Chao Yu <chao2.yu@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/f2fs/dir.c | 13 ++++++++++---
fs/f2fs/namei.c | 10 +++++++++-
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index a34ebd8..710c703 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -787,7 +787,6 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
else
d_type = DT_UNKNOWN;
- /* encrypted case */
de_name.name = d->filename[bit_pos];
de_name.len = le16_to_cpu(de->name_len);
@@ -795,12 +794,20 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
int save_len = fstr->len;
int ret;
+ de_name.name = kmalloc(de_name.len, GFP_NOFS);
+ if (!de_name.name)
+ return false;
+
+ memcpy(de_name.name, d->filename[bit_pos], de_name.len);
+
ret = f2fs_fname_disk_to_usr(d->inode, &de->hash_code,
&de_name, fstr);
- de_name = *fstr;
- fstr->len = save_len;
+ kfree(de_name.name);
if (ret < 0)
return true;
+
+ de_name = *fstr;
+ fstr->len = save_len;
}
if (!dir_emit(ctx, de_name.name, de_name.len,
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index fdbae21..ce4cbe8 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -940,8 +940,13 @@ static const char *f2fs_encrypted_follow_link(struct dentry *dentry, void **cook
/* Symlink is encrypted */
sd = (struct f2fs_encrypted_symlink_data *)caddr;
- cstr.name = sd->encrypted_path;
cstr.len = le16_to_cpu(sd->len);
+ cstr.name = kmalloc(cstr.len, GFP_NOFS);
+ if (!cstr.name) {
+ res = -ENOMEM;
+ goto errout;
+ }
+ memcpy(cstr.name, sd->encrypted_path, cstr.len);
/* this is broken symlink case */
if (cstr.name[0] == 0 && cstr.len == 0) {
@@ -963,6 +968,8 @@ static const char *f2fs_encrypted_follow_link(struct dentry *dentry, void **cook
if (res < 0)
goto errout;
+ kfree(cstr.name);
+
paddr = pstr.name;
/* Null-terminate the name */
@@ -972,6 +979,7 @@ static const char *f2fs_encrypted_follow_link(struct dentry *dentry, void **cook
page_cache_release(cpage);
return *cookie = paddr;
errout:
+ kfree(cstr.name);
f2fs_fname_crypto_free_buffer(&pstr);
kunmap(cpage);
page_cache_release(cpage);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 040/211] spi: ti-qspi: Fix data corruption seen on r/w stress test
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (38 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 039/211] f2fs crypto: allocate buffer for decrypting filename Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 041/211] lockd: create NSM handles per net namespace Kamal Mostafa
` (170 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Vignesh R, Mark Brown, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vignesh R <vigneshr@ti.com>
commit bc27a53928981662079aa243915b443370294a03 upstream.
Writing invalid command to QSPI_SPI_CMD_REG will terminate current
transfer and de-assert the chip select. This has to be done before
calling spi_finalize_current_message(). Because
spi_finalize_current_message() will mark the end of current message
transfer and schedule the next transfer. If the chipselect is not
de-asserted before calling spi_finalize_current_message() then the next
transfer will overlap with the previous transfer leading to data
corruption.
__spi_pump_message() can be called either from kthread worker context or
directly from the calling process's context. It is possible that these
two calls can race against each other. But race is serialized by
checking whether master->cur_msg == NULL (pointer to msg being handled
by transfer_one() at present). The master->cur_msg is set to NULL when
spi_finalize_current_message() is called on that message, which means
calling spi_finalize_current_message() allows __spi_sync() to pump next
message in calling process context.
Now if spi-ti-qspi calls spi_finalize_current_message() before we
terminate transfer at hardware side, if __spi_pump_message() is called
from process context then the successive transactions can overlap.
Fix this by moving writing invalid command to QSPI_SPI_CMD_REG to
before calling spi_finalize_current_message() call.
Signed-off-by: Vignesh R <vigneshr@ti.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/spi/spi-ti-qspi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/spi/spi-ti-qspi.c b/drivers/spi/spi-ti-qspi.c
index 5c06168..2933626 100644
--- a/drivers/spi/spi-ti-qspi.c
+++ b/drivers/spi/spi-ti-qspi.c
@@ -384,11 +384,10 @@ static int ti_qspi_start_transfer_one(struct spi_master *master,
mutex_unlock(&qspi->list_lock);
+ ti_qspi_write(qspi, qspi->cmd | QSPI_INVAL, QSPI_SPI_CMD_REG);
m->status = status;
spi_finalize_current_message(master);
- ti_qspi_write(qspi, qspi->cmd | QSPI_INVAL, QSPI_SPI_CMD_REG);
-
return status;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 041/211] lockd: create NSM handles per net namespace
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (39 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 040/211] spi: ti-qspi: Fix data corruption seen on r/w stress test Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 042/211] iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints Kamal Mostafa
` (169 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrey Ryabinin, J. Bruce Fields, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
commit 0ad95472bf169a3501991f8f33f5147f792a8116 upstream.
Commit cb7323fffa85 ("lockd: create and use per-net NSM
RPC clients on MON/UNMON requests") introduced per-net
NSM RPC clients. Unfortunately this doesn't make any sense
without per-net nsm_handle.
E.g. the following scenario could happen
Two hosts (X and Y) in different namespaces (A and B) share
the same nsm struct.
1. nsm_monitor(host_X) called => NSM rpc client created,
nsm->sm_monitored bit set.
2. nsm_mointor(host-Y) called => nsm->sm_monitored already set,
we just exit. Thus in namespace B ln->nsm_clnt == NULL.
3. host X destroyed => nsm->sm_count decremented to 1
4. host Y destroyed => nsm_unmonitor() => nsm_mon_unmon() => NULL-ptr
dereference of *ln->nsm_clnt
So this could be fixed by making per-net nsm_handles list,
instead of global. Thus different net namespaces will not be able
share the same nsm_handle.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/lockd/host.c | 7 ++++---
fs/lockd/mon.c | 36 ++++++++++++++++++++++--------------
fs/lockd/netns.h | 1 +
fs/lockd/svc.c | 1 +
fs/lockd/svc4proc.c | 2 +-
fs/lockd/svcproc.c | 2 +-
include/linux/lockd/lockd.h | 9 ++++++---
7 files changed, 36 insertions(+), 22 deletions(-)
diff --git a/fs/lockd/host.c b/fs/lockd/host.c
index 969d589..b5f3c3a 100644
--- a/fs/lockd/host.c
+++ b/fs/lockd/host.c
@@ -116,7 +116,7 @@ static struct nlm_host *nlm_alloc_host(struct nlm_lookup_host_info *ni,
atomic_inc(&nsm->sm_count);
else {
host = NULL;
- nsm = nsm_get_handle(ni->sap, ni->salen,
+ nsm = nsm_get_handle(ni->net, ni->sap, ni->salen,
ni->hostname, ni->hostname_len);
if (unlikely(nsm == NULL)) {
dprintk("lockd: %s failed; no nsm handle\n",
@@ -534,17 +534,18 @@ static struct nlm_host *next_host_state(struct hlist_head *cache,
/**
* nlm_host_rebooted - Release all resources held by rebooted host
+ * @net: network namespace
* @info: pointer to decoded results of NLM_SM_NOTIFY call
*
* We were notified that the specified host has rebooted. Release
* all resources held by that peer.
*/
-void nlm_host_rebooted(const struct nlm_reboot *info)
+void nlm_host_rebooted(const struct net *net, const struct nlm_reboot *info)
{
struct nsm_handle *nsm;
struct nlm_host *host;
- nsm = nsm_reboot_lookup(info);
+ nsm = nsm_reboot_lookup(net, info);
if (unlikely(nsm == NULL))
return;
diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
index 47a32b6..6c05cd1 100644
--- a/fs/lockd/mon.c
+++ b/fs/lockd/mon.c
@@ -51,7 +51,6 @@ struct nsm_res {
};
static const struct rpc_program nsm_program;
-static LIST_HEAD(nsm_handles);
static DEFINE_SPINLOCK(nsm_lock);
/*
@@ -264,33 +263,35 @@ void nsm_unmonitor(const struct nlm_host *host)
}
}
-static struct nsm_handle *nsm_lookup_hostname(const char *hostname,
- const size_t len)
+static struct nsm_handle *nsm_lookup_hostname(const struct list_head *nsm_handles,
+ const char *hostname, const size_t len)
{
struct nsm_handle *nsm;
- list_for_each_entry(nsm, &nsm_handles, sm_link)
+ list_for_each_entry(nsm, nsm_handles, sm_link)
if (strlen(nsm->sm_name) == len &&
memcmp(nsm->sm_name, hostname, len) == 0)
return nsm;
return NULL;
}
-static struct nsm_handle *nsm_lookup_addr(const struct sockaddr *sap)
+static struct nsm_handle *nsm_lookup_addr(const struct list_head *nsm_handles,
+ const struct sockaddr *sap)
{
struct nsm_handle *nsm;
- list_for_each_entry(nsm, &nsm_handles, sm_link)
+ list_for_each_entry(nsm, nsm_handles, sm_link)
if (rpc_cmp_addr(nsm_addr(nsm), sap))
return nsm;
return NULL;
}
-static struct nsm_handle *nsm_lookup_priv(const struct nsm_private *priv)
+static struct nsm_handle *nsm_lookup_priv(const struct list_head *nsm_handles,
+ const struct nsm_private *priv)
{
struct nsm_handle *nsm;
- list_for_each_entry(nsm, &nsm_handles, sm_link)
+ list_for_each_entry(nsm, nsm_handles, sm_link)
if (memcmp(nsm->sm_priv.data, priv->data,
sizeof(priv->data)) == 0)
return nsm;
@@ -353,6 +354,7 @@ static struct nsm_handle *nsm_create_handle(const struct sockaddr *sap,
/**
* nsm_get_handle - Find or create a cached nsm_handle
+ * @net: network namespace
* @sap: pointer to socket address of handle to find
* @salen: length of socket address
* @hostname: pointer to C string containing hostname to find
@@ -365,11 +367,13 @@ static struct nsm_handle *nsm_create_handle(const struct sockaddr *sap,
* @hostname cannot be found in the handle cache. Returns NULL if
* an error occurs.
*/
-struct nsm_handle *nsm_get_handle(const struct sockaddr *sap,
+struct nsm_handle *nsm_get_handle(const struct net *net,
+ const struct sockaddr *sap,
const size_t salen, const char *hostname,
const size_t hostname_len)
{
struct nsm_handle *cached, *new = NULL;
+ struct lockd_net *ln = net_generic(net, lockd_net_id);
if (hostname && memchr(hostname, '/', hostname_len) != NULL) {
if (printk_ratelimit()) {
@@ -384,9 +388,10 @@ retry:
spin_lock(&nsm_lock);
if (nsm_use_hostnames && hostname != NULL)
- cached = nsm_lookup_hostname(hostname, hostname_len);
+ cached = nsm_lookup_hostname(&ln->nsm_handles,
+ hostname, hostname_len);
else
- cached = nsm_lookup_addr(sap);
+ cached = nsm_lookup_addr(&ln->nsm_handles, sap);
if (cached != NULL) {
atomic_inc(&cached->sm_count);
@@ -400,7 +405,7 @@ retry:
}
if (new != NULL) {
- list_add(&new->sm_link, &nsm_handles);
+ list_add(&new->sm_link, &ln->nsm_handles);
spin_unlock(&nsm_lock);
dprintk("lockd: created nsm_handle for %s (%s)\n",
new->sm_name, new->sm_addrbuf);
@@ -417,19 +422,22 @@ retry:
/**
* nsm_reboot_lookup - match NLMPROC_SM_NOTIFY arguments to an nsm_handle
+ * @net: network namespace
* @info: pointer to NLMPROC_SM_NOTIFY arguments
*
* Returns a matching nsm_handle if found in the nsm cache. The returned
* nsm_handle's reference count is bumped. Otherwise returns NULL if some
* error occurred.
*/
-struct nsm_handle *nsm_reboot_lookup(const struct nlm_reboot *info)
+struct nsm_handle *nsm_reboot_lookup(const struct net *net,
+ const struct nlm_reboot *info)
{
struct nsm_handle *cached;
+ struct lockd_net *ln = net_generic(net, lockd_net_id);
spin_lock(&nsm_lock);
- cached = nsm_lookup_priv(&info->priv);
+ cached = nsm_lookup_priv(&ln->nsm_handles, &info->priv);
if (unlikely(cached == NULL)) {
spin_unlock(&nsm_lock);
dprintk("lockd: never saw rebooted peer '%.*s' before\n",
diff --git a/fs/lockd/netns.h b/fs/lockd/netns.h
index 097bfa3..89fe011 100644
--- a/fs/lockd/netns.h
+++ b/fs/lockd/netns.h
@@ -15,6 +15,7 @@ struct lockd_net {
spinlock_t nsm_clnt_lock;
unsigned int nsm_users;
struct rpc_clnt *nsm_clnt;
+ struct list_head nsm_handles;
};
extern int lockd_net_id;
diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
index 55505cb..a9d5fb7 100644
--- a/fs/lockd/svc.c
+++ b/fs/lockd/svc.c
@@ -587,6 +587,7 @@ static int lockd_init_net(struct net *net)
INIT_DELAYED_WORK(&ln->grace_period_end, grace_ender);
INIT_LIST_HEAD(&ln->lockd_manager.list);
spin_lock_init(&ln->nsm_clnt_lock);
+ INIT_LIST_HEAD(&ln->nsm_handles);
return 0;
}
diff --git a/fs/lockd/svc4proc.c b/fs/lockd/svc4proc.c
index b147d1a..09c576f 100644
--- a/fs/lockd/svc4proc.c
+++ b/fs/lockd/svc4proc.c
@@ -421,7 +421,7 @@ nlm4svc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
return rpc_system_err;
}
- nlm_host_rebooted(argp);
+ nlm_host_rebooted(SVC_NET(rqstp), argp);
return rpc_success;
}
diff --git a/fs/lockd/svcproc.c b/fs/lockd/svcproc.c
index 21171f0..fb26b9f 100644
--- a/fs/lockd/svcproc.c
+++ b/fs/lockd/svcproc.c
@@ -464,7 +464,7 @@ nlmsvc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
return rpc_system_err;
}
- nlm_host_rebooted(argp);
+ nlm_host_rebooted(SVC_NET(rqstp), argp);
return rpc_success;
}
diff --git a/include/linux/lockd/lockd.h b/include/linux/lockd/lockd.h
index ff82a32..fd3b65b 100644
--- a/include/linux/lockd/lockd.h
+++ b/include/linux/lockd/lockd.h
@@ -235,7 +235,8 @@ void nlm_rebind_host(struct nlm_host *);
struct nlm_host * nlm_get_host(struct nlm_host *);
void nlm_shutdown_hosts(void);
void nlm_shutdown_hosts_net(struct net *net);
-void nlm_host_rebooted(const struct nlm_reboot *);
+void nlm_host_rebooted(const struct net *net,
+ const struct nlm_reboot *);
/*
* Host monitoring
@@ -243,11 +244,13 @@ void nlm_host_rebooted(const struct nlm_reboot *);
int nsm_monitor(const struct nlm_host *host);
void nsm_unmonitor(const struct nlm_host *host);
-struct nsm_handle *nsm_get_handle(const struct sockaddr *sap,
+struct nsm_handle *nsm_get_handle(const struct net *net,
+ const struct sockaddr *sap,
const size_t salen,
const char *hostname,
const size_t hostname_len);
-struct nsm_handle *nsm_reboot_lookup(const struct nlm_reboot *info);
+struct nsm_handle *nsm_reboot_lookup(const struct net *net,
+ const struct nlm_reboot *info);
void nsm_release(struct nsm_handle *nsm);
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 042/211] iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (40 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 041/211] lockd: create NSM handles per net namespace Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 043/211] iommu/arm-smmu: Fix error checking for ASID and VMID allocation Kamal Mostafa
` (168 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Woodhouse, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <David.Woodhouse@intel.com>
commit d14053b3c714178525f22660e6aaf41263d00056 upstream.
The VT-d specification says that "Software must enable ATS on endpoint
devices behind a Root Port only if the Root Port is reported as
supporting ATS transactions."
We walk up the tree to find a Root Port, but for integrated devices we
don't find one — we get to the host bridge. In that case we *should*
allow ATS. Currently we don't, which means that we are incorrectly
failing to use ATS for the integrated graphics. Fix that.
We should never break out of this loop "naturally" with bus==NULL,
since we'll always find bridge==NULL in that case (and now return 1).
So remove the check for (!bridge) after the loop, since it can never
happen. If it did, it would be worthy of a BUG_ON(!bridge). But since
it'll oops anyway in that case, that'll do just as well.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iommu/intel-iommu.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index bd1b8ad..66e94b8 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -4231,14 +4231,17 @@ int dmar_find_matched_atsr_unit(struct pci_dev *dev)
dev = pci_physfn(dev);
for (bus = dev->bus; bus; bus = bus->parent) {
bridge = bus->self;
- if (!bridge || !pci_is_pcie(bridge) ||
+ /* If it's an integrated device, allow ATS */
+ if (!bridge)
+ return 1;
+ /* Connected via non-PCIe: no ATS */
+ if (!pci_is_pcie(bridge) ||
pci_pcie_type(bridge) == PCI_EXP_TYPE_PCI_BRIDGE)
return 0;
+ /* If we found the root port, look it up in the ATSR */
if (pci_pcie_type(bridge) == PCI_EXP_TYPE_ROOT_PORT)
break;
}
- if (!bridge)
- return 0;
rcu_read_lock();
list_for_each_entry_rcu(atsru, &dmar_atsr_units, list) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 043/211] iommu/arm-smmu: Fix error checking for ASID and VMID allocation
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (41 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 042/211] iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 044/211] jbd2: fix checkpoint list cleanup Kamal Mostafa
` (167 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Will Deacon, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
commit c0733a2cf30c1e7923b6ad4f8df67941502923de upstream.
The bitmap allocator returns an int, which is one of the standard
negative values on failure. Rather than assigning this straight to a
u16 (like we do for the ASID and VMID callers), which means that we
won't detect failure correctly, use an int for the purposes of error
checking.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iommu/arm-smmu-v3.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index da902ba..97d376a 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -1445,7 +1445,7 @@ static int arm_smmu_domain_finalise_s1(struct arm_smmu_domain *smmu_domain,
struct io_pgtable_cfg *pgtbl_cfg)
{
int ret;
- u16 asid;
+ int asid;
struct arm_smmu_device *smmu = smmu_domain->smmu;
struct arm_smmu_s1_cfg *cfg = &smmu_domain->s1_cfg;
@@ -1457,10 +1457,11 @@ static int arm_smmu_domain_finalise_s1(struct arm_smmu_domain *smmu_domain,
&cfg->cdptr_dma, GFP_KERNEL);
if (!cfg->cdptr) {
dev_warn(smmu->dev, "failed to allocate context descriptor\n");
+ ret = -ENOMEM;
goto out_free_asid;
}
- cfg->cd.asid = asid;
+ cfg->cd.asid = (u16)asid;
cfg->cd.ttbr = pgtbl_cfg->arm_lpae_s1_cfg.ttbr[0];
cfg->cd.tcr = pgtbl_cfg->arm_lpae_s1_cfg.tcr;
cfg->cd.mair = pgtbl_cfg->arm_lpae_s1_cfg.mair[0];
@@ -1474,7 +1475,7 @@ out_free_asid:
static int arm_smmu_domain_finalise_s2(struct arm_smmu_domain *smmu_domain,
struct io_pgtable_cfg *pgtbl_cfg)
{
- u16 vmid;
+ int vmid;
struct arm_smmu_device *smmu = smmu_domain->smmu;
struct arm_smmu_s2_cfg *cfg = &smmu_domain->s2_cfg;
@@ -1482,7 +1483,7 @@ static int arm_smmu_domain_finalise_s2(struct arm_smmu_domain *smmu_domain,
if (IS_ERR_VALUE(vmid))
return vmid;
- cfg->vmid = vmid;
+ cfg->vmid = (u16)vmid;
cfg->vttbr = pgtbl_cfg->arm_lpae_s2_cfg.vttbr;
cfg->vtcr = pgtbl_cfg->arm_lpae_s2_cfg.vtcr;
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 044/211] jbd2: fix checkpoint list cleanup
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (42 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 043/211] iommu/arm-smmu: Fix error checking for ASID and VMID allocation Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 045/211] [PATCH] fix calculation of meta_bg descriptor backups Kamal Mostafa
` (166 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jan Kara, Theodore Ts'o, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.com>
commit 33d14975e5ac469963d5d63856b61698ad0bff07 upstream.
Unlike comments and expectation of callers journal_clean_one_cp_list()
returned 1 not only if it freed the transaction but also if it freed
some buffers in the transaction. That could make
__jbd2_journal_clean_checkpoint_list() skip processing
t_checkpoint_io_list and continue with processing the next transaction.
This is mostly a cosmetic issue since the only result is we can
sometimes free less memory than we could. But it's still worth fixing.
Fix journal_clean_one_cp_list() to return 1 only if the transaction was
really freed.
Fixes: 50849db32a9f529235a84bcc84a6b8e631b1d0ec
Signed-off-by: Jan Kara <jack@suse.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/jbd2/checkpoint.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c
index 8c44654..684996c 100644
--- a/fs/jbd2/checkpoint.c
+++ b/fs/jbd2/checkpoint.c
@@ -427,7 +427,6 @@ static int journal_clean_one_cp_list(struct journal_head *jh, bool destroy)
struct journal_head *last_jh;
struct journal_head *next_jh = jh;
int ret;
- int freed = 0;
if (!jh)
return 0;
@@ -441,10 +440,9 @@ static int journal_clean_one_cp_list(struct journal_head *jh, bool destroy)
else
ret = __jbd2_journal_remove_checkpoint(jh) + 1;
if (!ret)
- return freed;
+ return 0;
if (ret == 2)
return 1;
- freed = 1;
/*
* This function only frees up some memory
* if possible so we dont have an obligation
@@ -452,10 +450,10 @@ static int journal_clean_one_cp_list(struct journal_head *jh, bool destroy)
* requested:
*/
if (need_resched())
- return freed;
+ return 0;
} while (jh != last_jh);
- return freed;
+ return 0;
}
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 045/211] [PATCH] fix calculation of meta_bg descriptor backups
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (43 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 044/211] jbd2: fix checkpoint list cleanup Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 046/211] vTPM: fix memory allocation flag for rtce buffer at kernel boot Kamal Mostafa
` (165 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andy Leiserson, Theodore Ts'o, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Leiserson <andy@leiserson.org>
commit 904dad4742d211b7a8910e92695c0fa957483836 upstream.
"group" is the group where the backup will be placed, and is
initialized to zero in the declaration. This meant that backups for
meta_bg descriptors were erroneously written to the backup block group
descriptors in groups 1 and (desc_per_block-1).
Reproduction information:
mke2fs -Fq -t ext4 -b 1024 -O ^resize_inode /tmp/foo.img 16G
truncate -s 24G /tmp/foo.img
losetup /dev/loop0 /tmp/foo.img
mount /dev/loop0 /mnt
resize2fs /dev/loop0
umount /dev/loop0
dd if=/dev/zero of=/dev/loop0 bs=1024 count=2
e2fsck -fy /dev/loop0
losetup -d /dev/loop0
Signed-off-by: Andy Leiserson <andy@leiserson.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext4/resize.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index cf0c472..c7c53fd 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1040,7 +1040,7 @@ exit_free:
* do not copy the full number of backups at this time. The resize
* which changed s_groups_count will backup again.
*/
-static void update_backups(struct super_block *sb, int blk_off, char *data,
+static void update_backups(struct super_block *sb, sector_t blk_off, char *data,
int size, int meta_bg)
{
struct ext4_sb_info *sbi = EXT4_SB(sb);
@@ -1065,7 +1065,7 @@ static void update_backups(struct super_block *sb, int blk_off, char *data,
group = ext4_list_backups(sb, &three, &five, &seven);
last = sbi->s_groups_count;
} else {
- group = ext4_meta_bg_first_group(sb, group) + 1;
+ group = ext4_get_group_number(sb, blk_off) + 1;
last = (ext4_group_t)(group + EXT4_DESC_PER_BLOCK(sb) - 2);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 046/211] vTPM: fix memory allocation flag for rtce buffer at kernel boot
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (44 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 045/211] [PATCH] fix calculation of meta_bg descriptor backups Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 047/211] tpm, tpm_crb: fix unaligned read of the command buffer address Kamal Mostafa
` (164 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hon Ching(Vicky) Lo, Peter Huewe, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Hon Ching \\\\(Vicky\\\\) Lo" <honclo@linux.vnet.ibm.com>
commit 60ecd86c4d985750efa0ea3d8610972b09951715 upstream.
At ibm vtpm initialzation, tpm_ibmvtpm_probe() registers its interrupt
handler, ibmvtpm_interrupt, which calls ibmvtpm_crq_process to allocate
memory for rtce buffer. The current code uses 'GFP_KERNEL' as the
type of kernel memory allocation, which resulted a warning at
kernel/lockdep.c. This patch uses 'GFP_ATOMIC' instead so that the
allocation is high-priority and does not sleep.
Signed-off-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm_ibmvtpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
index 27ebf95..3e6a226 100644
--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/drivers/char/tpm/tpm_ibmvtpm.c
@@ -491,7 +491,7 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq,
}
ibmvtpm->rtce_size = be16_to_cpu(crq->len);
ibmvtpm->rtce_buf = kmalloc(ibmvtpm->rtce_size,
- GFP_KERNEL);
+ GFP_ATOMIC);
if (!ibmvtpm->rtce_buf) {
dev_err(ibmvtpm->dev, "Failed to allocate memory for rtce buffer\n");
return;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 047/211] tpm, tpm_crb: fix unaligned read of the command buffer address
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (45 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 046/211] vTPM: fix memory allocation flag for rtce buffer at kernel boot Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 048/211] tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0 Kamal Mostafa
` (163 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jarkko Sakkinen, Peter Huewe, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
commit 149789ce9d472e6b4fd99336e779ab843754a96c upstream.
The command buffer address must be read with exactly two 32-bit reads.
Otherwise, on some HW platforms, it seems that HW will abort the read
operation, which causes CPU to fill the read bytes with 1's. Therefore,
we cannot rely on memcpy_fromio() but must call ioread32() two times
instead.
Also, this matches the PC Client Platform TPM Profile specification,
which defines command buffer address with two 32-bit fields.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm_crb.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index 1267322..83068fa 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -74,7 +74,8 @@ struct crb_control_area {
u32 int_enable;
u32 int_sts;
u32 cmd_size;
- u64 cmd_pa;
+ u32 cmd_pa_low;
+ u32 cmd_pa_high;
u32 rsp_size;
u64 rsp_pa;
} __packed;
@@ -273,8 +274,8 @@ static int crb_acpi_add(struct acpi_device *device)
return -ENOMEM;
}
- memcpy_fromio(&pa, &priv->cca->cmd_pa, 8);
- pa = le64_to_cpu(pa);
+ pa = ((u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_high)) << 32) |
+ (u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_low));
priv->cmd = devm_ioremap_nocache(dev, pa,
ioread32(&priv->cca->cmd_size));
if (!priv->cmd) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 048/211] tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (46 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 047/211] tpm, tpm_crb: fix unaligned read of the command buffer address Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 049/211] drm/amdgpu/gfx8: set TC_WB_ACTION_EN in RELEASE_MEM packet Kamal Mostafa
` (162 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jarkko Sakkinen, Peter Huewe, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
commit 399235dc6e95400a1322a9999e92073bc572f0c8 upstream.
Both for FIFO and CRB interface TCG has decided to use the same HID
MSFT0101. They can be differentiated by looking at the start method from
TPM2 ACPI table. This patches makes necessary fixes to tpm_tis and
tpm_crb modules in order to correctly detect, which module should be
used.
For MSFT0101 we must use struct acpi_driver because struct pnp_driver
has a 7 character limitation.
It turned out that the root cause in b371616b8 was not correct for
https://bugzilla.kernel.org/show_bug.cgi?id=98181.
v2:
* One fixup was missing from v1: is_tpm2_fifo -> is_fifo
v3:
* Use pnp_driver for existing HIDs and acpi_driver only for MSFT0101 in
order ensure backwards compatibility.
v4:
* Check for FIFO before doing *anything* in crb_acpi_add().
* There was return immediately after acpi_bus_unregister_driver() in
cleanup_tis(). This caused pnp_unregister_driver() not to be called.
Reported-by: Michael Saunders <mick.saunders@gmail.com>
Reported-by: Michael Marley <michael@michaelmarley.com>
Reported-by: Jethro Beekman <kernel@jbeekman.nl>
Reported-by: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Michael Marley <michael@michaelmarley.com>
Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com> (on TPM 1.2)
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm.h | 7 ++
drivers/char/tpm/tpm_crb.c | 32 +++-----
drivers/char/tpm/tpm_tis.c | 192 ++++++++++++++++++++++++++++++++++++++-------
3 files changed, 181 insertions(+), 50 deletions(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index f8319a0..39be5ac 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -115,6 +115,13 @@ enum tpm2_startup_types {
TPM2_SU_STATE = 0x0001,
};
+enum tpm2_start_method {
+ TPM2_START_ACPI = 2,
+ TPM2_START_FIFO = 6,
+ TPM2_START_CRB = 7,
+ TPM2_START_CRB_WITH_ACPI = 8,
+};
+
struct tpm_chip;
struct tpm_vendor_specific {
diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index 83068fa..4bb9727 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -34,12 +34,6 @@ enum crb_defaults {
CRB_ACPI_START_INDEX = 1,
};
-enum crb_start_method {
- CRB_SM_ACPI_START = 2,
- CRB_SM_CRB = 7,
- CRB_SM_CRB_WITH_ACPI_START = 8,
-};
-
struct acpi_tpm2 {
struct acpi_table_header hdr;
u16 platform_class;
@@ -221,12 +215,6 @@ static int crb_acpi_add(struct acpi_device *device)
u64 pa;
int rc;
- chip = tpmm_chip_alloc(dev, &tpm_crb);
- if (IS_ERR(chip))
- return PTR_ERR(chip);
-
- chip->flags = TPM_CHIP_FLAG_TPM2;
-
status = acpi_get_table(ACPI_SIG_TPM2, 1,
(struct acpi_table_header **) &buf);
if (ACPI_FAILURE(status)) {
@@ -234,13 +222,15 @@ static int crb_acpi_add(struct acpi_device *device)
return -ENODEV;
}
- /* At least some versions of AMI BIOS have a bug that TPM2 table has
- * zero address for the control area and therefore we must fail.
- */
- if (!buf->control_area_pa) {
- dev_err(dev, "TPM2 ACPI table has a zero address for the control area\n");
- return -EINVAL;
- }
+ /* Should the FIFO driver handle this? */
+ if (buf->start_method == TPM2_START_FIFO)
+ return -ENODEV;
+
+ chip = tpmm_chip_alloc(dev, &tpm_crb);
+ if (IS_ERR(chip))
+ return PTR_ERR(chip);
+
+ chip->flags = TPM_CHIP_FLAG_TPM2;
if (buf->hdr.length < sizeof(struct acpi_tpm2)) {
dev_err(dev, "TPM2 ACPI table has wrong size");
@@ -260,11 +250,11 @@ static int crb_acpi_add(struct acpi_device *device)
* report only ACPI start but in practice seems to require both
* ACPI start and CRB start.
*/
- if (sm == CRB_SM_CRB || sm == CRB_SM_CRB_WITH_ACPI_START ||
+ if (sm == TPM2_START_CRB || sm == TPM2_START_FIFO ||
!strcmp(acpi_device_hid(device), "MSFT0101"))
priv->flags |= CRB_FL_CRB_START;
- if (sm == CRB_SM_ACPI_START || sm == CRB_SM_CRB_WITH_ACPI_START)
+ if (sm == TPM2_START_ACPI || sm == TPM2_START_CRB_WITH_ACPI)
priv->flags |= CRB_FL_ACPI_START;
priv->cca = (struct crb_control_area __iomem *)
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index f2dffa7..696ef1d 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2005, 2006 IBM Corporation
- * Copyright (C) 2014 Intel Corporation
+ * Copyright (C) 2014, 2015 Intel Corporation
*
* Authors:
* Leendert van Doorn <leendert@watson.ibm.com>
@@ -28,6 +28,7 @@
#include <linux/wait.h>
#include <linux/acpi.h>
#include <linux/freezer.h>
+#include <acpi/actbl2.h>
#include "tpm.h"
enum tis_access {
@@ -65,6 +66,17 @@ enum tis_defaults {
TIS_LONG_TIMEOUT = 2000, /* 2 sec */
};
+struct tpm_info {
+ unsigned long start;
+ unsigned long len;
+ unsigned int irq;
+};
+
+static struct tpm_info tis_default_info = {
+ .start = TIS_MEM_BASE,
+ .len = TIS_MEM_LEN,
+ .irq = 0,
+};
/* Some timeout values are needed before it is known whether the chip is
* TPM 1.0 or TPM 2.0.
@@ -91,26 +103,54 @@ struct priv_data {
};
#if defined(CONFIG_PNP) && defined(CONFIG_ACPI)
-static int is_itpm(struct pnp_dev *dev)
+static int has_hid(struct acpi_device *dev, const char *hid)
{
- struct acpi_device *acpi = pnp_acpi_device(dev);
struct acpi_hardware_id *id;
- if (!acpi)
- return 0;
-
- list_for_each_entry(id, &acpi->pnp.ids, list) {
- if (!strcmp("INTC0102", id->id))
+ list_for_each_entry(id, &dev->pnp.ids, list)
+ if (!strcmp(hid, id->id))
return 1;
- }
return 0;
}
+
+static inline int is_itpm(struct acpi_device *dev)
+{
+ return has_hid(dev, "INTC0102");
+}
+
+static inline int is_fifo(struct acpi_device *dev)
+{
+ struct acpi_table_tpm2 *tbl;
+ acpi_status st;
+
+ /* TPM 1.2 FIFO */
+ if (!has_hid(dev, "MSFT0101"))
+ return 1;
+
+ st = acpi_get_table(ACPI_SIG_TPM2, 1,
+ (struct acpi_table_header **) &tbl);
+ if (ACPI_FAILURE(st)) {
+ dev_err(&dev->dev, "failed to get TPM2 ACPI table\n");
+ return 0;
+ }
+
+ if (le32_to_cpu(tbl->start_method) != TPM2_START_FIFO)
+ return 0;
+
+ /* TPM 2.0 FIFO */
+ return 1;
+}
#else
-static inline int is_itpm(struct pnp_dev *dev)
+static inline int is_itpm(struct acpi_device *dev)
{
return 0;
}
+
+static inline int is_fifo(struct acpi_device *dev)
+{
+ return 1;
+}
#endif
/* Before we attempt to access the TPM we must see that the valid bit is set.
@@ -600,9 +640,8 @@ static void tpm_tis_remove(struct tpm_chip *chip)
release_locality(chip, chip->vendor.locality, 1);
}
-static int tpm_tis_init(struct device *dev, acpi_handle acpi_dev_handle,
- resource_size_t start, resource_size_t len,
- unsigned int irq)
+static int tpm_tis_init(struct device *dev, struct tpm_info *tpm_info,
+ acpi_handle acpi_dev_handle)
{
u32 vendor, intfcaps, intmask;
int rc, i, irq_s, irq_e, probe;
@@ -622,7 +661,7 @@ static int tpm_tis_init(struct device *dev, acpi_handle acpi_dev_handle,
chip->acpi_dev_handle = acpi_dev_handle;
#endif
- chip->vendor.iobase = devm_ioremap(dev, start, len);
+ chip->vendor.iobase = devm_ioremap(dev, tpm_info->start, tpm_info->len);
if (!chip->vendor.iobase)
return -EIO;
@@ -707,7 +746,7 @@ static int tpm_tis_init(struct device *dev, acpi_handle acpi_dev_handle,
chip->vendor.iobase +
TPM_INT_ENABLE(chip->vendor.locality));
if (interrupts)
- chip->vendor.irq = irq;
+ chip->vendor.irq = tpm_info->irq;
if (interrupts && !chip->vendor.irq) {
irq_s =
ioread8(chip->vendor.iobase +
@@ -890,27 +929,27 @@ static SIMPLE_DEV_PM_OPS(tpm_tis_pm, tpm_pm_suspend, tpm_tis_resume);
static int tpm_tis_pnp_init(struct pnp_dev *pnp_dev,
const struct pnp_device_id *pnp_id)
{
- resource_size_t start, len;
- unsigned int irq = 0;
+ struct tpm_info tpm_info = tis_default_info;
acpi_handle acpi_dev_handle = NULL;
- start = pnp_mem_start(pnp_dev, 0);
- len = pnp_mem_len(pnp_dev, 0);
+ tpm_info.start = pnp_mem_start(pnp_dev, 0);
+ tpm_info.len = pnp_mem_len(pnp_dev, 0);
if (pnp_irq_valid(pnp_dev, 0))
- irq = pnp_irq(pnp_dev, 0);
+ tpm_info.irq = pnp_irq(pnp_dev, 0);
else
interrupts = false;
- if (is_itpm(pnp_dev))
- itpm = true;
-
#ifdef CONFIG_ACPI
- if (pnp_acpi_device(pnp_dev))
+ if (pnp_acpi_device(pnp_dev)) {
+ if (is_itpm(pnp_acpi_device(pnp_dev)))
+ itpm = true;
+
acpi_dev_handle = pnp_acpi_device(pnp_dev)->handle;
+ }
#endif
- return tpm_tis_init(&pnp_dev->dev, acpi_dev_handle, start, len, irq);
+ return tpm_tis_init(&pnp_dev->dev, &tpm_info, acpi_dev_handle);
}
static struct pnp_device_id tpm_pnp_tbl[] = {
@@ -930,6 +969,7 @@ MODULE_DEVICE_TABLE(pnp, tpm_pnp_tbl);
static void tpm_tis_pnp_remove(struct pnp_dev *dev)
{
struct tpm_chip *chip = pnp_get_drvdata(dev);
+
tpm_chip_unregister(chip);
tpm_tis_remove(chip);
}
@@ -950,6 +990,79 @@ module_param_string(hid, tpm_pnp_tbl[TIS_HID_USR_IDX].id,
MODULE_PARM_DESC(hid, "Set additional specific HID for this driver to probe");
#endif
+#ifdef CONFIG_ACPI
+static int tpm_check_resource(struct acpi_resource *ares, void *data)
+{
+ struct tpm_info *tpm_info = (struct tpm_info *) data;
+ struct resource res;
+
+ if (acpi_dev_resource_interrupt(ares, 0, &res)) {
+ tpm_info->irq = res.start;
+ } else if (acpi_dev_resource_memory(ares, &res)) {
+ tpm_info->start = res.start;
+ tpm_info->len = resource_size(&res);
+ }
+
+ return 1;
+}
+
+static int tpm_tis_acpi_init(struct acpi_device *acpi_dev)
+{
+ struct list_head resources;
+ struct tpm_info tpm_info = tis_default_info;
+ int ret;
+
+ if (!is_fifo(acpi_dev))
+ return -ENODEV;
+
+ INIT_LIST_HEAD(&resources);
+ ret = acpi_dev_get_resources(acpi_dev, &resources, tpm_check_resource,
+ &tpm_info);
+ if (ret < 0)
+ return ret;
+
+ acpi_dev_free_resource_list(&resources);
+
+ if (!tpm_info.irq)
+ interrupts = false;
+
+ if (is_itpm(acpi_dev))
+ itpm = true;
+
+ return tpm_tis_init(&acpi_dev->dev, &tpm_info, acpi_dev->handle);
+}
+
+static int tpm_tis_acpi_remove(struct acpi_device *dev)
+{
+ struct tpm_chip *chip = dev_get_drvdata(&dev->dev);
+
+ tpm_chip_unregister(chip);
+ tpm_tis_remove(chip);
+
+ return 0;
+}
+
+static struct acpi_device_id tpm_acpi_tbl[] = {
+ {"MSFT0101", 0}, /* TPM 2.0 */
+ /* Add new here */
+ {"", 0}, /* User Specified */
+ {"", 0} /* Terminator */
+};
+MODULE_DEVICE_TABLE(acpi, tpm_acpi_tbl);
+
+static struct acpi_driver tis_acpi_driver = {
+ .name = "tpm_tis",
+ .ids = tpm_acpi_tbl,
+ .ops = {
+ .add = tpm_tis_acpi_init,
+ .remove = tpm_tis_acpi_remove,
+ },
+ .drv = {
+ .pm = &tpm_tis_pm,
+ },
+};
+#endif
+
static struct platform_driver tis_drv = {
.driver = {
.name = "tpm_tis",
@@ -966,9 +1079,25 @@ static int __init init_tis(void)
{
int rc;
#ifdef CONFIG_PNP
- if (!force)
- return pnp_register_driver(&tis_pnp_driver);
+ if (!force) {
+ rc = pnp_register_driver(&tis_pnp_driver);
+ if (rc)
+ return rc;
+ }
+#endif
+#ifdef CONFIG_ACPI
+ if (!force) {
+ rc = acpi_bus_register_driver(&tis_acpi_driver);
+ if (rc) {
+#ifdef CONFIG_PNP
+ pnp_unregister_driver(&tis_pnp_driver);
#endif
+ return rc;
+ }
+ }
+#endif
+ if (!force)
+ return 0;
rc = platform_driver_register(&tis_drv);
if (rc < 0)
@@ -978,7 +1107,7 @@ static int __init init_tis(void)
rc = PTR_ERR(pdev);
goto err_dev;
}
- rc = tpm_tis_init(&pdev->dev, NULL, TIS_MEM_BASE, TIS_MEM_LEN, 0);
+ rc = tpm_tis_init(&pdev->dev, &tis_default_info, NULL);
if (rc)
goto err_init;
return 0;
@@ -992,9 +1121,14 @@ err_dev:
static void __exit cleanup_tis(void)
{
struct tpm_chip *chip;
-#ifdef CONFIG_PNP
+#if defined(CONFIG_PNP) || defined(CONFIG_ACPI)
if (!force) {
+#ifdef CONFIG_ACPI
+ acpi_bus_unregister_driver(&tis_acpi_driver);
+#endif
+#ifdef CONFIG_PNP
pnp_unregister_driver(&tis_pnp_driver);
+#endif
return;
}
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 049/211] drm/amdgpu/gfx8: set TC_WB_ACTION_EN in RELEASE_MEM packet
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (47 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 048/211] tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0 Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 050/211] spi: dw: explicitly free IRQ handler in dw_spi_remove_host() Kamal Mostafa
` (161 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit a3d5aaa836ed993747af7b53cfca1b3cd3c9fc46 upstream.
This is the recommended setting from the hw team for newer
versions of the firmware.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
index 20e2cfd..6c0bfc3 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
@@ -4017,6 +4017,7 @@ static void gfx_v8_0_ring_emit_fence_compute(struct amdgpu_ring *ring,
amdgpu_ring_write(ring, PACKET3(PACKET3_RELEASE_MEM, 5));
amdgpu_ring_write(ring, (EOP_TCL1_ACTION_EN |
EOP_TC_ACTION_EN |
+ EOP_TC_WB_ACTION_EN |
EVENT_TYPE(CACHE_FLUSH_AND_INV_TS_EVENT) |
EVENT_INDEX(5)));
amdgpu_ring_write(ring, DATA_SEL(write64bit ? 2 : 1) | INT_SEL(int_sel ? 2 : 0));
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 050/211] spi: dw: explicitly free IRQ handler in dw_spi_remove_host()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (48 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 049/211] drm/amdgpu/gfx8: set TC_WB_ACTION_EN in RELEASE_MEM packet Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 051/211] [media] media: vb2 dma-contig: Fully cache synchronise buffers in prepare and finish Kamal Mostafa
` (160 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andy Shevchenko, Mark Brown, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 02f20387e1bca550639c37b1945f20cd32ddfcce upstream.
The following warning occurs when DW SPI is compiled as a module and it's a PCI
device. On the removal stage pcibios_free_irq() is called earlier than
free_irq() due to the latter is called at managed resources free strage.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1003 at /home/andy/prj/linux/fs/proc/generic.c:575 remove_proc_entry+0x118/0x150()
remove_proc_entry: removing non-empty directory 'irq/38', leaking at least 'dw_spi1'
Modules linked in: spi_dw_midpci(-) spi_dw [last unloaded: dw_dmac_core]
CPU: 1 PID: 1003 Comm: modprobe Not tainted 4.3.0-rc5-next-20151013+ #32
00000000 00000000 f5535d70 c12dc220 f5535db0 f5535da0 c104e912 c198a6bc
f5535dcc 000003eb c198a638 0000023f c11b4098 c11b4098 f54f1ec8 f54f1ea0
f642ba20 f5535db8 c104e96e 00000009 f5535db0 c198a6bc f5535dcc f5535df0
Call Trace:
[<c12dc220>] dump_stack+0x41/0x61
[<c104e912>] warn_slowpath_common+0x82/0xb0
[<c11b4098>] ? remove_proc_entry+0x118/0x150
[<c11b4098>] ? remove_proc_entry+0x118/0x150
[<c104e96e>] warn_slowpath_fmt+0x2e/0x30
[<c11b4098>] remove_proc_entry+0x118/0x150
[<c109b96a>] unregister_irq_proc+0xaa/0xc0
[<c109575e>] free_desc+0x1e/0x60
[<c10957d2>] irq_free_descs+0x32/0x70
[<c109b1a0>] irq_domain_free_irqs+0x120/0x150
[<c1039e8c>] mp_unmap_irq+0x5c/0x60
[<c16277b0>] intel_mid_pci_irq_disable+0x20/0x40
[<c1627c7f>] pcibios_free_irq+0xf/0x20
[<c13189f2>] pci_device_remove+0x52/0xb0
[<c13f6367>] __device_release_driver+0x77/0x100
[<c13f6da7>] driver_detach+0x87/0x90
[<c13f5eaa>] bus_remove_driver+0x4a/0xc0
[<c128bf0d>] ? selinux_capable+0xd/0x10
[<c13f7483>] driver_unregister+0x23/0x60
[<c10bad8a>] ? find_module_all+0x5a/0x80
[<c1317413>] pci_unregister_driver+0x13/0x60
[<f80ac654>] dw_spi_driver_exit+0xd/0xf [spi_dw_midpci]
[<c10bce9a>] SyS_delete_module+0x17a/0x210
Explicitly call free_irq() at removal stage of the DW SPI driver.
Fixes: 04f421e7b0b1 (spi: dw: use managed resources)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
[ kamal: backport to 4.2-stable: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/spi/spi-dw.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-dw.c b/drivers/spi/spi-dw.c
index 4fbfcdc..0f9d6c1 100644
--- a/drivers/spi/spi-dw.c
+++ b/drivers/spi/spi-dw.c
@@ -527,8 +527,7 @@ int dw_spi_add_host(struct device *dev, struct dw_spi *dws)
dws->dma_addr = (dma_addr_t)(dws->paddr + 0x60);
snprintf(dws->name, sizeof(dws->name), "dw_spi%d", dws->bus_num);
- ret = devm_request_irq(dev, dws->irq, dw_spi_irq, IRQF_SHARED,
- dws->name, master);
+ ret = request_irq(dws->irq, dw_spi_irq, IRQF_SHARED, dws->name, master);
if (ret < 0) {
dev_err(&master->dev, "can not get IRQ\n");
goto err_free_master;
@@ -573,6 +572,7 @@ err_dma_exit:
if (dws->dma_ops && dws->dma_ops->dma_exit)
dws->dma_ops->dma_exit(dws);
spi_enable_chip(dws, 0);
+ free_irq(dws->irq, master);
err_free_master:
spi_master_put(master);
return ret;
@@ -590,6 +590,8 @@ void dw_spi_remove_host(struct dw_spi *dws)
spi_enable_chip(dws, 0);
/* Disable clk */
spi_set_clk(dws, 0);
+
+ free_irq(dws->irq, dws->master);
}
EXPORT_SYMBOL_GPL(dw_spi_remove_host);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 051/211] [media] media: vb2 dma-contig: Fully cache synchronise buffers in prepare and finish
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (49 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 050/211] spi: dw: explicitly free IRQ handler in dw_spi_remove_host() Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 052/211] [media] media: vb2 dma-sg: " Kamal Mostafa
` (159 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tiffany Lin, Sakari Ailus, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiffany Lin <tiffany.lin@mediatek.com>
commit d9a985883fa32453d099d6293188c11d75cef1fa upstream.
In videobuf2 dma-contig memory type the prepare and finish ops, instead of
passing the number of entries in the original scatterlist as the "nents"
parameter to dma_sync_sg_for_device() and dma_sync_sg_for_cpu(), the value
returned by dma_map_sg() was used. Albeit this has been suggested in
comments of some implementations (which have since been corrected), this
is wrong.
Fixes: 199d101efdba ("v4l: vb2-dma-contig: add prepare/finish to dma-contig allocator")
Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/v4l2-core/videobuf2-dma-contig.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/media/v4l2-core/videobuf2-dma-contig.c b/drivers/media/v4l2-core/videobuf2-dma-contig.c
index 94c1e64..f8afbd0 100644
--- a/drivers/media/v4l2-core/videobuf2-dma-contig.c
+++ b/drivers/media/v4l2-core/videobuf2-dma-contig.c
@@ -120,7 +120,8 @@ static void vb2_dc_prepare(void *buf_priv)
if (!sgt || buf->db_attach)
return;
- dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
+ dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->orig_nents,
+ buf->dma_dir);
}
static void vb2_dc_finish(void *buf_priv)
@@ -132,7 +133,7 @@ static void vb2_dc_finish(void *buf_priv)
if (!sgt || buf->db_attach)
return;
- dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
+ dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->orig_nents, buf->dma_dir);
}
/*********************************************/
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 052/211] [media] media: vb2 dma-sg: Fully cache synchronise buffers in prepare and finish
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (50 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 051/211] [media] media: vb2 dma-contig: Fully cache synchronise buffers in prepare and finish Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 053/211] [media] media/v4l2-ctrls: fix setting autocluster to manual with VIDIOC_S_CTRL Kamal Mostafa
` (158 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tiffany Lin, Sakari Ailus, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiffany Lin <tiffany.lin@mediatek.com>
commit 418dae2276065680bde7ae27d2c075e612a54de6 upstream.
In videobuf2 dma-sg memory types the prepare and finish ops, instead
of passing the number of entries in the original scatterlist as the
"nents" parameter to dma_sync_sg_for_device() and dma_sync_sg_for_cpu(),
the value returned by dma_map_sg() was used. Albeit this has been
suggested in comments of some implementations (which have since been
corrected), this is wrong.
Fixes: d790b7eda953 ("vb2-dma-sg: move dma_(un)map_sg here")
Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/v4l2-core/videobuf2-dma-sg.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/media/v4l2-core/videobuf2-dma-sg.c b/drivers/media/v4l2-core/videobuf2-dma-sg.c
index 7289b81..a0a4a62 100644
--- a/drivers/media/v4l2-core/videobuf2-dma-sg.c
+++ b/drivers/media/v4l2-core/videobuf2-dma-sg.c
@@ -210,7 +210,8 @@ static void vb2_dma_sg_prepare(void *buf_priv)
if (buf->db_attach)
return;
- dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
+ dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->orig_nents,
+ buf->dma_dir);
}
static void vb2_dma_sg_finish(void *buf_priv)
@@ -222,7 +223,7 @@ static void vb2_dma_sg_finish(void *buf_priv)
if (buf->db_attach)
return;
- dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
+ dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->orig_nents, buf->dma_dir);
}
static inline int vma_is_io(struct vm_area_struct *vma)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 053/211] [media] media/v4l2-ctrls: fix setting autocluster to manual with VIDIOC_S_CTRL
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (51 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 052/211] [media] media: vb2 dma-sg: " Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 054/211] i2c: at91: fix write transfers by clearing pending interrupt first Kamal Mostafa
` (157 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Antonio Ospite, Hans Verkuil, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Antonio Ospite <ao2@ao2.it>
commit 759b26a1d916400a1a20948eb964dea6ad0bd9e9 upstream.
Since commit 5d0360a4f027576e5419d4a7c711c9ca0f1be8ca it's not possible
anymore to set auto clusters from auto to manual using VIDIOC_S_CTRL.
For example, setting autogain to manual with gspca/ov534 driver and this
sequence of commands does not work:
v4l2-ctl --set-ctrl=gain_automatic=1
v4l2-ctl --list-ctrls | grep gain_automatic
# The following does not work
v4l2-ctl --set-ctrl=gain_automatic=0
v4l2-ctl --list-ctrls | grep gain_automatic
Changing the value using VIDIOC_S_EXT_CTRLS (like qv4l2 does) works
fine.
The apparent cause by looking at the changes in 5d0360a and comparing
with the code path for VIDIOC_S_EXT_CTRLS seems to be that the code in
v4l2-ctrls.c::set_ctrl() is not calling user_to_new() anymore after
calling update_from_auto_cluster(master).
However the root cause of the problem is that calling
update_from_auto_cluster(master) overrides also the _master_ control
state calling cur_to_new() while it was supposed to only update the
volatile controls.
Calling user_to_new() after update_from_auto_cluster(master) was just
masking the original bug by restoring the correct new value of the
master control before making the changes permanent.
Fix the original bug by making update_from_auto_cluster() not override
the new master control value.
Signed-off-by: Antonio Ospite <ao2@ao2.it>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/v4l2-core/v4l2-ctrls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c
index 78e7ca7..b2483ae 100644
--- a/drivers/media/v4l2-core/v4l2-ctrls.c
+++ b/drivers/media/v4l2-core/v4l2-ctrls.c
@@ -3058,7 +3058,7 @@ static void update_from_auto_cluster(struct v4l2_ctrl *master)
{
int i;
- for (i = 0; i < master->ncontrols; i++)
+ for (i = 1; i < master->ncontrols; i++)
cur_to_new(master->cluster[i]);
if (!call_op(master, g_volatile_ctrl))
for (i = 1; i < master->ncontrols; i++)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 054/211] i2c: at91: fix write transfers by clearing pending interrupt first
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (52 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 053/211] [media] media/v4l2-ctrls: fix setting autocluster to manual with VIDIOC_S_CTRL Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 055/211] spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word Kamal Mostafa
` (156 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Cyrille Pitchen, Ludovic Desroches, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Cyrille Pitchen <cyrille.pitchen@atmel.com>
commit 6f6ddbb09d2a5baded0e23add3ad2d9e9417ab30 upstream.
In some cases a NACK interrupt may be pending in the Status Register (SR)
as a result of a previous transfer. However at91_do_twi_transfer() did not
read the SR to clear pending interruptions before starting a new transfer.
Hence a NACK interrupt rose as soon as it was enabled again at the I2C
controller level, resulting in a wrong sequence of operations and strange
patterns of behaviour on the I2C bus, such as a clock stretch followed by
a restart of the transfer.
This first issue occurred with both DMA and PIO write transfers.
Also when a NACK error was detected during a PIO write transfer, the
interrupt handler used to wrongly start a new transfer by writing into the
Transmit Holding Register (THR). Then the I2C slave was likely to reply
with a second NACK.
This second issue is fixed in atmel_twi_interrupt() by handling the TXRDY
status bit only if both the TXCOMP and NACK status bits are cleared.
Tested with a at24 eeprom on sama5d36ek board running a linux-4.1-at91
kernel image. Adapted to linux-next.
Reported-by: Peter Rosin <peda@lysator.liu.se>
Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Tested-by: Peter Rosin <peda@lysator.liu.se>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Fixes: 93563a6a71bb ("i2c: at91: fix a race condition when using the DMA controller")
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-at91.c | 58 +++++++++++++++++++++++++++++++++++++------
1 file changed, 50 insertions(+), 8 deletions(-)
diff --git a/drivers/i2c/busses/i2c-at91.c b/drivers/i2c/busses/i2c-at91.c
index 1c758cd..94c087b 100644
--- a/drivers/i2c/busses/i2c-at91.c
+++ b/drivers/i2c/busses/i2c-at91.c
@@ -465,19 +465,57 @@ static irqreturn_t atmel_twi_interrupt(int irq, void *dev_id)
if (!irqstatus)
return IRQ_NONE;
- else if (irqstatus & AT91_TWI_RXRDY)
- at91_twi_read_next_byte(dev);
- else if (irqstatus & AT91_TWI_TXRDY)
- at91_twi_write_next_byte(dev);
-
- /* catch error flags */
- dev->transfer_status |= status;
+ /*
+ * When a NACK condition is detected, the I2C controller sets the NACK,
+ * TXCOMP and TXRDY bits all together in the Status Register (SR).
+ *
+ * 1 - Handling NACK errors with CPU write transfer.
+ *
+ * In such case, we should not write the next byte into the Transmit
+ * Holding Register (THR) otherwise the I2C controller would start a new
+ * transfer and the I2C slave is likely to reply by another NACK.
+ *
+ * 2 - Handling NACK errors with DMA write transfer.
+ *
+ * By setting the TXRDY bit in the SR, the I2C controller also triggers
+ * the DMA controller to write the next data into the THR. Then the
+ * result depends on the hardware version of the I2C controller.
+ *
+ * 2a - Without support of the Alternative Command mode.
+ *
+ * This is the worst case: the DMA controller is triggered to write the
+ * next data into the THR, hence starting a new transfer: the I2C slave
+ * is likely to reply by another NACK.
+ * Concurrently, this interrupt handler is likely to be called to manage
+ * the first NACK before the I2C controller detects the second NACK and
+ * sets once again the NACK bit into the SR.
+ * When handling the first NACK, this interrupt handler disables the I2C
+ * controller interruptions, especially the NACK interrupt.
+ * Hence, the NACK bit is pending into the SR. This is why we should
+ * read the SR to clear all pending interrupts at the beginning of
+ * at91_do_twi_transfer() before actually starting a new transfer.
+ *
+ * 2b - With support of the Alternative Command mode.
+ *
+ * When a NACK condition is detected, the I2C controller also locks the
+ * THR (and sets the LOCK bit in the SR): even though the DMA controller
+ * is triggered by the TXRDY bit to write the next data into the THR,
+ * this data actually won't go on the I2C bus hence a second NACK is not
+ * generated.
+ */
if (irqstatus & (AT91_TWI_TXCOMP | AT91_TWI_NACK)) {
at91_disable_twi_interrupts(dev);
complete(&dev->cmd_complete);
+ } else if (irqstatus & AT91_TWI_RXRDY) {
+ at91_twi_read_next_byte(dev);
+ } else if (irqstatus & AT91_TWI_TXRDY) {
+ at91_twi_write_next_byte(dev);
}
+ /* catch error flags */
+ dev->transfer_status |= status;
+
return IRQ_HANDLED;
}
@@ -487,6 +525,7 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
unsigned long time_left;
bool has_unre_flag = dev->pdata->has_unre_flag;
bool has_alt_cmd = dev->pdata->has_alt_cmd;
+ unsigned sr;
/*
* WARNING: the TXCOMP bit in the Status Register is NOT a clear on
@@ -537,6 +576,9 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
reinit_completion(&dev->cmd_complete);
dev->transfer_status = 0;
+ /* Clear pending interrupts, such as NACK. */
+ sr = at91_twi_read(dev, AT91_TWI_SR);
+
if (dev->fifo_size) {
unsigned fifo_mr = at91_twi_read(dev, AT91_TWI_FMR);
@@ -558,7 +600,7 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
} else if (dev->msg->flags & I2C_M_RD) {
unsigned start_flags = AT91_TWI_START;
- if (at91_twi_read(dev, AT91_TWI_SR) & AT91_TWI_RXRDY) {
+ if (sr & AT91_TWI_RXRDY) {
dev_err(dev->dev, "RXRDY still set!");
at91_twi_read(dev, AT91_TWI_RHR);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 055/211] spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (53 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 054/211] i2c: at91: fix write transfers by clearing pending interrupt first Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 056/211] ACPI: Use correct IRQ when uninstalling ACPI interrupt handler Kamal Mostafa
` (155 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Mosberger, Nicolas Ferre, Mark Brown, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Mosberger-Tang <davidm@egauge.net>
commit 06515f83908d038d9e12ffa3dcca27a1b67f2de0 upstream.
The DMA-slave configuration depends on the whether <= 8 or > 8 bits
are transferred per word, so we need to call
atmel_spi_dma_slave_config() with the correct value.
Signed-off-by: David Mosberger <davidm@egauge.net>
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/spi/spi-atmel.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-atmel.c b/drivers/spi/spi-atmel.c
index c9eca34..a89ea0d 100644
--- a/drivers/spi/spi-atmel.c
+++ b/drivers/spi/spi-atmel.c
@@ -774,7 +774,8 @@ static int atmel_spi_next_xfer_dma_submit(struct spi_master *master,
*plen = len;
- if (atmel_spi_dma_slave_config(as, &slave_config, 8))
+ if (atmel_spi_dma_slave_config(as, &slave_config,
+ xfer->bits_per_word))
goto err_exit;
/* Send both scatterlists */
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 056/211] ACPI: Use correct IRQ when uninstalling ACPI interrupt handler
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (54 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 055/211] spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 057/211] ACPI: Using correct irq when waiting for events Kamal Mostafa
` (154 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chen Yu, Rafael J. Wysocki, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Yu <yu.c.chen@intel.com>
commit 49e4b84333f338d4f183f28f1f3c1131b9fb2b5a upstream.
Currently when the system is trying to uninstall the ACPI interrupt
handler, it uses acpi_gbl_FADT.sci_interrupt as the IRQ number.
However, the IRQ number that the ACPI interrupt handled is installed
for comes from acpi_gsi_to_irq() and that is the number that should
be used for the handler removal.
Fix this problem by using the mapped IRQ returned from acpi_gsi_to_irq()
as appropriate.
Acked-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/acpi/osl.c | 9 ++++++---
include/linux/acpi.h | 6 ++++++
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 3b8963f..9323096 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -83,6 +83,7 @@ static void *acpi_irq_context;
static struct workqueue_struct *kacpid_wq;
static struct workqueue_struct *kacpi_notify_wq;
static struct workqueue_struct *kacpi_hotplug_wq;
+unsigned int acpi_sci_irq = INVALID_ACPI_IRQ;
/*
* This list of permanent mappings is for memory that may be accessed from
@@ -858,17 +859,19 @@ acpi_os_install_interrupt_handler(u32 gsi, acpi_osd_handler handler,
acpi_irq_handler = NULL;
return AE_NOT_ACQUIRED;
}
+ acpi_sci_irq = irq;
return AE_OK;
}
-acpi_status acpi_os_remove_interrupt_handler(u32 irq, acpi_osd_handler handler)
+acpi_status acpi_os_remove_interrupt_handler(u32 gsi, acpi_osd_handler handler)
{
- if (irq != acpi_gbl_FADT.sci_interrupt)
+ if (gsi != acpi_gbl_FADT.sci_interrupt || !acpi_sci_irq_valid())
return AE_BAD_PARAMETER;
- free_irq(irq, acpi_irq);
+ free_irq(acpi_sci_irq, acpi_irq);
acpi_irq_handler = NULL;
+ acpi_sci_irq = INVALID_ACPI_IRQ;
return AE_OK;
}
diff --git a/include/linux/acpi.h b/include/linux/acpi.h
index 0b2394f..b92ec06 100644
--- a/include/linux/acpi.h
+++ b/include/linux/acpi.h
@@ -197,6 +197,12 @@ int acpi_ioapic_registered(acpi_handle handle, u32 gsi_base);
void acpi_irq_stats_init(void);
extern u32 acpi_irq_handled;
extern u32 acpi_irq_not_handled;
+extern unsigned int acpi_sci_irq;
+#define INVALID_ACPI_IRQ ((unsigned)-1)
+static inline bool acpi_sci_irq_valid(void)
+{
+ return acpi_sci_irq != INVALID_ACPI_IRQ;
+}
extern int sbf_port;
extern unsigned long acpi_realmode_flags;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 057/211] ACPI: Using correct irq when waiting for events
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (55 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 056/211] ACPI: Use correct IRQ when uninstalling ACPI interrupt handler Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 058/211] ACPI / PM: Fix incorrect wakeup IRQ setting during suspend-to-idle Kamal Mostafa
` (153 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chen Yu, Rafael J. Wysocki, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Yu <yu.c.chen@intel.com>
commit efb1cf7d28b8aeacec53e9ba8f3f2809c5cb9686 upstream.
When the system is waiting for GPE/fixed event handler to finish,
it uses acpi_gbl_FADT.sci_interrupt directly as the IRQ number.
However, the remapped IRQ returned by acpi_gsi_to_irq() should be
passed to synchronize_hardirq() instead of it.
Acked-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/acpi/osl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 9323096..9d5436f 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -1213,8 +1213,8 @@ void acpi_os_wait_events_complete(void)
* Make sure the GPE handler or the fixed event handler is not used
* on another CPU after removal.
*/
- if (acpi_irq_handler)
- synchronize_hardirq(acpi_gbl_FADT.sci_interrupt);
+ if (acpi_sci_irq_valid())
+ synchronize_hardirq(acpi_sci_irq);
flush_workqueue(kacpid_wq);
flush_workqueue(kacpi_notify_wq);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 058/211] ACPI / PM: Fix incorrect wakeup IRQ setting during suspend-to-idle
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (56 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 057/211] ACPI: Using correct irq when waiting for events Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 059/211] i2c: at91: manage unexpected RXRDY flag when starting a transfer Kamal Mostafa
` (152 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chen Yu, Rafael J. Wysocki, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Yu <yu.c.chen@intel.com>
commit 8c01275e0cdf1959aa25c322fd5870c097733195 upstream.
For an ACPI compatible system, the SCI (ACPI System Control
Interrupt) is used to wake the system up from suspend-to-idle.
Once the CPU is woken up by the SCI, the interrupt handler will
first check if the current IRQ has been configured for system
wakeup, so irq_pm_check_wakeup() is invoked to validate the IRQ
number. However, during suspend-to-idle, enable_irq_wake() is
called for acpi_gbl_FADT.sci_interrupt, although the IRQ number
that the SCI handler has been installed for should be passed to
it instead. Thus, if acpi_gbl_FADT.sci_interrupt happens to be
different from that number, ACPI interrupts will not be able to
wake up the system from sleep.
Fix this problem by passing the IRQ number returned by
acpi_gsi_to_irq() to enable_irq_wake() instead of
acpi_gbl_FADT.sci_interrupt.
Acked-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/acpi/sleep.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index 2f0d4db..3fe1fbe 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -632,14 +632,16 @@ static int acpi_freeze_prepare(void)
acpi_enable_wakeup_devices(ACPI_STATE_S0);
acpi_enable_all_wakeup_gpes();
acpi_os_wait_events_complete();
- enable_irq_wake(acpi_gbl_FADT.sci_interrupt);
+ if (acpi_sci_irq_valid())
+ enable_irq_wake(acpi_sci_irq);
return 0;
}
static void acpi_freeze_restore(void)
{
acpi_disable_wakeup_devices(ACPI_STATE_S0);
- disable_irq_wake(acpi_gbl_FADT.sci_interrupt);
+ if (acpi_sci_irq_valid())
+ disable_irq_wake(acpi_sci_irq);
acpi_enable_all_runtime_gpes();
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 059/211] i2c: at91: manage unexpected RXRDY flag when starting a transfer
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (57 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 058/211] ACPI / PM: Fix incorrect wakeup IRQ setting during suspend-to-idle Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 060/211] ALSA: hda/realtek - Dell XPS one ALC3260 speaker no sound after resume back Kamal Mostafa
` (151 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ludovic Desroches, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ludovic Desroches <ludovic.desroches@atmel.com>
commit a9bed6b10bd117a300cceb9062003f7a2761ef99 upstream.
In some cases, we could start a new i2c transfer with the RXRDY flag
set. It is not a clean state and it leads to print annoying error
messages even if there no real issue. The cause is only having garbage
data in the Receive Holding Register because of a weird behavior of the
RXRDY flag.
Reported-by: Peter Rosin <peda@lysator.liu.se>
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Tested-by: Peter Rosin <peda@lysator.liu.se>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Fixes: 93563a6a71bb ("i2c: at91: fix a race condition when using the DMA controller")
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-at91.c | 36 ++++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/drivers/i2c/busses/i2c-at91.c b/drivers/i2c/busses/i2c-at91.c
index 94c087b..10835d1 100644
--- a/drivers/i2c/busses/i2c-at91.c
+++ b/drivers/i2c/busses/i2c-at91.c
@@ -347,8 +347,14 @@ error:
static void at91_twi_read_next_byte(struct at91_twi_dev *dev)
{
- if (!dev->buf_len)
+ /*
+ * If we are in this case, it means there is garbage data in RHR, so
+ * delete them.
+ */
+ if (!dev->buf_len) {
+ at91_twi_read(dev, AT91_TWI_RHR);
return;
+ }
/* 8bit read works with and without FIFO */
*dev->buf = readb_relaxed(dev->base + AT91_TWI_RHR);
@@ -465,6 +471,24 @@ static irqreturn_t atmel_twi_interrupt(int irq, void *dev_id)
if (!irqstatus)
return IRQ_NONE;
+ /*
+ * In reception, the behavior of the twi device (before sama5d2) is
+ * weird. There is some magic about RXRDY flag! When a data has been
+ * almost received, the reception of a new one is anticipated if there
+ * is no stop command to send. That is the reason why ask for sending
+ * the stop command not on the last data but on the second last one.
+ *
+ * Unfortunately, we could still have the RXRDY flag set even if the
+ * transfer is done and we have read the last data. It might happen
+ * when the i2c slave device sends too quickly data after receiving the
+ * ack from the master. The data has been almost received before having
+ * the order to send stop. In this case, sending the stop command could
+ * cause a RXRDY interrupt with a TXCOMP one. It is better to manage
+ * the RXRDY interrupt first in order to not keep garbage data in the
+ * Receive Holding Register for the next transfer.
+ */
+ if (irqstatus & AT91_TWI_RXRDY)
+ at91_twi_read_next_byte(dev);
/*
* When a NACK condition is detected, the I2C controller sets the NACK,
@@ -507,8 +531,6 @@ static irqreturn_t atmel_twi_interrupt(int irq, void *dev_id)
if (irqstatus & (AT91_TWI_TXCOMP | AT91_TWI_NACK)) {
at91_disable_twi_interrupts(dev);
complete(&dev->cmd_complete);
- } else if (irqstatus & AT91_TWI_RXRDY) {
- at91_twi_read_next_byte(dev);
} else if (irqstatus & AT91_TWI_TXRDY) {
at91_twi_write_next_byte(dev);
}
@@ -525,7 +547,6 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
unsigned long time_left;
bool has_unre_flag = dev->pdata->has_unre_flag;
bool has_alt_cmd = dev->pdata->has_alt_cmd;
- unsigned sr;
/*
* WARNING: the TXCOMP bit in the Status Register is NOT a clear on
@@ -577,7 +598,7 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
dev->transfer_status = 0;
/* Clear pending interrupts, such as NACK. */
- sr = at91_twi_read(dev, AT91_TWI_SR);
+ at91_twi_read(dev, AT91_TWI_SR);
if (dev->fifo_size) {
unsigned fifo_mr = at91_twi_read(dev, AT91_TWI_FMR);
@@ -600,11 +621,6 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
} else if (dev->msg->flags & I2C_M_RD) {
unsigned start_flags = AT91_TWI_START;
- if (sr & AT91_TWI_RXRDY) {
- dev_err(dev->dev, "RXRDY still set!");
- at91_twi_read(dev, AT91_TWI_RHR);
- }
-
/* if only one byte is to be read, immediately stop transfer */
if (!has_alt_cmd && dev->buf_len <= 1 &&
!(dev->msg->flags & I2C_M_RECV_LEN))
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 060/211] ALSA: hda/realtek - Dell XPS one ALC3260 speaker no sound after resume back
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (58 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 059/211] i2c: at91: manage unexpected RXRDY flag when starting a transfer Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 061/211] ALSA: hda - Disable 64bit address for Creative HDA controllers Kamal Mostafa
` (150 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kailang Yang, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Kailang Yang <kailang@realtek.com>
commit 6ed1131fe196ad7ffc13acc1a1eadc08a1db0303 upstream.
This machine had I2S codec for speaker output.
It need to refill the I2S codec initial verb after resume back.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Reported-and-tested-by: George Gugulea <gugulea@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 6a66139..8d932d5 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4596,6 +4596,7 @@ enum {
ALC292_FIXUP_DELL_E7X,
ALC292_FIXUP_DISABLE_AAMIX,
ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
+ ALC275_FIXUP_DELL_XPS,
};
static const struct hda_fixup alc269_fixups[] = {
@@ -5165,6 +5166,17 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC269_FIXUP_HEADSET_MODE
},
+ [ALC275_FIXUP_DELL_XPS] = {
+ .type = HDA_FIXUP_VERBS,
+ .v.verbs = (const struct hda_verb[]) {
+ /* Enables internal speaker */
+ {0x20, AC_VERB_SET_COEF_INDEX, 0x1f},
+ {0x20, AC_VERB_SET_PROC_COEF, 0x00c0},
+ {0x20, AC_VERB_SET_COEF_INDEX, 0x30},
+ {0x20, AC_VERB_SET_PROC_COEF, 0x00b1},
+ {}
+ }
+ },
};
static const struct snd_pci_quirk alc269_fixup_tbl[] = {
@@ -5179,6 +5191,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1025, 0x0775, "Acer Aspire E1-572", ALC271_FIXUP_HP_GATE_MIC_JACK_E1_572),
SND_PCI_QUIRK(0x1025, 0x079b, "Acer Aspire V5-573G", ALC282_FIXUP_ASPIRE_V5_PINS),
SND_PCI_QUIRK(0x1028, 0x0470, "Dell M101z", ALC269_FIXUP_DELL_M101Z),
+ SND_PCI_QUIRK(0x1028, 0x054b, "Dell XPS one 2710", ALC275_FIXUP_DELL_XPS),
SND_PCI_QUIRK(0x1028, 0x05ca, "Dell Latitude E7240", ALC292_FIXUP_DELL_E7X),
SND_PCI_QUIRK(0x1028, 0x05cb, "Dell Latitude E7440", ALC292_FIXUP_DELL_E7X),
SND_PCI_QUIRK(0x1028, 0x05da, "Dell Vostro 5460", ALC290_FIXUP_SUBWOOFER),
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 061/211] ALSA: hda - Disable 64bit address for Creative HDA controllers
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (59 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 060/211] ALSA: hda/realtek - Dell XPS one ALC3260 speaker no sound after resume back Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 062/211] MAINTAINERS: Add public mailing list for ARC Kamal Mostafa
` (149 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit cadd16ea33a938d49aee99edd4758cc76048b399 upstream.
We've had many reports that some Creative sound cards with CA0132
don't work well. Some reported that it starts working after reloading
the module, while some reported it starts working when a 32bit kernel
is used. All these facts seem implying that the chip fails to
communicate when the buffer is located in 64bit address.
This patch addresses these issues by just adding AZX_DCAPS_NO_64BIT
flag to the corresponding PCI entries. I casually had a chance to
test an SB Recon3D board, and indeed this seems helping.
Although this hasn't been tested on all Creative devices, it's safer
to assume that this restriction applies to the rest of them, too. So
the flag is applied to all Creative entries.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/hda_intel.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index c38c68f..61b8b75a 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -334,6 +334,7 @@ enum {
#define AZX_DCAPS_PRESET_CTHDA \
(AZX_DCAPS_NO_MSI | AZX_DCAPS_POSFIX_LPIB |\
+ AZX_DCAPS_NO_64BIT |\
AZX_DCAPS_4K_BDLE_BOUNDARY | AZX_DCAPS_SNOOP_OFF)
/*
@@ -2284,11 +2285,13 @@ static const struct pci_device_id azx_ids[] = {
.class = PCI_CLASS_MULTIMEDIA_HD_AUDIO << 8,
.class_mask = 0xffffff,
.driver_data = AZX_DRIVER_CTX | AZX_DCAPS_CTX_WORKAROUND |
+ AZX_DCAPS_NO_64BIT |
AZX_DCAPS_RIRB_PRE_DELAY | AZX_DCAPS_POSFIX_LPIB },
#else
/* this entry seems still valid -- i.e. without emu20kx chip */
{ PCI_DEVICE(0x1102, 0x0009),
.driver_data = AZX_DRIVER_CTX | AZX_DCAPS_CTX_WORKAROUND |
+ AZX_DCAPS_NO_64BIT |
AZX_DCAPS_RIRB_PRE_DELAY | AZX_DCAPS_POSFIX_LPIB },
#endif
/* CM8888 */
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 062/211] MAINTAINERS: Add public mailing list for ARC
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (60 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 061/211] ALSA: hda - Disable 64bit address for Creative HDA controllers Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 063/211] drm/amdgpu: add some additional CZ revisions Kamal Mostafa
` (148 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Vineet Gupta, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 9acdc911b55569145034b01075adf658891afbd2 upstream.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
MAINTAINERS | 1 +
1 file changed, 1 insertion(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index b60e2b2..6c512d1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9882,6 +9882,7 @@ F: include/net/switchdev.h
SYNOPSYS ARC ARCHITECTURE
M: Vineet Gupta <vgupta@synopsys.com>
+L: linux-snps-arc@lists.infraded.org
S: Supported
F: arch/arc/
F: Documentation/devicetree/bindings/arc/
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 063/211] drm/amdgpu: add some additional CZ revisions
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (61 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 062/211] MAINTAINERS: Add public mailing list for ARC Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 064/211] spi/spi-xilinx: Fix race condition on last word read Kamal Mostafa
` (147 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit b8b339ea3b76392b1be7445f5ce57958fa6539f3 upstream.
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
index 6c0bfc3..ff34c95 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
@@ -2012,6 +2012,8 @@ static void gfx_v8_0_gpu_init(struct amdgpu_device *adev)
case 0x84:
case 0xc8:
case 0xcc:
+ case 0xe1:
+ case 0xe3:
/* B10 */
adev->gfx.config.max_cu_per_sh = 8;
break;
@@ -2020,18 +2022,23 @@ static void gfx_v8_0_gpu_init(struct amdgpu_device *adev)
case 0x85:
case 0xc9:
case 0xcd:
+ case 0xe2:
+ case 0xe4:
/* B8 */
adev->gfx.config.max_cu_per_sh = 6;
break;
case 0xc6:
case 0xca:
case 0xce:
+ case 0x88:
/* B6 */
adev->gfx.config.max_cu_per_sh = 6;
break;
case 0xc7:
case 0x87:
case 0xcb:
+ case 0xe5:
+ case 0x89:
default:
/* B4 */
adev->gfx.config.max_cu_per_sh = 4;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 064/211] spi/spi-xilinx: Fix race condition on last word read
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (62 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 063/211] drm/amdgpu: add some additional CZ revisions Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 065/211] megaraid_sas: Expose TAPE drives unconditionally Kamal Mostafa
` (146 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ricardo Ribalda Delgado, Mark Brown, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
commit eca37c7c117460e2fbe4e32c991bff32a961f688 upstream.
Some users have reported that in polled mode the driver fails randomly
to read the last word of the transfer.
The end condition used for the transmissions (in polled and irq mode)
has been the TX_EMPTY flag. But Lars-Peter Clausen has identified a delay
from the TX_EMPTY to the actual end of the data rx.
I believe that this race condition has not been detected until now
because of the latency added by the IRQ handler or the PCIe bridge.
This bugs affects setups with low latency access to the spi core.
This patch replaces the readout logic:
For all the words, except the last one, the TX_EMPTY flag is used (and
cached).
If !TX_EMPY or is the last word. The status register is read and the
RX_EMPTY flag is used.
The performance is not affected: there is an extra read of the
Status Register, but the readout can start as soon as there is a word
in the buffer.
Reported-by: Edward Kigwana <ekigwana@scires.com>
Initial-fix-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/spi/spi-xilinx.c | 38 ++++++++++++++++++++++++--------------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/drivers/spi/spi-xilinx.c b/drivers/spi/spi-xilinx.c
index a339c1e..3009121 100644
--- a/drivers/spi/spi-xilinx.c
+++ b/drivers/spi/spi-xilinx.c
@@ -270,6 +270,7 @@ static int xilinx_spi_txrx_bufs(struct spi_device *spi, struct spi_transfer *t)
while (remaining_words) {
int n_words, tx_words, rx_words;
+ u32 sr;
n_words = min(remaining_words, xspi->buffer_size);
@@ -284,24 +285,33 @@ static int xilinx_spi_txrx_bufs(struct spi_device *spi, struct spi_transfer *t)
if (use_irq) {
xspi->write_fn(cr, xspi->regs + XSPI_CR_OFFSET);
wait_for_completion(&xspi->done);
- } else
- while (!(xspi->read_fn(xspi->regs + XSPI_SR_OFFSET) &
- XSPI_SR_TX_EMPTY_MASK))
- ;
-
- /* A transmit has just completed. Process received data and
- * check for more data to transmit. Always inhibit the
- * transmitter while the Isr refills the transmit register/FIFO,
- * or make sure it is stopped if we're done.
- */
- if (use_irq)
+ /* A transmit has just completed. Process received data
+ * and check for more data to transmit. Always inhibit
+ * the transmitter while the Isr refills the transmit
+ * register/FIFO, or make sure it is stopped if we're
+ * done.
+ */
xspi->write_fn(cr | XSPI_CR_TRANS_INHIBIT,
- xspi->regs + XSPI_CR_OFFSET);
+ xspi->regs + XSPI_CR_OFFSET);
+ sr = XSPI_SR_TX_EMPTY_MASK;
+ } else
+ sr = xspi->read_fn(xspi->regs + XSPI_SR_OFFSET);
/* Read out all the data from the Rx FIFO */
rx_words = n_words;
- while (rx_words--)
- xilinx_spi_rx(xspi);
+ while (rx_words) {
+ if ((sr & XSPI_SR_TX_EMPTY_MASK) && (rx_words > 1)) {
+ xilinx_spi_rx(xspi);
+ rx_words--;
+ continue;
+ }
+
+ sr = xspi->read_fn(xspi->regs + XSPI_SR_OFFSET);
+ if (!(sr & XSPI_SR_RX_EMPTY_MASK)) {
+ xilinx_spi_rx(xspi);
+ rx_words--;
+ }
+ }
remaining_words -= n_words;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 065/211] megaraid_sas: Expose TAPE drives unconditionally
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (63 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 064/211] spi/spi-xilinx: Fix race condition on last word read Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 066/211] megaraid_sas: Do not use PAGE_SIZE for max_sectors Kamal Mostafa
` (145 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sumit Saxena, Kashyap Desai, Martin K. Petersen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "sumit.saxena@avagotech.com" <sumit.saxena@avagotech.com>
commit 0d5b47a724bab0ebaaa933d6ff5e584957aaa188 upstream.
Expose non-disk (TAPE drive, CD-ROM) unconditionally.
Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/megaraid/megaraid_sas_base.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 71b884d..55d17e7 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -1671,8 +1671,9 @@ static int megasas_slave_alloc(struct scsi_device *sdev)
pd_index =
(sdev->channel * MEGASAS_MAX_DEV_PER_CHANNEL) +
sdev->id;
- if (instance->pd_list[pd_index].driveState ==
- MR_PD_STATE_SYSTEM) {
+ if ((instance->pd_list[pd_index].driveState ==
+ MR_PD_STATE_SYSTEM) ||
+ (instance->pd_list[pd_index].driveType != TYPE_DISK)) {
return 0;
}
return -ENXIO;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 066/211] megaraid_sas: Do not use PAGE_SIZE for max_sectors
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (64 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 065/211] megaraid_sas: Expose TAPE drives unconditionally Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 067/211] dm: initialize non-blk-mq queue data before queue is used Kamal Mostafa
` (144 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sumit Saxena, Kashyap Desai, Martin K. Petersen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "sumit.saxena@avagotech.com" <sumit.saxena@avagotech.com>
commit 357ae967ad66e357f78b5cfb5ab6ca07fb4a7758 upstream.
Do not use PAGE_SIZE marco to calculate max_sectors per I/O
request. Driver code assumes PAGE_SIZE will be always 4096 which can
lead to wrongly calculated value if PAGE_SIZE is not 4096. This issue
was reported in Ubuntu Bugzilla Bug #1475166.
Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/megaraid/megaraid_sas.h | 2 ++
drivers/scsi/megaraid/megaraid_sas_base.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
index 20c3754..ebf821b 100644
--- a/drivers/scsi/megaraid/megaraid_sas.h
+++ b/drivers/scsi/megaraid/megaraid_sas.h
@@ -364,6 +364,8 @@ enum MR_EVT_ARGS {
MR_EVT_ARGS_GENERIC,
};
+
+#define SGE_BUFFER_SIZE 4096
/*
* define constants for device list query options
*/
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 55d17e7..00eb416 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -4755,7 +4755,7 @@ static int megasas_init_fw(struct megasas_instance *instance)
instance->max_sectors_per_req = instance->max_num_sge *
- PAGE_SIZE / 512;
+ SGE_BUFFER_SIZE / 512;
if (tmp_sectors && (instance->max_sectors_per_req > tmp_sectors))
instance->max_sectors_per_req = tmp_sectors;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 067/211] dm: initialize non-blk-mq queue data before queue is used
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (65 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 066/211] megaraid_sas: Do not use PAGE_SIZE for max_sectors Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 068/211] mtd: blkdevs: fix potential deadlock + lockdep warnings Kamal Mostafa
` (143 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mikulas Patocka, Mike Snitzer, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit ad5f498f610fa3fd8bd265139098bc1405cd2783 upstream.
Commit bfebd1cdb497a57757c83f5fbf1a29931591e2a4 ("dm: add full blk-mq
support to request-based DM") moves the initialization of the fields
backing_dev_info.congested_fn, backing_dev_info.congested_data and
queuedata from the function dm_init_md_queue (that is called when the
device is created) to dm_init_old_md_queue (that is called after the
device type is determined).
There is no locking when accessing these variables, thus it is possible
for other parts of the kernel to briefly see this data in a transient
state (e.g. queue->backing_dev_info.congested_fn initialized and
md->queue->backing_dev_info.congested_data uninitialized, resulting in
passing an incorrect parameter to the function dm_any_congested).
This queue data is left initialized for blk-mq devices even though they
that don't use it.
Fixes: bfebd1cdb497 ("dm: add full blk-mq support to request-based DM")
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/dm.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 3e32f4e..e0bf361 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -2251,6 +2251,13 @@ static void dm_init_md_queue(struct mapped_device *md)
* This queue is new, so no concurrency on the queue_flags.
*/
queue_flag_clear_unlocked(QUEUE_FLAG_STACKABLE, md->queue);
+
+ /*
+ * Initialize data that will only be used by a non-blk-mq DM queue
+ * - must do so here (in alloc_dev callchain) before queue is used
+ */
+ md->queue->queuedata = md;
+ md->queue->backing_dev_info.congested_data = md;
}
static void dm_init_old_md_queue(struct mapped_device *md)
@@ -2261,10 +2268,7 @@ static void dm_init_old_md_queue(struct mapped_device *md)
/*
* Initialize aspects of queue that aren't relevant for blk-mq
*/
- md->queue->queuedata = md;
md->queue->backing_dev_info.congested_fn = dm_any_congested;
- md->queue->backing_dev_info.congested_data = md;
-
blk_queue_bounce_limit(md->queue, BLK_BOUNCE_ANY);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 068/211] mtd: blkdevs: fix potential deadlock + lockdep warnings
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (66 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 067/211] dm: initialize non-blk-mq queue data before queue is used Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 069/211] Revert "dm mpath: fix stalls when handling invalid ioctls" Kamal Mostafa
` (142 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Brian Norris, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Brian Norris <computersforpeace@gmail.com>
commit f3c63795e90f0c6238306883b6c72f14d5355721 upstream.
Commit 073db4a51ee4 ("mtd: fix: avoid race condition when accessing
mtd->usecount") fixed a race condition but due to poor ordering of the
mutex acquisition, introduced a potential deadlock.
The deadlock can occur, for example, when rmmod'ing the m25p80 module, which
will delete one or more MTDs, along with any corresponding mtdblock
devices. This could potentially race with an acquisition of the block
device as follows.
-> blktrans_open()
-> mutex_lock(&dev->lock);
-> mutex_lock(&mtd_table_mutex);
-> del_mtd_device()
-> mutex_lock(&mtd_table_mutex);
-> blktrans_notify_remove() -> del_mtd_blktrans_dev()
-> mutex_lock(&dev->lock);
This is a classic (potential) ABBA deadlock, which can be fixed by
making the A->B ordering consistent everywhere. There was no real
purpose to the ordering in the original patch, AFAIR, so this shouldn't
be a problem. This ordering was actually already present in
del_mtd_blktrans_dev(), for one, where the function tried to ensure that
its caller already held mtd_table_mutex before it acquired &dev->lock:
if (mutex_trylock(&mtd_table_mutex)) {
mutex_unlock(&mtd_table_mutex);
BUG();
}
So, reverse the ordering of acquisition of &dev->lock and &mtd_table_mutex so
we always acquire mtd_table_mutex first.
Snippets of the lockdep output follow:
# modprobe -r m25p80
[ 53.419251]
[ 53.420838] ======================================================
[ 53.427300] [ INFO: possible circular locking dependency detected ]
[ 53.433865] 4.3.0-rc6 #96 Not tainted
[ 53.437686] -------------------------------------------------------
[ 53.444220] modprobe/372 is trying to acquire lock:
[ 53.449320] (&new->lock){+.+...}, at: [<c043fe4c>] del_mtd_blktrans_dev+0x80/0xdc
[ 53.457271]
[ 53.457271] but task is already holding lock:
[ 53.463372] (mtd_table_mutex){+.+.+.}, at: [<c0439994>] del_mtd_device+0x18/0x100
[ 53.471321]
[ 53.471321] which lock already depends on the new lock.
[ 53.471321]
[ 53.479856]
[ 53.479856] the existing dependency chain (in reverse order) is:
[ 53.487660]
-> #1 (mtd_table_mutex){+.+.+.}:
[ 53.492331] [<c043fc5c>] blktrans_open+0x34/0x1a4
[ 53.497879] [<c01afce0>] __blkdev_get+0xc4/0x3b0
[ 53.503364] [<c01b0bb8>] blkdev_get+0x108/0x320
[ 53.508743] [<c01713c0>] do_dentry_open+0x218/0x314
[ 53.514496] [<c0180454>] path_openat+0x4c0/0xf9c
[ 53.519959] [<c0182044>] do_filp_open+0x5c/0xc0
[ 53.525336] [<c0172758>] do_sys_open+0xfc/0x1cc
[ 53.530716] [<c000f740>] ret_fast_syscall+0x0/0x1c
[ 53.536375]
-> #0 (&new->lock){+.+...}:
[ 53.540587] [<c063f124>] mutex_lock_nested+0x38/0x3cc
[ 53.546504] [<c043fe4c>] del_mtd_blktrans_dev+0x80/0xdc
[ 53.552606] [<c043f164>] blktrans_notify_remove+0x7c/0x84
[ 53.558891] [<c04399f0>] del_mtd_device+0x74/0x100
[ 53.564544] [<c043c670>] del_mtd_partitions+0x80/0xc8
[ 53.570451] [<c0439aa0>] mtd_device_unregister+0x24/0x48
[ 53.576637] [<c046ce6c>] spi_drv_remove+0x1c/0x34
[ 53.582207] [<c03de0f0>] __device_release_driver+0x88/0x114
[ 53.588663] [<c03de19c>] device_release_driver+0x20/0x2c
[ 53.594843] [<c03dd9e8>] bus_remove_device+0xd8/0x108
[ 53.600748] [<c03dacc0>] device_del+0x10c/0x210
[ 53.606127] [<c03dadd0>] device_unregister+0xc/0x20
[ 53.611849] [<c046d878>] __unregister+0x10/0x20
[ 53.617211] [<c03da868>] device_for_each_child+0x50/0x7c
[ 53.623387] [<c046eae8>] spi_unregister_master+0x58/0x8c
[ 53.629578] [<c03e12f0>] release_nodes+0x15c/0x1c8
[ 53.635223] [<c03de0f8>] __device_release_driver+0x90/0x114
[ 53.641689] [<c03de900>] driver_detach+0xb4/0xb8
[ 53.647147] [<c03ddc78>] bus_remove_driver+0x4c/0xa0
[ 53.652970] [<c00cab50>] SyS_delete_module+0x11c/0x1e4
[ 53.658976] [<c000f740>] ret_fast_syscall+0x0/0x1c
[ 53.664621]
[ 53.664621] other info that might help us debug this:
[ 53.664621]
[ 53.672979] Possible unsafe locking scenario:
[ 53.672979]
[ 53.679169] CPU0 CPU1
[ 53.683900] ---- ----
[ 53.688633] lock(mtd_table_mutex);
[ 53.692383] lock(&new->lock);
[ 53.698306] lock(mtd_table_mutex);
[ 53.704658] lock(&new->lock);
[ 53.707946]
[ 53.707946] *** DEADLOCK ***
Fixes: 073db4a51ee4 ("mtd: fix: avoid race condition when accessing mtd->usecount")
Reported-by: Felipe Balbi <balbi@ti.com>
Tested-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/mtd_blkdevs.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
index 41acc50..6b5b83d 100644
--- a/drivers/mtd/mtd_blkdevs.c
+++ b/drivers/mtd/mtd_blkdevs.c
@@ -196,8 +196,8 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
if (!dev)
return -ERESTARTSYS; /* FIXME: busy loop! -arnd*/
- mutex_lock(&dev->lock);
mutex_lock(&mtd_table_mutex);
+ mutex_lock(&dev->lock);
if (dev->open)
goto unlock;
@@ -221,8 +221,8 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
unlock:
dev->open++;
- mutex_unlock(&mtd_table_mutex);
mutex_unlock(&dev->lock);
+ mutex_unlock(&mtd_table_mutex);
blktrans_dev_put(dev);
return ret;
@@ -232,8 +232,8 @@ error_release:
error_put:
module_put(dev->tr->owner);
kref_put(&dev->ref, blktrans_dev_release);
- mutex_unlock(&mtd_table_mutex);
mutex_unlock(&dev->lock);
+ mutex_unlock(&mtd_table_mutex);
blktrans_dev_put(dev);
return ret;
}
@@ -245,8 +245,8 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
if (!dev)
return;
- mutex_lock(&dev->lock);
mutex_lock(&mtd_table_mutex);
+ mutex_lock(&dev->lock);
if (--dev->open)
goto unlock;
@@ -260,8 +260,8 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
__put_mtd_device(dev->mtd);
}
unlock:
- mutex_unlock(&mtd_table_mutex);
mutex_unlock(&dev->lock);
+ mutex_unlock(&mtd_table_mutex);
blktrans_dev_put(dev);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 069/211] Revert "dm mpath: fix stalls when handling invalid ioctls"
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (67 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 068/211] mtd: blkdevs: fix potential deadlock + lockdep warnings Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 070/211] drm/i915: add quirk to enable backlight on Dell Chromebook 11 (2015) Kamal Mostafa
` (141 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mauricio Faria de Oliveira, Mike Snitzer, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
commit 47796938c46b943d157ac8a6f9ed4e3b98b83cf4 upstream.
This reverts commit a1989b330093578ea5470bea0a00f940c444c466.
That commit introduced a regression at least for the case of the SG_IO ioctl()
running without CAP_SYS_RAWIO capability (e.g., unprivileged users) when there
are no active paths: the ioctl() fails with the ENOTTY errno immediately rather
than blocking due to queue_if_no_path until a path becomes active, for example.
That case happens to be exercised by QEMU KVM guests with 'scsi-block' devices
(qemu "-device scsi-block" [1], libvirt "<disk type='block' device='lun'>" [2])
from multipath devices; which leads to SCSI/filesystem errors in such a guest.
More general scenarios can hit that regression too. The following demonstration
employs a SG_IO ioctl() with a standard SCSI INQUIRY command for this objective
(some output & user changes omitted for brevity and comments added for clarity).
Reverting that commit restores normal operation (queueing) in failing scenarios;
tested on linux-next (next-20151022).
1) Test-case is based on sg_simple0 [3] (just SG_IO; remove SG_GET_VERSION_NUM)
$ cat sg_simple0.c
... see [3] ...
$ sed '/SG_GET_VERSION_NUM/,/}/d' sg_simple0.c > sgio_inquiry.c
$ gcc sgio_inquiry.c -o sgio_inquiry
2) The ioctl() works fine with active paths present.
# multipath -l 85ag56
85ag56 (...) dm-19 IBM ,2145
size=60G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=active
| |- 8:0:11:0 sdz 65:144 active undef running
| `- 9:0:9:0 sdbf 67:144 active undef running
`-+- policy='service-time 0' prio=0 status=enabled
|- 8:0:12:0 sdae 65:224 active undef running
`- 9:0:12:0 sdbo 68:32 active undef running
$ ./sgio_inquiry /dev/mapper/85ag56
Some of the INQUIRY command's response:
IBM 2145 0000
INQUIRY duration=0 millisecs, resid=0
3) The ioctl() fails with ENOTTY errno with _no_ active paths present,
for unprivileged users (rather than blocking due to queue_if_no_path).
# for path in $(multipath -l 85ag56 | grep -o 'sd[a-z]\+'); \
do multipathd -k"fail path $path"; done
# multipath -l 85ag56
85ag56 (...) dm-19 IBM ,2145
size=60G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=enabled
| |- 8:0:11:0 sdz 65:144 failed undef running
| `- 9:0:9:0 sdbf 67:144 failed undef running
`-+- policy='service-time 0' prio=0 status=enabled
|- 8:0:12:0 sdae 65:224 failed undef running
`- 9:0:12:0 sdbo 68:32 failed undef running
$ ./sgio_inquiry /dev/mapper/85ag56
sg_simple0: Inquiry SG_IO ioctl error: Inappropriate ioctl for device
4) dmesg shows that scsi_verify_blk_ioctl() failed for SG_IO (0x2285);
it returns -ENOIOCTLCMD, later replaced with -ENOTTY in vfs_ioctl().
$ dmesg
<...>
[] device-mapper: multipath: Failing path 65:144.
[] device-mapper: multipath: Failing path 67:144.
[] device-mapper: multipath: Failing path 65:224.
[] device-mapper: multipath: Failing path 68:32.
[] sgio_inquiry: sending ioctl 2285 to a partition!
5) The ioctl() only works if the SYS_CAP_RAWIO capability is present
(then queueing happens -- in this example, queue_if_no_path is set);
this is due to a conditional check in scsi_verify_blk_ioctl().
# capsh --drop=cap_sys_rawio -- -c './sgio_inquiry /dev/mapper/85ag56'
sg_simple0: Inquiry SG_IO ioctl error: Inappropriate ioctl for device
# ./sgio_inquiry /dev/mapper/85ag56 &
[1] 72830
# cat /proc/72830/stack
[<c00000171c0df700>] 0xc00000171c0df700
[<c000000000015934>] __switch_to+0x204/0x350
[<c000000000152d4c>] msleep+0x5c/0x80
[<c00000000077dfb0>] dm_blk_ioctl+0x70/0x170
[<c000000000487c40>] blkdev_ioctl+0x2b0/0x9b0
[<c0000000003128e4>] block_ioctl+0x64/0xd0
[<c0000000002dd3b0>] do_vfs_ioctl+0x490/0x780
[<c0000000002dd774>] SyS_ioctl+0xd4/0xf0
[<c000000000009358>] system_call+0x38/0xd0
6) This is the function call chain exercised in this analysis:
SYSCALL_DEFINE3(ioctl, <...>) @ fs/ioctl.c
-> do_vfs_ioctl()
-> vfs_ioctl()
...
error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
...
-> dm_blk_ioctl() @ drivers/md/dm.c
-> multipath_ioctl() @ drivers/md/dm-mpath.c
...
(bdev = NULL, due to no active paths)
...
if (!bdev || <...>) {
int err = scsi_verify_blk_ioctl(NULL, cmd);
if (err)
r = err;
}
...
-> scsi_verify_blk_ioctl() @ block/scsi_ioctl.c
...
if (bd && bd == bd->bd_contains) // not taken (bd = NULL)
return 0;
...
if (capable(CAP_SYS_RAWIO)) // not taken (unprivileged user)
return 0;
...
printk_ratelimited(KERN_WARNING
"%s: sending ioctl %x to a partition!\n" <...>);
return -ENOIOCTLCMD;
<-
...
return r ? : <...>
<-
...
if (error == -ENOIOCTLCMD)
error = -ENOTTY;
out:
return error;
...
Links:
[1] http://git.qemu.org/?p=qemu.git;a=commit;h=336a6915bc7089fb20fea4ba99972ad9a97c5f52
[2] https://libvirt.org/formatdomain.html#elementsDisks (see 'disk' -> 'device')
[3] http://tldp.org/HOWTO/SCSI-Generic-HOWTO/pexample.html (Revision 1.2, 2002-05-03)
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/dm-mpath.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
index eff7bdd..171cc54 100644
--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -1584,11 +1584,8 @@ static int multipath_ioctl(struct dm_target *ti, unsigned int cmd,
/*
* Only pass ioctls through if the device sizes match exactly.
*/
- if (!bdev || ti->len != i_size_read(bdev->bd_inode) >> SECTOR_SHIFT) {
- int err = scsi_verify_blk_ioctl(NULL, cmd);
- if (err)
- r = err;
- }
+ if (!r && ti->len != i_size_read(bdev->bd_inode) >> SECTOR_SHIFT)
+ r = scsi_verify_blk_ioctl(NULL, cmd);
if (r == -ENOTCONN && !fatal_signal_pending(current)) {
spin_lock_irqsave(&m->lock, flags);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 070/211] drm/i915: add quirk to enable backlight on Dell Chromebook 11 (2015)
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (68 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 069/211] Revert "dm mpath: fix stalls when handling invalid ioctls" Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 071/211] crypto: algif_hash - Only export and import on sockets with data Kamal Mostafa
` (140 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Jani Nikula, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
commit 9be64eee3a87dc03218ca9a12834d1150a57b8a8 upstream.
Reported-by: Keith Webb <khwebb@gmail.com>
Suggested-by: Keith Webb <khwebb@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=106671
Reviewed-by: Clint Taylor <Clinton.A.Taylor@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1446209424-28801-1-git-send-email-jani.nikula@intel.com
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/intel_display.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 10b1b65..8a6da7f 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -14592,6 +14592,9 @@ static struct intel_quirk intel_quirks[] = {
/* Dell Chromebook 11 */
{ 0x0a06, 0x1028, 0x0a35, quirk_backlight_present },
+
+ /* Dell Chromebook 11 (2015 version) */
+ { 0x0a16, 0x1028, 0x0a35, quirk_backlight_present },
};
static void intel_init_quirks(struct drm_device *dev)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 071/211] crypto: algif_hash - Only export and import on sockets with data
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (69 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 070/211] drm/i915: add quirk to enable backlight on Dell Chromebook 11 (2015) Kamal Mostafa
@ 2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 072/211] xtensa: fixes for configs without loop option Kamal Mostafa
` (139 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:42 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Herbert Xu, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 4afa5f9617927453ac04b24b584f6c718dfb4f45 upstream.
The hash_accept call fails to work on sockets that have not received
any data. For some algorithm implementations it may cause crashes.
This patch fixes this by ensuring that we only export and import on
sockets that have received data.
Reported-by: Harsh Jain <harshjain.prof@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
crypto/algif_hash.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 1396ad0..b4c24fe 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -181,9 +181,14 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags)
struct sock *sk2;
struct alg_sock *ask2;
struct hash_ctx *ctx2;
+ bool more;
int err;
- err = crypto_ahash_export(req, state);
+ lock_sock(sk);
+ more = ctx->more;
+ err = more ? crypto_ahash_export(req, state) : 0;
+ release_sock(sk);
+
if (err)
return err;
@@ -194,7 +199,10 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags)
sk2 = newsock->sk;
ask2 = alg_sk(sk2);
ctx2 = ask2->private;
- ctx2->more = 1;
+ ctx2->more = more;
+
+ if (!more)
+ return err;
err = crypto_ahash_import(&ctx2->req, state);
if (err) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 072/211] xtensa: fixes for configs without loop option
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (70 preceding siblings ...)
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 071/211] crypto: algif_hash - Only export and import on sockets with data Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 073/211] drm/amdgpu: Make amdgpu_mn functions inline Kamal Mostafa
` (138 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Max Filippov, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Filippov <jcmvbkbc@gmail.com>
commit 5029615e25dc5040beb065f36743c127a8e51497 upstream.
Build-time fixes:
- make lbeg/lend/lcount save/restore conditional on kernel entry;
- don't clear lcount in platform_restart functions unconditionally.
Run-time fixes:
- use correct end of range register in __endla paired with __loopt, not
the unused temporary register. This fixes .bss zero-initialization.
Update comments in asmmacro.h;
- don't clobber a10 in the usercopy that leads to access to unmapped
memory.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/xtensa/include/asm/asmmacro.h | 7 ++++---
arch/xtensa/kernel/entry.S | 8 ++++++--
arch/xtensa/kernel/head.S | 2 +-
arch/xtensa/lib/usercopy.S | 6 +++---
arch/xtensa/platforms/iss/setup.c | 2 ++
arch/xtensa/platforms/xt2000/setup.c | 2 ++
arch/xtensa/platforms/xtfpga/setup.c | 2 ++
7 files changed, 20 insertions(+), 9 deletions(-)
diff --git a/arch/xtensa/include/asm/asmmacro.h b/arch/xtensa/include/asm/asmmacro.h
index 755320f..746dcc8 100644
--- a/arch/xtensa/include/asm/asmmacro.h
+++ b/arch/xtensa/include/asm/asmmacro.h
@@ -35,9 +35,10 @@
* __loop as
* restart loop. 'as' register must not have been modified!
*
- * __endla ar, at, incr
+ * __endla ar, as, incr
* ar start address (modified)
- * as scratch register used by macro
+ * as scratch register used by __loops/__loopi macros or
+ * end address used by __loopt macro
* inc increment
*/
@@ -97,7 +98,7 @@
.endm
/*
- * loop from ar to ax
+ * loop from ar to as
*/
.macro __loopt ar, as, at, incr_log2
diff --git a/arch/xtensa/kernel/entry.S b/arch/xtensa/kernel/entry.S
index a2a9021..2188b12 100644
--- a/arch/xtensa/kernel/entry.S
+++ b/arch/xtensa/kernel/entry.S
@@ -335,8 +335,10 @@ common_exception:
s32i a2, a1, PT_SYSCALL
movi a2, 0
s32i a3, a1, PT_EXCVADDR
+#if XCHAL_HAVE_LOOPS
xsr a2, lcount
s32i a2, a1, PT_LCOUNT
+#endif
/* It is now save to restore the EXC_TABLE_FIXUP variable. */
@@ -368,11 +370,12 @@ common_exception:
s32i a3, a1, PT_PS # save ps
/* Save lbeg, lend */
-
+#if XCHAL_HAVE_LOOPS
rsr a2, lbeg
rsr a3, lend
s32i a2, a1, PT_LBEG
s32i a3, a1, PT_LEND
+#endif
/* Save SCOMPARE1 */
@@ -664,13 +667,14 @@ common_exception_exit:
wsr a3, sar
/* Restore LBEG, LEND, LCOUNT */
-
+#if XCHAL_HAVE_LOOPS
l32i a2, a1, PT_LBEG
l32i a3, a1, PT_LEND
wsr a2, lbeg
l32i a2, a1, PT_LCOUNT
wsr a3, lend
wsr a2, lcount
+#endif
/* We control single stepping through the ICOUNTLEVEL register. */
diff --git a/arch/xtensa/kernel/head.S b/arch/xtensa/kernel/head.S
index 15a461e..9ed5564 100644
--- a/arch/xtensa/kernel/head.S
+++ b/arch/xtensa/kernel/head.S
@@ -249,7 +249,7 @@ ENTRY(_startup)
__loopt a2, a3, a4, 2
s32i a0, a2, 0
- __endla a2, a4, 4
+ __endla a2, a3, 4
#if XCHAL_DCACHE_IS_WRITEBACK
diff --git a/arch/xtensa/lib/usercopy.S b/arch/xtensa/lib/usercopy.S
index ace1892..7ea4dd6 100644
--- a/arch/xtensa/lib/usercopy.S
+++ b/arch/xtensa/lib/usercopy.S
@@ -222,8 +222,8 @@ __xtensa_copy_user:
loopnez a7, .Loop2done
#else /* !XCHAL_HAVE_LOOPS */
beqz a7, .Loop2done
- slli a10, a7, 4
- add a10, a10, a3 # a10 = end of last 16B source chunk
+ slli a12, a7, 4
+ add a12, a12, a3 # a12 = end of last 16B source chunk
#endif /* !XCHAL_HAVE_LOOPS */
.Loop2:
EX(l32i, a7, a3, 4, l_fixup)
@@ -241,7 +241,7 @@ __xtensa_copy_user:
EX(s32i, a9, a5, 12, s_fixup)
addi a5, a5, 16
#if !XCHAL_HAVE_LOOPS
- blt a3, a10, .Loop2
+ blt a3, a12, .Loop2
#endif /* !XCHAL_HAVE_LOOPS */
.Loop2done:
bbci.l a4, 3, .L12
diff --git a/arch/xtensa/platforms/iss/setup.c b/arch/xtensa/platforms/iss/setup.c
index da7d182..3918205 100644
--- a/arch/xtensa/platforms/iss/setup.c
+++ b/arch/xtensa/platforms/iss/setup.c
@@ -61,7 +61,9 @@ void platform_restart(void)
#if XCHAL_NUM_IBREAK > 0
"wsr a2, ibreakenable\n\t"
#endif
+#if XCHAL_HAVE_LOOPS
"wsr a2, lcount\n\t"
+#endif
"movi a2, 0x1f\n\t"
"wsr a2, ps\n\t"
"isync\n\t"
diff --git a/arch/xtensa/platforms/xt2000/setup.c b/arch/xtensa/platforms/xt2000/setup.c
index b90555c..8767896 100644
--- a/arch/xtensa/platforms/xt2000/setup.c
+++ b/arch/xtensa/platforms/xt2000/setup.c
@@ -72,7 +72,9 @@ void platform_restart(void)
#if XCHAL_NUM_IBREAK > 0
"wsr a2, ibreakenable\n\t"
#endif
+#if XCHAL_HAVE_LOOPS
"wsr a2, lcount\n\t"
+#endif
"movi a2, 0x1f\n\t"
"wsr a2, ps\n\t"
"isync\n\t"
diff --git a/arch/xtensa/platforms/xtfpga/setup.c b/arch/xtensa/platforms/xtfpga/setup.c
index b4cf70e..e9f65f7 100644
--- a/arch/xtensa/platforms/xtfpga/setup.c
+++ b/arch/xtensa/platforms/xtfpga/setup.c
@@ -63,7 +63,9 @@ void platform_restart(void)
#if XCHAL_NUM_IBREAK > 0
"wsr a2, ibreakenable\n\t"
#endif
+#if XCHAL_HAVE_LOOPS
"wsr a2, lcount\n\t"
+#endif
"movi a2, 0x1f\n\t"
"wsr a2, ps\n\t"
"isync\n\t"
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 073/211] drm/amdgpu: Make amdgpu_mn functions inline
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (71 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 072/211] xtensa: fixes for configs without loop option Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 074/211] ALSA: hda - Fix lost 4k BDL boundary workaround Kamal Mostafa
` (137 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Harry Wentland, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Harry Wentland <harry.wentland@amd.com>
commit 1d1106b0f6b5cb4bc1b88d7bd4c41d0413331c5d upstream.
Unused amdgpu_mn functions threw warnings for every file that includes
amdgpu.h. It makes sense to inline this amdgpu_mn stubs to avoid the warning.
Signed-off-by: Harry Wentland <harry.wentland@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
index e3305a5..e1624fde 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
@@ -1680,11 +1680,11 @@ void amdgpu_test_syncing(struct amdgpu_device *adev);
int amdgpu_mn_register(struct amdgpu_bo *bo, unsigned long addr);
void amdgpu_mn_unregister(struct amdgpu_bo *bo);
#else
-static int amdgpu_mn_register(struct amdgpu_bo *bo, unsigned long addr)
+static inline int amdgpu_mn_register(struct amdgpu_bo *bo, unsigned long addr)
{
return -ENODEV;
}
-static void amdgpu_mn_unregister(struct amdgpu_bo *bo) {}
+static inline void amdgpu_mn_unregister(struct amdgpu_bo *bo) {}
#endif
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 074/211] ALSA: hda - Fix lost 4k BDL boundary workaround
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (72 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 073/211] drm/amdgpu: Make amdgpu_mn functions inline Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 075/211] tracing: Update instance_rmdir() to use tracefs_remove_recursive Kamal Mostafa
` (136 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit de1ab6af5c3d92c0a031083962a7ff270cf301b7 upstream.
During the migration to HDA core code, we lost the workaround for 4k
BDL boundary. The flag exists in the new hdac_bus, but it's never
set. This resulted in the sudden sound stall on some controllers that
require this workaround like Creative Recon3D.
This patch fixes the issue by setting the flag for such controllers
properly.
Fixes: ccc98865aa44 ('ALSA: hda - Migrate more hdac_stream codes')
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/hda_controller.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/pci/hda/hda_controller.c b/sound/pci/hda/hda_controller.c
index 9444559..4013af3 100644
--- a/sound/pci/hda/hda_controller.c
+++ b/sound/pci/hda/hda_controller.c
@@ -1059,6 +1059,9 @@ int azx_bus_init(struct azx *chip, const char *model,
bus->needs_damn_long_delay = 1;
}
+ if (chip->driver_caps & AZX_DCAPS_4K_BDLE_BOUNDARY)
+ bus->core.align_bdle_4k = true;
+
/* AMD chipsets often cause the communication stalls upon certain
* sequence like the pin-detection. It seems that forcing the synced
* access works around the stall. Grrr...
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 075/211] tracing: Update instance_rmdir() to use tracefs_remove_recursive
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (73 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 074/211] ALSA: hda - Fix lost 4k BDL boundary workaround Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 076/211] PCI: spear: Fix dw_pcie_cfg_read/write() usage Kamal Mostafa
` (135 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jiaxing Wang, Steven Rostedt, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiaxing Wang <hello.wjx@gmail.com>
commit 681a4a2f4529517422835b7395df07404dfe2278 upstream.
Update instancd_rmdir to use tracefs_remove_recursive instead of
debugfs_remove_recursive.This was left in the transition from debugfs
to tracefs.
Link: http://lkml.kernel.org/r/1445169490-18315-2-git-send-email-hello.wjx@gmail.com
Fixes: 8434dc9340cd2 ("tracing: Convert the tracing facility over to use tracefs")
Signed-off-by: Jiaxing Wang <hello.wjx@gmail.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/trace/trace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index abcbf7f..126f8f6 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6602,7 +6602,7 @@ static int instance_rmdir(const char *name)
tracing_set_nop(tr);
event_trace_del_tracer(tr);
ftrace_destroy_function_files(tr);
- debugfs_remove_recursive(tr->dir);
+ tracefs_remove_recursive(tr->dir);
free_trace_buffers(tr);
kfree(tr->name);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 076/211] PCI: spear: Fix dw_pcie_cfg_read/write() usage
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (74 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 075/211] tracing: Update instance_rmdir() to use tracefs_remove_recursive Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 077/211] megaraid_sas : SMAP restriction--do not access user memory from IOCTL code Kamal Mostafa
` (134 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Pratyush Anand, Bjorn Helgaas, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabriele Paoloni <gabriele.paoloni@huawei.com>
commit fa3b7cbab548b15da438b0cc13aa515f7f291f4d upstream.
The first argument of dw_pcie_cfg_read/write() is a 32-bit aligned address.
The second argument is the byte offset into a 32-bit word, and
dw_pcie_cfg_read/write() only look at the low two bits.
SPEAr13xx used dw_pcie_cfg_read() and dw_pcie_cfg_write() incorrectly: it
passed important address bits in the second argument, where they were
ignored.
Pass the complete 32-bit word address in the first argument and only the
2-bit offset into that word in the second argument.
Without this fix, SPEAr13xx host will never work with few buggy gen1 card
which connects with only gen1 host and also with any endpoint which would
generate a read request of more than 128 bytes.
[bhelgaas: changelog]
Reported-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Pratyush Anand <panand@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/pci/host/pcie-spear13xx.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/pci/host/pcie-spear13xx.c b/drivers/pci/host/pcie-spear13xx.c
index c49fbdc..4086268 100644
--- a/drivers/pci/host/pcie-spear13xx.c
+++ b/drivers/pci/host/pcie-spear13xx.c
@@ -163,34 +163,36 @@ static int spear13xx_pcie_establish_link(struct pcie_port *pp)
* default value in capability register is 512 bytes. So force
* it to 128 here.
*/
- dw_pcie_cfg_read(pp->dbi_base, exp_cap_off + PCI_EXP_DEVCTL, 4, &val);
+ dw_pcie_cfg_read(pp->dbi_base + exp_cap_off + PCI_EXP_DEVCTL,
+ 0, 2, &val);
val &= ~PCI_EXP_DEVCTL_READRQ;
- dw_pcie_cfg_write(pp->dbi_base, exp_cap_off + PCI_EXP_DEVCTL, 4, val);
+ dw_pcie_cfg_write(pp->dbi_base + exp_cap_off + PCI_EXP_DEVCTL,
+ 0, 2, val);
- dw_pcie_cfg_write(pp->dbi_base, PCI_VENDOR_ID, 2, 0x104A);
- dw_pcie_cfg_write(pp->dbi_base, PCI_DEVICE_ID, 2, 0xCD80);
+ dw_pcie_cfg_write(pp->dbi_base + PCI_VENDOR_ID, 0, 2, 0x104A);
+ dw_pcie_cfg_write(pp->dbi_base + PCI_VENDOR_ID, 2, 2, 0xCD80);
/*
* if is_gen1 is set then handle it, so that some buggy card
* also works
*/
if (spear13xx_pcie->is_gen1) {
- dw_pcie_cfg_read(pp->dbi_base, exp_cap_off + PCI_EXP_LNKCAP, 4,
- &val);
+ dw_pcie_cfg_read(pp->dbi_base + exp_cap_off + PCI_EXP_LNKCAP,
+ 0, 4, &val);
if ((val & PCI_EXP_LNKCAP_SLS) != PCI_EXP_LNKCAP_SLS_2_5GB) {
val &= ~((u32)PCI_EXP_LNKCAP_SLS);
val |= PCI_EXP_LNKCAP_SLS_2_5GB;
- dw_pcie_cfg_write(pp->dbi_base, exp_cap_off +
- PCI_EXP_LNKCAP, 4, val);
+ dw_pcie_cfg_write(pp->dbi_base + exp_cap_off +
+ PCI_EXP_LNKCAP, 0, 4, val);
}
- dw_pcie_cfg_read(pp->dbi_base, exp_cap_off + PCI_EXP_LNKCTL2, 4,
- &val);
+ dw_pcie_cfg_read(pp->dbi_base + exp_cap_off + PCI_EXP_LNKCTL2,
+ 0, 2, &val);
if ((val & PCI_EXP_LNKCAP_SLS) != PCI_EXP_LNKCAP_SLS_2_5GB) {
val &= ~((u32)PCI_EXP_LNKCAP_SLS);
val |= PCI_EXP_LNKCAP_SLS_2_5GB;
- dw_pcie_cfg_write(pp->dbi_base, exp_cap_off +
- PCI_EXP_LNKCTL2, 4, val);
+ dw_pcie_cfg_write(pp->dbi_base + exp_cap_off +
+ PCI_EXP_LNKCTL2, 0, 2, val);
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 077/211] megaraid_sas : SMAP restriction--do not access user memory from IOCTL code
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (75 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 076/211] PCI: spear: Fix dw_pcie_cfg_read/write() usage Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 078/211] xtensa: fix secondary core boot in SMP Kamal Mostafa
` (133 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sumit Saxena, Kashyap Desai, Martin K. Petersen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "sumit.saxena@avagotech.com" <sumit.saxena@avagotech.com>
commit 323c4a02c631d00851d8edc4213c4d184ef83647 upstream.
This is an issue on SMAP enabled CPUs and 32 bit apps running on 64 bit
OS. Do not access user memory from kernel code. The SMAP bit restricts
accessing user memory from kernel code.
Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/megaraid/megaraid_sas_base.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 00eb416..2ec768b 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -6326,6 +6326,9 @@ static int megasas_mgmt_compat_ioctl_fw(struct file *file, unsigned long arg)
int i;
int error = 0;
compat_uptr_t ptr;
+ unsigned long local_raw_ptr;
+ u32 local_sense_off;
+ u32 local_sense_len;
if (clear_user(ioc, sizeof(*ioc)))
return -EFAULT;
@@ -6343,9 +6346,15 @@ static int megasas_mgmt_compat_ioctl_fw(struct file *file, unsigned long arg)
* sense_len is not null, so prepare the 64bit value under
* the same condition.
*/
- if (ioc->sense_len) {
+ if (get_user(local_raw_ptr, ioc->frame.raw) ||
+ get_user(local_sense_off, &ioc->sense_off) ||
+ get_user(local_sense_len, &ioc->sense_len))
+ return -EFAULT;
+
+
+ if (local_sense_len) {
void __user **sense_ioc_ptr =
- (void __user **)(ioc->frame.raw + ioc->sense_off);
+ (void __user **)((u8*)local_raw_ptr + local_sense_off);
compat_uptr_t *sense_cioc_ptr =
(compat_uptr_t *)(cioc->frame.raw + cioc->sense_off);
if (get_user(ptr, sense_cioc_ptr) ||
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 078/211] xtensa: fix secondary core boot in SMP
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (76 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 077/211] megaraid_sas : SMAP restriction--do not access user memory from IOCTL code Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 079/211] recordmcount: Fix endianness handling bug for nop_mcount Kamal Mostafa
` (132 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Max Filippov, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Filippov <jcmvbkbc@gmail.com>
commit ab45fb145096799dabd18afc58bb5f97171017cd upstream.
There are multiple factors adding to the issue in different
configurations:
- commit 17290231df16eeee ("xtensa: add fixup for double exception raised
in window overflow") added function window_overflow_restore_a0_fixup to
double exception vector overlapping reset vector location of secondary
processor cores.
- on MMUv2 cores RESET_VECTOR1_VADDR may point to uncached kernel memory
making code overlapping depend on cache type and size, so that without
cache or with WT cache reset vector code overwrites double exception
code, making issue even harder to detect.
- on MMUv3 cores RESET_VECTOR1_VADDR may point to unmapped area, as
MMUv3 cores change virtual address map to match MMUv2 layout, but
reset vector virtual address is given for the original MMUv3 mapping.
- physical memory region of the secondary reset vector is not reserved
in the physical memory map, and thus may be allocated and overwritten
at arbitrary moment.
Fix it as follows:
- move window_overflow_restore_a0_fixup code to .text section.
- define RESET_VECTOR1_VADDR so that it points to reset vector in the
cacheable MMUv2 map for cores with MMU.
- reserve reset vector region in the physical memory map. Drop separate
literal section and build mxhead.S with text section literals.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/xtensa/include/asm/vectors.h | 9 +++++----
arch/xtensa/kernel/Makefile | 1 +
arch/xtensa/kernel/setup.c | 9 ++++++++-
arch/xtensa/kernel/vectors.S | 4 +++-
arch/xtensa/kernel/vmlinux.lds.S | 12 ++----------
5 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/arch/xtensa/include/asm/vectors.h b/arch/xtensa/include/asm/vectors.h
index a46c53f..986b5d0 100644
--- a/arch/xtensa/include/asm/vectors.h
+++ b/arch/xtensa/include/asm/vectors.h
@@ -48,6 +48,9 @@
#define LOAD_MEMORY_ADDRESS 0xD0003000
#endif
+#define RESET_VECTOR1_VADDR (VIRTUAL_MEMORY_ADDRESS + \
+ XCHAL_RESET_VECTOR1_PADDR)
+
#else /* !defined(CONFIG_MMU) */
/* MMU Not being used - Virtual == Physical */
@@ -60,6 +63,8 @@
/* Loaded just above possibly live vectors */
#define LOAD_MEMORY_ADDRESS (PLATFORM_DEFAULT_MEM_START + 0x3000)
+#define RESET_VECTOR1_VADDR (XCHAL_RESET_VECTOR1_VADDR)
+
#endif /* CONFIG_MMU */
#define XC_VADDR(offset) (VIRTUAL_MEMORY_ADDRESS + offset)
@@ -71,10 +76,6 @@
VECBASE_RESET_VADDR)
#define RESET_VECTOR_VADDR XC_VADDR(RESET_VECTOR_VECOFS)
-#define RESET_VECTOR1_VECOFS (XCHAL_RESET_VECTOR1_VADDR - \
- VECBASE_RESET_VADDR)
-#define RESET_VECTOR1_VADDR XC_VADDR(RESET_VECTOR1_VECOFS)
-
#if defined(XCHAL_HAVE_VECBASE) && XCHAL_HAVE_VECBASE
#define USER_VECTOR_VADDR XC_VADDR(XCHAL_USER_VECOFS)
diff --git a/arch/xtensa/kernel/Makefile b/arch/xtensa/kernel/Makefile
index d3a0f0f..d52c7f3 100644
--- a/arch/xtensa/kernel/Makefile
+++ b/arch/xtensa/kernel/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_FUNCTION_TRACER) += mcount.o
obj-$(CONFIG_SMP) += smp.o mxhead.o
AFLAGS_head.o += -mtext-section-literals
+AFLAGS_mxhead.o += -mtext-section-literals
# In the Xtensa architecture, assembly generates literals which must always
# precede the L32R instruction with a relative offset less than 256 kB.
diff --git a/arch/xtensa/kernel/setup.c b/arch/xtensa/kernel/setup.c
index 28fc57e..4e06ec9 100644
--- a/arch/xtensa/kernel/setup.c
+++ b/arch/xtensa/kernel/setup.c
@@ -334,7 +334,10 @@ extern char _Level5InterruptVector_text_end;
extern char _Level6InterruptVector_text_start;
extern char _Level6InterruptVector_text_end;
#endif
-
+#ifdef CONFIG_SMP
+extern char _SecondaryResetVector_text_start;
+extern char _SecondaryResetVector_text_end;
+#endif
#ifdef CONFIG_S32C1I_SELFTEST
@@ -506,6 +509,10 @@ void __init setup_arch(char **cmdline_p)
__pa(&_Level6InterruptVector_text_end), 0);
#endif
+#ifdef CONFIG_SMP
+ mem_reserve(__pa(&_SecondaryResetVector_text_start),
+ __pa(&_SecondaryResetVector_text_end), 0);
+#endif
parse_early_param();
bootmem_init();
diff --git a/arch/xtensa/kernel/vectors.S b/arch/xtensa/kernel/vectors.S
index 1b397a9..cb1df95 100644
--- a/arch/xtensa/kernel/vectors.S
+++ b/arch/xtensa/kernel/vectors.S
@@ -478,6 +478,9 @@ _DoubleExceptionVector_handle_exception:
ENDPROC(_DoubleExceptionVector)
+ .end literal_prefix
+
+ .text
/*
* Fixup handler for TLB miss in double exception handler for window owerflow.
* We get here with windowbase set to the window that was being spilled and
@@ -587,7 +590,6 @@ ENTRY(window_overflow_restore_a0_fixup)
ENDPROC(window_overflow_restore_a0_fixup)
- .end literal_prefix
/*
* Debug interrupt vector
*
diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S
index fc1bc2b..d66cd40 100644
--- a/arch/xtensa/kernel/vmlinux.lds.S
+++ b/arch/xtensa/kernel/vmlinux.lds.S
@@ -166,8 +166,6 @@ SECTIONS
RELOCATE_ENTRY(_DebugInterruptVector_text,
.DebugInterruptVector.text);
#if defined(CONFIG_SMP)
- RELOCATE_ENTRY(_SecondaryResetVector_literal,
- .SecondaryResetVector.literal);
RELOCATE_ENTRY(_SecondaryResetVector_text,
.SecondaryResetVector.text);
#endif
@@ -282,17 +280,11 @@ SECTIONS
#if defined(CONFIG_SMP)
- SECTION_VECTOR (_SecondaryResetVector_literal,
- .SecondaryResetVector.literal,
- RESET_VECTOR1_VADDR - 4,
- SIZEOF(.DoubleExceptionVector.text),
- .DoubleExceptionVector.text)
-
SECTION_VECTOR (_SecondaryResetVector_text,
.SecondaryResetVector.text,
RESET_VECTOR1_VADDR,
- 4,
- .SecondaryResetVector.literal)
+ SIZEOF(.DoubleExceptionVector.text),
+ .DoubleExceptionVector.text)
. = LOADADDR(.SecondaryResetVector.text)+SIZEOF(.SecondaryResetVector.text);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 079/211] recordmcount: Fix endianness handling bug for nop_mcount
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (77 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 078/211] xtensa: fix secondary core boot in SMP Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 080/211] recordmcount: arm64: Replace the ignored mcount call into nop Kamal Mostafa
` (131 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Li Bin, Steven Rostedt, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: libin <huawei.libin@huawei.com>
commit c84da8b9ad3761eef43811181c7e896e9834b26b upstream.
In nop_mcount, shdr->sh_offset and welp->r_offset should handle
endianness properly, otherwise it will trigger Segmentation fault
if the recordmcount main and file.o have different endianness.
Link: http://lkml.kernel.org/r/563806C7.7070606@huawei.com
Signed-off-by: Li Bin <huawei.libin@huawei.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
scripts/recordmcount.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/recordmcount.h b/scripts/recordmcount.h
index 49b582a..b9897e2 100644
--- a/scripts/recordmcount.h
+++ b/scripts/recordmcount.h
@@ -377,7 +377,7 @@ static void nop_mcount(Elf_Shdr const *const relhdr,
if (mcountsym == Elf_r_sym(relp) && !is_fake_mcount(relp)) {
if (make_nop)
- ret = make_nop((void *)ehdr, shdr->sh_offset + relp->r_offset);
+ ret = make_nop((void *)ehdr, _w(shdr->sh_offset) + _w(relp->r_offset));
if (warn_on_notrace_sect && !once) {
printf("Section %s has mcount callers being ignored\n",
txtname);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 080/211] recordmcount: arm64: Replace the ignored mcount call into nop
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (78 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 079/211] recordmcount: Fix endianness handling bug for nop_mcount Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 081/211] KVM: VMX: fix SMEP and SMAP without EPT Kamal Mostafa
` (130 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: lkp, catalin.marinas, takahiro.akashi, Li Bin, Steven Rostedt,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Bin <huawei.libin@huawei.com>
commit 2ee8a74f2a5da913637f75a19a0da0e7a08c0f86 upstream.
By now, the recordmcount only records the function that in
following sections:
.text/.ref.text/.sched.text/.spinlock.text/.irqentry.text/
.kprobes.text/.text.unlikely
For the function that not in these sections, the call mcount
will be in place and not be replaced when kernel boot up. And
it will bring performance overhead, such as do_mem_abort (in
.exception.text section). This patch make the call mcount to
nop for this case in recordmcount.
Link: http://lkml.kernel.org/r/1446019445-14421-1-git-send-email-huawei.libin@huawei.com
Link: http://lkml.kernel.org/r/1446193864-24593-4-git-send-email-huawei.libin@huawei.com
Cc: <lkp@intel.com>
Cc: <catalin.marinas@arm.com>
Cc: <takahiro.akashi@linaro.org>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Li Bin <huawei.libin@huawei.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
scripts/recordmcount.c | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c
index 3d1984e..e00bcd1 100644
--- a/scripts/recordmcount.c
+++ b/scripts/recordmcount.c
@@ -42,6 +42,7 @@
#ifndef EM_AARCH64
#define EM_AARCH64 183
+#define R_AARCH64_NONE 0
#define R_AARCH64_ABS64 257
#endif
@@ -160,6 +161,22 @@ static int make_nop_x86(void *map, size_t const offset)
return 0;
}
+static unsigned char ideal_nop4_arm64[4] = {0x1f, 0x20, 0x03, 0xd5};
+static int make_nop_arm64(void *map, size_t const offset)
+{
+ uint32_t *ptr;
+
+ ptr = map + offset;
+ /* bl <_mcount> is 0x94000000 before relocation */
+ if (*ptr != 0x94000000)
+ return -1;
+
+ /* Convert to nop */
+ ulseek(fd_map, offset, SEEK_SET);
+ uwrite(fd_map, ideal_nop, 4);
+ return 0;
+}
+
/*
* Get the whole file as a programming convenience in order to avoid
* malloc+lseek+read+free of many pieces. If successful, then mmap
@@ -353,7 +370,12 @@ do_file(char const *const fname)
altmcount = "__gnu_mcount_nc";
break;
case EM_AARCH64:
- reltype = R_AARCH64_ABS64; gpfx = '_'; break;
+ reltype = R_AARCH64_ABS64;
+ make_nop = make_nop_arm64;
+ rel_type_nop = R_AARCH64_NONE;
+ ideal_nop = ideal_nop4_arm64;
+ gpfx = '_';
+ break;
case EM_IA_64: reltype = R_IA64_IMM64; gpfx = '_'; break;
case EM_METAG: reltype = R_METAG_ADDR32;
altmcount = "_mcount_wrapper";
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 081/211] KVM: VMX: fix SMEP and SMAP without EPT
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (79 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 080/211] recordmcount: arm64: Replace the ignored mcount call into nop Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 082/211] vfio: Fix bug in vfio_device_get_from_name() Kamal Mostafa
` (129 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Radim Krčmář, Paolo Bonzini, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
commit 656ec4a4928a3db7d16e5cb9bce351a478cfd3d5 upstream.
The comment in code had it mostly right, but we enable paging for
emulated real mode regardless of EPT.
Without EPT (which implies emulated real mode), secondary VCPUs won't
start unless we disable SM[AE]P when the guest doesn't use paging.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/vmx.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e77d75b..9906a08 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3644,20 +3644,21 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
if (!is_paging(vcpu)) {
hw_cr4 &= ~X86_CR4_PAE;
hw_cr4 |= X86_CR4_PSE;
- /*
- * SMEP/SMAP is disabled if CPU is in non-paging mode
- * in hardware. However KVM always uses paging mode to
- * emulate guest non-paging mode with TDP.
- * To emulate this behavior, SMEP/SMAP needs to be
- * manually disabled when guest switches to non-paging
- * mode.
- */
- hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
} else if (!(cr4 & X86_CR4_PAE)) {
hw_cr4 &= ~X86_CR4_PAE;
}
}
+ if (!enable_unrestricted_guest && !is_paging(vcpu))
+ /*
+ * SMEP/SMAP is disabled if CPU is in non-paging mode in
+ * hardware. However KVM always uses paging mode without
+ * unrestricted guest.
+ * To emulate this behavior, SMEP/SMAP needs to be manually
+ * disabled when guest switches to non-paging mode.
+ */
+ hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
+
vmcs_writel(CR4_READ_SHADOW, cr4);
vmcs_writel(GUEST_CR4, hw_cr4);
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 082/211] vfio: Fix bug in vfio_device_get_from_name()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (80 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 081/211] KVM: VMX: fix SMEP and SMAP without EPT Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 083/211] thermal: exynos: Fix unbalanced regulator disable on probe failure Kamal Mostafa
` (128 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Joerg Roedel, Alex Williamson, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Joerg Roedel <jroedel@suse.de>
commit e324fc82ea453fcbd3898ec7afb792f750c68979 upstream.
The vfio_device_get_from_name() function might return a
non-NULL pointer, when called with a device name that is not
found in the list. This causes undefined behavior, in my
case calling an invalid function pointer later on:
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at ffff8800cb3ddc08
[...]
Call Trace:
[<ffffffffa03bd733>] ? vfio_group_fops_unl_ioctl+0x253/0x410 [vfio]
[<ffffffff811efc4d>] do_vfs_ioctl+0x2cd/0x4c0
[<ffffffff811f9657>] ? __fget+0x77/0xb0
[<ffffffff811efeb9>] SyS_ioctl+0x79/0x90
[<ffffffff81001bb0>] ? syscall_return_slowpath+0x50/0x130
[<ffffffff8167f776>] entry_SYSCALL_64_fastpath+0x16/0x75
Fix the issue by returning NULL when there is no device with
the requested name in the list.
Fixes: 4bc94d5dc95d ("vfio: Fix lockdep issue")
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/vfio/vfio.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 563c510..8c50ea6 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -692,11 +692,12 @@ EXPORT_SYMBOL_GPL(vfio_device_get_from_dev);
static struct vfio_device *vfio_device_get_from_name(struct vfio_group *group,
char *buf)
{
- struct vfio_device *device;
+ struct vfio_device *it, *device = NULL;
mutex_lock(&group->device_lock);
- list_for_each_entry(device, &group->device_list, group_next) {
- if (!strcmp(dev_name(device->dev), buf)) {
+ list_for_each_entry(it, &group->device_list, group_next) {
+ if (!strcmp(dev_name(it->dev), buf)) {
+ device = it;
vfio_device_get(device);
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 083/211] thermal: exynos: Fix unbalanced regulator disable on probe failure
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (81 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 082/211] vfio: Fix bug in vfio_device_get_from_name() Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 084/211] timers: Use proper base migration in add_timer_on() Kamal Mostafa
` (127 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Krzysztof Kozlowski, Eduardo Valentin, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
commit 824ead03b78403a21449cb7eb153a4344cd3b4c8 upstream.
During probe if the regulator could not be enabled, the error exit path
would still disable it. This could lead to unbalanced counter of
regulator enable/disable.
The patch moves code for getting and enabling the regulator from
exynos_map_dt_data() to probe function because it is really not a part
of getting Device Tree properties.
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 5f09a5cbd14a ("thermal: exynos: Disable the regulator on probe failure")
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/thermal/samsung/exynos_tmu.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c
index af68d06..e39265b 100644
--- a/drivers/thermal/samsung/exynos_tmu.c
+++ b/drivers/thermal/samsung/exynos_tmu.c
@@ -1169,27 +1169,10 @@ static int exynos_map_dt_data(struct platform_device *pdev)
struct exynos_tmu_data *data = platform_get_drvdata(pdev);
struct exynos_tmu_platform_data *pdata;
struct resource res;
- int ret;
if (!data || !pdev->dev.of_node)
return -ENODEV;
- /*
- * Try enabling the regulator if found
- * TODO: Add regulator as an SOC feature, so that regulator enable
- * is a compulsory call.
- */
- data->regulator = devm_regulator_get(&pdev->dev, "vtmu");
- if (!IS_ERR(data->regulator)) {
- ret = regulator_enable(data->regulator);
- if (ret) {
- dev_err(&pdev->dev, "failed to enable vtmu\n");
- return ret;
- }
- } else {
- dev_info(&pdev->dev, "Regulator node (vtmu) not found\n");
- }
-
data->id = of_alias_get_id(pdev->dev.of_node, "tmuctrl");
if (data->id < 0)
data->id = 0;
@@ -1313,6 +1296,23 @@ static int exynos_tmu_probe(struct platform_device *pdev)
pr_err("thermal: tz: %p ERROR\n", data->tzd);
return PTR_ERR(data->tzd);
}
+
+ /*
+ * Try enabling the regulator if found
+ * TODO: Add regulator as an SOC feature, so that regulator enable
+ * is a compulsory call.
+ */
+ data->regulator = devm_regulator_get(&pdev->dev, "vtmu");
+ if (!IS_ERR(data->regulator)) {
+ ret = regulator_enable(data->regulator);
+ if (ret) {
+ dev_err(&pdev->dev, "failed to enable vtmu\n");
+ return ret;
+ }
+ } else {
+ dev_info(&pdev->dev, "Regulator node (vtmu) not found\n");
+ }
+
ret = exynos_map_dt_data(pdev);
if (ret)
goto err_sensor;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 084/211] timers: Use proper base migration in add_timer_on()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (82 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 083/211] thermal: exynos: Fix unbalanced regulator disable on probe failure Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 085/211] ALSA: hda - Apply pin fixup for HP ProBook 6550b Kamal Mostafa
` (126 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tejun Heo, Chris Worley, bfields, Michael Skralivetsky,
Trond Myklebust, Shaohua Li, Jeff Layton, kernel-team,
Thomas Gleixner, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 22b886dd1018093920c4250dee2a9a3cb7cff7b8 upstream.
Regardless of the previous CPU a timer was on, add_timer_on()
currently simply sets timer->flags to the new CPU. As the caller must
be seeing the timer as idle, this is locally fine, but the timer
leaving the old base while unlocked can lead to race conditions as
follows.
Let's say timer was on cpu 0.
cpu 0 cpu 1
-----------------------------------------------------------------------------
del_timer(timer) succeeds
del_timer(timer)
lock_timer_base(timer) locks cpu_0_base
add_timer_on(timer, 1)
spin_lock(&cpu_1_base->lock)
timer->flags set to cpu_1_base
operates on @timer operates on @timer
This triggered with mod_delayed_work_on() which contains
"if (del_timer()) add_timer_on()" sequence eventually leading to the
following oops.
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff810ca6e9>] detach_if_pending+0x69/0x1a0
...
Workqueue: wqthrash wqthrash_workfunc [wqthrash]
task: ffff8800172ca680 ti: ffff8800172d0000 task.ti: ffff8800172d0000
RIP: 0010:[<ffffffff810ca6e9>] [<ffffffff810ca6e9>] detach_if_pending+0x69/0x1a0
...
Call Trace:
[<ffffffff810cb0b4>] del_timer+0x44/0x60
[<ffffffff8106e836>] try_to_grab_pending+0xb6/0x160
[<ffffffff8106e913>] mod_delayed_work_on+0x33/0x80
[<ffffffffa0000081>] wqthrash_workfunc+0x61/0x90 [wqthrash]
[<ffffffff8106dba8>] process_one_work+0x1e8/0x650
[<ffffffff8106e05e>] worker_thread+0x4e/0x450
[<ffffffff810746af>] kthread+0xef/0x110
[<ffffffff8185980f>] ret_from_fork+0x3f/0x70
Fix it by updating add_timer_on() to perform proper migration as
__mod_timer() does.
Reported-and-tested-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Chris Worley <chris.worley@primarydata.com>
Cc: bfields@fieldses.org
Cc: Michael Skralivetsky <michael.skralivetsky@primarydata.com>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Shaohua Li <shli@fb.com>
Cc: Jeff Layton <jlayton@poochiereds.net>
Cc: kernel-team@fb.com
Link: http://lkml.kernel.org/r/20151029103113.2f893924@tlielax.poochiereds.net
Link: http://lkml.kernel.org/r/20151104171533.GI5749@mtj.duckdns.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/time/timer.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index 84190f0..101240b 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -970,13 +970,29 @@ EXPORT_SYMBOL(add_timer);
*/
void add_timer_on(struct timer_list *timer, int cpu)
{
- struct tvec_base *base = per_cpu_ptr(&tvec_bases, cpu);
+ struct tvec_base *new_base = per_cpu_ptr(&tvec_bases, cpu);
+ struct tvec_base *base;
unsigned long flags;
timer_stats_timer_set_start_info(timer);
BUG_ON(timer_pending(timer) || !timer->function);
- spin_lock_irqsave(&base->lock, flags);
- timer->flags = (timer->flags & ~TIMER_BASEMASK) | cpu;
+
+ /*
+ * If @timer was on a different CPU, it should be migrated with the
+ * old base locked to prevent other operations proceeding with the
+ * wrong base locked. See lock_timer_base().
+ */
+ base = lock_timer_base(timer, &flags);
+ if (base != new_base) {
+ timer->flags |= TIMER_MIGRATING;
+
+ spin_unlock(&base->lock);
+ base = new_base;
+ spin_lock(&base->lock);
+ WRITE_ONCE(timer->flags,
+ (timer->flags & ~TIMER_BASEMASK) | cpu);
+ }
+
debug_activate(timer, timer->expires);
internal_add_timer(base, timer);
spin_unlock_irqrestore(&base->lock, flags);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 085/211] ALSA: hda - Apply pin fixup for HP ProBook 6550b
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (83 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 084/211] timers: Use proper base migration in add_timer_on() Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 086/211] tracefs: Fix refcount imbalance in start_creating() Kamal Mostafa
` (125 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit c932b98c1e47312822d911c1bb76e81ef50e389c upstream.
HP ProBook 6550b needs the same pin fixup applied to other HP B-series
laptops with docks for making its headphone and dock headphone jacks
working properly. We just need to add the codec SSID to the list.
Bugzilla: https://bugzilla.kernel.org/attachment.cgi?id=191971
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_sigmatel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
index def5cc8..a0798ae 100644
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -702,6 +702,7 @@ static bool hp_bnb2011_with_dock(struct hda_codec *codec)
static bool hp_blike_system(u32 subsystem_id)
{
switch (subsystem_id) {
+ case 0x103c1473: /* HP ProBook 6550b */
case 0x103c1520:
case 0x103c1521:
case 0x103c1523:
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 086/211] tracefs: Fix refcount imbalance in start_creating()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (84 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 085/211] ALSA: hda - Apply pin fixup for HP ProBook 6550b Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 087/211] ALSA: hda - Add Intel Lewisburg device IDs Audio Kamal Mostafa
` (124 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Borkmann, Steven Rostedt, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <daniel@iogearbox.net>
commit d227c3ae4e94e5eb11dd780a811f59e1a7b74ccd upstream.
In tracefs' start_creating(), we pin the file system to safely access
its root. When we failed to create a file, we unpin the file system via
failed_creating() to release the mount count and eventually the reference
of the singleton vfsmount.
However, when we run into an error during lookup_one_len() when still
in start_creating(), we only release the parent's mutex but not so the
reference on the mount.
F.e., in securityfs_create_file(), after doing simple_pin_fs() when
lookup_one_len() fails there, we infact do simple_release_fs(). This
seems necessary here as well.
Same issue seen in debugfs due to 190afd81e4a5 ("debugfs: split the
beginning and the end of __create_file() off"), which seemed to got
carried over into tracefs, too. Noticed during code review.
Link: http://lkml.kernel.org/r/68efa86101b778cf7517ed7c6ad573bd69f60ec6.1446672850.git.daniel@iogearbox.net
Fixes: 4282d60689d4 ("tracefs: Add new tracefs file system")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/tracefs/inode.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
index cbc8d5d..c66f242 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -340,8 +340,12 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
dput(dentry);
dentry = ERR_PTR(-EEXIST);
}
- if (IS_ERR(dentry))
+
+ if (IS_ERR(dentry)) {
mutex_unlock(&parent->d_inode->i_mutex);
+ simple_release_fs(&tracefs_mount, &tracefs_mount_count);
+ }
+
return dentry;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 087/211] ALSA: hda - Add Intel Lewisburg device IDs Audio
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (85 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 086/211] tracefs: Fix refcount imbalance in start_creating() Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 088/211] drm: Use userspace compatible type in fourcc_mod_code macro Kamal Mostafa
` (123 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alexandra Yates, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexandra Yates <alexandra.yates@linux.intel.com>
commit 5cf92c8b3dc5da59e05dc81bdc069cedf6f38313 upstream.
Adding Intel codename Lewisburg platform device IDs for audio.
[rearranged the position by tiwai]
Signed-off-by: Alexandra Yates <alexandra.yates@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/hda_intel.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index 61b8b75a..4d2cbe2 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -2105,6 +2105,11 @@ static const struct pci_device_id azx_ids[] = {
.driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH },
{ PCI_DEVICE(0x8086, 0x8d21),
.driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH },
+ /* Lewisburg */
+ { PCI_DEVICE(0x8086, 0xa1f0),
+ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH },
+ { PCI_DEVICE(0x8086, 0xa270),
+ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH },
/* Lynx Point-LP */
{ PCI_DEVICE(0x8086, 0x9c20),
.driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH },
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 088/211] drm: Use userspace compatible type in fourcc_mod_code macro
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (86 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 087/211] ALSA: hda - Add Intel Lewisburg device IDs Audio Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 089/211] scsi: restart list search after unlock in scsi_remove_target Kamal Mostafa
` (122 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tvrtko Ursulin, Rob Clark, Daniel Stone, Daniel Vetter,
dri-devel, Jani Nikula, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
commit 6172180c6b37ea164bf8a9bad70bb348d0a16563 upstream.
__u64 should be used instead of u64.
Feature originally added in:
commit e3eb3250d84ef97b766312345774367b6a310db8
Author: Rob Clark <robdclark@gmail.com>
Date: Thu Feb 5 14:41:52 2015 +0000
drm: add support for tiled/compressed/etc modifier in addfb2
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Daniel Stone <daniels@collabora.com>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: dri-devel@lists.freedesktop.org
Fixes: e3eb3250d84e ("drm: add support for tiled/compressed/etc modifier in addfb2")
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1442999431-28568-1-git-send-email-tvrtko.ursulin@linux.intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/uapi/drm/drm_fourcc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/drm/drm_fourcc.h b/include/uapi/drm/drm_fourcc.h
index 2f295cd..904c798 100644
--- a/include/uapi/drm/drm_fourcc.h
+++ b/include/uapi/drm/drm_fourcc.h
@@ -151,7 +151,7 @@
/* add more to the end as needed */
#define fourcc_mod_code(vendor, val) \
- ((((u64)DRM_FORMAT_MOD_VENDOR_## vendor) << 56) | (val & 0x00ffffffffffffffULL))
+ ((((__u64)DRM_FORMAT_MOD_VENDOR_## vendor) << 56) | (val & 0x00ffffffffffffffULL))
/*
* Format Modifier tokens:
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 089/211] scsi: restart list search after unlock in scsi_remove_target
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (87 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 088/211] drm: Use userspace compatible type in fourcc_mod_code macro Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 090/211] toshiba_acpi: Initialize hotkey_event_type variable Kamal Mostafa
` (121 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christoph Hellwig, James Bottomley, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit 40998193560dab6c3ce8d25f4fa58a23e252ef38 upstream.
When dropping a lock while iterating a list we must restart the search
as other threads could have manipulated the list under us. Without this
we can get stuck in an endless loop. This bug was introduced by
commit bc3f02a795d3b4faa99d37390174be2a75d091bd
Author: Dan Williams <djbw@fb.com>
Date: Tue Aug 28 22:12:10 2012 -0700
[SCSI] scsi_remove_target: fix softlockup regression on hot remove
Which was itself trying to fix a reported soft lockup issue
http://thread.gmane.org/gmane.linux.kernel/1348679
However, we believe even with this revert of the original patch, the soft
lockup problem has been fixed by
commit f2495e228fce9f9cec84367547813cbb0d6db15a
Author: James Bottomley <JBottomley@Parallels.com>
Date: Tue Jan 21 07:01:41 2014 -0800
[SCSI] dual scan thread bug fix
Thanks go to Dan Williams <dan.j.williams@intel.com> for tracking all this
prior history down.
Reported-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Tested-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Fixes: bc3f02a795d3b4faa99d37390174be2a75d091bd
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/scsi_sysfs.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 9ad4116..5b771bc 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -1148,31 +1148,23 @@ static void __scsi_remove_target(struct scsi_target *starget)
void scsi_remove_target(struct device *dev)
{
struct Scsi_Host *shost = dev_to_shost(dev->parent);
- struct scsi_target *starget, *last = NULL;
+ struct scsi_target *starget;
unsigned long flags;
- /* remove targets being careful to lookup next entry before
- * deleting the last
- */
+restart:
spin_lock_irqsave(shost->host_lock, flags);
list_for_each_entry(starget, &shost->__targets, siblings) {
if (starget->state == STARGET_DEL)
continue;
if (starget->dev.parent == dev || &starget->dev == dev) {
- /* assuming new targets arrive at the end */
kref_get(&starget->reap_ref);
spin_unlock_irqrestore(shost->host_lock, flags);
- if (last)
- scsi_target_reap(last);
- last = starget;
__scsi_remove_target(starget);
- spin_lock_irqsave(shost->host_lock, flags);
+ scsi_target_reap(starget);
+ goto restart;
}
}
spin_unlock_irqrestore(shost->host_lock, flags);
-
- if (last)
- scsi_target_reap(last);
}
EXPORT_SYMBOL(scsi_remove_target);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 090/211] toshiba_acpi: Initialize hotkey_event_type variable
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (88 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 089/211] scsi: restart list search after unlock in scsi_remove_target Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 091/211] mm: slab: only move management objects off-slab for sizes larger than KMALLOC_MIN_SIZE Kamal Mostafa
` (120 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Azael Avalos, Darren Hart, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Azael Avalos <coproscefalo@gmail.com>
commit d2f20619942fe4618160a7fa3dbdcbac335cff59 upstream.
Commit 53147b6cabee5e8d1997b5682fcc0c3b72ddf9c2 ("toshiba_acpi: Fix
hotkeys registration on some toshiba models") fixed an issue on some
laptops regarding hotkeys registration, however, if failed to address
the initialization of the hotkey_event_type variable, and thus, it can
lead to potential unwanted effects as the variable is being checked.
This patch initializes such variable to avoid such unwanted effects.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/platform/x86/toshiba_acpi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c
index 6f4f310..550e0ce 100644
--- a/drivers/platform/x86/toshiba_acpi.c
+++ b/drivers/platform/x86/toshiba_acpi.c
@@ -2638,6 +2638,7 @@ static int toshiba_acpi_add(struct acpi_device *acpi_dev)
ret = toshiba_function_keys_get(dev, &special_functions);
dev->kbd_function_keys_supported = !ret;
+ dev->hotkey_event_type = 0;
if (toshiba_acpi_setup_keyboard(dev))
pr_info("Unable to activate hotkeys\n");
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 091/211] mm: slab: only move management objects off-slab for sizes larger than KMALLOC_MIN_SIZE
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (89 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 090/211] toshiba_acpi: Initialize hotkey_event_type variable Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 092/211] mm/oom_kill.c: reverse the order of setting TIF_MEMDIE and sending SIGKILL Kamal Mostafa
` (119 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Catalin Marinas, Pekka Enberg, David Rientjes, Joonsoo Kim,
Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Catalin Marinas <catalin.marinas@arm.com>
commit d4322d88f5fdf92729dd40f923013414fbb2184d upstream.
On systems with a KMALLOC_MIN_SIZE of 128 (arm64, some mips and powerpc
configurations defining ARCH_DMA_MINALIGN to 128), the first
kmalloc_caches[] entry to be initialised after slab_early_init = 0 is
"kmalloc-128" with index 7. Depending on the debug kernel configuration,
sizeof(struct kmem_cache) can be larger than 128 resulting in an
INDEX_NODE of 8.
Commit 8fc9cf420b36 ("slab: make more slab management structure off the
slab") enables off-slab management objects for sizes starting with
PAGE_SIZE >> 5 (128 bytes for a 4KB page configuration) and the creation
of the "kmalloc-128" cache would try to place the management objects
off-slab. However, since KMALLOC_MIN_SIZE is already 128 and
freelist_size == 32 in __kmem_cache_create(), kmalloc_slab(freelist_size)
returns NULL (kmalloc_caches[7] not populated yet). This triggers the
following bug on arm64:
kernel BUG at /work/Linux/linux-2.6-aarch64/mm/slab.c:2283!
Internal error: Oops - BUG: 0 [#1] SMP
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 4.3.0-rc4+ #540
Hardware name: Juno (DT)
PC is at __kmem_cache_create+0x21c/0x280
LR is at __kmem_cache_create+0x210/0x280
[...]
Call trace:
__kmem_cache_create+0x21c/0x280
create_boot_cache+0x48/0x80
create_kmalloc_cache+0x50/0x88
create_kmalloc_caches+0x4c/0xf4
kmem_cache_init+0x100/0x118
start_kernel+0x214/0x33c
This patch introduces an OFF_SLAB_MIN_SIZE definition to avoid off-slab
management objects for sizes equal to or smaller than KMALLOC_MIN_SIZE.
Fixes: 8fc9cf420b36 ("slab: make more slab management structure off the slab")
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/slab.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/mm/slab.c b/mm/slab.c
index ae36028..6cf73a6 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -282,6 +282,7 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
#define CFLGS_OFF_SLAB (0x80000000UL)
#define OFF_SLAB(x) ((x)->flags & CFLGS_OFF_SLAB)
+#define OFF_SLAB_MIN_SIZE (max_t(size_t, PAGE_SIZE >> 5, KMALLOC_MIN_SIZE + 1))
#define BATCHREFILL_LIMIT 16
/*
@@ -2212,7 +2213,7 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
* it too early on. Always use on-slab management when
* SLAB_NOLEAKTRACE to avoid recursive calls into kmemleak)
*/
- if ((size >= (PAGE_SIZE >> 5)) && !slab_early_init &&
+ if (size >= OFF_SLAB_MIN_SIZE && !slab_early_init &&
!(flags & SLAB_NOLEAKTRACE))
/*
* Size is large, assume best to place the slab management obj
@@ -2276,7 +2277,7 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
/*
* This is a possibility for one of the kmalloc_{dma,}_caches.
* But since we go off slab only for object size greater than
- * PAGE_SIZE/8, and kmalloc_{dma,}_caches get created
+ * OFF_SLAB_MIN_SIZE, and kmalloc_{dma,}_caches get created
* in ascending order,this should not happen at all.
* But leave a BUG_ON for some lucky dude.
*/
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 092/211] mm/oom_kill.c: reverse the order of setting TIF_MEMDIE and sending SIGKILL
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (90 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 091/211] mm: slab: only move management objects off-slab for sizes larger than KMALLOC_MIN_SIZE Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 093/211] memcg: fix thresholds for 32b architectures Kamal Mostafa
` (118 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tetsuo Handa, David Rientjes, Andrew Morton, Linus Torvalds,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
commit 426fb5e72d92b868912e47a1e3ca2df6eabc3872 upstream.
It was confirmed that a local unprivileged user can consume all memory
reserves and hang up that system using time lag between the OOM killer
sets TIF_MEMDIE on an OOM victim and sends SIGKILL to that victim, for
printk() inside for_each_process() loop at oom_kill_process() can consume
many seconds when there are many thread groups sharing the same memory.
Before starting oom-depleter process:
Node 0 DMA: 3*4kB (UM) 6*8kB (U) 4*16kB (UEM) 0*32kB 0*64kB 1*128kB (M) 2*256kB (EM) 2*512kB (UE) 2*1024kB (EM) 1*2048kB (E) 1*4096kB (M) = 9980kB
Node 0 DMA32: 31*4kB (UEM) 27*8kB (UE) 32*16kB (UE) 13*32kB (UE) 14*64kB (UM) 7*128kB (UM) 8*256kB (UM) 8*512kB (UM) 3*1024kB (U) 4*2048kB (UM) 362*4096kB (UM) = 1503220kB
As of invoking the OOM killer:
Node 0 DMA: 11*4kB (UE) 8*8kB (UEM) 6*16kB (UE) 2*32kB (EM) 0*64kB 1*128kB (U) 3*256kB (UEM) 2*512kB (UE) 3*1024kB (UEM) 1*2048kB (U) 0*4096kB = 7308kB
Node 0 DMA32: 1049*4kB (UEM) 507*8kB (UE) 151*16kB (UE) 53*32kB (UEM) 83*64kB (UEM) 52*128kB (EM) 25*256kB (UEM) 11*512kB (M) 6*1024kB (UM) 1*2048kB (M) 0*4096kB = 44556kB
Between the thread group leader got TIF_MEMDIE and receives SIGKILL:
Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 0 DMA32: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
The oom-depleter's thread group leader which got TIF_MEMDIE started
memset() in user space after the OOM killer set TIF_MEMDIE, and it was
free to abuse ALLOC_NO_WATERMARKS by TIF_MEMDIE for memset() in user space
until SIGKILL is delivered. If SIGKILL is delivered before TIF_MEMDIE is
set, the oom-depleter can terminate without touching memory reserves.
Although the possibility of hitting this time lag is very small for 3.19
and earlier kernels because TIF_MEMDIE is set immediately before sending
SIGKILL, preemption or long interrupts (an extreme example is SysRq-t) can
step between and allow memory allocations which are not needed for
terminating the OOM victim.
Fixes: 83363b917a29 ("oom: make sure that TIF_MEMDIE is set under task_lock")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/oom_kill.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index dff991e..63a6f27 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -561,6 +561,12 @@ void oom_kill_process(struct task_struct *p, gfp_t gfp_mask, int order,
/* mm cannot safely be dereferenced after task_unlock(victim) */
mm = victim->mm;
+ /*
+ * We should send SIGKILL before setting TIF_MEMDIE in order to prevent
+ * the OOM victim from depleting the memory reserves from the user
+ * space under its control.
+ */
+ do_send_sig_info(SIGKILL, SEND_SIG_FORCED, victim, true);
mark_oom_victim(victim);
pr_err("Killed process %d (%s) total-vm:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
task_pid_nr(victim), victim->comm, K(victim->mm->total_vm),
@@ -592,7 +598,6 @@ void oom_kill_process(struct task_struct *p, gfp_t gfp_mask, int order,
}
rcu_read_unlock();
- do_send_sig_info(SIGKILL, SEND_SIG_FORCED, victim, true);
put_task_struct(victim);
}
#undef K
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 093/211] memcg: fix thresholds for 32b architectures.
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (91 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 092/211] mm/oom_kill.c: reverse the order of setting TIF_MEMDIE and sending SIGKILL Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` Kamal Mostafa
` (117 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michal Hocko, Ben Hutchings, Vladimir Davydov, Johannes Weiner,
Michal Hocko, Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Hocko <mhocko@suse.com>
commit c12176d3368b9b36ae484d323d41e94be26f9b65 upstream.
Commit 424cdc141380 ("memcg: convert threshold to bytes") has fixed a
regression introduced by 3e32cb2e0a12 ("mm: memcontrol: lockless page
counters") where thresholds were silently converted to use page units
rather than bytes when interpreting the user input.
The fix is not complete, though, as properly pointed out by Ben Hutchings
during stable backport review. The page count is converted to bytes but
unsigned long is used to hold the value which would be obviously not
sufficient for 32b systems with more than 4G thresholds. The same applies
to usage as taken from mem_cgroup_usage which might overflow.
Let's remove this bytes vs. pages internal tracking differences and
handle thresholds in page units internally. Chage mem_cgroup_usage() to
return the value in page units and revert 424cdc141380 because this should
be sufficient for the consistent handling. mem_cgroup_read_u64 as the
only users of mem_cgroup_usage outside of the threshold handling code is
converted to give the proper in bytes result. It is doing that already
for page_counter output so this is more consistent as well.
The value presented to the userspace is still in bytes units.
Fixes: 424cdc141380 ("memcg: convert threshold to bytes")
Fixes: 3e32cb2e0a12 ("mm: memcontrol: lockless page counters")
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Reviewed-by: Vladimir Davydov <vdavydov@virtuozzo.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
From: Michal Hocko <mhocko@kernel.org>
Subject: memcg-fix-thresholds-for-32b-architectures-fix
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
From: Andrew Morton <akpm@linux-foundation.org>
Subject: memcg-fix-thresholds-for-32b-architectures-fix-fix
don't attempt to inline mem_cgroup_usage()
The compiler ignores the inline anwyay. And __always_inlining it adds 600
bytes of goop to the .o file.
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/memcontrol.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 03a6f75..364f972 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -3136,9 +3136,9 @@ static unsigned long tree_stat(struct mem_cgroup *memcg,
return val;
}
-static inline u64 mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
+static inline unsigned long mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
{
- u64 val;
+ unsigned long val;
if (mem_cgroup_is_root(memcg)) {
val = tree_stat(memcg, MEM_CGROUP_STAT_CACHE);
@@ -3151,7 +3151,7 @@ static inline u64 mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
else
val = page_counter_read(&memcg->memsw);
}
- return val << PAGE_SHIFT;
+ return val;
}
enum {
@@ -3185,9 +3185,9 @@ static u64 mem_cgroup_read_u64(struct cgroup_subsys_state *css,
switch (MEMFILE_ATTR(cft->private)) {
case RES_USAGE:
if (counter == &memcg->memory)
- return mem_cgroup_usage(memcg, false);
+ return (u64)mem_cgroup_usage(memcg, false) * PAGE_SIZE;
if (counter == &memcg->memsw)
- return mem_cgroup_usage(memcg, true);
+ return (u64)mem_cgroup_usage(memcg, true) * PAGE_SIZE;
return (u64)page_counter_read(counter) * PAGE_SIZE;
case RES_LIMIT:
return (u64)counter->limit * PAGE_SIZE;
@@ -3687,7 +3687,6 @@ static int __mem_cgroup_usage_register_event(struct mem_cgroup *memcg,
ret = page_counter_memparse(args, "-1", &threshold);
if (ret)
return ret;
- threshold <<= PAGE_SHIFT;
mutex_lock(&memcg->thresholds_lock);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 094/211] arm64: bpf: fix div-by-zero case
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 002/211] drivers: usb :fsl: Implement Workaround for USB Erratum A007792 Kamal Mostafa
` (209 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Xi Wang, Alexei Starovoitov, linux-arm-kernel, Zi Shen Lim,
Catalin Marinas, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Zi Shen Lim <zlim.lnx@gmail.com>
commit 251599e1d6906621f49218d7b474ddd159e58f3b upstream.
In the case of division by zero in a BPF program:
A = A / X; (X == 0)
the expected behavior is to terminate with return value 0.
This is confirmed by the test case introduced in commit 86bf1721b226
("test_bpf: add tests checking that JIT/interpreter sets A and X to 0.").
Reported-by: Yang Shi <yang.shi@linaro.org>
Tested-by: Yang Shi <yang.shi@linaro.org>
CC: Xi Wang <xi.wang@gmail.com>
CC: Alexei Starovoitov <ast@plumgrid.com>
CC: linux-arm-kernel@lists.infradead.org
CC: linux-kernel@vger.kernel.org
Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler")
Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm64/net/bpf_jit.h | 3 ++-
arch/arm64/net/bpf_jit_comp.c | 37 +++++++++++++++++++++++++------------
2 files changed, 27 insertions(+), 13 deletions(-)
diff --git a/arch/arm64/net/bpf_jit.h b/arch/arm64/net/bpf_jit.h
index 98a26ce..aee5637 100644
--- a/arch/arm64/net/bpf_jit.h
+++ b/arch/arm64/net/bpf_jit.h
@@ -1,7 +1,7 @@
/*
* BPF JIT compiler for ARM64
*
- * Copyright (C) 2014 Zi Shen Lim <zlim.lnx@gmail.com>
+ * Copyright (C) 2014-2015 Zi Shen Lim <zlim.lnx@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -35,6 +35,7 @@
aarch64_insn_gen_comp_branch_imm(0, offset, Rt, A64_VARIANT(sf), \
AARCH64_INSN_BRANCH_COMP_##type)
#define A64_CBZ(sf, Rt, imm19) A64_COMP_BRANCH(sf, Rt, (imm19) << 2, ZERO)
+#define A64_CBNZ(sf, Rt, imm19) A64_COMP_BRANCH(sf, Rt, (imm19) << 2, NONZERO)
/* Conditional branch (immediate) */
#define A64_COND_BRANCH(cond, offset) \
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index c047598..9ae6f23 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -1,7 +1,7 @@
/*
* BPF JIT compiler for ARM64
*
- * Copyright (C) 2014 Zi Shen Lim <zlim.lnx@gmail.com>
+ * Copyright (C) 2014-2015 Zi Shen Lim <zlim.lnx@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -225,6 +225,17 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
u8 jmp_cond;
s32 jmp_offset;
+#define check_imm(bits, imm) do { \
+ if ((((imm) > 0) && ((imm) >> (bits))) || \
+ (((imm) < 0) && (~(imm) >> (bits)))) { \
+ pr_info("[%2d] imm=%d(0x%x) out of range\n", \
+ i, imm, imm); \
+ return -EINVAL; \
+ } \
+} while (0)
+#define check_imm19(imm) check_imm(19, imm)
+#define check_imm26(imm) check_imm(26, imm)
+
switch (code) {
/* dst = src */
case BPF_ALU | BPF_MOV | BPF_X:
@@ -258,8 +269,21 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
break;
case BPF_ALU | BPF_DIV | BPF_X:
case BPF_ALU64 | BPF_DIV | BPF_X:
+ {
+ const u8 r0 = bpf2a64[BPF_REG_0];
+
+ /* if (src == 0) return 0 */
+ jmp_offset = 3; /* skip ahead to else path */
+ check_imm19(jmp_offset);
+ emit(A64_CBNZ(is64, src, jmp_offset), ctx);
+ emit(A64_MOVZ(1, r0, 0, 0), ctx);
+ jmp_offset = epilogue_offset(ctx);
+ check_imm26(jmp_offset);
+ emit(A64_B(jmp_offset), ctx);
+ /* else */
emit(A64_UDIV(is64, dst, dst, src), ctx);
break;
+ }
case BPF_ALU | BPF_MOD | BPF_X:
case BPF_ALU64 | BPF_MOD | BPF_X:
ctx->tmp_used = 1;
@@ -393,17 +417,6 @@ emit_bswap_uxt:
emit(A64_ASR(is64, dst, dst, imm), ctx);
break;
-#define check_imm(bits, imm) do { \
- if ((((imm) > 0) && ((imm) >> (bits))) || \
- (((imm) < 0) && (~(imm) >> (bits)))) { \
- pr_info("[%2d] imm=%d(0x%x) out of range\n", \
- i, imm, imm); \
- return -EINVAL; \
- } \
-} while (0)
-#define check_imm19(imm) check_imm(19, imm)
-#define check_imm26(imm) check_imm(26, imm)
-
/* JUMP off */
case BPF_JMP | BPF_JA:
jmp_offset = bpf2a64_offset(i + off, i, ctx);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 094/211] arm64: bpf: fix div-by-zero case
@ 2016-01-05 19:43 ` Kamal Mostafa
0 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-arm-kernel
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Zi Shen Lim <zlim.lnx@gmail.com>
commit 251599e1d6906621f49218d7b474ddd159e58f3b upstream.
In the case of division by zero in a BPF program:
A = A / X; (X == 0)
the expected behavior is to terminate with return value 0.
This is confirmed by the test case introduced in commit 86bf1721b226
("test_bpf: add tests checking that JIT/interpreter sets A and X to 0.").
Reported-by: Yang Shi <yang.shi@linaro.org>
Tested-by: Yang Shi <yang.shi@linaro.org>
CC: Xi Wang <xi.wang@gmail.com>
CC: Alexei Starovoitov <ast@plumgrid.com>
CC: linux-arm-kernel at lists.infradead.org
CC: linux-kernel at vger.kernel.org
Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler")
Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm64/net/bpf_jit.h | 3 ++-
arch/arm64/net/bpf_jit_comp.c | 37 +++++++++++++++++++++++++------------
2 files changed, 27 insertions(+), 13 deletions(-)
diff --git a/arch/arm64/net/bpf_jit.h b/arch/arm64/net/bpf_jit.h
index 98a26ce..aee5637 100644
--- a/arch/arm64/net/bpf_jit.h
+++ b/arch/arm64/net/bpf_jit.h
@@ -1,7 +1,7 @@
/*
* BPF JIT compiler for ARM64
*
- * Copyright (C) 2014 Zi Shen Lim <zlim.lnx@gmail.com>
+ * Copyright (C) 2014-2015 Zi Shen Lim <zlim.lnx@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -35,6 +35,7 @@
aarch64_insn_gen_comp_branch_imm(0, offset, Rt, A64_VARIANT(sf), \
AARCH64_INSN_BRANCH_COMP_##type)
#define A64_CBZ(sf, Rt, imm19) A64_COMP_BRANCH(sf, Rt, (imm19) << 2, ZERO)
+#define A64_CBNZ(sf, Rt, imm19) A64_COMP_BRANCH(sf, Rt, (imm19) << 2, NONZERO)
/* Conditional branch (immediate) */
#define A64_COND_BRANCH(cond, offset) \
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index c047598..9ae6f23 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -1,7 +1,7 @@
/*
* BPF JIT compiler for ARM64
*
- * Copyright (C) 2014 Zi Shen Lim <zlim.lnx@gmail.com>
+ * Copyright (C) 2014-2015 Zi Shen Lim <zlim.lnx@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -225,6 +225,17 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
u8 jmp_cond;
s32 jmp_offset;
+#define check_imm(bits, imm) do { \
+ if ((((imm) > 0) && ((imm) >> (bits))) || \
+ (((imm) < 0) && (~(imm) >> (bits)))) { \
+ pr_info("[%2d] imm=%d(0x%x) out of range\n", \
+ i, imm, imm); \
+ return -EINVAL; \
+ } \
+} while (0)
+#define check_imm19(imm) check_imm(19, imm)
+#define check_imm26(imm) check_imm(26, imm)
+
switch (code) {
/* dst = src */
case BPF_ALU | BPF_MOV | BPF_X:
@@ -258,8 +269,21 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
break;
case BPF_ALU | BPF_DIV | BPF_X:
case BPF_ALU64 | BPF_DIV | BPF_X:
+ {
+ const u8 r0 = bpf2a64[BPF_REG_0];
+
+ /* if (src == 0) return 0 */
+ jmp_offset = 3; /* skip ahead to else path */
+ check_imm19(jmp_offset);
+ emit(A64_CBNZ(is64, src, jmp_offset), ctx);
+ emit(A64_MOVZ(1, r0, 0, 0), ctx);
+ jmp_offset = epilogue_offset(ctx);
+ check_imm26(jmp_offset);
+ emit(A64_B(jmp_offset), ctx);
+ /* else */
emit(A64_UDIV(is64, dst, dst, src), ctx);
break;
+ }
case BPF_ALU | BPF_MOD | BPF_X:
case BPF_ALU64 | BPF_MOD | BPF_X:
ctx->tmp_used = 1;
@@ -393,17 +417,6 @@ emit_bswap_uxt:
emit(A64_ASR(is64, dst, dst, imm), ctx);
break;
-#define check_imm(bits, imm) do { \
- if ((((imm) > 0) && ((imm) >> (bits))) || \
- (((imm) < 0) && (~(imm) >> (bits)))) { \
- pr_info("[%2d] imm=%d(0x%x) out of range\n", \
- i, imm, imm); \
- return -EINVAL; \
- } \
-} while (0)
-#define check_imm19(imm) check_imm(19, imm)
-#define check_imm26(imm) check_imm(26, imm)
-
/* JUMP off */
case BPF_JMP | BPF_JA:
jmp_offset = bpf2a64_offset(i + off, i, ctx);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 095/211] arm64: bpf: fix mod-by-zero case
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (93 preceding siblings ...)
2016-01-05 19:43 ` Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 096/211] Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled Kamal Mostafa
` (115 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Zi Shen Lim, Alexei Starovoitov, Catalin Marinas, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Zi Shen Lim <zlim.lnx@gmail.com>
commit 14e589ff4aa3f28a5424e92b6495ecb8950080f7 upstream.
Turns out in the case of modulo by zero in a BPF program:
A = A % X; (X == 0)
the expected behavior is to terminate with return value 0.
The bug in JIT is exposed by a new test case [1].
[1] https://lkml.org/lkml/2015/11/4/499
Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com>
Reported-by: Yang Shi <yang.shi@linaro.org>
Reported-by: Xi Wang <xi.wang@gmail.com>
CC: Alexei Starovoitov <ast@plumgrid.com>
Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler")
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm64/net/bpf_jit_comp.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index 9ae6f23..6217f80 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -269,6 +269,8 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
break;
case BPF_ALU | BPF_DIV | BPF_X:
case BPF_ALU64 | BPF_DIV | BPF_X:
+ case BPF_ALU | BPF_MOD | BPF_X:
+ case BPF_ALU64 | BPF_MOD | BPF_X:
{
const u8 r0 = bpf2a64[BPF_REG_0];
@@ -281,16 +283,19 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
check_imm26(jmp_offset);
emit(A64_B(jmp_offset), ctx);
/* else */
- emit(A64_UDIV(is64, dst, dst, src), ctx);
+ switch (BPF_OP(code)) {
+ case BPF_DIV:
+ emit(A64_UDIV(is64, dst, dst, src), ctx);
+ break;
+ case BPF_MOD:
+ ctx->tmp_used = 1;
+ emit(A64_UDIV(is64, tmp, dst, src), ctx);
+ emit(A64_MUL(is64, tmp, tmp, src), ctx);
+ emit(A64_SUB(is64, dst, dst, tmp), ctx);
+ break;
+ }
break;
}
- case BPF_ALU | BPF_MOD | BPF_X:
- case BPF_ALU64 | BPF_MOD | BPF_X:
- ctx->tmp_used = 1;
- emit(A64_UDIV(is64, tmp, dst, src), ctx);
- emit(A64_MUL(is64, tmp, tmp, src), ctx);
- emit(A64_SUB(is64, dst, dst, tmp), ctx);
- break;
case BPF_ALU | BPF_LSH | BPF_X:
case BPF_ALU64 | BPF_LSH | BPF_X:
emit(A64_LSLV(is64, dst, dst, src), ctx);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 096/211] Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (94 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 095/211] arm64: bpf: fix mod-by-zero case Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 097/211] proc: actually make proc_fd_permission() thread-friendly Kamal Mostafa
` (114 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Iwai, Dmitry Torokhov, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 60603950f836ef4e88daddf61a273b91e671db2d upstream.
Another Lifebook machine that needs the same quirk as other similar
models to make the driver working.
Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=883192
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/input/mouse/elantech.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c
index 2955f1d..537ebb0 100644
--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -1520,6 +1520,13 @@ static const struct dmi_system_id elantech_dmi_force_crc_enabled[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E544"),
},
},
+ {
+ /* Fujitsu LIFEBOOK U745 does not work with crc_enabled == 0 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK U745"),
+ },
+ },
#endif
{ }
};
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 097/211] proc: actually make proc_fd_permission() thread-friendly
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (95 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 096/211] Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 098/211] printk: prevent userland from spoofing kernel messages Kamal Mostafa
` (113 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Oleg Nesterov, Eric W. Biederman, Andrew Morton, Linus Torvalds,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 54708d2858e79a2bdda10bf8a20c80eb96c20613 upstream.
The commit 96d0df79f264 ("proc: make proc_fd_permission() thread-friendly")
fixed the access to /proc/self/fd from sub-threads, but introduced another
problem: a sub-thread can't access /proc/<tid>/fd/ or /proc/thread-self/fd
if generic_permission() fails.
Change proc_fd_permission() to check same_thread_group(pid_task(), current).
Fixes: 96d0df79f264 ("proc: make proc_fd_permission() thread-friendly")
Reported-by: "Jin, Yihua" <yihua.jin@intel.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/proc/fd.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/fs/proc/fd.c b/fs/proc/fd.c
index 6e5fcd0..3c2a915 100644
--- a/fs/proc/fd.c
+++ b/fs/proc/fd.c
@@ -291,11 +291,19 @@ static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry,
*/
int proc_fd_permission(struct inode *inode, int mask)
{
- int rv = generic_permission(inode, mask);
+ struct task_struct *p;
+ int rv;
+
+ rv = generic_permission(inode, mask);
if (rv == 0)
- return 0;
- if (task_tgid(current) == proc_pid(inode))
+ return rv;
+
+ rcu_read_lock();
+ p = pid_task(proc_pid(inode), PIDTYPE_PID);
+ if (p && same_thread_group(p, current))
rv = 0;
+ rcu_read_unlock();
+
return rv;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 098/211] printk: prevent userland from spoofing kernel messages
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (96 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 097/211] proc: actually make proc_fd_permission() thread-friendly Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 099/211] lib/hexdump.c: truncate output in case of overflow Kamal Mostafa
` (112 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mathias Krause, Greg Kroah-Hartman, Petr Mladek, Alex Elder,
Joe Perches, Kay Sievers, Andrew Morton, Linus Torvalds,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Krause <minipli@googlemail.com>
commit 3824657c522f19f85a76bd932821174a5557a382 upstream.
The following statement of ABI/testing/dev-kmsg is not quite right:
It is not possible to inject messages from userspace with the
facility number LOG_KERN (0), to make sure that the origin of the
messages can always be reliably determined.
Userland actually can inject messages with a facility of 0 by abusing the
fact that the facility is stored in a u8 data type. By using a facility
which is a multiple of 256 the assignment of msg->facility in log_store()
implicitly truncates it to 0, i.e. LOG_KERN, allowing users of /dev/kmsg
to spoof kernel messages as shown below:
The following call...
# printf '<%d>Kernel panic - not syncing: beer empty\n' 0 >/dev/kmsg
...leads to the following log entry (dmesg -x | tail -n 1):
user :emerg : [ 66.137758] Kernel panic - not syncing: beer empty
However, this call...
# printf '<%d>Kernel panic - not syncing: beer empty\n' 0x800 >/dev/kmsg
...leads to the slightly different log entry (note the kernel facility):
kern :emerg : [ 74.177343] Kernel panic - not syncing: beer empty
Fix that by limiting the user provided facility to 8 bit right from the
beginning and catch the truncation early.
Fixes: 7ff9554bb578 ("printk: convert byte-buffer to variable-length...")
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Petr Mladek <pmladek@suse.cz>
Cc: Alex Elder <elder@linaro.org>
Cc: Joe Perches <joe@perches.com>
Cc: Kay Sievers <kay@vrfy.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/printk/printk.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index cf8c242..2b0819b 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -269,6 +269,9 @@ static u32 clear_idx;
#define PREFIX_MAX 32
#define LOG_LINE_MAX (1024 - PREFIX_MAX)
+#define LOG_LEVEL(v) ((v) & 0x07)
+#define LOG_FACILITY(v) ((v) >> 3 & 0xff)
+
/* record buffer */
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
#define LOG_ALIGN 4
@@ -611,7 +614,6 @@ struct devkmsg_user {
static ssize_t devkmsg_write(struct kiocb *iocb, struct iov_iter *from)
{
char *buf, *line;
- int i;
int level = default_message_loglevel;
int facility = 1; /* LOG_USER */
size_t len = iov_iter_count(from);
@@ -641,12 +643,13 @@ static ssize_t devkmsg_write(struct kiocb *iocb, struct iov_iter *from)
line = buf;
if (line[0] == '<') {
char *endp = NULL;
+ unsigned int u;
- i = simple_strtoul(line+1, &endp, 10);
+ u = simple_strtoul(line + 1, &endp, 10);
if (endp && endp[0] == '>') {
- level = i & 7;
- if (i >> 3)
- facility = i >> 3;
+ level = LOG_LEVEL(u);
+ if (LOG_FACILITY(u) != 0)
+ facility = LOG_FACILITY(u);
endp++;
len -= endp - line;
line = endp;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 099/211] lib/hexdump.c: truncate output in case of overflow
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (97 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 098/211] printk: prevent userland from spoofing kernel messages Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 100/211] fs, seqfile: always allow oom killer Kamal Mostafa
` (111 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andy Shevchenko, Al Viro, Catalin Marinas, Andrew Morton,
Linus Torvalds, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 9f029f540c2f7e010e4922d44ba0dfd05da79f88 upstream.
There is a classical off-by-one error in case when we try to place, for
example, 1+1 bytes as hex in the buffer of size 6. The expected result is
to get an output truncated, but in the reality we get 6 bytes filed
followed by terminating NUL.
Change the logic how we fill the output in case of byte dumping into
limited space. This will follow the snprintf() behaviour by truncating
output even on half bytes.
Fixes: 114fc1afb2de (hexdump: make it return number of bytes placed in buffer)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reported-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Tested-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
lib/hexdump.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/hexdump.c b/lib/hexdump.c
index 8d74c20..992457b 100644
--- a/lib/hexdump.c
+++ b/lib/hexdump.c
@@ -169,11 +169,15 @@ int hex_dump_to_buffer(const void *buf, size_t len, int rowsize, int groupsize,
}
} else {
for (j = 0; j < len; j++) {
- if (linebuflen < lx + 3)
+ if (linebuflen < lx + 2)
goto overflow2;
ch = ptr[j];
linebuf[lx++] = hex_asc_hi(ch);
+ if (linebuflen < lx + 2)
+ goto overflow2;
linebuf[lx++] = hex_asc_lo(ch);
+ if (linebuflen < lx + 2)
+ goto overflow2;
linebuf[lx++] = ' ';
}
if (j)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 100/211] fs, seqfile: always allow oom killer
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (98 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 099/211] lib/hexdump.c: truncate output in case of overflow Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 101/211] parisc: Fixes and cleanups in kernel uapi header files Kamal Mostafa
` (110 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Rientjes, Greg Thelen, Andrew Morton, Linus Torvalds,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Thelen <gthelen@google.com>
commit 0f930902eb8806cff8dcaef9ff9faf3cfa5fd748 upstream.
Since 5cec38ac866b ("fs, seq_file: fallback to vmalloc instead of oom kill
processes") seq_buf_alloc() avoids calling the oom killer for PAGE_SIZE or
smaller allocations; but larger allocations can use the oom killer via
vmalloc(). Thus reads of small files can return ENOMEM, but larger files
use the oom killer to avoid ENOMEM.
The effect of this bug is that reads from /proc and other virtual
filesystems can return ENOMEM instead of the preferred behavior - oom
killing something (possibly the calling process). I don't know of anyone
except Google who has noticed the issue.
I suspect the fix is more needed in smaller systems where there isn't any
reclaimable memory. But these seem like the kinds of systems which
probably don't use the oom killer for production situations.
Memory overcommit requires use of the oom killer to select a victim
regardless of file size.
Enable oom killer for small seq_buf_alloc() allocations.
Fixes: 5cec38ac866b ("fs, seq_file: fallback to vmalloc instead of oom kill processes")
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Greg Thelen <gthelen@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/seq_file.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/fs/seq_file.c b/fs/seq_file.c
index ce9e39f..24cf027 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -24,12 +24,17 @@ static void seq_set_overflow(struct seq_file *m)
static void *seq_buf_alloc(unsigned long size)
{
void *buf;
+ gfp_t gfp = GFP_KERNEL;
/*
- * __GFP_NORETRY to avoid oom-killings with high-order allocations -
- * it's better to fall back to vmalloc() than to kill things.
+ * For high order allocations, use __GFP_NORETRY to avoid oom-killing -
+ * it's better to fall back to vmalloc() than to kill things. For small
+ * allocations, just use GFP_KERNEL which will oom kill, thus no need
+ * for vmalloc fallback.
*/
- buf = kmalloc(size, GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN);
+ if (size > PAGE_SIZE)
+ gfp |= __GFP_NORETRY | __GFP_NOWARN;
+ buf = kmalloc(size, gfp);
if (!buf && size > PAGE_SIZE)
buf = vmalloc(size);
return buf;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 101/211] parisc: Fixes and cleanups in kernel uapi header files
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (99 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 100/211] fs, seqfile: always allow oom killer Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 102/211] perf: Fix inherited events vs. tracepoint filters Kamal Mostafa
` (109 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Helge Deller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit d0cf62fb63f760e98244d31396b3b58f3a1e326b upstream.
This patch fixes some bugs and partly cleans up the parisc uapi header
files to what glibc defined:
- compat_semid64_ds was wrong and did not take the endianess into
account
- ipc64_perm exported userspace types which broke building userspace
packages on debian (e.g. trinity)
- ipc64_perm needs to use a 32bit mode_t on 64bit kernel
- msqid64_ds and semid64_ds needs unsigned longs for various struct members
- shmid64_ds exported size_t instead of __kernel_size_t
And finally add some compile-time checks for the sizes of those structs
to avoid future breakage.
Runtime-tested with the Linux Test Project (LTP) testsuite.
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/parisc/include/asm/compat.h | 4 ++--
arch/parisc/include/uapi/asm/ipcbuf.h | 19 ++++++++++++-------
arch/parisc/include/uapi/asm/msgbuf.h | 10 +++++-----
arch/parisc/include/uapi/asm/posix_types.h | 2 ++
arch/parisc/include/uapi/asm/sembuf.h | 6 +++---
arch/parisc/include/uapi/asm/shmbuf.h | 8 ++++----
arch/parisc/mm/init.c | 16 ++++++++++++++++
7 files changed, 44 insertions(+), 21 deletions(-)
diff --git a/arch/parisc/include/asm/compat.h b/arch/parisc/include/asm/compat.h
index 94710cf..0448a2c 100644
--- a/arch/parisc/include/asm/compat.h
+++ b/arch/parisc/include/asm/compat.h
@@ -206,10 +206,10 @@ struct compat_ipc64_perm {
struct compat_semid64_ds {
struct compat_ipc64_perm sem_perm;
- compat_time_t sem_otime;
unsigned int __unused1;
- compat_time_t sem_ctime;
+ compat_time_t sem_otime;
unsigned int __unused2;
+ compat_time_t sem_ctime;
compat_ulong_t sem_nsems;
compat_ulong_t __unused3;
compat_ulong_t __unused4;
diff --git a/arch/parisc/include/uapi/asm/ipcbuf.h b/arch/parisc/include/uapi/asm/ipcbuf.h
index bd956c4..790c411 100644
--- a/arch/parisc/include/uapi/asm/ipcbuf.h
+++ b/arch/parisc/include/uapi/asm/ipcbuf.h
@@ -1,6 +1,9 @@
#ifndef __PARISC_IPCBUF_H__
#define __PARISC_IPCBUF_H__
+#include <asm/bitsperlong.h>
+#include <linux/posix_types.h>
+
/*
* The ipc64_perm structure for PA-RISC is almost identical to
* kern_ipc_perm as we have always had 32-bit UIDs and GIDs in the kernel.
@@ -10,16 +13,18 @@
struct ipc64_perm
{
- key_t key;
- uid_t uid;
- gid_t gid;
- uid_t cuid;
- gid_t cgid;
+ __kernel_key_t key;
+ __kernel_uid_t uid;
+ __kernel_gid_t gid;
+ __kernel_uid_t cuid;
+ __kernel_gid_t cgid;
+#if __BITS_PER_LONG != 64
unsigned short int __pad1;
- mode_t mode;
+#endif
+ __kernel_mode_t mode;
unsigned short int __pad2;
unsigned short int seq;
- unsigned int __pad3;
+ unsigned int __pad3;
unsigned long long int __unused1;
unsigned long long int __unused2;
};
diff --git a/arch/parisc/include/uapi/asm/msgbuf.h b/arch/parisc/include/uapi/asm/msgbuf.h
index 3421389..2e83ac7 100644
--- a/arch/parisc/include/uapi/asm/msgbuf.h
+++ b/arch/parisc/include/uapi/asm/msgbuf.h
@@ -27,13 +27,13 @@ struct msqid64_ds {
unsigned int __pad3;
#endif
__kernel_time_t msg_ctime; /* last change time */
- unsigned int msg_cbytes; /* current number of bytes on queue */
- unsigned int msg_qnum; /* number of messages in queue */
- unsigned int msg_qbytes; /* max number of bytes on queue */
+ unsigned long msg_cbytes; /* current number of bytes on queue */
+ unsigned long msg_qnum; /* number of messages in queue */
+ unsigned long msg_qbytes; /* max number of bytes on queue */
__kernel_pid_t msg_lspid; /* pid of last msgsnd */
__kernel_pid_t msg_lrpid; /* last receive pid */
- unsigned int __unused1;
- unsigned int __unused2;
+ unsigned long __unused1;
+ unsigned long __unused2;
};
#endif /* _PARISC_MSGBUF_H */
diff --git a/arch/parisc/include/uapi/asm/posix_types.h b/arch/parisc/include/uapi/asm/posix_types.h
index b934425..f3b5f70 100644
--- a/arch/parisc/include/uapi/asm/posix_types.h
+++ b/arch/parisc/include/uapi/asm/posix_types.h
@@ -7,8 +7,10 @@
* assume GCC is being used.
*/
+#ifndef __LP64__
typedef unsigned short __kernel_mode_t;
#define __kernel_mode_t __kernel_mode_t
+#endif
typedef unsigned short __kernel_ipc_pid_t;
#define __kernel_ipc_pid_t __kernel_ipc_pid_t
diff --git a/arch/parisc/include/uapi/asm/sembuf.h b/arch/parisc/include/uapi/asm/sembuf.h
index f01d89e..c20971b 100644
--- a/arch/parisc/include/uapi/asm/sembuf.h
+++ b/arch/parisc/include/uapi/asm/sembuf.h
@@ -23,9 +23,9 @@ struct semid64_ds {
unsigned int __pad2;
#endif
__kernel_time_t sem_ctime; /* last change time */
- unsigned int sem_nsems; /* no. of semaphores in array */
- unsigned int __unused1;
- unsigned int __unused2;
+ unsigned long sem_nsems; /* no. of semaphores in array */
+ unsigned long __unused1;
+ unsigned long __unused2;
};
#endif /* _PARISC_SEMBUF_H */
diff --git a/arch/parisc/include/uapi/asm/shmbuf.h b/arch/parisc/include/uapi/asm/shmbuf.h
index 8496c38..750e13e 100644
--- a/arch/parisc/include/uapi/asm/shmbuf.h
+++ b/arch/parisc/include/uapi/asm/shmbuf.h
@@ -30,12 +30,12 @@ struct shmid64_ds {
#if __BITS_PER_LONG != 64
unsigned int __pad4;
#endif
- size_t shm_segsz; /* size of segment (bytes) */
+ __kernel_size_t shm_segsz; /* size of segment (bytes) */
__kernel_pid_t shm_cpid; /* pid of creator */
__kernel_pid_t shm_lpid; /* pid of last operator */
- unsigned int shm_nattch; /* no. of current attaches */
- unsigned int __unused1;
- unsigned int __unused2;
+ unsigned long shm_nattch; /* no. of current attaches */
+ unsigned long __unused1;
+ unsigned long __unused2;
};
struct shminfo64 {
diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c
index c229427..c5fec48 100644
--- a/arch/parisc/mm/init.c
+++ b/arch/parisc/mm/init.c
@@ -23,6 +23,7 @@
#include <linux/unistd.h>
#include <linux/nodemask.h> /* for node_online_map */
#include <linux/pagemap.h> /* for release_pages and page_cache_release */
+#include <linux/compat.h>
#include <asm/pgalloc.h>
#include <asm/pgtable.h>
@@ -30,6 +31,7 @@
#include <asm/pdc_chassis.h>
#include <asm/mmzone.h>
#include <asm/sections.h>
+#include <asm/msgbuf.h>
extern int data_start;
extern void parisc_kernel_start(void); /* Kernel entry point in head.S */
@@ -590,6 +592,20 @@ unsigned long pcxl_dma_start __read_mostly;
void __init mem_init(void)
{
+ /* Do sanity checks on IPC (compat) structures */
+ BUILD_BUG_ON(sizeof(struct ipc64_perm) != 48);
+#ifndef CONFIG_64BIT
+ BUILD_BUG_ON(sizeof(struct semid64_ds) != 80);
+ BUILD_BUG_ON(sizeof(struct msqid64_ds) != 104);
+ BUILD_BUG_ON(sizeof(struct shmid64_ds) != 104);
+#endif
+#ifdef CONFIG_COMPAT
+ BUILD_BUG_ON(sizeof(struct compat_ipc64_perm) != sizeof(struct ipc64_perm));
+ BUILD_BUG_ON(sizeof(struct compat_semid64_ds) != 80);
+ BUILD_BUG_ON(sizeof(struct compat_msqid64_ds) != 104);
+ BUILD_BUG_ON(sizeof(struct compat_shmid64_ds) != 104);
+#endif
+
/* Do sanity checks on page table constants */
BUILD_BUG_ON(PTE_ENTRY_SIZE != sizeof(pte_t));
BUILD_BUG_ON(PMD_ENTRY_SIZE != sizeof(pmd_t));
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 102/211] perf: Fix inherited events vs. tracepoint filters
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (100 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 101/211] parisc: Fixes and cleanups in kernel uapi header files Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 103/211] scsi_sysfs: Fix queue_ramp_up_period return code Kamal Mostafa
` (108 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Zijlstra (Intel),
Adrian Hunter, Arnaldo Carvalho de Melo, David Ahern,
Frédéric Weisbecker, Jiri Olsa, Jiri Olsa,
Linus Torvalds, Steven Rostedt, Thomas Gleixner, Wang Nan,
Ingo Molnar, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
commit b71b437eedaed985062492565d9d421d975ae845 upstream.
Arnaldo reported that tracepoint filters seem to misbehave (ie. not
apply) on inherited events.
The fix is obvious; filters are only set on the actual (parent)
event, use the normal pattern of using this parent event for filters.
This is safe because each child event has a reference to it.
Reported-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frédéric Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/r/20151102095051.GN17308@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/events/core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index e6feb51..c06fa66 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -6644,6 +6644,10 @@ static int perf_tp_filter_match(struct perf_event *event,
{
void *record = data->raw->data;
+ /* only top level events have filters set */
+ if (event->parent)
+ event = event->parent;
+
if (likely(!event->filter) || filter_match_preds(event->filter, record))
return 1;
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 103/211] scsi_sysfs: Fix queue_ramp_up_period return code
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (101 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 102/211] perf: Fix inherited events vs. tracepoint filters Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 104/211] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list Kamal Mostafa
` (107 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Oberparleiter, Martin K. Petersen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
commit 863e02d0e173bb9d8cea6861be22820b25c076cc upstream.
Writing a number to /sys/bus/scsi/devices/<sdev>/queue_ramp_up_period
returns the value of that number instead of the number of bytes written.
This behavior can confuse programs expecting POSIX write() semantics.
Fix this by returning the number of bytes written instead.
Signed-off-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/scsi_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 5b771bc..e71eb8e 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -898,7 +898,7 @@ sdev_store_queue_ramp_up_period(struct device *dev,
return -EINVAL;
sdev->queue_ramp_up_period = msecs_to_jiffies(period);
- return period;
+ return count;
}
static DEVICE_ATTR(queue_ramp_up_period, S_IRUGO | S_IWUSR,
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 104/211] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (102 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 103/211] scsi_sysfs: Fix queue_ramp_up_period return code Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 105/211] storvsc: Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag Kamal Mostafa
` (106 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hans de Goede, Darren Hart, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit f71c882dd4cfe4aa88ea07b1402ddd43605d4aef upstream.
Like some of the other Yoga models the Lenovo Yoga 900 does not have a
hw rfkill switch, and trying to read the hw rfkill switch through the
ideapad module causes it to always reported blocking breaking wifi.
This commit adds the Lenovo Yoga 900 to the no_hw_rfkill dmi list, fixing
the wifi breakage.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1275490
Reported-and-tested-by: Kevin Fenzi <kevin@scrye.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index 81c3e582..db567b7 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -866,6 +866,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 3 Pro-1370"),
},
},
+ {
+ .ident = "Lenovo Yoga 900",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 900"),
+ },
+ },
{}
};
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 105/211] storvsc: Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (103 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 104/211] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 106/211] drivers: of: of_reserved_mem: fixup the alignment with CMA setup Kamal Mostafa
` (105 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, James Bottomley, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit 8cf308e1225f5f93575f03cc4dbef24516fa81c9 upstream.
Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag since we are not specifying
tags. Without this, the qlogic driver doesn't work properly with storvsc.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 3c6584f..c2610de 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1585,8 +1585,7 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd)
vm_srb->win8_extension.time_out_value = 60;
vm_srb->win8_extension.srb_flags |=
- (SRB_FLAGS_QUEUE_ACTION_ENABLE |
- SRB_FLAGS_DISABLE_SYNCH_TRANSFER);
+ SRB_FLAGS_DISABLE_SYNCH_TRANSFER;
/* Build the SRB */
switch (scmnd->sc_data_direction) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 106/211] drivers: of: of_reserved_mem: fixup the alignment with CMA setup
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (104 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 105/211] storvsc: Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 107/211] drm/ast: Initialized data needed to map fbdev memory Kamal Mostafa
` (104 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jason Liu, Grant Likely, Rob Herring, Rob Herring, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Liu <r64343@freescale.com>
commit 1cc8e3458b5110253c8f5aaf1890d5ffea9bb7b7 upstream.
There is an alignment mismatch issue between the of_reserved_mem and
the CMA setup requirement. The of_reserved_mem will try to get the
alignment value from the DTS and pass it to __memblock_alloc_base to
do the memory block base allocation, but the alignment value specified
in the DTS may not satisfy the CAM setup requirement since CMA setup
required the alignment as the following in the code:
align = PAGE_SIZE << max(MAX_ORDER - 1, pageblock_order);
The sanity check in the function of rmem_cma_setup will fail if the
alignment does not setup correctly and thus CMA will fail to setup.
This patch is to fixup the alignment to meet the CMA setup required.
Mailing-list-thread: https://lkml.org/lkml/2015/11/9/138
Signed-off-by: Jason Liu <r64343@freescale.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Grant Likely <grant.likely@linaro.org>
Cc: Rob Herring <robh+dt@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/of/of_reserved_mem.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
index 726ebe7..56c23ee 100644
--- a/drivers/of/of_reserved_mem.c
+++ b/drivers/of/of_reserved_mem.c
@@ -123,6 +123,10 @@ static int __init __reserved_mem_alloc_size(unsigned long node,
align = dt_mem_next_cell(dt_root_addr_cells, &prop);
}
+ /* Need adjust the alignment to satisfy the CMA requirement */
+ if (IS_ENABLED(CONFIG_CMA) && of_flat_dt_is_compatible(node, "shared-dma-pool"))
+ align = max(align, (phys_addr_t)PAGE_SIZE << max(MAX_ORDER - 1, pageblock_order));
+
prop = of_get_flat_dt_prop(node, "alloc-ranges", &len);
if (prop) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 107/211] drm/ast: Initialized data needed to map fbdev memory
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (105 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 106/211] drivers: of: of_reserved_mem: fixup the alignment with CMA setup Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 108/211] FS-Cache: Increase reference of parent after registering, netfs success Kamal Mostafa
` (103 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Egbert Eich, Dave Airlie, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Egbert Eich <eich@suse.de>
commit 28fb4cb7fa6f63dc2fbdb5f2564dcbead8e3eee0 upstream.
Due to a missing initialization there was no way to map fbdev memory.
Thus for example using the Xserver with the fbdev driver failed.
This fix adds initialization for fix.smem_start and fix.smem_len
in the fb_info structure, which fixes this problem.
Requested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Egbert Eich <eich@suse.de>
[pulled from SuSE tree by me - airlied]
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/ast/ast_drv.h | 1 +
drivers/gpu/drm/ast/ast_fb.c | 7 +++++++
drivers/gpu/drm/ast/ast_main.c | 1 +
drivers/gpu/drm/ast/ast_mode.c | 2 ++
4 files changed, 11 insertions(+)
diff --git a/drivers/gpu/drm/ast/ast_drv.h b/drivers/gpu/drm/ast/ast_drv.h
index 86205a2..05f6522 100644
--- a/drivers/gpu/drm/ast/ast_drv.h
+++ b/drivers/gpu/drm/ast/ast_drv.h
@@ -315,6 +315,7 @@ int ast_framebuffer_init(struct drm_device *dev,
int ast_fbdev_init(struct drm_device *dev);
void ast_fbdev_fini(struct drm_device *dev);
void ast_fbdev_set_suspend(struct drm_device *dev, int state);
+void ast_fbdev_set_base(struct ast_private *ast, unsigned long gpu_addr);
struct ast_bo {
struct ttm_buffer_object bo;
diff --git a/drivers/gpu/drm/ast/ast_fb.c b/drivers/gpu/drm/ast/ast_fb.c
index ff68eef..9b71fd6 100644
--- a/drivers/gpu/drm/ast/ast_fb.c
+++ b/drivers/gpu/drm/ast/ast_fb.c
@@ -379,3 +379,10 @@ void ast_fbdev_set_suspend(struct drm_device *dev, int state)
fb_set_suspend(ast->fbdev->helper.fbdev, state);
}
+
+void ast_fbdev_set_base(struct ast_private *ast, unsigned long gpu_addr)
+{
+ ast->fbdev->helper.fbdev->fix.smem_start =
+ ast->fbdev->helper.fbdev->apertures->ranges[0].base + gpu_addr;
+ ast->fbdev->helper.fbdev->fix.smem_len = ast->vram_size - gpu_addr;
+}
diff --git a/drivers/gpu/drm/ast/ast_main.c b/drivers/gpu/drm/ast/ast_main.c
index 035dacc..5b5d431 100644
--- a/drivers/gpu/drm/ast/ast_main.c
+++ b/drivers/gpu/drm/ast/ast_main.c
@@ -448,6 +448,7 @@ int ast_driver_load(struct drm_device *dev, unsigned long flags)
dev->mode_config.min_height = 0;
dev->mode_config.preferred_depth = 24;
dev->mode_config.prefer_shadow = 1;
+ dev->mode_config.fb_base = pci_resource_start(ast->dev->pdev, 0);
if (ast->chip == AST2100 ||
ast->chip == AST2200 ||
diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c
index b7ee263..69d19f3 100644
--- a/drivers/gpu/drm/ast/ast_mode.c
+++ b/drivers/gpu/drm/ast/ast_mode.c
@@ -547,6 +547,8 @@ static int ast_crtc_do_set_base(struct drm_crtc *crtc,
ret = ttm_bo_kmap(&bo->bo, 0, bo->bo.num_pages, &bo->kmap);
if (ret)
DRM_ERROR("failed to kmap fbcon\n");
+ else
+ ast_fbdev_set_base(ast, gpu_addr);
}
ast_bo_unreserve(bo);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 108/211] FS-Cache: Increase reference of parent after registering, netfs success
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (106 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 107/211] drm/ast: Initialized data needed to map fbdev memory Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 109/211] FS-Cache: Don't override netfs's primary_index if registering failed Kamal Mostafa
` (102 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kinglong Mee, David Howells, Al Viro, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Kinglong Mee <kinglongmee@gmail.com>
commit 86108c2e34a26e4bec3c6ddb23390bf8cedcf391 upstream.
If netfs exist, fscache should not increase the reference of parent's
usage and n_children, otherwise, never be decreased.
v2: thanks David's suggest,
move increasing reference of parent if success
use kmem_cache_free() freeing primary_index directly
v3: don't move "netfs->primary_index->parent = &fscache_fsdef_index;"
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/fscache/netfs.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/fs/fscache/netfs.c b/fs/fscache/netfs.c
index 6d941f5..458cc96 100644
--- a/fs/fscache/netfs.c
+++ b/fs/fscache/netfs.c
@@ -47,9 +47,6 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
netfs->primary_index->netfs_data = netfs;
netfs->primary_index->flags = 1 << FSCACHE_COOKIE_ENABLED;
- atomic_inc(&netfs->primary_index->parent->usage);
- atomic_inc(&netfs->primary_index->parent->n_children);
-
spin_lock_init(&netfs->primary_index->lock);
INIT_HLIST_HEAD(&netfs->primary_index->backing_objects);
@@ -62,6 +59,9 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
goto already_registered;
}
+ atomic_inc(&netfs->primary_index->parent->usage);
+ atomic_inc(&netfs->primary_index->parent->n_children);
+
list_add(&netfs->link, &fscache_netfs_list);
ret = 0;
@@ -71,8 +71,7 @@ already_registered:
up_write(&fscache_addremove_sem);
if (ret < 0) {
- netfs->primary_index->parent = NULL;
- __fscache_cookie_put(netfs->primary_index);
+ kmem_cache_free(fscache_cookie_jar, netfs->primary_index);
netfs->primary_index = NULL;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 109/211] FS-Cache: Don't override netfs's primary_index if registering failed
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (107 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 108/211] FS-Cache: Increase reference of parent after registering, netfs success Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 110/211] FS-Cache: Handle a write to the page immediately beyond the EOF marker Kamal Mostafa
` (101 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kinglong Mee, David Howells, Al Viro, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Kinglong Mee <kinglongmee@gmail.com>
commit b130ed5998e62879a66bad08931a2b5e832da95c upstream.
Only override netfs->primary_index when registering success.
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/fscache/netfs.c | 35 +++++++++++++++++------------------
1 file changed, 17 insertions(+), 18 deletions(-)
diff --git a/fs/fscache/netfs.c b/fs/fscache/netfs.c
index 458cc96..9b28649 100644
--- a/fs/fscache/netfs.c
+++ b/fs/fscache/netfs.c
@@ -22,6 +22,7 @@ static LIST_HEAD(fscache_netfs_list);
int __fscache_register_netfs(struct fscache_netfs *netfs)
{
struct fscache_netfs *ptr;
+ struct fscache_cookie *cookie;
int ret;
_enter("{%s}", netfs->name);
@@ -29,26 +30,25 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
INIT_LIST_HEAD(&netfs->link);
/* allocate a cookie for the primary index */
- netfs->primary_index =
- kmem_cache_zalloc(fscache_cookie_jar, GFP_KERNEL);
+ cookie = kmem_cache_zalloc(fscache_cookie_jar, GFP_KERNEL);
- if (!netfs->primary_index) {
+ if (!cookie) {
_leave(" = -ENOMEM");
return -ENOMEM;
}
/* initialise the primary index cookie */
- atomic_set(&netfs->primary_index->usage, 1);
- atomic_set(&netfs->primary_index->n_children, 0);
- atomic_set(&netfs->primary_index->n_active, 1);
+ atomic_set(&cookie->usage, 1);
+ atomic_set(&cookie->n_children, 0);
+ atomic_set(&cookie->n_active, 1);
- netfs->primary_index->def = &fscache_fsdef_netfs_def;
- netfs->primary_index->parent = &fscache_fsdef_index;
- netfs->primary_index->netfs_data = netfs;
- netfs->primary_index->flags = 1 << FSCACHE_COOKIE_ENABLED;
+ cookie->def = &fscache_fsdef_netfs_def;
+ cookie->parent = &fscache_fsdef_index;
+ cookie->netfs_data = netfs;
+ cookie->flags = 1 << FSCACHE_COOKIE_ENABLED;
- spin_lock_init(&netfs->primary_index->lock);
- INIT_HLIST_HEAD(&netfs->primary_index->backing_objects);
+ spin_lock_init(&cookie->lock);
+ INIT_HLIST_HEAD(&cookie->backing_objects);
/* check the netfs type is not already present */
down_write(&fscache_addremove_sem);
@@ -59,9 +59,10 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
goto already_registered;
}
- atomic_inc(&netfs->primary_index->parent->usage);
- atomic_inc(&netfs->primary_index->parent->n_children);
+ atomic_inc(&cookie->parent->usage);
+ atomic_inc(&cookie->parent->n_children);
+ netfs->primary_index = cookie;
list_add(&netfs->link, &fscache_netfs_list);
ret = 0;
@@ -70,10 +71,8 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
already_registered:
up_write(&fscache_addremove_sem);
- if (ret < 0) {
- kmem_cache_free(fscache_cookie_jar, netfs->primary_index);
- netfs->primary_index = NULL;
- }
+ if (ret < 0)
+ kmem_cache_free(fscache_cookie_jar, cookie);
_leave(" = %d", ret);
return ret;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 110/211] FS-Cache: Handle a write to the page immediately beyond the EOF marker
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (108 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 109/211] FS-Cache: Don't override netfs's primary_index if registering failed Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 111/211] binfmt_elf: Don't clobber passed executable's file header Kamal Mostafa
` (100 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Howells, Al Viro, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
commit 102f4d900c9c8f5ed89ae4746d493fe3ebd7ba64 upstream.
Handle a write being requested to the page immediately beyond the EOF
marker on a cache object. Currently this gets an assertion failure in
CacheFiles because the EOF marker is used there to encode information about
a partial page at the EOF - which could lead to an unknown blank spot in
the file if we extend the file over it.
The problem is actually in fscache where we check the index of the page
being written against store_limit. store_limit is set to the number of
pages that we're allowed to store by fscache_set_store_limit() - which
means it's one more than the index of the last page we're allowed to store.
The problem is that we permit writing to a page with an index _equal_ to
the store limit - when we should reject that case.
Whilst we're at it, change the triggered assertion in CacheFiles to just
return -ENOBUFS instead.
The assertion failure looks something like this:
CacheFiles: Assertion failed
1000 < 7b1 is false
------------[ cut here ]------------
kernel BUG at fs/cachefiles/rdwr.c:962!
...
RIP: 0010:[<ffffffffa02c9e83>] [<ffffffffa02c9e83>] cachefiles_write_page+0x273/0x2d0 [cachefiles]
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/cachefiles/rdwr.c | 67 +++++++++++++++++++++++++++++-----------------------
fs/fscache/page.c | 2 +-
2 files changed, 38 insertions(+), 31 deletions(-)
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
index 3cbb0e8..e62faae 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
@@ -905,6 +905,15 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
cache = container_of(object->fscache.cache,
struct cachefiles_cache, cache);
+ pos = (loff_t)page->index << PAGE_SHIFT;
+
+ /* We mustn't write more data than we have, so we have to beware of a
+ * partial page at EOF.
+ */
+ eof = object->fscache.store_limit_l;
+ if (pos >= eof)
+ goto error;
+
/* write the page to the backing filesystem and let it store it in its
* own time */
path.mnt = cache->mnt;
@@ -912,40 +921,38 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
file = dentry_open(&path, O_RDWR | O_LARGEFILE, cache->cache_cred);
if (IS_ERR(file)) {
ret = PTR_ERR(file);
- } else {
- pos = (loff_t) page->index << PAGE_SHIFT;
-
- /* we mustn't write more data than we have, so we have
- * to beware of a partial page at EOF */
- eof = object->fscache.store_limit_l;
- len = PAGE_SIZE;
- if (eof & ~PAGE_MASK) {
- ASSERTCMP(pos, <, eof);
- if (eof - pos < PAGE_SIZE) {
- _debug("cut short %llx to %llx",
- pos, eof);
- len = eof - pos;
- ASSERTCMP(pos + len, ==, eof);
- }
- }
-
- data = kmap(page);
- ret = __kernel_write(file, data, len, &pos);
- kunmap(page);
- if (ret != len)
- ret = -EIO;
- fput(file);
+ goto error_2;
}
- if (ret < 0) {
- if (ret == -EIO)
- cachefiles_io_error_obj(
- object, "Write page to backing file failed");
- ret = -ENOBUFS;
+ len = PAGE_SIZE;
+ if (eof & ~PAGE_MASK) {
+ if (eof - pos < PAGE_SIZE) {
+ _debug("cut short %llx to %llx",
+ pos, eof);
+ len = eof - pos;
+ ASSERTCMP(pos + len, ==, eof);
+ }
}
- _leave(" = %d", ret);
- return ret;
+ data = kmap(page);
+ ret = __kernel_write(file, data, len, &pos);
+ kunmap(page);
+ fput(file);
+ if (ret != len)
+ goto error_eio;
+
+ _leave(" = 0");
+ return 0;
+
+error_eio:
+ ret = -EIO;
+error_2:
+ if (ret == -EIO)
+ cachefiles_io_error_obj(object,
+ "Write page to backing file failed");
+error:
+ _leave(" = -ENOBUFS [%d]", ret);
+ return -ENOBUFS;
}
/*
diff --git a/fs/fscache/page.c b/fs/fscache/page.c
index 483bbc6..ca916af 100644
--- a/fs/fscache/page.c
+++ b/fs/fscache/page.c
@@ -816,7 +816,7 @@ static void fscache_write_op(struct fscache_operation *_op)
goto superseded;
page = results[0];
_debug("gang %d [%lx]", n, page->index);
- if (page->index > op->store_limit) {
+ if (page->index >= op->store_limit) {
fscache_stat(&fscache_n_store_pages_over_limit);
goto superseded;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 111/211] binfmt_elf: Don't clobber passed executable's file header
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (109 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 110/211] FS-Cache: Handle a write to the page immediately beyond the EOF marker Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 112/211] fs/pipe.c: return error code rather than 0 in pipe_write() Kamal Mostafa
` (99 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Maciej W. Rozycki, Al Viro, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Maciej W. Rozycki" <macro@imgtec.com>
commit b582ef5c53040c5feef4c96a8f9585b6831e2441 upstream.
Do not clobber the buffer space passed from `search_binary_handler' and
originally preloaded by `prepare_binprm' with the executable's file
header by overwriting it with its interpreter's file header. Instead
keep the buffer space intact and directly use the data structure locally
allocated for the interpreter's file header, fixing a bug introduced in
2.1.14 with loadable module support (linux-mips.org commit beb11695
[Import of Linux/MIPS 2.1.14], predating kernel.org repo's history).
Adjust the amount of data read from the interpreter's file accordingly.
This was not an issue before loadable module support, because back then
`load_elf_binary' was executed only once for a given ELF executable,
whether the function succeeded or failed.
With loadable module support supported and enabled, upon a failure of
`load_elf_binary' -- which may for example be caused by architecture
code rejecting an executable due to a missing hardware feature requested
in the file header -- a module load is attempted and then the function
reexecuted by `search_binary_handler'. With the executable's file
header replaced with its interpreter's file header the executable can
then be erroneously accepted in this subsequent attempt.
Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/binfmt_elf.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 6b65996..e6572a6 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -759,16 +759,16 @@ static int load_elf_binary(struct linux_binprm *bprm)
*/
would_dump(bprm, interpreter);
- retval = kernel_read(interpreter, 0, bprm->buf,
- BINPRM_BUF_SIZE);
- if (retval != BINPRM_BUF_SIZE) {
+ /* Get the exec headers */
+ retval = kernel_read(interpreter, 0,
+ (void *)&loc->interp_elf_ex,
+ sizeof(loc->interp_elf_ex));
+ if (retval != sizeof(loc->interp_elf_ex)) {
if (retval >= 0)
retval = -EIO;
goto out_free_dentry;
}
- /* Get the exec headers */
- loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
break;
}
elf_ppnt++;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 112/211] fs/pipe.c: return error code rather than 0 in pipe_write()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (110 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 111/211] binfmt_elf: Don't clobber passed executable's file header Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 113/211] dax_io(): don't let non-error value escape via retval instead of EFAULT Kamal Mostafa
` (98 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Eric Biggers, Al Viro, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers3@gmail.com>
commit 6ae08069939f17422835448acae76bda8d96b16a upstream.
pipe_write() would return 0 if it failed to merge the beginning of the
data to write with the last, partially filled pipe buffer. It should
return an error code instead. Userspace programs could be confused by
write() returning 0 when called with a nonzero 'count'.
The EFAULT error case was a regression from f0d1bec9d5 ("new helper:
copy_page_from_iter()"), while the ops->confirm() error case was a much
older bug.
Test program:
#include <assert.h>
#include <errno.h>
#include <unistd.h>
int main(void)
{
int fd[2];
char data[1] = {0};
assert(0 == pipe(fd));
assert(1 == write(fd[1], data, 1));
/* prior to this patch, write() returned 0 here */
assert(-1 == write(fd[1], NULL, 1));
assert(errno == EFAULT);
}
Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/pipe.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/fs/pipe.c b/fs/pipe.c
index 8865f79..14788dd 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -366,18 +366,17 @@ pipe_write(struct kiocb *iocb, struct iov_iter *from)
int offset = buf->offset + buf->len;
if (ops->can_merge && offset + chars <= PAGE_SIZE) {
- int error = ops->confirm(pipe, buf);
- if (error)
+ ret = ops->confirm(pipe, buf);
+ if (ret)
goto out;
ret = copy_page_from_iter(buf->page, offset, chars, from);
if (unlikely(ret < chars)) {
- error = -EFAULT;
+ ret = -EFAULT;
goto out;
}
do_wakeup = 1;
- buf->len += chars;
- ret = chars;
+ buf->len += ret;
if (!iov_iter_count(from))
goto out;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 113/211] dax_io(): don't let non-error value escape via retval instead of EFAULT
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (111 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 112/211] fs/pipe.c: return error code rather than 0 in pipe_write() Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 114/211] iio:magnetometer:bmc150_magn: sort entry alphabetically Kamal Mostafa
` (97 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Al Viro, Jens Axboe, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@ZenIV.linux.org.uk>
commit cadfbb6ec2e55171479191046142c927a8b12d87 upstream.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/dax.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/dax.c b/fs/dax.c
index ef35a20..a3eb5b0 100644
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -162,8 +162,10 @@ static ssize_t dax_io(struct inode *inode, struct iov_iter *iter,
else
len = iov_iter_zero(max - pos, iter);
- if (!len)
+ if (!len) {
+ retval = -EFAULT;
break;
+ }
pos += len;
addr += len;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 114/211] iio:magnetometer:bmc150_magn: sort entry alphabetically
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (112 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 113/211] dax_io(): don't let non-error value escape via retval instead of EFAULT Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 115/211] ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed Kamal Mostafa
` (96 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hartmut Knaack, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hartmut Knaack <knaack.h@gmx.de>
commit 2427d22de807b40f72175c8c9b1ff8a07275ad82 upstream.
Sort the entry for bmc105_magn in Kconfig and Makefile to its correct
position. Also add the minor module information for completeness.
Fixes: c91746a2361d ("iio: magn: Add support for BMC150 magnetometer")
Signed-off-by: Hartmut Knaack <knaack.h@gmx.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/magnetometer/Kconfig | 33 ++++++++++++++++++---------------
drivers/iio/magnetometer/Makefile | 3 +--
2 files changed, 19 insertions(+), 17 deletions(-)
diff --git a/drivers/iio/magnetometer/Kconfig b/drivers/iio/magnetometer/Kconfig
index efb9350..868abad 100644
--- a/drivers/iio/magnetometer/Kconfig
+++ b/drivers/iio/magnetometer/Kconfig
@@ -24,6 +24,24 @@ config AK09911
help
Deprecated: AK09911 is now supported by AK8975 driver.
+config BMC150_MAGN
+ tristate "Bosch BMC150 Magnetometer Driver"
+ depends on I2C
+ select REGMAP_I2C
+ select IIO_BUFFER
+ select IIO_TRIGGERED_BUFFER
+ help
+ Say yes here to build support for the BMC150 magnetometer.
+
+ Currently this only supports the device via an i2c interface.
+
+ This is a combo module with both accelerometer and magnetometer.
+ This driver is only implementing magnetometer part, which has
+ its own address and register map.
+
+ To compile this driver as a module, choose M here: the module will be
+ called bmc150_magn.
+
config MAG3110
tristate "Freescale MAG3110 3-Axis Magnetometer"
depends on I2C
@@ -87,19 +105,4 @@ config IIO_ST_MAGN_SPI_3AXIS
depends on IIO_ST_MAGN_3AXIS
depends on IIO_ST_SENSORS_SPI
-config BMC150_MAGN
- tristate "Bosch BMC150 Magnetometer Driver"
- depends on I2C
- select REGMAP_I2C
- select IIO_BUFFER
- select IIO_TRIGGERED_BUFFER
- help
- Say yes here to build support for the BMC150 magnetometer.
-
- Currently this only supports the device via an i2c interface.
-
- This is a combo module with both accelerometer and magnetometer.
- This driver is only implementing magnetometer part, which has
- its own address and register map.
-
endmenu
diff --git a/drivers/iio/magnetometer/Makefile b/drivers/iio/magnetometer/Makefile
index 33b1d4d..2c72df4 100644
--- a/drivers/iio/magnetometer/Makefile
+++ b/drivers/iio/magnetometer/Makefile
@@ -4,6 +4,7 @@
# When adding new entries keep the list in alphabetical order
obj-$(CONFIG_AK8975) += ak8975.o
+obj-$(CONFIG_BMC150_MAGN) += bmc150_magn.o
obj-$(CONFIG_MAG3110) += mag3110.o
obj-$(CONFIG_HID_SENSOR_MAGNETOMETER_3D) += hid-sensor-magn-3d.o
obj-$(CONFIG_MMC35240) += mmc35240.o
@@ -14,5 +15,3 @@ st_magn-$(CONFIG_IIO_BUFFER) += st_magn_buffer.o
obj-$(CONFIG_IIO_ST_MAGN_I2C_3AXIS) += st_magn_i2c.o
obj-$(CONFIG_IIO_ST_MAGN_SPI_3AXIS) += st_magn_spi.o
-
-obj-$(CONFIG_BMC150_MAGN) += bmc150_magn.o
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 115/211] ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (113 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 114/211] iio:magnetometer:bmc150_magn: sort entry alphabetically Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 116/211] net-sysfs: get_netdev_queue_index() cleanup Kamal Mostafa
` (95 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Sakamoto, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit 0052b7dcf9d9ec6be4fc3fe815a2ceda623bb9d1 upstream.
This structure was added by 4d96eb255c53 ('ALSA: pcm_lib - add possibility
to log last 10 DMA ring buffer positions') to store PCM pointers
information of latest 10 pointer movements (=XRUN_LOG_CNT). When
CONFIG_SND_PCM_XRUN_DEBUG is configured, 'struct snd_pcm_runtime' has
'hwptr_log' member with a pointer to the structure. When calling
xrun_log() in pcm_lib.c, the structure was allocated to the pointer.
When calling snd_pcm_detach_substream() in pcm.c, the allocated pointer
is released.
In f5914908a5b7 ('ALSA: pcm: Replace PCM hwptr tracking with tracepoints'),
the pointer logging is replaced with using Linux Kernel Tracepoints. The
structure was also removed, while it's just declared. The member and kfree
still remains.
This commit removes the member and related codes. I think this was
overlooked because it brings no errors/warnings to C compilers.
Fixes: f5914908a5b7 ('ALSA: pcm: Replace PCM hwptr tracking with tracepoints')
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/sound/pcm.h | 6 ------
sound/core/pcm.c | 3 ---
2 files changed, 9 deletions(-)
diff --git a/include/sound/pcm.h b/include/sound/pcm.h
index 691e7ee..a4fcc94 100644
--- a/include/sound/pcm.h
+++ b/include/sound/pcm.h
@@ -285,8 +285,6 @@ struct snd_pcm_hw_constraint_ranges {
unsigned int mask;
};
-struct snd_pcm_hwptr_log;
-
/*
* userspace-provided audio timestamp config to kernel,
* structure is for internal use only and filled with dedicated unpack routine
@@ -428,10 +426,6 @@ struct snd_pcm_runtime {
/* -- OSS things -- */
struct snd_pcm_oss_runtime oss;
#endif
-
-#ifdef CONFIG_SND_PCM_XRUN_DEBUG
- struct snd_pcm_hwptr_log *hwptr_log;
-#endif
};
struct snd_pcm_group { /* keep linked substreams */
diff --git a/sound/core/pcm.c b/sound/core/pcm.c
index 02bd969..308c9ec 100644
--- a/sound/core/pcm.c
+++ b/sound/core/pcm.c
@@ -1014,9 +1014,6 @@ void snd_pcm_detach_substream(struct snd_pcm_substream *substream)
snd_free_pages((void*)runtime->control,
PAGE_ALIGN(sizeof(struct snd_pcm_mmap_control)));
kfree(runtime->hw_constraints.rules);
-#ifdef CONFIG_SND_PCM_XRUN_DEBUG
- kfree(runtime->hwptr_log);
-#endif
kfree(runtime);
substream->runtime = NULL;
put_pid(substream->pid);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 116/211] net-sysfs: get_netdev_queue_index() cleanup
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (114 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 115/211] ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 117/211] crypto: crc32c-pclmul - use .rodata instead of .rotata Kamal Mostafa
` (94 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Thadeu Lima de Souza Cascardo, Eric Dumazet, David S. Miller,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
commit c4047f533f3cb1c57e82ad02f3aa7054406df648 upstream.
Redo commit ed1acc8cd8c22efa919da8d300bab646e01c2dce.
Commit 822b3b2ebfff8e9b3d006086c527738a7ca00cd0 ("net: Add max rate tx queue
attribute") moved get_netdev_queue_index around, but kept the old version.
Probably because of a reuse of the original patch from before Eric's change to
that function.
Remove one inline keyword, and no need for a loop to find
an index into a table.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Fixes: 822b3b2ebfff ("net: Add max rate tx queue attribute")
Acked-by: Or Gerlitz <ogerlitz@mellanox.com>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/core/net-sysfs.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 18b34d7..3f75001 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -987,15 +987,12 @@ static ssize_t show_trans_timeout(struct netdev_queue *queue,
}
#ifdef CONFIG_XPS
-static inline unsigned int get_netdev_queue_index(struct netdev_queue *queue)
+static unsigned int get_netdev_queue_index(struct netdev_queue *queue)
{
struct net_device *dev = queue->dev;
- int i;
-
- for (i = 0; i < dev->num_tx_queues; i++)
- if (queue == &dev->_tx[i])
- break;
+ unsigned int i;
+ i = queue - dev->_tx;
BUG_ON(i >= dev->num_tx_queues);
return i;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 117/211] crypto: crc32c-pclmul - use .rodata instead of .rotata
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (115 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 116/211] net-sysfs: get_netdev_queue_index() cleanup Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 118/211] tools build: Fixup feature detection display function name Kamal Mostafa
` (93 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nicolas Iooss, Herbert Xu, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
commit 97bce7e0b58dfc7d159ded329f57961868fb060b upstream.
Module crc32c-intel uses a special read-only data section named .rotata.
This section is defined for K_table, and its name seems to be a spelling
mistake for .rodata.
Fixes: 473946e674eb ("crypto: crc32c-pclmul - Shrink K_table to 32-bit words")
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
index 225be06..4fe27e0 100644
--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
+++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
@@ -330,7 +330,7 @@ ENDPROC(crc_pcl)
## PCLMULQDQ tables
## Table is 128 entries x 2 words (8 bytes) each
################################################################
-.section .rotata, "a", %progbits
+.section .rodata, "a", %progbits
.align 8
K_table:
.long 0x493c7d27, 0x00000001
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 118/211] tools build: Fixup feature detection display function name
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (116 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 117/211] crypto: crc32c-pclmul - use .rodata instead of .rotata Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 119/211] wm831x_power: Use IRQF_ONESHOT to request threaded IRQs Kamal Mostafa
` (92 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Adrian Hunter, Alexei Starovoitov, Borislav Petkov, David Ahern,
Frederic Weisbecker, Namhyung Kim, Stephane Eranian, Wang Nan,
pi3orama, Arnaldo Carvalho de Melo, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
commit 6076e2a47cccfb3d48a8d165853c0b799c563df7 upstream.
Cut'n'paste mistake, it should eval the name of the function
defined right next to it, in the next line, fix it.
Before:
$ make -C tools/lib/bpf/
make: Entering directory '/home/git/linux/tools/lib/bpf'
Auto-detecting system features:
... libelf: [ on ]
... libelf-getphdrnum: [ on ]
... libelf-mmap: [ on ]
... bpf: [ on ]
<SNIP>
After:
$ make -C tools/lib/bpf/
make: Entering directory '/home/git/linux/tools/lib/bpf'
Auto-detecting system features:
... libelf: [ on ]
... libelf-getphdrnum: [ OFF ]
... libelf-mmap: [ OFF ]
... bpf: [ on ]
<SNIP>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: pi3orama@163.com
Fixes: 58d4f00ff13f ("perf build: Fix feature_check name clash")
Link: http://lkml.kernel.org/n/tip-dzu1c4sruukgfq5d5b1c4r30@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
tools/build/Makefile.feature | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/build/Makefile.feature b/tools/build/Makefile.feature
index 2975632..1c7100b 100644
--- a/tools/build/Makefile.feature
+++ b/tools/build/Makefile.feature
@@ -136,7 +136,7 @@ ifneq ("$(FEATURE_DUMP)","$(FEATURE_DUMP_FILE)")
feature_display := 1
endif
-feature_display_check = $(eval $(feature_check_code))
+feature_display_check = $(eval $(feature_check_display_code))
define feature_display_check_code
ifneq ($(feature-$(1)), 1)
feature_display := 1
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 119/211] wm831x_power: Use IRQF_ONESHOT to request threaded IRQs
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (117 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 118/211] tools build: Fixup feature detection display function name Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 120/211] dmaengine: dw: convert to __ffs() Kamal Mostafa
` (91 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Valentin Rothberg, Sebastian Reichel, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Valentin Rothberg <valentinrothberg@gmail.com>
commit 90adf98d9530054b8e665ba5a928de4307231d84 upstream.
Since commit 1c6c69525b40 ("genirq: Reject bogus threaded irq requests")
threaded IRQs without a primary handler need to be requested with
IRQF_ONESHOT, otherwise the request will fail.
scripts/coccinelle/misc/irqf_oneshot.cocci detected this issue.
Fixes: b5874f33bbaf ("wm831x_power: Use genirq")
Signed-off-by: Valentin Rothberg <valentinrothberg@gmail.com>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/power/wm831x_power.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/power/wm831x_power.c b/drivers/power/wm831x_power.c
index db11ae6..25f8b34 100644
--- a/drivers/power/wm831x_power.c
+++ b/drivers/power/wm831x_power.c
@@ -572,7 +572,7 @@ static int wm831x_power_probe(struct platform_device *pdev)
irq = wm831x_irq(wm831x, platform_get_irq_byname(pdev, "SYSLO"));
ret = request_threaded_irq(irq, NULL, wm831x_syslo_irq,
- IRQF_TRIGGER_RISING, "System power low",
+ IRQF_TRIGGER_RISING | IRQF_ONESHOT, "System power low",
power);
if (ret != 0) {
dev_err(&pdev->dev, "Failed to request SYSLO IRQ %d: %d\n",
@@ -582,7 +582,7 @@ static int wm831x_power_probe(struct platform_device *pdev)
irq = wm831x_irq(wm831x, platform_get_irq_byname(pdev, "PWR SRC"));
ret = request_threaded_irq(irq, NULL, wm831x_pwr_src_irq,
- IRQF_TRIGGER_RISING, "Power source",
+ IRQF_TRIGGER_RISING | IRQF_ONESHOT, "Power source",
power);
if (ret != 0) {
dev_err(&pdev->dev, "Failed to request PWR SRC IRQ %d: %d\n",
@@ -595,7 +595,7 @@ static int wm831x_power_probe(struct platform_device *pdev)
platform_get_irq_byname(pdev,
wm831x_bat_irqs[i]));
ret = request_threaded_irq(irq, NULL, wm831x_bat_irq,
- IRQF_TRIGGER_RISING,
+ IRQF_TRIGGER_RISING | IRQF_ONESHOT,
wm831x_bat_irqs[i],
power);
if (ret != 0) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 120/211] dmaengine: dw: convert to __ffs()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (118 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 119/211] wm831x_power: Use IRQF_ONESHOT to request threaded IRQs Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 121/211] tcp: call sk_mark_napi_id() on the child, not the listener Kamal Mostafa
` (90 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andy Shevchenko, Vinod Koul, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 39416677b95bf1ab8bbfa229ec7e511c96ad5d0c upstream.
We replace __fls() by __ffs() since we have to find a *minimum* data width that
satisfies both source and destination.
While here, rename dwc_fast_fls() to dwc_fast_ffs() which it really is.
Fixes: 4c2d56c574db (dw_dmac: introduce dwc_fast_fls())
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/dma/dw/core.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/dma/dw/core.c b/drivers/dma/dw/core.c
index bedce03..4287c7c 100644
--- a/drivers/dma/dw/core.c
+++ b/drivers/dma/dw/core.c
@@ -163,7 +163,7 @@ static void dwc_initialize(struct dw_dma_chan *dwc)
/*----------------------------------------------------------------------*/
-static inline unsigned int dwc_fast_fls(unsigned long long v)
+static inline unsigned int dwc_fast_ffs(unsigned long long v)
{
/*
* We can be a lot more clever here, but this should take care
@@ -712,7 +712,7 @@ dwc_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t dest, dma_addr_t src,
dw->data_width[dwc->dst_master]);
src_width = dst_width = min_t(unsigned int, data_width,
- dwc_fast_fls(src | dest | len));
+ dwc_fast_ffs(src | dest | len));
ctllo = DWC_DEFAULT_CTLLO(chan)
| DWC_CTLL_DST_WIDTH(dst_width)
@@ -791,7 +791,7 @@ dwc_prep_slave_sg(struct dma_chan *chan, struct scatterlist *sgl,
switch (direction) {
case DMA_MEM_TO_DEV:
- reg_width = __fls(sconfig->dst_addr_width);
+ reg_width = __ffs(sconfig->dst_addr_width);
reg = sconfig->dst_addr;
ctllo = (DWC_DEFAULT_CTLLO(chan)
| DWC_CTLL_DST_WIDTH(reg_width)
@@ -811,7 +811,7 @@ dwc_prep_slave_sg(struct dma_chan *chan, struct scatterlist *sgl,
len = sg_dma_len(sg);
mem_width = min_t(unsigned int,
- data_width, dwc_fast_fls(mem | len));
+ data_width, dwc_fast_ffs(mem | len));
slave_sg_todev_fill_desc:
desc = dwc_desc_get(dwc);
@@ -848,7 +848,7 @@ slave_sg_todev_fill_desc:
}
break;
case DMA_DEV_TO_MEM:
- reg_width = __fls(sconfig->src_addr_width);
+ reg_width = __ffs(sconfig->src_addr_width);
reg = sconfig->src_addr;
ctllo = (DWC_DEFAULT_CTLLO(chan)
| DWC_CTLL_SRC_WIDTH(reg_width)
@@ -868,7 +868,7 @@ slave_sg_todev_fill_desc:
len = sg_dma_len(sg);
mem_width = min_t(unsigned int,
- data_width, dwc_fast_fls(mem | len));
+ data_width, dwc_fast_ffs(mem | len));
slave_sg_fromdev_fill_desc:
desc = dwc_desc_get(dwc);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 121/211] tcp: call sk_mark_napi_id() on the child, not the listener
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (119 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 120/211] dmaengine: dw: convert to __ffs() Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 122/211] [media] vivid: Fix iteration in driver removal path Kamal Mostafa
` (89 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit 38cb52455c2c3e8b5751350a3fb32e43e82e129a upstream.
This fixes a typo : We want to store the NAPI id on child socket.
Presumably nobody really uses busy polling, on short lived flows.
Fixes: 3d97379a67486 ("tcp: move sk_mark_napi_id() at the right place")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/tcp_ipv4.c | 2 +-
net/ipv6/tcp_ipv6.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 569c638..216be79 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1411,7 +1411,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
if (nsk != sk) {
sock_rps_save_rxhash(nsk, skb);
- sk_mark_napi_id(sk, skb);
+ sk_mark_napi_id(nsk, skb);
if (tcp_child_process(sk, nsk, skb)) {
rsk = nsk;
goto reset;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 45e473e..bbe91f4 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1269,7 +1269,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
*/
if (nsk != sk) {
sock_rps_save_rxhash(nsk, skb);
- sk_mark_napi_id(sk, skb);
+ sk_mark_napi_id(nsk, skb);
if (tcp_child_process(sk, nsk, skb))
goto reset;
if (opt_skb)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 122/211] [media] vivid: Fix iteration in driver removal path
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (120 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 121/211] tcp: call sk_mark_napi_id() on the child, not the listener Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 123/211] devres: fix a for loop bounds check Kamal Mostafa
` (88 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ezequiel Garcia, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
commit a5d42b8c3b3ddccd88dc1c70957177d31a6699fb upstream.
When the diver is removed and all the resources are deallocated,
we should be iterating through the created devices only.
Currently, the iteration ends when vivid_devs[i] is NULL. Since
the array contains VIVID_MAX_DEVS elements, it will oops if
n_devs=VIVID_MAX_DEVS because in that case, no element is NULL.
Fixes: c88a96b023d8 ('[media] vivid: add core driver code')
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/platform/vivid/vivid-core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/vivid/vivid-core.c b/drivers/media/platform/vivid/vivid-core.c
index a047b47..0f5e914 100644
--- a/drivers/media/platform/vivid/vivid-core.c
+++ b/drivers/media/platform/vivid/vivid-core.c
@@ -1341,8 +1341,11 @@ static int vivid_remove(struct platform_device *pdev)
struct vivid_dev *dev;
unsigned i;
- for (i = 0; vivid_devs[i]; i++) {
+
+ for (i = 0; i < n_devs; i++) {
dev = vivid_devs[i];
+ if (!dev)
+ continue;
if (dev->has_vid_cap) {
v4l2_info(&dev->v4l2_dev, "unregistering %s\n",
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 123/211] devres: fix a for loop bounds check
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (121 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 122/211] [media] vivid: Fix iteration in driver removal path Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 124/211] netfilter: remove dead code Kamal Mostafa
` (87 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dan Carpenter, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 1f35d04a02a652f14566f875aef3a6f2af4cb77b upstream.
The iomap[] array has PCIM_IOMAP_MAX (6) elements and not
DEVICE_COUNT_RESOURCE (16). This bug was found using a static checker.
It may be that the "if (!(mask & (1 << i)))" check means we never
actually go past the end of the array in real life.
Fixes: ec04b075843d ('iomap: implement pcim_iounmap_regions()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
lib/devres.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/devres.c b/lib/devres.c
index fbe2aac..9f80c20 100644
--- a/lib/devres.c
+++ b/lib/devres.c
@@ -423,7 +423,7 @@ void pcim_iounmap_regions(struct pci_dev *pdev, int mask)
if (!iomap)
return;
- for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
+ for (i = 0; i < PCIM_IOMAP_MAX; i++) {
if (!(mask & (1 << i)))
continue;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 124/211] netfilter: remove dead code
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (122 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 123/211] devres: fix a for loop bounds check Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 125/211] ipv4: Fix ip_local_out_sk by passing the sk into __ip_local_out_sk Kamal Mostafa
` (86 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Flavio Leitner, Pablo Neira Ayuso, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Flavio Leitner <fbl@sysclose.org>
commit 0647e708344f4bf8b9e3f1855361c597f93d084d upstream.
Remove __nf_conntrack_find() from headers.
Fixes: dcd93ed4cd1 ("netfilter: nf_conntrack: remove dead code")
Signed-off-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/netfilter/nf_conntrack.h | 4 ----
1 file changed, 4 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 4023c4c..4a5d93e 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -183,10 +183,6 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls);
void nf_ct_free_hashtable(void *hash, unsigned int size);
-struct nf_conntrack_tuple_hash *
-__nf_conntrack_find(struct net *net, u16 zone,
- const struct nf_conntrack_tuple *tuple);
-
int nf_conntrack_hash_check_insert(struct nf_conn *ct);
bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 125/211] ipv4: Fix ip_local_out_sk by passing the sk into __ip_local_out_sk
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (123 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 124/211] netfilter: remove dead code Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 126/211] ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk Kamal Mostafa
` (85 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric W. Biederman, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit fd2874b3bbe832e90ac480971a7a8bd736b629b9 upstream.
In the rare case where sk != skb->sk ip_local_out_sk arranges
to call dst->output differently if the skb is queued or not.
This is a bug.
Fix this bug by passing the sk parameter of ip_local_out_sk through
from ip_local_out_sk to __ip_local_out_sk (skipping __ip_local_out).
Fixes: 7026b1ddb6b8 ("netfilter: Pass socket pointer down through okfn().")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/ip_output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 6bf89a6..f04d077 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -114,7 +114,7 @@ int ip_local_out_sk(struct sock *sk, struct sk_buff *skb)
{
int err;
- err = __ip_local_out(skb);
+ err = __ip_local_out_sk(sk, skb);
if (likely(err == 1))
err = dst_output_sk(sk, skb);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 126/211] ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (124 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 125/211] ipv4: Fix ip_local_out_sk by passing the sk into __ip_local_out_sk Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 127/211] i2c: img-scb: enable fencing for all versions of the ip Kamal Mostafa
` (84 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric W. Biederman, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit 850dcc4d4dd7d5da5c1b2a780c5e649c3b649545 upstream.
After a packet has been encapsulated by a tunnel we should use the
tunnel sockets local multicast loopback flag to control if the
encapsulated packet should be locally loopback back.
Pass sk into ip_local_out_sk so that in the rare case we are dealing
with a tunneled packet whose tunnel destination address is a multicast
address the kernel properly decides to loopback this packet.
In practice I don't think this matters as ip_queue_xmit is used by
tcp, l2tp and sctp none of which I am aware of uses ip level
multicasting as they are all point to point communications protocols.
Let's fix this before someone uses ip_queue_xmit for a tunnel protocol
that does use multicast.
Fixes: aad88724c9d5 ("ipv4: add a sock pointer to dst->output() path.")
Fixes: b0270e91014d ("ipv4: add a sock pointer to ip_queue_xmit()")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/ip_output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index f04d077..23fcc82 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -451,7 +451,7 @@ packet_routed:
skb->priority = sk->sk_priority;
skb->mark = sk->sk_mark;
- res = ip_local_out(skb);
+ res = ip_local_out_sk(sk, skb);
rcu_read_unlock();
return res;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 127/211] i2c: img-scb: enable fencing for all versions of the ip
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (125 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 126/211] ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 128/211] i2c: img-scb: do dummy writes before fifo access Kamal Mostafa
` (83 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sifan Naeem, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sifan Naeem <sifan.naeem@imgtec.com>
commit 0e59378bc05b084939af54d2066552ac42fa0fee upstream.
The code to read from the master read fifo, and write to the master
write fifo, checks a bit in an SCB register before every byte to
ensure that the fifo is not full (write fifo) or empty (read fifo).
Due to clock domain crossing inside the SCB block the updated value
of this bit is only visible after 2 cycles.
The scb_wr_rd_fence() function does 2 dummy writes (to the read-only
revision register), and it's called before reading from or writing to the
fifos to ensure that subsequent reads of the fifo status bits do not read
stale values.
As the 2 dummy writes are required in all versions of the ip, the version
check is dropped.
Fixes: commit 27bce457d588 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver")
Signed-off-by: Sifan Naeem <sifan.naeem@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: James Hartley <james.hartley@imgtec.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-img-scb.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/i2c/busses/i2c-img-scb.c b/drivers/i2c/busses/i2c-img-scb.c
index 00ffd66..5c3c615 100644
--- a/drivers/i2c/busses/i2c-img-scb.c
+++ b/drivers/i2c/busses/i2c-img-scb.c
@@ -278,8 +278,6 @@
#define ISR_COMPLETE(err) (ISR_COMPLETE_M | (ISR_STATUS_M & (err)))
#define ISR_FATAL(err) (ISR_COMPLETE(err) | ISR_FATAL_M)
-#define REL_SOC_IP_SCB_2_2_1 0x00020201
-
enum img_i2c_mode {
MODE_INACTIVE,
MODE_RAW,
@@ -1120,10 +1118,8 @@ static int img_i2c_init(struct img_i2c *i2c)
return -EINVAL;
}
- if (rev == REL_SOC_IP_SCB_2_2_1) {
- i2c->need_wr_rd_fence = true;
- dev_info(i2c->adap.dev.parent, "fence quirk enabled");
- }
+ /* Fencing enabled by default. */
+ i2c->need_wr_rd_fence = true;
bitrate_khz = i2c->bitrate / 1000;
clk_khz = clk_get_rate(i2c->scb_clk) / 1000;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 128/211] i2c: img-scb: do dummy writes before fifo access
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (126 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 127/211] i2c: img-scb: enable fencing for all versions of the ip Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 129/211] i2c: img-scb: use DIV_ROUND_UP to round divisor values Kamal Mostafa
` (82 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sifan Naeem, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sifan Naeem <sifan.naeem@imgtec.com>
commit 2aefb1bd4101235be7d9f0d5ac8d56aa979f6081 upstream.
Move scb_wr_rd_fence to before reading from fifo and writing to
fifo to make sure the the first read/write is done after the required
number of cycles.
Fixes: commit 27bce457d588 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver")
Signed-off-by: Sifan Naeem <sifan.naeem@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: James Hartley <james.hartley@imgtec.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-img-scb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-img-scb.c b/drivers/i2c/busses/i2c-img-scb.c
index 5c3c615..0368d91 100644
--- a/drivers/i2c/busses/i2c-img-scb.c
+++ b/drivers/i2c/busses/i2c-img-scb.c
@@ -534,6 +534,7 @@ static void img_i2c_read_fifo(struct img_i2c *i2c)
u32 fifo_status;
u8 data;
+ img_i2c_wr_rd_fence(i2c);
fifo_status = img_i2c_readl(i2c, SCB_FIFO_STATUS_REG);
if (fifo_status & FIFO_READ_EMPTY)
break;
@@ -542,7 +543,6 @@ static void img_i2c_read_fifo(struct img_i2c *i2c)
*i2c->msg.buf = data;
img_i2c_writel(i2c, SCB_READ_FIFO_REG, 0xff);
- img_i2c_wr_rd_fence(i2c);
i2c->msg.len--;
i2c->msg.buf++;
}
@@ -554,12 +554,12 @@ static void img_i2c_write_fifo(struct img_i2c *i2c)
while (i2c->msg.len) {
u32 fifo_status;
+ img_i2c_wr_rd_fence(i2c);
fifo_status = img_i2c_readl(i2c, SCB_FIFO_STATUS_REG);
if (fifo_status & FIFO_WRITE_FULL)
break;
img_i2c_writel(i2c, SCB_WRITE_DATA_REG, *i2c->msg.buf);
- img_i2c_wr_rd_fence(i2c);
i2c->msg.len--;
i2c->msg.buf++;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 129/211] i2c: img-scb: use DIV_ROUND_UP to round divisor values
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (127 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 128/211] i2c: img-scb: do dummy writes before fifo access Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 130/211] i2c: img-scb: fix LOW and HIGH period values for the SCL clock Kamal Mostafa
` (81 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sifan Naeem, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sifan Naeem <sifan.naeem@imgtec.com>
commit 5728d95f2458887ae3d95547c04352bba5080ad6 upstream.
Using % can be slow depending on the architecture.
Using DIV_ROUND_UP is nicer and more efficient way to do it.
Fixes: commit 27bce457d588 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver")
Signed-off-by: Sifan Naeem <sifan.naeem@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: James Hartley <james.hartley@imgtec.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-img-scb.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/i2c/busses/i2c-img-scb.c b/drivers/i2c/busses/i2c-img-scb.c
index 0368d91..b4f59e1 100644
--- a/drivers/i2c/busses/i2c-img-scb.c
+++ b/drivers/i2c/busses/i2c-img-scb.c
@@ -1179,9 +1179,7 @@ static int img_i2c_init(struct img_i2c *i2c)
int_bitrate++;
/* Setup TCKH value */
- tckh = timing.tckh / clk_period;
- if (timing.tckh % clk_period)
- tckh++;
+ tckh = DIV_ROUND_UP(timing.tckh, clk_period);
if (tckh > 0)
data = tckh - 1;
@@ -1201,9 +1199,7 @@ static int img_i2c_init(struct img_i2c *i2c)
img_i2c_writel(i2c, SCB_TIME_TCKL_REG, data);
/* Setup TSDH value */
- tsdh = timing.tsdh / clk_period;
- if (timing.tsdh % clk_period)
- tsdh++;
+ tsdh = DIV_ROUND_UP(timing.tsdh, clk_period);
if (tsdh > 1)
data = tsdh - 1;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 130/211] i2c: img-scb: fix LOW and HIGH period values for the SCL clock
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (128 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 129/211] i2c: img-scb: use DIV_ROUND_UP to round divisor values Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 131/211] i2c: img-scb: Clear line and interrupt status before starting a transfer Kamal Mostafa
` (80 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sifan Naeem, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sifan Naeem <sifan.naeem@imgtec.com>
commit 987008dbc48479af250cddda7f36e920a47ef54f upstream.
Currently, after determining the minimum value for the High period
(TCKH) the remainder of the internal clock pulses is set as the Low
period (TCKL). This causes the i2c clock duty cycle to be much less
than 50%.
Modify the starting position to TCKH and TCKL at 50% of the internal
clock, and adjusts the TCKH and TCKL values from there should the
minimum value for TCKL not be met. This results in duty cycles closer
to 50%.
Fixes: commit 27bce457d588 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver")
Signed-off-by: Sifan Naeem <sifan.naeem@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: James Hartley <james.hartley@imgtec.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-img-scb.c | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/drivers/i2c/busses/i2c-img-scb.c b/drivers/i2c/busses/i2c-img-scb.c
index b4f59e1..e4daebc 100644
--- a/drivers/i2c/busses/i2c-img-scb.c
+++ b/drivers/i2c/busses/i2c-img-scb.c
@@ -1178,25 +1178,29 @@ static int img_i2c_init(struct img_i2c *i2c)
((bitrate_khz * clk_period) / 2))
int_bitrate++;
- /* Setup TCKH value */
- tckh = DIV_ROUND_UP(timing.tckh, clk_period);
+ /*
+ * Setup clock duty cycle, start with 50% and adjust TCKH and TCKL
+ * values from there if they don't meet minimum timing requirements
+ */
+ tckh = int_bitrate / 2;
+ tckl = int_bitrate - tckh;
- if (tckh > 0)
- data = tckh - 1;
- else
- data = 0;
+ /* Adjust TCKH and TCKL values */
+ data = DIV_ROUND_UP(timing.tckl, clk_period);
- img_i2c_writel(i2c, SCB_TIME_TCKH_REG, data);
+ if (tckl < data) {
+ tckl = data;
+ tckh = int_bitrate - tckl;
+ }
- /* Setup TCKL value */
- tckl = int_bitrate - tckh;
+ if (tckh > 0)
+ --tckh;
if (tckl > 0)
- data = tckl - 1;
- else
- data = 0;
+ --tckl;
- img_i2c_writel(i2c, SCB_TIME_TCKL_REG, data);
+ img_i2c_writel(i2c, SCB_TIME_TCKH_REG, tckh);
+ img_i2c_writel(i2c, SCB_TIME_TCKL_REG, tckl);
/* Setup TSDH value */
tsdh = DIV_ROUND_UP(timing.tsdh, clk_period);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 131/211] i2c: img-scb: Clear line and interrupt status before starting a transfer
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (129 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 130/211] i2c: img-scb: fix LOW and HIGH period values for the SCL clock Kamal Mostafa
@ 2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 132/211] i2c: img-scb: verify support for requested bit rate Kamal Mostafa
` (79 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:43 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sifan Naeem, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sifan Naeem <sifan.naeem@imgtec.com>
commit 1ed6faedfc9741cca2d97b25ab73902ba7177093 upstream.
Clear line status and all generated interrupts from the interrupt
status register before starting a transfer, as we may have
unserviced interrupts from previous transfers that might be
handled in the context of the new transfer.
Fixes: commit 27bce457d588 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver")
Signed-off-by: Sifan Naeem <sifan.naeem@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: James Hartley <james.hartley@imgtec.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-img-scb.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/i2c/busses/i2c-img-scb.c b/drivers/i2c/busses/i2c-img-scb.c
index e4daebc..b14eeae 100644
--- a/drivers/i2c/busses/i2c-img-scb.c
+++ b/drivers/i2c/busses/i2c-img-scb.c
@@ -1060,6 +1060,15 @@ static int img_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs,
i2c->last_msg = (i == num - 1);
reinit_completion(&i2c->msg_complete);
+ /*
+ * Clear line status and all interrupts before starting a
+ * transfer, as we may have unserviced interrupts from
+ * previous transfers that might be handled in the context
+ * of the new transfer.
+ */
+ img_i2c_writel(i2c, SCB_INT_CLEAR_REG, ~0);
+ img_i2c_writel(i2c, SCB_CLEAR_REG, ~0);
+
if (atomic)
img_i2c_atomic_start(i2c);
else if (msg->flags & I2C_M_RD)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 132/211] i2c: img-scb: verify support for requested bit rate
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (130 preceding siblings ...)
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 131/211] i2c: img-scb: Clear line and interrupt status before starting a transfer Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 133/211] packet: fix match_fanout_group() Kamal Mostafa
` (78 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sifan Naeem, Wolfram Sang, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sifan Naeem <sifan.naeem@imgtec.com>
commit 58b0497dad1abbe389af83e3d7706be584cf3ba2 upstream.
The requested bit rate can be outside the range supported by the driver.
The maximum bit rate this driver supports at the moment is 400Khz.
If the requested bit rate is larger than the maximum supported by the
driver, set the bitrate to the maximum supported before bitrate_khz is
calculated.
Maximum speed supported by the driver can be increased to 1Mhz by
adding support for "fast plus mode" in the future.
Fixes: commit 27bce457d588 ("i2c: img-scb: Add Imagination Technologies I2C SCB driver")
Signed-off-by: Sifan Naeem <sifan.naeem@imgtec.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: James Hartley <james.hartley@imgtec.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-img-scb.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/i2c/busses/i2c-img-scb.c b/drivers/i2c/busses/i2c-img-scb.c
index b14eeae..9c16431 100644
--- a/drivers/i2c/busses/i2c-img-scb.c
+++ b/drivers/i2c/busses/i2c-img-scb.c
@@ -1130,9 +1130,6 @@ static int img_i2c_init(struct img_i2c *i2c)
/* Fencing enabled by default. */
i2c->need_wr_rd_fence = true;
- bitrate_khz = i2c->bitrate / 1000;
- clk_khz = clk_get_rate(i2c->scb_clk) / 1000;
-
/* Determine what mode we're in from the bitrate */
timing = timings[0];
for (i = 0; i < ARRAY_SIZE(timings); i++) {
@@ -1141,6 +1138,17 @@ static int img_i2c_init(struct img_i2c *i2c)
break;
}
}
+ if (i2c->bitrate > timings[ARRAY_SIZE(timings) - 1].max_bitrate) {
+ dev_warn(i2c->adap.dev.parent,
+ "requested bitrate (%u) is higher than the max bitrate supported (%u)\n",
+ i2c->bitrate,
+ timings[ARRAY_SIZE(timings) - 1].max_bitrate);
+ timing = timings[ARRAY_SIZE(timings) - 1];
+ i2c->bitrate = timing.max_bitrate;
+ }
+
+ bitrate_khz = i2c->bitrate / 1000;
+ clk_khz = clk_get_rate(i2c->scb_clk) / 1000;
/* Find the prescale that would give us that inc (approx delay = 0) */
prescale = SCB_OPT_INC * clk_khz / (256 * 16 * bitrate_khz);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 133/211] packet: fix match_fanout_group()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (131 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 132/211] i2c: img-scb: verify support for requested bit rate Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 134/211] hsi: fix double kfree Kamal Mostafa
` (77 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Willem de Bruijn, Eric Leblond, David S. Miller,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit 161642e24fee40fba2c5bc2ceacc00d118a22d65 upstream.
Recent TCP listener patches exposed a prior af_packet bug :
match_fanout_group() blindly assumes it is always safe
to cast sk to a packet socket to compare fanout with af_packet_priv
But SYNACK packets can be sent while attached to request_sock, which
are smaller than a "struct sock".
We can read non existent memory and crash.
Fixes: c0de08d04215 ("af_packet: don't emit packet on orig fanout group")
Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Cc: Eric Leblond <eric@regit.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/packet/af_packet.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 71d671c..d0f6b03 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1500,10 +1500,10 @@ static void __fanout_unlink(struct sock *sk, struct packet_sock *po)
static bool match_fanout_group(struct packet_type *ptype, struct sock *sk)
{
- if (ptype->af_packet_priv == (void *)((struct packet_sock *)sk)->fanout)
- return true;
+ if (sk->sk_family != PF_PACKET)
+ return false;
- return false;
+ return ptype->af_packet_priv == pkt_sk(sk)->fanout;
}
static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 134/211] hsi: fix double kfree
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (132 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 133/211] packet: fix match_fanout_group() Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 135/211] hsi: omap_ssi_port: Prevent warning if cawake_gpio is not defined Kamal Mostafa
` (76 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Geliang Tang, Sebastian Reichel, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Geliang Tang <geliangtang@163.com>
commit f098a045350ecd6045f2f2d5a50fecf2a98962d7 upstream.
When device_register() fails, kfree() is called in hsi_client_release(),
hence there is no need to call kfree in err3 again.
Fixes: a2aa24734d9db ("HSI: Add common DT binding for HSI client devices")
Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hsi/hsi.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/hsi/hsi.c b/drivers/hsi/hsi.c
index fe93712..35d631e 100644
--- a/drivers/hsi/hsi.c
+++ b/drivers/hsi/hsi.c
@@ -300,7 +300,6 @@ static void hsi_add_client_from_dt(struct hsi_port *port,
if (device_register(&cl->device) < 0) {
pr_err("hsi: failed to register client: %s\n", name);
put_device(&cl->device);
- goto err3;
}
return;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 135/211] hsi: omap_ssi_port: Prevent warning if cawake_gpio is not defined.
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (133 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 134/211] hsi: fix double kfree Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 136/211] regulator: arizona-ldo1: Fix handling of GPIO 0 Kamal Mostafa
` (75 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Roger Quadros, Sebastian Reichel, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit e74eba049356fdad6713ab66322d9aeb0e85608b upstream.
The error handling path is broken as cawake_gpio was defined as
unsigned integer causing the following warnings on boards that don't
use SSI port and so don't have cawake_gpio defined. e.g. beagleboard C4.
[ 30.094635] WARNING: CPU: 0 PID: 322 at drivers/gpio/gpiolib.c:86 gpio_to_desc+0xa4/0xb8()
[ 30.103363] invalid GPIO -2
[ 30.106292] Modules linked in: omap_ssi_port(+) cpufreq_dt cfbfillrect cfbimgblt leds_gpio cfbcopyarea thermal_sys led_class hwmon gpio_keys encoder_tfp410 connector_analog_tv connector_dvi omap_hdq snd phy_i
[ 30.145477] CPU: 0 PID: 322 Comm: modprobe Not tainted 4.3.0-rc4-00030-gca978c0-dirty #335
[ 30.154174] Hardware name: Generic OMAP3-GP (Flattened Device Tree)
[ 30.160827] [<c0016ef4>] (unwind_backtrace) from [<c00131f4>] (show_stack+0x10/0x14)
[ 30.168975] [<c00131f4>] (show_stack) from [<c033cf08>] (dump_stack+0x80/0x9c)
[ 30.176635] [<c033cf08>] (dump_stack) from [<c003e920>] (warn_slowpath_common+0x7c/0xb8)
[ 30.185180] [<c003e920>] (warn_slowpath_common) from [<c003e9f0>] (warn_slowpath_fmt+0x30/0x40)
[ 30.194366] [<c003e9f0>] (warn_slowpath_fmt) from [<c0376314>] (gpio_to_desc+0xa4/0xb8)
[ 30.202819] [<c0376314>] (gpio_to_desc) from [<c0376ac8>] (gpio_request_one+0x14/0x11c)
[ 30.211273] [<c0376ac8>] (gpio_request_one) from [<c037370c>] (devm_gpio_request_one+0x3c/0x78)
[ 30.220458] [<c037370c>] (devm_gpio_request_one) from [<bf184210>] (ssi_port_probe+0x118/0x504 [omap_ssi_port])
[ 30.231170] [<bf184210>] (ssi_port_probe [omap_ssi_port]) from [<c03d4cfc>] (platform_drv_probe+0x48/0xa4)
[ 30.241424] [<c03d4cfc>] (platform_drv_probe) from [<c03d3678>] (driver_probe_device+0x1dc/0x2a0)
[ 30.250793] [<c03d3678>] (driver_probe_device) from [<c03d37d0>] (__driver_attach+0x94/0x98)
[ 30.259643] [<c03d37d0>] (__driver_attach) from [<c03d1d60>] (bus_for_each_dev+0x54/0x88)
[ 30.268249] [<c03d1d60>] (bus_for_each_dev) from [<c03d2d50>] (bus_add_driver+0xe8/0x1f8)
[ 30.276916] [<c03d2d50>] (bus_add_driver) from [<c03d4118>] (driver_register+0x78/0xf4)
[ 30.285369] [<c03d4118>] (driver_register) from [<c03d5380>] (__platform_driver_probe+0x34/0xd8)
[ 30.294647] [<c03d5380>] (__platform_driver_probe) from [<c00097e4>] (do_one_initcall+0x80/0x1d8)
[ 30.303985] [<c00097e4>] (do_one_initcall) from [<c011617c>] (do_init_module+0x5c/0x1cc)
[ 30.312561] [<c011617c>] (do_init_module) from [<c00c7a68>] (load_module+0x18c8/0x1f0c)
[ 30.320983] [<c00c7a68>] (load_module) from [<c00c8188>] (SyS_init_module+0xdc/0x150)
[ 30.329223] [<c00c8188>] (SyS_init_module) from [<c000f7e0>] (ret_fast_syscall+0x0/0x1c)
Fixes: b209e047bc743 ("HSI: Introduce OMAP SSI driver")
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hsi/controllers/omap_ssi_port.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hsi/controllers/omap_ssi_port.c b/drivers/hsi/controllers/omap_ssi_port.c
index 1f8652b..02e6603 100644
--- a/drivers/hsi/controllers/omap_ssi_port.c
+++ b/drivers/hsi/controllers/omap_ssi_port.c
@@ -1111,7 +1111,7 @@ static int __init ssi_port_probe(struct platform_device *pd)
struct omap_ssi_port *omap_port;
struct hsi_controller *ssi = dev_get_drvdata(pd->dev.parent);
struct omap_ssi_controller *omap_ssi = hsi_controller_drvdata(ssi);
- u32 cawake_gpio = 0;
+ int cawake_gpio = 0;
u32 port_id;
int err;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 136/211] regulator: arizona-ldo1: Fix handling of GPIO 0
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (134 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 135/211] hsi: omap_ssi_port: Prevent warning if cawake_gpio is not defined Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 137/211] ALSA: fireworks/bebob/oxfw/dice: enable to make as built-in Kamal Mostafa
` (74 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Charles Keepax, Mark Brown, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
commit ce938001c08c6580a8da38dc226fa605512afab6 upstream.
The LDO1 driver is using the arizona_of_get_named_gpio helper function
which will return 0 if an error was encountered whilst parsing the GPIO,
as under the pdata scheme 0 was not being treated as a valid GPIO.
However, since the regulator framework was expanded to allow the use of
GPIO 0 this causes us to attempt to register GPIO 0 when we encountered
an error parsing the device tree.
This patch uses of_get_named_gpio directly and sets the
ena_gpio_initialized flag based on the return value.
Fixes: 1de3821ace82 ("regulator: Set ena_gpio_initialized in regulator drivers")
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/regulator/arizona-ldo1.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/regulator/arizona-ldo1.c b/drivers/regulator/arizona-ldo1.c
index 5e947a8..eedd5e2 100644
--- a/drivers/regulator/arizona-ldo1.c
+++ b/drivers/regulator/arizona-ldo1.c
@@ -17,6 +17,7 @@
#include <linux/bitops.h>
#include <linux/err.h>
#include <linux/of.h>
+#include <linux/of_gpio.h>
#include <linux/platform_device.h>
#include <linux/regulator/driver.h>
#include <linux/regulator/machine.h>
@@ -189,13 +190,22 @@ static int arizona_ldo1_of_get_pdata(struct arizona *arizona,
{
struct arizona_pdata *pdata = &arizona->pdata;
struct arizona_ldo1 *ldo1 = config->driver_data;
+ struct device_node *np = arizona->dev->of_node;
struct device_node *init_node, *dcvdd_node;
struct regulator_init_data *init_data;
- pdata->ldoena = arizona_of_get_named_gpio(arizona, "wlf,ldoena", true);
+ pdata->ldoena = of_get_named_gpio(np, "wlf,ldoena", 0);
+ if (pdata->ldoena < 0) {
+ dev_warn(arizona->dev,
+ "LDOENA GPIO property missing/malformed: %d\n",
+ pdata->ldoena);
+ pdata->ldoena = 0;
+ } else {
+ config->ena_gpio_initialized = true;
+ }
- init_node = of_get_child_by_name(arizona->dev->of_node, "ldo1");
- dcvdd_node = of_parse_phandle(arizona->dev->of_node, "DCVDD-supply", 0);
+ init_node = of_get_child_by_name(np, "ldo1");
+ dcvdd_node = of_parse_phandle(np, "DCVDD-supply", 0);
if (init_node) {
config->of_node = init_node;
@@ -272,8 +282,6 @@ static int arizona_ldo1_probe(struct platform_device *pdev)
ret = arizona_ldo1_of_get_pdata(arizona, &config, desc);
if (ret < 0)
return ret;
-
- config.ena_gpio_initialized = true;
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 137/211] ALSA: fireworks/bebob/oxfw/dice: enable to make as built-in
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (135 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 136/211] regulator: arizona-ldo1: Fix handling of GPIO 0 Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 138/211] drm: Fix return value of drm_framebuffer_init() Kamal Mostafa
` (73 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Sakamoto, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit df4833886f91eea0d20e6e97066adab308625ef8 upstream.
When committed to upstream, these four modules had wrong entries for
Makefile. This forces them to be loadable modules even if they're set
as built-in.
This commit fixes this bug.
Fixes: b5b04336015e('ALSA: fireworks: Add skelton for Fireworks based devices')
Fixes: fd6f4b0dc167('ALSA: bebob: Add skelton for BeBoB based devices')
Fixes: 1a4e39c2e5ca('ALSA: oxfw: Move to its own directory')
Fixes: 14ff6a094815('ALSA: dice: Move file to its own directory')
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/firewire/bebob/Makefile | 2 +-
sound/firewire/dice/Makefile | 2 +-
sound/firewire/fireworks/Makefile | 2 +-
sound/firewire/oxfw/Makefile | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/sound/firewire/bebob/Makefile b/sound/firewire/bebob/Makefile
index 6cf470c..af7ed66 100644
--- a/sound/firewire/bebob/Makefile
+++ b/sound/firewire/bebob/Makefile
@@ -1,4 +1,4 @@
snd-bebob-objs := bebob_command.o bebob_stream.o bebob_proc.o bebob_midi.o \
bebob_pcm.o bebob_hwdep.o bebob_terratec.o bebob_yamaha.o \
bebob_focusrite.o bebob_maudio.o bebob.o
-obj-m += snd-bebob.o
+obj-$(CONFIG_SND_BEBOB) += snd-bebob.o
diff --git a/sound/firewire/dice/Makefile b/sound/firewire/dice/Makefile
index 9ef228e..55b4be9 100644
--- a/sound/firewire/dice/Makefile
+++ b/sound/firewire/dice/Makefile
@@ -1,3 +1,3 @@
snd-dice-objs := dice-transaction.o dice-stream.o dice-proc.o dice-midi.o \
dice-pcm.o dice-hwdep.o dice.o
-obj-m += snd-dice.o
+obj-$(CONFIG_SND_DICE) += snd-dice.o
diff --git a/sound/firewire/fireworks/Makefile b/sound/firewire/fireworks/Makefile
index 0c74408..15ef7f7 100644
--- a/sound/firewire/fireworks/Makefile
+++ b/sound/firewire/fireworks/Makefile
@@ -1,4 +1,4 @@
snd-fireworks-objs := fireworks_transaction.o fireworks_command.o \
fireworks_stream.o fireworks_proc.o fireworks_midi.o \
fireworks_pcm.o fireworks_hwdep.o fireworks.o
-obj-m += snd-fireworks.o
+obj-$(CONFIG_SND_FIREWORKS) += snd-fireworks.o
diff --git a/sound/firewire/oxfw/Makefile b/sound/firewire/oxfw/Makefile
index a926850..06ff50f 100644
--- a/sound/firewire/oxfw/Makefile
+++ b/sound/firewire/oxfw/Makefile
@@ -1,3 +1,3 @@
snd-oxfw-objs := oxfw-command.o oxfw-stream.o oxfw-control.o oxfw-pcm.o \
oxfw-proc.o oxfw-midi.o oxfw-hwdep.o oxfw.o
-obj-m += snd-oxfw.o
+obj-$(CONFIG_SND_OXFW) += snd-oxfw.o
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 138/211] drm: Fix return value of drm_framebuffer_init()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (136 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 137/211] ALSA: fireworks/bebob/oxfw/dice: enable to make as built-in Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 139/211] ALSA: dice: correct variable types for __be32 data Kamal Mostafa
` (72 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Vetter, Lukas Wunner, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Wunner <lukas@wunner.de>
commit 3c67d839b30c7d6d6ab5c6fddac0f58ec8095d50 upstream.
In its original version, drm_framebuffer_init() returned a negative int
if drm_mode_object_get() failed (f453ba046074, "DRM: add mode setting
support").
This was accidentally disabled by commit 4b096ac10da0 ("drm: revamp
locking around fb creation/destruction"). Thus, drm_framebuffer_init()
pretends success if drm_mode_object_get() failed.
Reinstate the original behaviour. Also fix erroneous kernel-doc of
drm_mode_object_get().
Fixes: 4b096ac10da0 ("drm: revamp locking around fb creation/
destruction")
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/drm_crtc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
index 4e8d72d..9062bf0c 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
@@ -306,8 +306,7 @@ static int drm_mode_object_get_reg(struct drm_device *dev,
* reference counted modeset objects like framebuffers.
*
* Returns:
- * New unique (relative to other objects in @dev) integer identifier for the
- * object.
+ * Zero on success, error code on failure.
*/
int drm_mode_object_get(struct drm_device *dev,
struct drm_mode_object *obj, uint32_t obj_type)
@@ -423,7 +422,7 @@ int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb,
out:
mutex_unlock(&dev->mode_config.fb_lock);
- return 0;
+ return ret;
}
EXPORT_SYMBOL(drm_framebuffer_init);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 139/211] ALSA: dice: correct variable types for __be32 data
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (137 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 138/211] drm: Fix return value of drm_framebuffer_init() Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 140/211] ALSA: dice: assign converted data to the same type of variable Kamal Mostafa
` (71 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Sakamoto, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit 3e93d42a04eea4e621f87bfc51b0ab868e131cb9 upstream.
Some local variables in some functions are typed as unsigned int, while
__be32 value is assigned to them. This causes sparse warnings.
dice-stream.c:50:17: warning: incorrect type in assignment (different base types)
dice-stream.c:50:17: expected unsigned int [unsigned] channel
dice-stream.c:50:17: got restricted __be32 [usertype] <noident>
dice-stream.c:74:17: warning: incorrect type in assignment (different base types)
dice-stream.c:74:17: expected unsigned int [unsigned] channel
dice-stream.c:74:17: got restricted __be32 [usertype] <noident>
This commit fixes this bug.
Fixes: 288a8d0cb04f('ALSA: dice: Change the way to start stream')
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/firewire/dice/dice-stream.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/sound/firewire/dice/dice-stream.c b/sound/firewire/dice/dice-stream.c
index 07dbd01..d6ba4a3 100644
--- a/sound/firewire/dice/dice-stream.c
+++ b/sound/firewire/dice/dice-stream.c
@@ -44,16 +44,16 @@ int snd_dice_stream_get_rate_mode(struct snd_dice *dice, unsigned int rate,
static void release_resources(struct snd_dice *dice,
struct fw_iso_resources *resources)
{
- unsigned int channel;
+ __be32 channel;
/* Reset channel number */
channel = cpu_to_be32((u32)-1);
if (resources == &dice->tx_resources)
snd_dice_transaction_write_tx(dice, TX_ISOCHRONOUS,
- &channel, 4);
+ &channel, sizeof(channel));
else
snd_dice_transaction_write_rx(dice, RX_ISOCHRONOUS,
- &channel, 4);
+ &channel, sizeof(channel));
fw_iso_resources_free(resources);
}
@@ -62,7 +62,7 @@ static int keep_resources(struct snd_dice *dice,
struct fw_iso_resources *resources,
unsigned int max_payload_bytes)
{
- unsigned int channel;
+ __be32 channel;
int err;
err = fw_iso_resources_allocate(resources, max_payload_bytes,
@@ -74,10 +74,10 @@ static int keep_resources(struct snd_dice *dice,
channel = cpu_to_be32(resources->channel);
if (resources == &dice->tx_resources)
err = snd_dice_transaction_write_tx(dice, TX_ISOCHRONOUS,
- &channel, 4);
+ &channel, sizeof(channel));
else
err = snd_dice_transaction_write_rx(dice, RX_ISOCHRONOUS,
- &channel, 4);
+ &channel, sizeof(channel));
if (err < 0)
release_resources(dice, resources);
end:
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 140/211] ALSA: dice: assign converted data to the same type of variable
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (138 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 139/211] ALSA: dice: correct variable types for __be32 data Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 141/211] ALSA: fireworks: use u32 type for be32_to_cpup() macro Kamal Mostafa
` (70 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Sakamoto, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit cbc6f28067aa0aa1193c2bf3546430b2c4dae22c upstream.
In former commit, u32 data was assigned to __be32 variable instead of an
int variable. This is not enough solution because it still causes sparse
warnings.
dice.c:80:23: warning: incorrect type in assignment (different base types)
dice.c:80:23: expected restricted __be32 [usertype] value
dice.c:80:23: got unsigned int
dice.c:81:21: warning: restricted __be32 degrades to integer
dice.c:81:46: warning: restricted __be32 degrades to integer
This commit fixes this bug.
Fixes: 7c2d4c0cf5ba('ALSA: dice: Split transaction functionality into a file')
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/firewire/dice/dice.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/firewire/dice/dice.c b/sound/firewire/dice/dice.c
index 70a111d..5d99436 100644
--- a/sound/firewire/dice/dice.c
+++ b/sound/firewire/dice/dice.c
@@ -29,7 +29,8 @@ static int dice_interface_check(struct fw_unit *unit)
struct fw_csr_iterator it;
int key, val, vendor = -1, model = -1, err;
unsigned int category, i;
- __be32 *pointers, value;
+ __be32 *pointers;
+ u32 value;
__be32 version;
pointers = kmalloc_array(ARRAY_SIZE(min_values), sizeof(__be32),
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 141/211] ALSA: fireworks: use u32 type for be32_to_cpup() macro
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (139 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 140/211] ALSA: dice: assign converted data to the same type of variable Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 142/211] ALSA: bebob: use correct type for __be32 data Kamal Mostafa
` (69 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Sakamoto, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit 463543ac2effaeb2b524f0a0a92f2413c23998ca upstream.
In former commit, snd_efw_command_get_phys_meters() was added to handle
metering data. The given buffer is used to save transaction result and to
convert between endianness. But this causes sparse warnings.
fireworks_command.c:269:25: warning: incorrect type in argument 1 (different base types)
fireworks_command.c:269:25: expected unsigned int [usertype] *p
fireworks_command.c:269:25: got restricted __be32 [usertype] *
This commit fixes this bug.
Fixes: bde8a8f23bbe('ALSA: fireworks: Add transaction and some commands')
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/firewire/fireworks/fireworks_command.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/firewire/fireworks/fireworks_command.c b/sound/firewire/fireworks/fireworks_command.c
index 166f805..94bab04 100644
--- a/sound/firewire/fireworks/fireworks_command.c
+++ b/sound/firewire/fireworks/fireworks_command.c
@@ -257,7 +257,7 @@ int snd_efw_command_get_phys_meters(struct snd_efw *efw,
struct snd_efw_phys_meters *meters,
unsigned int len)
{
- __be32 *buf = (__be32 *)meters;
+ u32 *buf = (u32 *)meters;
unsigned int i;
int err;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 142/211] ALSA: bebob: use correct type for __be32 data
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (140 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 141/211] ALSA: fireworks: use u32 type for be32_to_cpup() macro Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 143/211] kconfig: Fix copy&paste error Kamal Mostafa
` (68 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Sakamoto, Takashi Iwai, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit fef586d58960bc867c1fa8126ee5d7364a5a89ac upstream.
In former commit, metering is supported for BeBoB based models
customized by M-Audio. The data in transaction is aligned to
big-endianness, while in the driver code u16 typed variable is assigned
to the data. This causes sparse warnings.
bebob_maudio.c:651:31: warning: cast to restricted __be16
bebob_maudio.c:651:31: warning: cast to restricted __be16
bebob_maudio.c:651:31: warning: cast to restricted __be16
bebob_maudio.c:651:31: warning: cast to restricted __be16
This commit fixes this bug by using __be16 variable for the data.
Fixes: 3149ac489ff8('ALSA: bebob: Add support for M-Audio special Firewire series')
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/firewire/bebob/bebob_maudio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/firewire/bebob/bebob_maudio.c b/sound/firewire/bebob/bebob_maudio.c
index 057495d..b620475 100644
--- a/sound/firewire/bebob/bebob_maudio.c
+++ b/sound/firewire/bebob/bebob_maudio.c
@@ -628,7 +628,7 @@ static const char *const special_meter_labels[] = {
static int
special_meter_get(struct snd_bebob *bebob, u32 *target, unsigned int size)
{
- u16 *buf;
+ __be16 *buf;
unsigned int i, c, channels;
int err;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 143/211] kconfig: Fix copy&paste error
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (141 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 142/211] ALSA: bebob: use correct type for __be32 data Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 144/211] tcp: apply Kern's check on RTTs used for congestion control Kamal Mostafa
` (67 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michal Sojka, Michal Marek, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Sojka <sojkam1@fel.cvut.cz>
commit f6aad2615c8c4ed806e70693adacb6c93f13564a upstream.
Fixes: 31847b67bec0 ("kconfig: allow use of relations other than (in)equality")
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
scripts/kconfig/expr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/kconfig/expr.c b/scripts/kconfig/expr.c
index 667d1aa..cbf4996 100644
--- a/scripts/kconfig/expr.c
+++ b/scripts/kconfig/expr.c
@@ -1113,7 +1113,7 @@ void expr_print(struct expr *e, void (*fn)(void *, struct symbol *, const char *
fn(data, e->left.sym, e->left.sym->name);
else
fn(data, NULL, "<choice>");
- fn(data, NULL, e->type == E_LEQ ? ">=" : ">");
+ fn(data, NULL, e->type == E_GEQ ? ">=" : ">");
fn(data, e->right.sym, e->right.sym->name);
break;
case E_UNEQUAL:
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 144/211] tcp: apply Kern's check on RTTs used for congestion control
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (142 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 143/211] kconfig: Fix copy&paste error Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 145/211] RDMA/cxgb4: re-fix 32-bit build warning Kamal Mostafa
` (66 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Yuchung Cheng, Neal Cardwell, Eric Dumazet, David S. Miller,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuchung Cheng <ycheng@google.com>
commit 9e45a3e36b363cc4c79c70f2b4f994e66543a219 upstream.
Currently ca_seq_rtt_us does not use Kern's check. Fix that by
checking if any packet acked is a retransmit, for both RTT used
for RTT estimation and congestion control.
Fixes: 5b08e47ca ("tcp: prefer packet timing to TS-ECR for RTT")
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/tcp_input.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 77730b4..297b358 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -2902,9 +2902,6 @@ static inline bool tcp_ack_update_rtt(struct sock *sk, const int flag,
* Karn's algorithm forbids taking RTT if some retransmitted data
* is acked (RFC6298).
*/
- if (flag & FLAG_RETRANS_DATA_ACKED)
- seq_rtt_us = -1L;
-
if (seq_rtt_us < 0)
seq_rtt_us = sack_rtt_us;
@@ -3146,7 +3143,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
flag |= FLAG_SACK_RENEGING;
skb_mstamp_get(&now);
- if (likely(first_ackt.v64)) {
+ if (likely(first_ackt.v64) && !(flag & FLAG_RETRANS_DATA_ACKED)) {
seq_rtt_us = skb_mstamp_us_delta(&now, &first_ackt);
ca_rtt_us = skb_mstamp_us_delta(&now, &last_ackt);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 145/211] RDMA/cxgb4: re-fix 32-bit build warning
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (143 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 144/211] tcp: apply Kern's check on RTTs used for congestion control Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 146/211] IB/core: avoid 32-bit warning Kamal Mostafa
` (65 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Doug Ledford, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit b61e564af85bde408456f779eb267a37a64dc522 upstream.
Casting a pointer to __be64 produces a warning on 32-bit architectures:
drivers/infiniband/hw/cxgb4/mem.c:147:20: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
req->wr.wr_lo = (__force __be64)&wr_wait;
This was fixed at least twice for this driver in different places,
and accidentally reverted once more. This puts the correct version
back in place.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 6198dd8d7a6a7 ("iw_cxgb4: 32b platform fixes")
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/infiniband/hw/cxgb4/mem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
index cff815b..7f0996c 100644
--- a/drivers/infiniband/hw/cxgb4/mem.c
+++ b/drivers/infiniband/hw/cxgb4/mem.c
@@ -144,7 +144,7 @@ static int _c4iw_write_mem_inline(struct c4iw_rdev *rdev, u32 addr, u32 len,
if (i == (num_wqe-1)) {
req->wr.wr_hi = cpu_to_be32(FW_WR_OP_V(FW_ULPTX_WR) |
FW_WR_COMPL_F);
- req->wr.wr_lo = (__force __be64)&wr_wait;
+ req->wr.wr_lo = (__force __be64)(unsigned long)&wr_wait;
} else
req->wr.wr_hi = cpu_to_be32(FW_WR_OP_V(FW_ULPTX_WR));
req->wr.wr_mid = cpu_to_be32(
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 146/211] IB/core: avoid 32-bit warning
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (144 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 145/211] RDMA/cxgb4: re-fix 32-bit build warning Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 147/211] spi: omap2-mcspi: disable other channels CHCONF_FORCE in prepare_message Kamal Mostafa
` (64 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Doug Ledford, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 5d1e623591dfaa64a59ecdac420adc16125524d4 upstream.
The INIT_UDATA() macro requires a pointer or unsigned long argument for
both input and output buffer, and all callers had a cast from when
the code was merged until a recent restructuring, so now we get
core/uverbs_cmd.c: In function 'ib_uverbs_create_cq':
core/uverbs_cmd.c:1481:66: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
This makes the code behave as before by adding back the cast to
unsigned long.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 565197dd8fb1 ("IB/core: Extend ib_uverbs_create_cq")
Reviewed-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/infiniband/core/uverbs_cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index a6ca83b..ba85fca 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -1463,7 +1463,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
if (copy_from_user(&cmd, buf, sizeof(cmd)))
return -EFAULT;
- INIT_UDATA(&ucore, buf, cmd.response, sizeof(cmd), sizeof(resp));
+ INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd), sizeof(resp));
INIT_UDATA(&uhw, buf + sizeof(cmd),
(unsigned long)cmd.response + sizeof(resp),
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 147/211] spi: omap2-mcspi: disable other channels CHCONF_FORCE in prepare_message
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (145 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 146/211] IB/core: avoid 32-bit warning Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 148/211] perf annotate: Fix 'annotate.use_offset' config variable usage Kamal Mostafa
` (63 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Neil Armstrong, Mark Brown, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Neil Armstrong <narmstrong@baylibre.com>
commit 468a32082b04c7febccfcd55b06ecbc438fcddcc upstream.
Since the "Switch driver to use transfer_one" change, the cs_change
behavior has changed and a channel chip select can still be
asserted when changing channel from a previous last transfer in a
message having the cs_change attribute.
Since there is no sense having multiple chip select being asserted at the
same time, disable all the remaining forced chip selects in a the
prepare_message called right before a spi_transfer_one_message call.
It ignores the current channel configuration in order to keep the
possibility to leave the chip select asserted between messages.
It fixes this bug on a DM8168 SoC ES2.1 Soc and an OMAP4 ES2.1 SoC.
It was hanging all the other channels transfers when a CHCONF_FORCE
is present on the wrong channel.
Fixes: b28cb9414db9 ("spi: omap2-mcspi: Switch driver to use transfer_one")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Michael Welling <mwelling@ieee.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/spi/spi-omap2-mcspi.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/drivers/spi/spi-omap2-mcspi.c b/drivers/spi/spi-omap2-mcspi.c
index 3d09e0b..1f8903d 100644
--- a/drivers/spi/spi-omap2-mcspi.c
+++ b/drivers/spi/spi-omap2-mcspi.c
@@ -1217,6 +1217,33 @@ out:
return status;
}
+static int omap2_mcspi_prepare_message(struct spi_master *master,
+ struct spi_message *msg)
+{
+ struct omap2_mcspi *mcspi = spi_master_get_devdata(master);
+ struct omap2_mcspi_regs *ctx = &mcspi->ctx;
+ struct omap2_mcspi_cs *cs;
+
+ /* Only a single channel can have the FORCE bit enabled
+ * in its chconf0 register.
+ * Scan all channels and disable them except the current one.
+ * A FORCE can remain from a last transfer having cs_change enabled
+ */
+ list_for_each_entry(cs, &ctx->cs, node) {
+ if (msg->spi->controller_state == cs)
+ continue;
+
+ if ((cs->chconf0 & OMAP2_MCSPI_CHCONF_FORCE)) {
+ cs->chconf0 &= ~OMAP2_MCSPI_CHCONF_FORCE;
+ writel_relaxed(cs->chconf0,
+ cs->base + OMAP2_MCSPI_CHCONF0);
+ readl_relaxed(cs->base + OMAP2_MCSPI_CHCONF0);
+ }
+ }
+
+ return 0;
+}
+
static int omap2_mcspi_transfer_one(struct spi_master *master,
struct spi_device *spi, struct spi_transfer *t)
{
@@ -1344,6 +1371,7 @@ static int omap2_mcspi_probe(struct platform_device *pdev)
master->bits_per_word_mask = SPI_BPW_RANGE_MASK(4, 32);
master->setup = omap2_mcspi_setup;
master->auto_runtime_pm = true;
+ master->prepare_message = omap2_mcspi_prepare_message;
master->transfer_one = omap2_mcspi_transfer_one;
master->set_cs = omap2_mcspi_set_cs;
master->cleanup = omap2_mcspi_cleanup;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 148/211] perf annotate: Fix 'annotate.use_offset' config variable usage
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (146 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 147/211] spi: omap2-mcspi: disable other channels CHCONF_FORCE in prepare_message Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 149/211] sunrpc: avoid warning in gss_key_timeout Kamal Mostafa
` (62 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Namhyung Kim, David Ahern, Jiri Olsa, Martin Liška,
Peter Zijlstra, Taeung Song, Arnaldo Carvalho de Melo,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@kernel.org>
commit 39ff7cdb5a5e6b75dd049255615828c6531cd109 upstream.
The annotate__configs should be sorted so that it can use bsearch(3).
However commit 0c4a5bcea460 ("perf annotate: Display total number of
samples with --show-total-period") added a new config item at the end.
This resulted in the 'annotate.use_offset' config variable cannot be
found and perf terminated like below:
$ perf report
bad config file line 6 in ~/.perfconfig
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Martin Liška <mliska@suse.cz>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Taeung Song <treeze.taeung@gmail.com>
Fixes: 0c4a5bcea460 ("perf annotate: Display total number of samples with --show-total-period")
Link: http://lkml.kernel.org/r/1445396240-3428-1-git-send-email-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
tools/perf/ui/browsers/annotate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/ui/browsers/annotate.c b/tools/perf/ui/browsers/annotate.c
index 5995a8b..ebca255 100644
--- a/tools/perf/ui/browsers/annotate.c
+++ b/tools/perf/ui/browsers/annotate.c
@@ -1030,8 +1030,8 @@ static struct annotate_config {
ANNOTATE_CFG(jump_arrows),
ANNOTATE_CFG(show_linenr),
ANNOTATE_CFG(show_nr_jumps),
- ANNOTATE_CFG(use_offset),
ANNOTATE_CFG(show_total_period),
+ ANNOTATE_CFG(use_offset),
};
#undef ANNOTATE_CFG
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 149/211] sunrpc: avoid warning in gss_key_timeout
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (147 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 148/211] perf annotate: Fix 'annotate.use_offset' config variable usage Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 150/211] MIPS: atomic: Fix comment describing atomic64_add_unless's return value Kamal Mostafa
` (61 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, J. Bruce Fields, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit cc6a7aab5570beef884ff95f7cade6634bf815a1 upstream.
The gss_key_timeout() function causes a harmless warning in some
configurations, e.g. ARM imx_v6_v7_defconfig with gcc-5.2, if the
compiler cannot figure out the state of the 'expire' variable across
an rcu_read_unlock():
net/sunrpc/auth_gss/auth_gss.c: In function 'gss_key_timeout':
net/sunrpc/auth_gss/auth_gss.c:1422:211: warning: 'expire' may be used uninitialized in this function [-Wmaybe-uninitialized]
To avoid this warning without adding a bogus initialization, this
rewrites the function so the comparison is done inside of the
critical section. As a side-effect, it also becomes slightly
easier to understand because the implementation now more closely
resembles the comment above it.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: c5e6aecd034e7 ("sunrpc: fix RCU handling of gc_ctx field")
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sunrpc/auth_gss/auth_gss.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index dace13d..799e65b 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -1411,17 +1411,16 @@ gss_key_timeout(struct rpc_cred *rc)
{
struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
struct gss_cl_ctx *ctx;
- unsigned long now = jiffies;
- unsigned long expire;
+ unsigned long timeout = jiffies + (gss_key_expire_timeo * HZ);
+ int ret = 0;
rcu_read_lock();
ctx = rcu_dereference(gss_cred->gc_ctx);
- if (ctx)
- expire = ctx->gc_expiry - (gss_key_expire_timeo * HZ);
+ if (!ctx || time_after(timeout, ctx->gc_expiry))
+ ret = -EACCES;
rcu_read_unlock();
- if (!ctx || time_after(now, expire))
- return -EACCES;
- return 0;
+
+ return ret;
}
static int
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 150/211] MIPS: atomic: Fix comment describing atomic64_add_unless's return value.
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (148 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 149/211] sunrpc: avoid warning in gss_key_timeout Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 151/211] DT: mmc: sh_mmcif: fix "compatible" property text Kamal Mostafa
` (60 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Ralf Baechle, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ralf Baechle <ralf@linux-mips.org>
commit f25319d2cb439249a6859f53ad42ffa332b0acba upstream.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Fixes: f24219b4e90cf70ec4a211b17fbabc725a0ddf3c
(cherry picked from commit f0a232cde7be18a207fd057dd79bbac8a0a45dec)
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/include/asm/atomic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
index 26d4363..16967a0 100644
--- a/arch/mips/include/asm/atomic.h
+++ b/arch/mips/include/asm/atomic.h
@@ -500,7 +500,7 @@ static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v)
* @u: ...unless v is equal to u.
*
* Atomically adds @a to @v, so long as it was not @u.
- * Returns the old value of @v.
+ * Returns true iff @v was not @u.
*/
static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
{
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 151/211] DT: mmc: sh_mmcif: fix "compatible" property text
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (149 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 150/211] MIPS: atomic: Fix comment describing atomic64_add_unless's return value Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 152/211] netfilter: nf_nat_redirect: add missing NULL pointer check Kamal Mostafa
` (59 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sergei Shtylyov, Ulf Hansson, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
commit 76d63c2b59d4a1481bedc65a3ef25e9d1354dca3 upstream.
The "compatible" property text contradicts even the example given in the MMCIF
binding document itself; moreover, the Renesas MMCIF driver only matches on
the generic "compatible" string and doesn't look for the SoC specific strings
at all. Thus describe "renesas,sh-mmcif" as a fallback value.
Fixes: b4c27763d749 ("mmc: sh_mmcif: Document DT bindings")
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
Documentation/devicetree/bindings/mmc/renesas,mmcif.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/mmc/renesas,mmcif.txt b/Documentation/devicetree/bindings/mmc/renesas,mmcif.txt
index d38942f..b907f6d 100644
--- a/Documentation/devicetree/bindings/mmc/renesas,mmcif.txt
+++ b/Documentation/devicetree/bindings/mmc/renesas,mmcif.txt
@@ -6,11 +6,11 @@ and the properties used by the MMCIF device.
Required properties:
-- compatible: must contain one of the following
+- compatible: should be "renesas,mmcif-<soctype>", "renesas,sh-mmcif" as a
+ fallback. Examples with <soctype> are:
- "renesas,mmcif-r8a7740" for the MMCIF found in r8a7740 SoCs
- "renesas,mmcif-r8a7790" for the MMCIF found in r8a7790 SoCs
- "renesas,mmcif-r8a7791" for the MMCIF found in r8a7791 SoCs
- - "renesas,sh-mmcif" for the generic MMCIF
- clocks: reference to the functional clock
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 152/211] netfilter: nf_nat_redirect: add missing NULL pointer check
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (150 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 151/211] DT: mmc: sh_mmcif: fix "compatible" property text Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 153/211] of/fdt: fix error checking for earlycon address Kamal Mostafa
` (58 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Munehisa Kamata, Pablo Neira Ayuso, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Munehisa Kamata <kamatam@amazon.com>
commit 94f9cd81436c85d8c3a318ba92e236ede73752fc upstream.
Commit 8b13eddfdf04cbfa561725cfc42d6868fe896f56 ("netfilter: refactor NAT
redirect IPv4 to use it from nf_tables") has introduced a trivial logic
change which can result in the following crash.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
IP: [<ffffffffa033002d>] nf_nat_redirect_ipv4+0x2d/0xa0 [nf_nat_redirect]
PGD 3ba662067 PUD 3ba661067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: ipv6(E) xt_REDIRECT(E) nf_nat_redirect(E) xt_tcpudp(E) iptable_nat(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) nf_nat_ipv4(E) nf_nat(E) nf_conntrack(E) ip_tables(E) x_tables(E) binfmt_misc(E) xfs(E) libcrc32c(E) evbug(E) evdev(E) psmouse(E) i2c_piix4(E) i2c_core(E) acpi_cpufreq(E) button(E) ext4(E) crc16(E) jbd2(E) mbcache(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E)
CPU: 0 PID: 2536 Comm: ip Tainted: G E 4.1.7-15.23.amzn1.x86_64 #1
Hardware name: Xen HVM domU, BIOS 4.2.amazon 05/06/2015
task: ffff8800eb438000 ti: ffff8803ba664000 task.ti: ffff8803ba664000
[...]
Call Trace:
<IRQ>
[<ffffffffa0334065>] redirect_tg4+0x15/0x20 [xt_REDIRECT]
[<ffffffffa02e2e99>] ipt_do_table+0x2b9/0x5e1 [ip_tables]
[<ffffffffa0328045>] iptable_nat_do_chain+0x25/0x30 [iptable_nat]
[<ffffffffa031777d>] nf_nat_ipv4_fn+0x13d/0x1f0 [nf_nat_ipv4]
[<ffffffffa0328020>] ? iptable_nat_ipv4_fn+0x20/0x20 [iptable_nat]
[<ffffffffa031785e>] nf_nat_ipv4_in+0x2e/0x90 [nf_nat_ipv4]
[<ffffffffa03280a5>] iptable_nat_ipv4_in+0x15/0x20 [iptable_nat]
[<ffffffff81449137>] nf_iterate+0x57/0x80
[<ffffffff814491f7>] nf_hook_slow+0x97/0x100
[<ffffffff814504d4>] ip_rcv+0x314/0x400
unsigned int
nf_nat_redirect_ipv4(struct sk_buff *skb,
...
{
...
rcu_read_lock();
indev = __in_dev_get_rcu(skb->dev);
if (indev != NULL) {
ifa = indev->ifa_list;
newdst = ifa->ifa_local; <---
}
rcu_read_unlock();
...
}
Before the commit, 'ifa' had been always checked before access. After the
commit, however, it could be accessed even if it's NULL. Interestingly,
this was once fixed in 2003.
http://marc.info/?l=netfilter-devel&m=106668497403047&w=2
In addition to the original one, we have seen the crash when packets that
need to be redirected somehow arrive on an interface which hasn't been
yet fully configured.
This change just reverts the logic to the old behavior to avoid the crash.
Fixes: 8b13eddfdf04 ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables")
Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/netfilter/nf_nat_redirect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_nat_redirect.c b/net/netfilter/nf_nat_redirect.c
index 97b75f9..d438698 100644
--- a/net/netfilter/nf_nat_redirect.c
+++ b/net/netfilter/nf_nat_redirect.c
@@ -55,7 +55,7 @@ nf_nat_redirect_ipv4(struct sk_buff *skb,
rcu_read_lock();
indev = __in_dev_get_rcu(skb->dev);
- if (indev != NULL) {
+ if (indev && indev->ifa_list) {
ifa = indev->ifa_list;
newdst = ifa->ifa_local;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 153/211] of/fdt: fix error checking for earlycon address
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (151 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 152/211] netfilter: nf_nat_redirect: add missing NULL pointer check Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 154/211] netfilter: nfnetlink: don't probe module if it exists Kamal Mostafa
` (57 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Masahiro Yamada, Rob Herring, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <yamada.masahiro@socionext.com>
commit 3f5ceec96470050d20d7281d49985e3b1cfc3995 upstream.
fdt_translate_address() returns OF_BAD_ADDR on error. It is defined as
a u64 value, so the variable "addr" should be defined as u64 as well.
Fixes: fb11ffe74c79 ("of/fdt: add FDT serial scanning for earlycon")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/of/fdt.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 6e82bc42..d1bfd89 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -819,14 +819,15 @@ static int __init early_init_dt_scan_chosen_serial(void)
return -ENODEV;
while (match->compatible[0]) {
- unsigned long addr;
+ u64 addr;
+
if (fdt_node_check_compatible(fdt, offset, match->compatible)) {
match++;
continue;
}
addr = fdt_translate_address(fdt, offset);
- if (!addr)
+ if (addr == OF_BAD_ADDR)
return -ENXIO;
of_setup_earlycon(addr, match->data);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 154/211] netfilter: nfnetlink: don't probe module if it exists
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (152 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 153/211] of/fdt: fix error checking for earlycon address Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 155/211] PCI: Set SR-IOV NumVFs to zero after enumeration Kamal Mostafa
` (56 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Florian Westphal, Pablo Neira Ayuso, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
commit dbc3617f4c1f9fcbe63612048cb9583fea1e11ab upstream.
nfnetlink_bind request_module()s all the time as nfnetlink_get_subsys()
shifts the argument by 8 to obtain the subsys id.
So using type instead of type << 8 always returns NULL.
Fixes: 03292745b02d11 ("netlink: add nlk->netlink_bind hook for module auto-loading")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/netfilter/nfnetlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 70277b1..27b93da 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -492,7 +492,7 @@ static int nfnetlink_bind(struct net *net, int group)
type = nfnl_group2type[group];
rcu_read_lock();
- ss = nfnetlink_get_subsys(type);
+ ss = nfnetlink_get_subsys(type << 8);
rcu_read_unlock();
if (!ss)
request_module("nfnetlink-subsys-%d", type);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 155/211] PCI: Set SR-IOV NumVFs to zero after enumeration
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (153 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 154/211] netfilter: nfnetlink: don't probe module if it exists Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 156/211] sparc/PCI: Add mem64 resource parsing for root bus Kamal Mostafa
` (55 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alexander Duyck, Bjorn Helgaas, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Duyck <aduyck@mirantis.com>
commit ea9a8854161d9580cfabe011c0ae296ecc0e1d4f upstream.
The enumeration path should leave NumVFs set to zero. But after
4449f079722c ("PCI: Calculate maximum number of buses required for VFs"),
we call virtfn_max_buses() in the enumeration path, which changes NumVFs.
This NumVFs change is visible via lspci and sysfs until a driver enables
SR-IOV.
Iterate from TotalVFs down to zero so NumVFs is zero when we're finished
computing the maximum number of buses. Validate offset and stride in
the loop, so we can test it at every possible NumVFs setting. Rename
virtfn_max_buses() to compute_max_vf_buses() to hint that it does have a
side effect of updating iov->max_VF_buses.
[bhelgaas: changelog, rename, allow numVF==1 && stride==0, rework loop,
reverse sense of error path]
Fixes: 4449f079722c ("PCI: Calculate maximum number of buses required for VFs")
Based-on-patch-by: Ethan Zhao <ethan.zhao@oracle.com>
Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/pci/iov.c | 41 ++++++++++++++++++++++-------------------
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/drivers/pci/iov.c b/drivers/pci/iov.c
index ee0ebff..1eadc74 100644
--- a/drivers/pci/iov.c
+++ b/drivers/pci/iov.c
@@ -54,24 +54,29 @@ static inline void pci_iov_set_numvfs(struct pci_dev *dev, int nr_virtfn)
* The PF consumes one bus number. NumVFs, First VF Offset, and VF Stride
* determine how many additional bus numbers will be consumed by VFs.
*
- * Iterate over all valid NumVFs and calculate the maximum number of bus
- * numbers that could ever be required.
+ * Iterate over all valid NumVFs, validate offset and stride, and calculate
+ * the maximum number of bus numbers that could ever be required.
*/
-static inline u8 virtfn_max_buses(struct pci_dev *dev)
+static int compute_max_vf_buses(struct pci_dev *dev)
{
struct pci_sriov *iov = dev->sriov;
- int nr_virtfn;
- u8 max = 0;
- int busnr;
+ int nr_virtfn, busnr, rc = 0;
- for (nr_virtfn = 1; nr_virtfn <= iov->total_VFs; nr_virtfn++) {
+ for (nr_virtfn = iov->total_VFs; nr_virtfn; nr_virtfn--) {
pci_iov_set_numvfs(dev, nr_virtfn);
+ if (!iov->offset || (nr_virtfn > 1 && !iov->stride)) {
+ rc = -EIO;
+ goto out;
+ }
+
busnr = pci_iov_virtfn_bus(dev, nr_virtfn - 1);
- if (busnr > max)
- max = busnr;
+ if (busnr > iov->max_VF_buses)
+ iov->max_VF_buses = busnr;
}
- return max;
+out:
+ pci_iov_set_numvfs(dev, 0);
+ return rc;
}
static struct pci_bus *virtfn_add_bus(struct pci_bus *bus, int busnr)
@@ -384,7 +389,7 @@ static int sriov_init(struct pci_dev *dev, int pos)
int rc;
int nres;
u32 pgsz;
- u16 ctrl, total, offset, stride;
+ u16 ctrl, total;
struct pci_sriov *iov;
struct resource *res;
struct pci_dev *pdev;
@@ -414,11 +419,6 @@ static int sriov_init(struct pci_dev *dev, int pos)
found:
pci_write_config_word(dev, pos + PCI_SRIOV_CTRL, ctrl);
- pci_write_config_word(dev, pos + PCI_SRIOV_NUM_VF, 0);
- pci_read_config_word(dev, pos + PCI_SRIOV_VF_OFFSET, &offset);
- pci_read_config_word(dev, pos + PCI_SRIOV_VF_STRIDE, &stride);
- if (!offset || (total > 1 && !stride))
- return -EIO;
pci_read_config_dword(dev, pos + PCI_SRIOV_SUP_PGSIZE, &pgsz);
i = PAGE_SHIFT > 12 ? PAGE_SHIFT - 12 : 0;
@@ -456,8 +456,6 @@ found:
iov->nres = nres;
iov->ctrl = ctrl;
iov->total_VFs = total;
- iov->offset = offset;
- iov->stride = stride;
iov->pgsz = pgsz;
iov->self = dev;
pci_read_config_dword(dev, pos + PCI_SRIOV_CAP, &iov->cap);
@@ -474,10 +472,15 @@ found:
dev->sriov = iov;
dev->is_physfn = 1;
- iov->max_VF_buses = virtfn_max_buses(dev);
+ rc = compute_max_vf_buses(dev);
+ if (rc)
+ goto fail_max_buses;
return 0;
+fail_max_buses:
+ dev->sriov = NULL;
+ dev->is_physfn = 0;
failed:
for (i = 0; i < PCI_SRIOV_NUM_BARS; i++) {
res = &dev->resource[i + PCI_IOV_RESOURCES];
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 156/211] sparc/PCI: Add mem64 resource parsing for root bus
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (154 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 155/211] PCI: Set SR-IOV NumVFs to zero after enumeration Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 157/211] IB/core, cma: Make __attribute_const__ declarations sparse-friendly Kamal Mostafa
` (54 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Yinghai Lu, Bjorn Helgaas, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Yinghai Lu <yinghai@kernel.org>
commit af86fa4001ca5644ae20cc2c52cdf67bb7db9752 upstream.
David reported that a T5-8 sparc system failed to boot with:
pci_sun4v f02dbcfc: PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [io 0x804000000000-0x80400fffffff] (bus address [0x0000-0xfffffff])
pci_bus 0000:00: root bus resource [mem 0x800000000000-0x80007effffff] (bus address [0x00000000-0x7effffff])
pci 0000:00:01.0: can't claim BAR 15 [mem 0x100000000-0x4afffffff pref]: no compatible bridge window
Note that we don't know about a host bridge aperture that contains
BAR 15. OF does report a MEM64 aperture, but before this patch,
pci_determine_mem_io_space() ignored it.
Add support for host bridge apertures with 64-bit PCI addresses. Also
set IORESOURCE_MEM_64 for PCI device and bridge resources in PCI 64-bit
memory space.
Sparc doesn't actually print the device and bridge resources, but after
this patch, we should have the equivalent of this:
pci_sun4v f02dbcfc: PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [io 0x804000000000-0x80400fffffff] (bus address [0x0000-0xfffffff])
pci_bus 0000:00: root bus resource [mem 0x800000000000-0x80007effffff] (bus address [0x00000000-0x7effffff])
pci_bus 0000:00: root bus resource [mem 0x800100000000-0x8007ffffffff] (bus address [0x100000000-0x7ffffffff])
pci 0000:00:01.0: bridge window [mem 0x800100000000-0x8004afffffff 64bit pref]
[bhelgaas: changelog, URL to David's report]
Fixes: d63e2e1f3df9 ("sparc/PCI: Clip bridge windows to fit in upstream windows")
Link: http://lkml.kernel.org/r/5514391F.2030300@oracle.com
Reported-by: David Ahern <david.ahern@oracle.com>
Tested-by: David Ahern <david.ahern@oracle.com>
Tested-by: Khalid Aziz <khalid.aziz@oracle.com>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/kernel/pci.c | 7 ++++++-
arch/sparc/kernel/pci_common.c | 17 +++++++++++++++--
arch/sparc/kernel/pci_impl.h | 1 +
3 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/arch/sparc/kernel/pci.c b/arch/sparc/kernel/pci.c
index c928bc6..bfd0b70 100644
--- a/arch/sparc/kernel/pci.c
+++ b/arch/sparc/kernel/pci.c
@@ -185,8 +185,10 @@ static unsigned long pci_parse_of_flags(u32 addr0)
if (addr0 & 0x02000000) {
flags = IORESOURCE_MEM | PCI_BASE_ADDRESS_SPACE_MEMORY;
- flags |= (addr0 >> 22) & PCI_BASE_ADDRESS_MEM_TYPE_64;
flags |= (addr0 >> 28) & PCI_BASE_ADDRESS_MEM_TYPE_1M;
+ if (addr0 & 0x01000000)
+ flags |= IORESOURCE_MEM_64
+ | PCI_BASE_ADDRESS_MEM_TYPE_64;
if (addr0 & 0x40000000)
flags |= IORESOURCE_PREFETCH
| PCI_BASE_ADDRESS_MEM_PREFETCH;
@@ -660,6 +662,9 @@ struct pci_bus *pci_scan_one_pbm(struct pci_pbm_info *pbm,
pbm->io_space.start);
pci_add_resource_offset(&resources, &pbm->mem_space,
pbm->mem_space.start);
+ if (pbm->mem64_space.flags)
+ pci_add_resource_offset(&resources, &pbm->mem64_space,
+ pbm->mem_space.start);
pbm->busn.start = pbm->pci_first_busno;
pbm->busn.end = pbm->pci_last_busno;
pbm->busn.flags = IORESOURCE_BUS;
diff --git a/arch/sparc/kernel/pci_common.c b/arch/sparc/kernel/pci_common.c
index 944a065..33524c1 100644
--- a/arch/sparc/kernel/pci_common.c
+++ b/arch/sparc/kernel/pci_common.c
@@ -406,6 +406,7 @@ void pci_determine_mem_io_space(struct pci_pbm_info *pbm)
}
num_pbm_ranges = i / sizeof(*pbm_ranges);
+ memset(&pbm->mem64_space, 0, sizeof(struct resource));
for (i = 0; i < num_pbm_ranges; i++) {
const struct linux_prom_pci_ranges *pr = &pbm_ranges[i];
@@ -451,7 +452,12 @@ void pci_determine_mem_io_space(struct pci_pbm_info *pbm)
break;
case 3:
- /* XXX 64-bit MEM handling XXX */
+ /* 64-bit MEM handling */
+ pbm->mem64_space.start = a;
+ pbm->mem64_space.end = a + size - 1UL;
+ pbm->mem64_space.flags = IORESOURCE_MEM;
+ saw_mem = 1;
+ break;
default:
break;
@@ -465,15 +471,22 @@ void pci_determine_mem_io_space(struct pci_pbm_info *pbm)
prom_halt();
}
- printk("%s: PCI IO[%llx] MEM[%llx]\n",
+ printk("%s: PCI IO[%llx] MEM[%llx]",
pbm->name,
pbm->io_space.start,
pbm->mem_space.start);
+ if (pbm->mem64_space.flags)
+ printk(" MEM64[%llx]",
+ pbm->mem64_space.start);
+ printk("\n");
pbm->io_space.name = pbm->mem_space.name = pbm->name;
+ pbm->mem64_space.name = pbm->name;
request_resource(&ioport_resource, &pbm->io_space);
request_resource(&iomem_resource, &pbm->mem_space);
+ if (pbm->mem64_space.flags)
+ request_resource(&iomem_resource, &pbm->mem64_space);
pci_register_legacy_regions(&pbm->io_space,
&pbm->mem_space);
diff --git a/arch/sparc/kernel/pci_impl.h b/arch/sparc/kernel/pci_impl.h
index 75803c7..37222ca 100644
--- a/arch/sparc/kernel/pci_impl.h
+++ b/arch/sparc/kernel/pci_impl.h
@@ -97,6 +97,7 @@ struct pci_pbm_info {
/* PBM I/O and Memory space resources. */
struct resource io_space;
struct resource mem_space;
+ struct resource mem64_space;
struct resource busn;
/* Base of PCI Config space, can be per-PBM or shared. */
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 157/211] IB/core, cma: Make __attribute_const__ declarations sparse-friendly
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (155 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 156/211] sparc/PCI: Add mem64 resource parsing for root bus Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 158/211] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets Kamal Mostafa
` (53 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bart Van Assche, Sagi Grimberg, Doug Ledford, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bart.vanassche@sandisk.com>
commit db7489e07669073970358b6cacf6a9dd8dc9275e upstream.
Move the __attribute_const__ declarations such that sparse understands
that these apply to the function itself and not to the return type.
This avoids that sparse reports error messages like the following:
drivers/infiniband/core/verbs.c:73:12: error: symbol 'ib_event_msg' redeclared with different type (originally declared at include/rdma/ib_verbs.h:470) - different modifiers
Fixes: 2b1b5b601230 ("IB/core, cma: Nice log-friendly string helpers")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/core/verbs.c | 4 ++--
include/rdma/ib_verbs.h | 4 ++--
include/rdma/rdma_cm.h | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 143ded2..a7c1788 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -84,7 +84,7 @@ static const char * const cma_events[] = {
[RDMA_CM_EVENT_TIMEWAIT_EXIT] = "timewait exit",
};
-const char *rdma_event_msg(enum rdma_cm_event_type event)
+const char *__attribute_const__ rdma_event_msg(enum rdma_cm_event_type event)
{
size_t index = event;
diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c
index bac3fb4..a162f65 100644
--- a/drivers/infiniband/core/verbs.c
+++ b/drivers/infiniband/core/verbs.c
@@ -70,7 +70,7 @@ static const char * const ib_events[] = {
[IB_EVENT_GID_CHANGE] = "GID changed",
};
-const char *ib_event_msg(enum ib_event_type event)
+const char *__attribute_const__ ib_event_msg(enum ib_event_type event)
{
size_t index = event;
@@ -104,7 +104,7 @@ static const char * const wc_statuses[] = {
[IB_WC_GENERAL_ERR] = "general error",
};
-const char *ib_wc_status_msg(enum ib_wc_status status)
+const char *__attribute_const__ ib_wc_status_msg(enum ib_wc_status status)
{
size_t index = status;
diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index b0f898e..8ee1a4b 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -467,7 +467,7 @@ enum ib_event_type {
IB_EVENT_GID_CHANGE,
};
-__attribute_const__ const char *ib_event_msg(enum ib_event_type event);
+const char *__attribute_const__ ib_event_msg(enum ib_event_type event);
struct ib_event {
struct ib_device *device;
@@ -720,7 +720,7 @@ enum ib_wc_status {
IB_WC_GENERAL_ERR
};
-__attribute_const__ const char *ib_wc_status_msg(enum ib_wc_status status);
+const char *__attribute_const__ ib_wc_status_msg(enum ib_wc_status status);
enum ib_wc_opcode {
IB_WC_SEND,
diff --git a/include/rdma/rdma_cm.h b/include/rdma/rdma_cm.h
index c92522c..31afb5c 100644
--- a/include/rdma/rdma_cm.h
+++ b/include/rdma/rdma_cm.h
@@ -62,7 +62,7 @@ enum rdma_cm_event_type {
RDMA_CM_EVENT_TIMEWAIT_EXIT
};
-__attribute_const__ const char *rdma_event_msg(enum rdma_cm_event_type event);
+const char *__attribute_const__ rdma_event_msg(enum rdma_cm_event_type event);
enum rdma_port_space {
RDMA_PS_SDP = 0x0001,
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 158/211] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (156 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 157/211] IB/core, cma: Make __attribute_const__ declarations sparse-friendly Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 159/211] cpufreq: arm_big_little: fix frequency check when bL switcher is active Kamal Mostafa
` (52 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Vlad Yasevich, Benjamin Coddington, Tom Herbert,
Hannes Frederic Sowa, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
commit 682b1a9d3f9686ee43fd66b48605daff00522157 upstream.
We cannot reliable calculate packet size on MSG_MORE corked sockets
and thus cannot decide if they are going to be fragmented later on,
so better not use CHECKSUM_PARTIAL in the first place.
The IPv6 code also intended to protect and not use CHECKSUM_PARTIAL in
the existence of IPv6 extension headers, but the condition was wrong. Fix
it up, too. Also the condition to check whether the packet fits into
one fragment was wrong and has been corrected.
Fixes: commit 32dce968dd987 ("ipv6: Allow for partial checksums on non-ufo packets")
See-also: commit 72e843bb09d45 ("ipv6: ip6_fragment() should check CHECKSUM_PARTIAL")
Cc: Eric Dumazet <edumazet@google.com>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Benjamin Coddington <bcodding@redhat.com>
Cc: Tom Herbert <tom@herbertland.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/ip6_output.c | 70 ++++++++++++++++++++++++---------------------------
1 file changed, 33 insertions(+), 37 deletions(-)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index d5f7716..ba1a9ac 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1248,6 +1248,7 @@ static int __ip6_append_data(struct sock *sk,
struct rt6_info *rt = (struct rt6_info *)cork->dst;
struct ipv6_txoptions *opt = v6_cork->opt;
int csummode = CHECKSUM_NONE;
+ unsigned int maxnonfragsize, headersize;
skb = skb_peek_tail(queue);
if (!skb) {
@@ -1265,38 +1266,43 @@ static int __ip6_append_data(struct sock *sk,
maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
sizeof(struct frag_hdr);
- if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
- unsigned int maxnonfragsize, headersize;
-
- headersize = sizeof(struct ipv6hdr) +
- (opt ? opt->opt_flen + opt->opt_nflen : 0) +
- (dst_allfrag(&rt->dst) ?
- sizeof(struct frag_hdr) : 0) +
- rt->rt6i_nfheader_len;
-
- if (ip6_sk_ignore_df(sk))
- maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
- else
- maxnonfragsize = mtu;
+ headersize = sizeof(struct ipv6hdr) +
+ (opt ? opt->opt_flen + opt->opt_nflen : 0) +
+ (dst_allfrag(&rt->dst) ?
+ sizeof(struct frag_hdr) : 0) +
+ rt->rt6i_nfheader_len;
+
+ if (cork->length + length > mtu - headersize && dontfrag &&
+ (sk->sk_protocol == IPPROTO_UDP ||
+ sk->sk_protocol == IPPROTO_RAW)) {
+ ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
+ sizeof(struct ipv6hdr));
+ goto emsgsize;
+ }
- /* dontfrag active */
- if ((cork->length + length > mtu - headersize) && dontfrag &&
- (sk->sk_protocol == IPPROTO_UDP ||
- sk->sk_protocol == IPPROTO_RAW)) {
- ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
- sizeof(struct ipv6hdr));
- goto emsgsize;
- }
+ if (ip6_sk_ignore_df(sk))
+ maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
+ else
+ maxnonfragsize = mtu;
- if (cork->length + length > maxnonfragsize - headersize) {
+ if (cork->length + length > maxnonfragsize - headersize) {
emsgsize:
- ipv6_local_error(sk, EMSGSIZE, fl6,
- mtu - headersize +
- sizeof(struct ipv6hdr));
- return -EMSGSIZE;
- }
+ ipv6_local_error(sk, EMSGSIZE, fl6,
+ mtu - headersize +
+ sizeof(struct ipv6hdr));
+ return -EMSGSIZE;
}
+ /* CHECKSUM_PARTIAL only with no extension headers and when
+ * we are not going to fragment
+ */
+ if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
+ headersize == sizeof(struct ipv6hdr) &&
+ length < mtu - headersize &&
+ !(flags & MSG_MORE) &&
+ rt->dst.dev->features & NETIF_F_V6_CSUM)
+ csummode = CHECKSUM_PARTIAL;
+
if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
sock_tx_timestamp(sk, &tx_flags);
if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
@@ -1304,16 +1310,6 @@ emsgsize:
tskey = sk->sk_tskey++;
}
- /* If this is the first and only packet and device
- * supports checksum offloading, let's use it.
- * Use transhdrlen, same as IPv4, because partial
- * sums only work when transhdrlen is set.
- */
- if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
- length + fragheaderlen < mtu &&
- rt->dst.dev->features & NETIF_F_V6_CSUM &&
- !exthdrlen)
- csummode = CHECKSUM_PARTIAL;
/*
* Let's try using as much space as possible.
* Use MTU if total length of the message fits into the MTU.
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 159/211] cpufreq: arm_big_little: fix frequency check when bL switcher is active
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (157 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 158/211] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 160/211] xprtrdma: Re-arm after missed events Kamal Mostafa
` (51 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jon Medhurst, Rafael J. Wysocki, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Jon Medhurst \\(Tixy\\)" <tixy@linaro.org>
commit 14f1ba3af6209f0394192ef07fe2bd9bccdc755f upstream.
The check for correct frequency being set in bL_cpufreq_set_rate is
broken when the big.LITTLE switcher is active, for two reasons.
1. The 'new_rate' variable gets overwritten before the test by the
code calculating the frequency of the old cluster.
2. The frequency returned by bL_cpufreq_get_rate will be the virtual
frequency, not the actual one the intended version of new_rate contains.
This means the function always returns an error causing an endless
stream of: "cpufreq: __target_index: Failed to change cpu frequency: -5"
As the intent is to check for errors that clk_set_rate doesn't report
lets move the check to immediately after that and directly use
clk_get_rate, rather than the arm_big_little helpers which only confuse
matters. Also, update the comment to be hopefully clearer about the
purpose of the code.
Fixes: 0a95e630b49a (cpufreq: arm_big_little: check if the frequency is set correctly)
Signed-off-by: Jon Medhurst <tixy@linaro.org>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Michael Turquette <mturquette@baylibre.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/cpufreq/arm_big_little.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/cpufreq/arm_big_little.c b/drivers/cpufreq/arm_big_little.c
index f1e42f8..c5d256c 100644
--- a/drivers/cpufreq/arm_big_little.c
+++ b/drivers/cpufreq/arm_big_little.c
@@ -149,6 +149,19 @@ bL_cpufreq_set_rate(u32 cpu, u32 old_cluster, u32 new_cluster, u32 rate)
__func__, cpu, old_cluster, new_cluster, new_rate);
ret = clk_set_rate(clk[new_cluster], new_rate * 1000);
+ if (!ret) {
+ /*
+ * FIXME: clk_set_rate hasn't returned an error here however it
+ * may be that clk_change_rate failed due to hardware or
+ * firmware issues and wasn't able to report that due to the
+ * current design of the clk core layer. To work around this
+ * problem we will read back the clock rate and check it is
+ * correct. This needs to be removed once clk core is fixed.
+ */
+ if (clk_get_rate(clk[new_cluster]) != new_rate * 1000)
+ ret = -EIO;
+ }
+
if (WARN_ON(ret)) {
pr_err("clk_set_rate failed: %d, new cluster: %d\n", ret,
new_cluster);
@@ -189,15 +202,6 @@ bL_cpufreq_set_rate(u32 cpu, u32 old_cluster, u32 new_cluster, u32 rate)
mutex_unlock(&cluster_lock[old_cluster]);
}
- /*
- * FIXME: clk_set_rate has to handle the case where clk_change_rate
- * can fail due to hardware or firmware issues. Until the clk core
- * layer is fixed, we can check here. In most of the cases we will
- * be reading only the cached value anyway. This needs to be removed
- * once clk core is fixed.
- */
- if (bL_cpufreq_get_rate(cpu) != new_rate)
- return -EIO;
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 160/211] xprtrdma: Re-arm after missed events
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (158 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 159/211] cpufreq: arm_big_little: fix frequency check when bL switcher is active Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 161/211] xprtrdma: Prevent loss of completion signals Kamal Mostafa
` (50 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chuck Lever, Anna Schumaker, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
commit 7b3d770c67bc07db5035999e4f864c5f2ff7b10e upstream.
ib_req_notify_cq(IB_CQ_REPORT_MISSED_EVENTS) returns a positive
value if WCs were added to a CQ after the last completion upcall
but before the CQ has been re-armed.
Commit 7f23f6f6e388 ("xprtrmda: Reduce lock contention in
completion handlers") assumed that when ib_req_notify_cq() returned
a positive RC, the CQ had also been successfully re-armed, making
it safe to return control to the provider without losing any
completion signals. That is an invalid assumption.
Change both completion handlers to continue polling while
ib_req_notify_cq() returns a positive value.
Fixes: 7f23f6f6e388 ("xprtrmda: Reduce lock contention in ...")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Devesh Sharma <devesh.sharma@avagotech.com>
Tested-By: Devesh Sharma <devesh.sharma@avagotech.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sunrpc/xprtrdma/verbs.c | 66 +++++++--------------------------------------
1 file changed, 10 insertions(+), 56 deletions(-)
diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c
index 891c4ed..e0eece6 100644
--- a/net/sunrpc/xprtrdma/verbs.c
+++ b/net/sunrpc/xprtrdma/verbs.c
@@ -178,38 +178,17 @@ rpcrdma_sendcq_poll(struct ib_cq *cq, struct rpcrdma_ep *ep)
return 0;
}
-/*
- * Handle send, fast_reg_mr, and local_inv completions.
- *
- * Send events are typically suppressed and thus do not result
- * in an upcall. Occasionally one is signaled, however. This
- * prevents the provider's completion queue from wrapping and
- * losing a completion.
+/* Handle provider send completion upcalls.
*/
static void
rpcrdma_sendcq_upcall(struct ib_cq *cq, void *cq_context)
{
struct rpcrdma_ep *ep = (struct rpcrdma_ep *)cq_context;
- int rc;
-
- rc = rpcrdma_sendcq_poll(cq, ep);
- if (rc) {
- dprintk("RPC: %s: ib_poll_cq failed: %i\n",
- __func__, rc);
- return;
- }
- rc = ib_req_notify_cq(cq,
- IB_CQ_NEXT_COMP | IB_CQ_REPORT_MISSED_EVENTS);
- if (rc == 0)
- return;
- if (rc < 0) {
- dprintk("RPC: %s: ib_req_notify_cq failed: %i\n",
- __func__, rc);
- return;
- }
-
- rpcrdma_sendcq_poll(cq, ep);
+ do {
+ rpcrdma_sendcq_poll(cq, ep);
+ } while (ib_req_notify_cq(cq, IB_CQ_NEXT_COMP |
+ IB_CQ_REPORT_MISSED_EVENTS) > 0);
}
static void
@@ -273,42 +252,17 @@ out_schedule:
return rc;
}
-/*
- * Handle receive completions.
- *
- * It is reentrant but processes single events in order to maintain
- * ordering of receives to keep server credits.
- *
- * It is the responsibility of the scheduled tasklet to return
- * recv buffers to the pool. NOTE: this affects synchronization of
- * connection shutdown. That is, the structures required for
- * the completion of the reply handler must remain intact until
- * all memory has been reclaimed.
+/* Handle provider receive completion upcalls.
*/
static void
rpcrdma_recvcq_upcall(struct ib_cq *cq, void *cq_context)
{
struct rpcrdma_ep *ep = (struct rpcrdma_ep *)cq_context;
- int rc;
-
- rc = rpcrdma_recvcq_poll(cq, ep);
- if (rc) {
- dprintk("RPC: %s: ib_poll_cq failed: %i\n",
- __func__, rc);
- return;
- }
- rc = ib_req_notify_cq(cq,
- IB_CQ_NEXT_COMP | IB_CQ_REPORT_MISSED_EVENTS);
- if (rc == 0)
- return;
- if (rc < 0) {
- dprintk("RPC: %s: ib_req_notify_cq failed: %i\n",
- __func__, rc);
- return;
- }
-
- rpcrdma_recvcq_poll(cq, ep);
+ do {
+ rpcrdma_recvcq_poll(cq, ep);
+ } while (ib_req_notify_cq(cq, IB_CQ_NEXT_COMP |
+ IB_CQ_REPORT_MISSED_EVENTS) > 0);
}
static void
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 161/211] xprtrdma: Prevent loss of completion signals
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (159 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 160/211] xprtrdma: Re-arm after missed events Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 162/211] qmi_wwan: fix entry for HP lt4112 LTE/HSPA+ Gobi 4G Module Kamal Mostafa
` (49 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chuck Lever, Anna Schumaker, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
commit 4220a07264c0517006a534aed201e29c8d297306 upstream.
Commit 8301a2c047cc ("xprtrdma: Limit work done by completion
handler") was supposed to prevent xprtrdma's upcall handlers from
starving other softIRQ work by letting them return to the provider
before all CQEs have been polled.
The logic assumes the provider will call the upcall handler again
immediately if the CQ is re-armed while there are still queued CQEs.
This assumption is invalid. The IBTA spec says that after a CQ is
armed, the hardware must interrupt only when a new CQE is inserted.
xprtrdma can't rely on the provider calling again, even though some
providers do.
Therefore, leaving CQEs on queue makes sense only when there is
another mechanism that ensures all remaining CQEs are consumed in a
timely fashion. xprtrdma does not have such a mechanism. If a CQE
remains queued, the transport can wait forever to send the next RPC.
Finally, move the wcs array back onto the stack to ensure that the
poll array is always local to the CPU where the completion upcall is
running.
Fixes: 8301a2c047cc ("xprtrdma: Limit work done by completion ...")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Devesh Sharma <devesh.sharma@avagotech.com>
Tested-By: Devesh Sharma <devesh.sharma@avagotech.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sunrpc/xprtrdma/verbs.c | 74 +++++++++++++++++++++--------------------
net/sunrpc/xprtrdma/xprt_rdma.h | 5 ---
2 files changed, 38 insertions(+), 41 deletions(-)
diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c
index e0eece6..947ed13 100644
--- a/net/sunrpc/xprtrdma/verbs.c
+++ b/net/sunrpc/xprtrdma/verbs.c
@@ -157,25 +157,30 @@ rpcrdma_sendcq_process_wc(struct ib_wc *wc)
}
}
-static int
-rpcrdma_sendcq_poll(struct ib_cq *cq, struct rpcrdma_ep *ep)
+/* The common case is a single send completion is waiting. By
+ * passing two WC entries to ib_poll_cq, a return code of 1
+ * means there is exactly one WC waiting and no more. We don't
+ * have to invoke ib_poll_cq again to know that the CQ has been
+ * properly drained.
+ */
+static void
+rpcrdma_sendcq_poll(struct ib_cq *cq)
{
- struct ib_wc *wcs;
- int budget, count, rc;
+ struct ib_wc *pos, wcs[2];
+ int count, rc;
- budget = RPCRDMA_WC_BUDGET / RPCRDMA_POLLSIZE;
do {
- wcs = ep->rep_send_wcs;
+ pos = wcs;
- rc = ib_poll_cq(cq, RPCRDMA_POLLSIZE, wcs);
- if (rc <= 0)
- return rc;
+ rc = ib_poll_cq(cq, ARRAY_SIZE(wcs), pos);
+ if (rc < 0)
+ break;
count = rc;
while (count-- > 0)
- rpcrdma_sendcq_process_wc(wcs++);
- } while (rc == RPCRDMA_POLLSIZE && --budget);
- return 0;
+ rpcrdma_sendcq_process_wc(pos++);
+ } while (rc == ARRAY_SIZE(wcs));
+ return;
}
/* Handle provider send completion upcalls.
@@ -183,10 +188,8 @@ rpcrdma_sendcq_poll(struct ib_cq *cq, struct rpcrdma_ep *ep)
static void
rpcrdma_sendcq_upcall(struct ib_cq *cq, void *cq_context)
{
- struct rpcrdma_ep *ep = (struct rpcrdma_ep *)cq_context;
-
do {
- rpcrdma_sendcq_poll(cq, ep);
+ rpcrdma_sendcq_poll(cq);
} while (ib_req_notify_cq(cq, IB_CQ_NEXT_COMP |
IB_CQ_REPORT_MISSED_EVENTS) > 0);
}
@@ -225,31 +228,32 @@ out_fail:
goto out_schedule;
}
-static int
-rpcrdma_recvcq_poll(struct ib_cq *cq, struct rpcrdma_ep *ep)
+/* The wc array is on stack: automatic memory is always CPU-local.
+ *
+ * struct ib_wc is 64 bytes, making the poll array potentially
+ * large. But this is at the bottom of the call chain. Further
+ * substantial work is done in another thread.
+ */
+static void
+rpcrdma_recvcq_poll(struct ib_cq *cq)
{
- struct list_head sched_list;
- struct ib_wc *wcs;
- int budget, count, rc;
+ struct ib_wc *pos, wcs[4];
+ LIST_HEAD(sched_list);
+ int count, rc;
- INIT_LIST_HEAD(&sched_list);
- budget = RPCRDMA_WC_BUDGET / RPCRDMA_POLLSIZE;
do {
- wcs = ep->rep_recv_wcs;
+ pos = wcs;
- rc = ib_poll_cq(cq, RPCRDMA_POLLSIZE, wcs);
- if (rc <= 0)
- goto out_schedule;
+ rc = ib_poll_cq(cq, ARRAY_SIZE(wcs), pos);
+ if (rc < 0)
+ break;
count = rc;
while (count-- > 0)
- rpcrdma_recvcq_process_wc(wcs++, &sched_list);
- } while (rc == RPCRDMA_POLLSIZE && --budget);
- rc = 0;
+ rpcrdma_recvcq_process_wc(pos++, &sched_list);
+ } while (rc == ARRAY_SIZE(wcs));
-out_schedule:
rpcrdma_schedule_tasklet(&sched_list);
- return rc;
}
/* Handle provider receive completion upcalls.
@@ -257,10 +261,8 @@ out_schedule:
static void
rpcrdma_recvcq_upcall(struct ib_cq *cq, void *cq_context)
{
- struct rpcrdma_ep *ep = (struct rpcrdma_ep *)cq_context;
-
do {
- rpcrdma_recvcq_poll(cq, ep);
+ rpcrdma_recvcq_poll(cq);
} while (ib_req_notify_cq(cq, IB_CQ_NEXT_COMP |
IB_CQ_REPORT_MISSED_EVENTS) > 0);
}
@@ -640,7 +642,7 @@ rpcrdma_ep_create(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia,
cq_attr.cqe = ep->rep_attr.cap.max_send_wr + 1;
sendcq = ib_create_cq(ia->ri_device, rpcrdma_sendcq_upcall,
- rpcrdma_cq_async_error_upcall, ep, &cq_attr);
+ rpcrdma_cq_async_error_upcall, NULL, &cq_attr);
if (IS_ERR(sendcq)) {
rc = PTR_ERR(sendcq);
dprintk("RPC: %s: failed to create send CQ: %i\n",
@@ -657,7 +659,7 @@ rpcrdma_ep_create(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia,
cq_attr.cqe = ep->rep_attr.cap.max_recv_wr + 1;
recvcq = ib_create_cq(ia->ri_device, rpcrdma_recvcq_upcall,
- rpcrdma_cq_async_error_upcall, ep, &cq_attr);
+ rpcrdma_cq_async_error_upcall, NULL, &cq_attr);
if (IS_ERR(recvcq)) {
rc = PTR_ERR(recvcq);
dprintk("RPC: %s: failed to create recv CQ: %i\n",
diff --git a/net/sunrpc/xprtrdma/xprt_rdma.h b/net/sunrpc/xprtrdma/xprt_rdma.h
index e718d09..8fff714 100644
--- a/net/sunrpc/xprtrdma/xprt_rdma.h
+++ b/net/sunrpc/xprtrdma/xprt_rdma.h
@@ -79,9 +79,6 @@ struct rpcrdma_ia {
* RDMA Endpoint -- one per transport instance
*/
-#define RPCRDMA_WC_BUDGET (128)
-#define RPCRDMA_POLLSIZE (16)
-
struct rpcrdma_ep {
atomic_t rep_cqcount;
int rep_cqinit;
@@ -92,8 +89,6 @@ struct rpcrdma_ep {
struct rdma_conn_param rep_remote_cma;
struct sockaddr_storage rep_remote_addr;
struct delayed_work rep_connect_worker;
- struct ib_wc rep_send_wcs[RPCRDMA_POLLSIZE];
- struct ib_wc rep_recv_wcs[RPCRDMA_POLLSIZE];
};
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 162/211] qmi_wwan: fix entry for HP lt4112 LTE/HSPA+ Gobi 4G Module
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (160 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 161/211] xprtrdma: Prevent loss of completion signals Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 163/211] tracepoints: Fix documentation of RCU lockdep checks Kamal Mostafa
` (48 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bjørn Mork, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
commit 70910791731b5956171e1bfcad707766b8e18fee upstream.
The lt4112 is a HP branded Huawei me906e modem. Like other Huawei
modems, it does not have a fixed interface to function mapping.
Instead it uses a Huawei specific scheme: functions are mapped by
subclass and protocol.
However, the HP vendor ID is used for modems from many different
manufacturers using different schemes, so we cannot apply a generic
vendor rule like we do for the Huawei vendor ID.
Replace the previous lt4112 entry pointing to an arbitrary interface
number with a device specific subclass + protocol match.
Reported-and-tested-by: Muri Nicanor <muri+libqmi@immerda.ch>
Tested-by: Martin Hauke <mardnh@gmx.de>
Fixes: bb2bdeb83fb1 ("qmi_wwan: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/usb/qmi_wwan.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index de27f51..628e3fb 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -539,6 +539,10 @@ static const struct usb_device_id products[] = {
USB_CDC_PROTO_NONE),
.driver_info = (unsigned long)&qmi_wwan_info,
},
+ { /* HP lt4112 LTE/HSPA+ Gobi 4G Module (Huawei me906e) */
+ USB_DEVICE_AND_INTERFACE_INFO(0x03f0, 0x581d, USB_CLASS_VENDOR_SPEC, 1, 7),
+ .driver_info = (unsigned long)&qmi_wwan_info,
+ },
/* 3. Combined interface devices matching on interface number */
{QMI_FIXED_INTF(0x0408, 0xea42, 4)}, /* Yota / Megafon M100-1 */
@@ -791,7 +795,6 @@ static const struct usb_device_id products[] = {
{QMI_FIXED_INTF(0x413c, 0x81a8, 8)}, /* Dell Wireless 5808 Gobi(TM) 4G LTE Mobile Broadband Card */
{QMI_FIXED_INTF(0x413c, 0x81a9, 8)}, /* Dell Wireless 5808e Gobi(TM) 4G LTE Mobile Broadband Card */
{QMI_FIXED_INTF(0x03f0, 0x4e1d, 8)}, /* HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module */
- {QMI_FIXED_INTF(0x03f0, 0x581d, 4)}, /* HP lt4112 LTE/HSPA+ Gobi 4G Module (Huawei me906e) */
/* 4. Gobi 1000 devices */
{QMI_GOBI1K_DEVICE(0x05c6, 0x9212)}, /* Acer Gobi Modem Device */
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 163/211] tracepoints: Fix documentation of RCU lockdep checks
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (161 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 162/211] qmi_wwan: fix entry for HP lt4112 LTE/HSPA+ Gobi 4G Module Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 164/211] net: fix percpu memory leaks Kamal Mostafa
` (47 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dave Hansen, Mathieu Desnoyers, Steven Rostedt, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
commit a15920bea0428cd22291637f6c72542b1843e65f upstream.
The documentation on top of __DECLARE_TRACE() does not match its
implementation since the condition check has been added to the
RCU lockdep checks. Update the documentation to match its
implementation.
Link: http://lkml.kernel.org/r/1446504164-21563-1-git-send-email-mathieu.desnoyers@efficios.com
CC: Dave Hansen <dave@sr71.net>
Fixes: a05d59a56733 "tracing: Add condition check to RCU lockdep checks"
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/tracepoint.h | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/include/linux/tracepoint.h b/include/linux/tracepoint.h
index a5f7f3e..c8e3030 100644
--- a/include/linux/tracepoint.h
+++ b/include/linux/tracepoint.h
@@ -167,10 +167,11 @@ extern void syscall_unregfunc(void);
* structure. Force alignment to the same alignment as the section start.
*
* When lockdep is enabled, we make sure to always do the RCU portions of
- * the tracepoint code, regardless of whether tracing is on or we match the
- * condition. This lets us find RCU issues triggered with tracepoints even
- * when this tracepoint is off. This code has no purpose other than poking
- * RCU a bit.
+ * the tracepoint code, regardless of whether tracing is on. However,
+ * don't check if the condition is false, due to interaction with idle
+ * instrumentation. This lets us find RCU issues triggered with tracepoints
+ * even when this tracepoint is off. This code has no purpose other than
+ * poking RCU a bit.
*/
#define __DECLARE_TRACE(name, proto, args, cond, data_proto, data_args) \
extern struct tracepoint __tracepoint_##name; \
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 164/211] net: fix percpu memory leaks
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (162 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 163/211] tracepoints: Fix documentation of RCU lockdep checks Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 165/211] ipv6: fix tunnel error handling Kamal Mostafa
` (46 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Hannes Frederic Sowa, Jesper Dangaard Brouer,
David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit 1d6119baf0610f813eb9d9580eb4fd16de5b4ceb upstream.
This patch fixes following problems :
1) percpu_counter_init() can return an error, therefore
init_frag_mem_limit() must propagate this error so that
inet_frags_init_net() can do the same up to its callers.
2) If ip[46]_frags_ns_ctl_register() fail, we must unwind
properly and free the percpu_counter.
Without this fix, we leave freed object in percpu_counters
global list (if CONFIG_HOTPLUG_CPU) leading to crashes.
This bug was detected by KASAN and syzkaller tool
(http://github.com/google/syzkaller)
Fixes: 6d7b857d541e ("net: use lib/percpu_counter API for fragmentation mem accounting")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/inet_frag.h | 15 +++++++++------
net/ieee802154/6lowpan/reassembly.c | 11 ++++++++---
net/ipv4/inet_fragment.c | 6 ------
net/ipv4/ip_fragment.c | 12 +++++++++---
net/ipv6/netfilter/nf_conntrack_reasm.c | 12 +++++++++---
net/ipv6/reassembly.c | 12 +++++++++---
6 files changed, 44 insertions(+), 24 deletions(-)
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
index 53eead2..ac42bbb 100644
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -108,7 +108,15 @@ struct inet_frags {
int inet_frags_init(struct inet_frags *);
void inet_frags_fini(struct inet_frags *);
-void inet_frags_init_net(struct netns_frags *nf);
+static inline int inet_frags_init_net(struct netns_frags *nf)
+{
+ return percpu_counter_init(&nf->mem, 0, GFP_KERNEL);
+}
+static inline void inet_frags_uninit_net(struct netns_frags *nf)
+{
+ percpu_counter_destroy(&nf->mem);
+}
+
void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f);
void inet_frag_kill(struct inet_frag_queue *q, struct inet_frags *f);
@@ -154,11 +162,6 @@ static inline void add_frag_mem_limit(struct netns_frags *nf, int i)
__percpu_counter_add(&nf->mem, i, frag_percpu_counter_batch);
}
-static inline void init_frag_mem_limit(struct netns_frags *nf)
-{
- percpu_counter_init(&nf->mem, 0, GFP_KERNEL);
-}
-
static inline unsigned int sum_frag_mem_limit(struct netns_frags *nf)
{
unsigned int res;
diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c
index 214d44a..9fa1d39 100644
--- a/net/ieee802154/6lowpan/reassembly.c
+++ b/net/ieee802154/6lowpan/reassembly.c
@@ -523,14 +523,19 @@ static int __net_init lowpan_frags_init_net(struct net *net)
{
struct netns_ieee802154_lowpan *ieee802154_lowpan =
net_ieee802154_lowpan(net);
+ int res;
ieee802154_lowpan->frags.high_thresh = IPV6_FRAG_HIGH_THRESH;
ieee802154_lowpan->frags.low_thresh = IPV6_FRAG_LOW_THRESH;
ieee802154_lowpan->frags.timeout = IPV6_FRAG_TIMEOUT;
- inet_frags_init_net(&ieee802154_lowpan->frags);
-
- return lowpan_frags_ns_sysctl_register(net);
+ res = inet_frags_init_net(&ieee802154_lowpan->frags);
+ if (res)
+ return res;
+ res = lowpan_frags_ns_sysctl_register(net);
+ if (res)
+ inet_frags_uninit_net(&ieee802154_lowpan->frags);
+ return res;
}
static void __net_exit lowpan_frags_exit_net(struct net *net)
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index d0a7c03..fe144da 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -209,12 +209,6 @@ int inet_frags_init(struct inet_frags *f)
}
EXPORT_SYMBOL(inet_frags_init);
-void inet_frags_init_net(struct netns_frags *nf)
-{
- init_frag_mem_limit(nf);
-}
-EXPORT_SYMBOL(inet_frags_init_net);
-
void inet_frags_fini(struct inet_frags *f)
{
cancel_work_sync(&f->frags_work);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 921138f..753d0b4 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -845,6 +845,8 @@ static void __init ip4_frags_ctl_register(void)
static int __net_init ipv4_frags_init_net(struct net *net)
{
+ int res;
+
/* Fragment cache limits.
*
* The fragment memory accounting code, (tries to) account for
@@ -868,9 +870,13 @@ static int __net_init ipv4_frags_init_net(struct net *net)
*/
net->ipv4.frags.timeout = IP_FRAG_TIME;
- inet_frags_init_net(&net->ipv4.frags);
-
- return ip4_frags_ns_ctl_register(net);
+ res = inet_frags_init_net(&net->ipv4.frags);
+ if (res)
+ return res;
+ res = ip4_frags_ns_ctl_register(net);
+ if (res)
+ inet_frags_uninit_net(&net->ipv4.frags);
+ return res;
}
static void __net_exit ipv4_frags_exit_net(struct net *net)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 2a4682c..a73653b 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -649,12 +649,18 @@ void nf_ct_frag6_consume_orig(struct sk_buff *skb)
static int nf_ct_net_init(struct net *net)
{
+ int res;
+
net->nf_frag.frags.high_thresh = IPV6_FRAG_HIGH_THRESH;
net->nf_frag.frags.low_thresh = IPV6_FRAG_LOW_THRESH;
net->nf_frag.frags.timeout = IPV6_FRAG_TIMEOUT;
- inet_frags_init_net(&net->nf_frag.frags);
-
- return nf_ct_frag6_sysctl_register(net);
+ res = inet_frags_init_net(&net->nf_frag.frags);
+ if (res)
+ return res;
+ res = nf_ct_frag6_sysctl_register(net);
+ if (res)
+ inet_frags_uninit_net(&net->nf_frag.frags);
+ return res;
}
static void nf_ct_net_exit(struct net *net)
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 04013a9..45f5ae5 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -710,13 +710,19 @@ static void ip6_frags_sysctl_unregister(void)
static int __net_init ipv6_frags_init_net(struct net *net)
{
+ int res;
+
net->ipv6.frags.high_thresh = IPV6_FRAG_HIGH_THRESH;
net->ipv6.frags.low_thresh = IPV6_FRAG_LOW_THRESH;
net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT;
- inet_frags_init_net(&net->ipv6.frags);
-
- return ip6_frags_ns_sysctl_register(net);
+ res = inet_frags_init_net(&net->ipv6.frags);
+ if (res)
+ return res;
+ res = ip6_frags_ns_sysctl_register(net);
+ if (res)
+ inet_frags_uninit_net(&net->ipv6.frags);
+ return res;
}
static void __net_exit ipv6_frags_exit_net(struct net *net)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 165/211] ipv6: fix tunnel error handling
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (163 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 164/211] net: fix percpu memory leaks Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 166/211] vfio/platform: store mapped memory in region, instead of an on-stack copy Kamal Mostafa
` (45 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michal Kubecek, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Michal=20Kube=C4=8Dek?= <mkubecek@suse.cz>
commit ebac62fe3d24c0ce22dd83afa7b07d1a2aaef44d upstream.
Both tunnel6_protocol and tunnel46_protocol share the same error
handler, tunnel6_err(), which traverses through tunnel6_handlers list.
For ipip6 tunnels, we need to traverse tunnel46_handlers as we do e.g.
in tunnel46_rcv(). Current code can generate an ICMPv6 error message
with an IPv4 packet embedded in it.
Fixes: 73d605d1abbd ("[IPSEC]: changing API of xfrm6_tunnel_register")
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/tunnel6.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/tunnel6.c b/net/ipv6/tunnel6.c
index 3c75800..dae25ca 100644
--- a/net/ipv6/tunnel6.c
+++ b/net/ipv6/tunnel6.c
@@ -144,6 +144,16 @@ static void tunnel6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
break;
}
+static void tunnel46_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ u8 type, u8 code, int offset, __be32 info)
+{
+ struct xfrm6_tunnel *handler;
+
+ for_each_tunnel_rcu(tunnel46_handlers, handler)
+ if (!handler->err_handler(skb, opt, type, code, offset, info))
+ break;
+}
+
static const struct inet6_protocol tunnel6_protocol = {
.handler = tunnel6_rcv,
.err_handler = tunnel6_err,
@@ -152,7 +162,7 @@ static const struct inet6_protocol tunnel6_protocol = {
static const struct inet6_protocol tunnel46_protocol = {
.handler = tunnel46_rcv,
- .err_handler = tunnel6_err,
+ .err_handler = tunnel46_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
};
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 166/211] vfio/platform: store mapped memory in region, instead of an on-stack copy
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (164 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 165/211] ipv6: fix tunnel error handling Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 167/211] selftests: kprobe: Choose an always-defined function to probe Kamal Mostafa
` (44 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: James Morse, Alex Williamson, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: James Morse <james.morse@arm.com>
commit 1b4bb2eaa9b2583521611b4aa978f9f499c92cd4 upstream.
vfio_platform_{read,write}_mmio() call ioremap_nocache() to map
a region of io memory, which they store in struct vfio_platform_region to
be eventually re-used, or unmapped by vfio_platform_regions_cleanup().
These functions receive a copy of their struct vfio_platform_region
argument on the stack - so these mapped areas are always allocated, and
always leaked.
Pass this argument as a pointer instead.
Fixes: 6e3f26456009 "vfio/platform: read and write support for the device fd"
Signed-off-by: James Morse <james.morse@arm.com>
Acked-by: Baptiste Reynal <b.reynal@virtualopensystems.com>
Tested-by: Baptiste Reynal <b.reynal@virtualopensystems.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/vfio/platform/vfio_platform_common.c | 36 ++++++++++++++--------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c
index e43efb5..8c216de 100644
--- a/drivers/vfio/platform/vfio_platform_common.c
+++ b/drivers/vfio/platform/vfio_platform_common.c
@@ -307,17 +307,17 @@ static long vfio_platform_ioctl(void *device_data,
return -ENOTTY;
}
-static ssize_t vfio_platform_read_mmio(struct vfio_platform_region reg,
+static ssize_t vfio_platform_read_mmio(struct vfio_platform_region *reg,
char __user *buf, size_t count,
loff_t off)
{
unsigned int done = 0;
- if (!reg.ioaddr) {
- reg.ioaddr =
- ioremap_nocache(reg.addr, reg.size);
+ if (!reg->ioaddr) {
+ reg->ioaddr =
+ ioremap_nocache(reg->addr, reg->size);
- if (!reg.ioaddr)
+ if (!reg->ioaddr)
return -ENOMEM;
}
@@ -327,7 +327,7 @@ static ssize_t vfio_platform_read_mmio(struct vfio_platform_region reg,
if (count >= 4 && !(off % 4)) {
u32 val;
- val = ioread32(reg.ioaddr + off);
+ val = ioread32(reg->ioaddr + off);
if (copy_to_user(buf, &val, 4))
goto err;
@@ -335,7 +335,7 @@ static ssize_t vfio_platform_read_mmio(struct vfio_platform_region reg,
} else if (count >= 2 && !(off % 2)) {
u16 val;
- val = ioread16(reg.ioaddr + off);
+ val = ioread16(reg->ioaddr + off);
if (copy_to_user(buf, &val, 2))
goto err;
@@ -343,7 +343,7 @@ static ssize_t vfio_platform_read_mmio(struct vfio_platform_region reg,
} else {
u8 val;
- val = ioread8(reg.ioaddr + off);
+ val = ioread8(reg->ioaddr + off);
if (copy_to_user(buf, &val, 1))
goto err;
@@ -376,7 +376,7 @@ static ssize_t vfio_platform_read(void *device_data, char __user *buf,
return -EINVAL;
if (vdev->regions[index].type & VFIO_PLATFORM_REGION_TYPE_MMIO)
- return vfio_platform_read_mmio(vdev->regions[index],
+ return vfio_platform_read_mmio(&vdev->regions[index],
buf, count, off);
else if (vdev->regions[index].type & VFIO_PLATFORM_REGION_TYPE_PIO)
return -EINVAL; /* not implemented */
@@ -384,17 +384,17 @@ static ssize_t vfio_platform_read(void *device_data, char __user *buf,
return -EINVAL;
}
-static ssize_t vfio_platform_write_mmio(struct vfio_platform_region reg,
+static ssize_t vfio_platform_write_mmio(struct vfio_platform_region *reg,
const char __user *buf, size_t count,
loff_t off)
{
unsigned int done = 0;
- if (!reg.ioaddr) {
- reg.ioaddr =
- ioremap_nocache(reg.addr, reg.size);
+ if (!reg->ioaddr) {
+ reg->ioaddr =
+ ioremap_nocache(reg->addr, reg->size);
- if (!reg.ioaddr)
+ if (!reg->ioaddr)
return -ENOMEM;
}
@@ -406,7 +406,7 @@ static ssize_t vfio_platform_write_mmio(struct vfio_platform_region reg,
if (copy_from_user(&val, buf, 4))
goto err;
- iowrite32(val, reg.ioaddr + off);
+ iowrite32(val, reg->ioaddr + off);
filled = 4;
} else if (count >= 2 && !(off % 2)) {
@@ -414,7 +414,7 @@ static ssize_t vfio_platform_write_mmio(struct vfio_platform_region reg,
if (copy_from_user(&val, buf, 2))
goto err;
- iowrite16(val, reg.ioaddr + off);
+ iowrite16(val, reg->ioaddr + off);
filled = 2;
} else {
@@ -422,7 +422,7 @@ static ssize_t vfio_platform_write_mmio(struct vfio_platform_region reg,
if (copy_from_user(&val, buf, 1))
goto err;
- iowrite8(val, reg.ioaddr + off);
+ iowrite8(val, reg->ioaddr + off);
filled = 1;
}
@@ -452,7 +452,7 @@ static ssize_t vfio_platform_write(void *device_data, const char __user *buf,
return -EINVAL;
if (vdev->regions[index].type & VFIO_PLATFORM_REGION_TYPE_MMIO)
- return vfio_platform_write_mmio(vdev->regions[index],
+ return vfio_platform_write_mmio(&vdev->regions[index],
buf, count, off);
else if (vdev->regions[index].type & VFIO_PLATFORM_REGION_TYPE_PIO)
return -EINVAL; /* not implemented */
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 167/211] selftests: kprobe: Choose an always-defined function to probe
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (165 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 166/211] vfio/platform: store mapped memory in region, instead of an on-stack copy Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 168/211] selftests: Make scripts executable Kamal Mostafa
` (43 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ben Hutchings, Shuah Khan, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit c28628b867485165fd301e061bb9a1284ede700b upstream.
do_fork() is no longer defined on x86, so probe _do_fork() instead.
Fixes: 3033f14ab78c ("clone: support passing tls argument via C ...")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
.../selftests/ftrace/test.d/kprobe/add_and_remove.tc | 2 +-
tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc | 2 +-
.../testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc | 2 +-
.../selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc | 14 +++++++-------
.../selftests/ftrace/test.d/kprobe/kretprobe_args.tc | 2 +-
5 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc b/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc
index a5a4262..c3843ed 100644
--- a/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc
@@ -5,7 +5,7 @@
echo 0 > events/enable
echo > kprobe_events
-echo p:myevent do_fork > kprobe_events
+echo p:myevent _do_fork > kprobe_events
grep myevent kprobe_events
test -d events/kprobes/myevent
echo > kprobe_events
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc b/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc
index d8c7bb6..74507db 100644
--- a/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc
@@ -5,7 +5,7 @@
echo 0 > events/enable
echo > kprobe_events
-echo p:myevent do_fork > kprobe_events
+echo p:myevent _do_fork > kprobe_events
test -d events/kprobes/myevent
echo 1 > events/kprobes/myevent/enable
echo > kprobe_events && exit 1 # this must fail
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc
index c45ee27..64949d4 100644
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc
@@ -5,7 +5,7 @@
echo 0 > events/enable
echo > kprobe_events
-echo 'p:testprobe do_fork $stack $stack0 +0($stack)' > kprobe_events
+echo 'p:testprobe _do_fork $stack $stack0 +0($stack)' > kprobe_events
grep testprobe kprobe_events
test -d events/kprobes/testprobe
echo 1 > events/kprobes/testprobe/enable
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc
index ab41d2b..d6f2f49 100644
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc
@@ -6,31 +6,31 @@ grep function available_tracers || exit_unsupported # this is configurable
# prepare
echo nop > current_tracer
-echo do_fork > set_ftrace_filter
+echo _do_fork > set_ftrace_filter
echo 0 > events/enable
echo > kprobe_events
-echo 'p:testprobe do_fork' > kprobe_events
+echo 'p:testprobe _do_fork' > kprobe_events
# kprobe on / ftrace off
echo 1 > events/kprobes/testprobe/enable
echo > trace
( echo "forked")
grep testprobe trace
-! grep 'do_fork <-' trace
+! grep '_do_fork <-' trace
# kprobe on / ftrace on
echo function > current_tracer
echo > trace
( echo "forked")
grep testprobe trace
-grep 'do_fork <-' trace
+grep '_do_fork <-' trace
# kprobe off / ftrace on
echo 0 > events/kprobes/testprobe/enable
echo > trace
( echo "forked")
! grep testprobe trace
-grep 'do_fork <-' trace
+grep '_do_fork <-' trace
# kprobe on / ftrace on
echo 1 > events/kprobes/testprobe/enable
@@ -38,14 +38,14 @@ echo function > current_tracer
echo > trace
( echo "forked")
grep testprobe trace
-grep 'do_fork <-' trace
+grep '_do_fork <-' trace
# kprobe on / ftrace off
echo nop > current_tracer
echo > trace
( echo "forked")
grep testprobe trace
-! grep 'do_fork <-' trace
+! grep '_do_fork <-' trace
# cleanup
echo nop > current_tracer
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc
index 3171798..0d09546 100644
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc
@@ -5,7 +5,7 @@
echo 0 > events/enable
echo > kprobe_events
-echo 'r:testprobe2 do_fork $retval' > kprobe_events
+echo 'r:testprobe2 _do_fork $retval' > kprobe_events
grep testprobe2 kprobe_events
test -d events/kprobes/testprobe2
echo 1 > events/kprobes/testprobe2/enable
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 168/211] selftests: Make scripts executable
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (166 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 167/211] selftests: kprobe: Choose an always-defined function to probe Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 169/211] thermal: exynos: Fix first temperature read after registering sensor Kamal Mostafa
` (42 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ben Hutchings, Shuah Khan, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 3b4d3819eca5787bae77314851a799ecbf0da02b upstream.
Fixes: 87b2d44026e0 ("selftests: add memfd/sealing page-pinning tests")
Fixes: 2bf9e0ab08c6 ("locking/static_keys: Provide a selftest")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
tools/testing/selftests/memfd/run_fuse_test.sh | 0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100644 => 100755 tools/testing/selftests/memfd/run_fuse_test.sh
diff --git a/tools/testing/selftests/memfd/run_fuse_test.sh b/tools/testing/selftests/memfd/run_fuse_test.sh
old mode 100644
new mode 100755
--
1.9.1
^ permalink raw reply [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 169/211] thermal: exynos: Fix first temperature read after registering sensor
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (167 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 168/211] selftests: Make scripts executable Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 170/211] ipv4: fix a potential deadlock in mcast getsockopt() path Kamal Mostafa
` (41 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Krzysztof Kozlowski, Eduardo Valentin, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
commit 9e4249b4034090730017deaf632b46b5faaa12b9 upstream.
Thermal core could not read the temperature after registering the
thermal sensor with thermal_zone_of_sensor_register() because the driver
was not yet initialized.
The call trace looked like:
exynos_tmu_probe()
thermal_zone_of_sensor_register()
of_thermal_set_mode()
thermal_zone_device_update()
exynos_get_temp()
if (!data->tmu_read) return -EINVAL;
exynos_map_dt_data()
data->tmu_read = ...
This produced an error in dmesg:
thermal thermal_zone0: failed to read out thermal zone (-22)
Register the thermal_zone_device later, after parsing Device Tree and
enabling necessary clocks, but before calling exynos_tmu_initialize()
which uses the registered thermal_zone_device.
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Tested-by: Alim Akhtar <alim.akhtar@samsung.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 3b6a1a805f34 ("thermal: samsung: core: Exynos TMU rework to use device tree for configuration")
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/thermal/samsung/exynos_tmu.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c
index e39265b..a5daff2 100644
--- a/drivers/thermal/samsung/exynos_tmu.c
+++ b/drivers/thermal/samsung/exynos_tmu.c
@@ -1290,13 +1290,6 @@ static int exynos_tmu_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, data);
mutex_init(&data->lock);
- data->tzd = thermal_zone_of_sensor_register(&pdev->dev, 0, data,
- &exynos_sensor_ops);
- if (IS_ERR(data->tzd)) {
- pr_err("thermal: tz: %p ERROR\n", data->tzd);
- return PTR_ERR(data->tzd);
- }
-
/*
* Try enabling the regulator if found
* TODO: Add regulator as an SOC feature, so that regulator enable
@@ -1366,21 +1359,36 @@ static int exynos_tmu_probe(struct platform_device *pdev)
break;
};
+ /*
+ * data->tzd must be registered before calling exynos_tmu_initialize(),
+ * requesting irq and calling exynos_tmu_control().
+ */
+ data->tzd = thermal_zone_of_sensor_register(&pdev->dev, 0, data,
+ &exynos_sensor_ops);
+ if (IS_ERR(data->tzd)) {
+ ret = PTR_ERR(data->tzd);
+ dev_err(&pdev->dev, "Failed to register sensor: %d\n", ret);
+ goto err_sclk;
+ }
+
ret = exynos_tmu_initialize(pdev);
if (ret) {
dev_err(&pdev->dev, "Failed to initialize TMU\n");
- goto err_sclk;
+ goto err_thermal;
}
ret = devm_request_irq(&pdev->dev, data->irq, exynos_tmu_irq,
IRQF_TRIGGER_RISING | IRQF_SHARED, dev_name(&pdev->dev), data);
if (ret) {
dev_err(&pdev->dev, "Failed to request irq: %d\n", data->irq);
- goto err_sclk;
+ goto err_thermal;
}
exynos_tmu_control(pdev, true);
return 0;
+
+err_thermal:
+ thermal_zone_of_sensor_unregister(&pdev->dev, data->tzd);
err_sclk:
clk_disable_unprepare(data->sclk);
err_clk:
@@ -1391,7 +1399,6 @@ err_clk_sec:
err_sensor:
if (!IS_ERR_OR_NULL(data->regulator))
regulator_disable(data->regulator);
- thermal_zone_of_sensor_unregister(&pdev->dev, data->tzd);
return ret;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 170/211] ipv4: fix a potential deadlock in mcast getsockopt() path
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (168 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 169/211] thermal: exynos: Fix first temperature read after registering sensor Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 171/211] perf trace: Fix documentation for -i Kamal Mostafa
` (40 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcelo Ricardo Leitner, Cong Wang, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: WANG Cong <xiyou.wangcong@gmail.com>
commit 87e9f0315952b0dd8b5e51ba04beda03efc009d9 upstream.
Sasha reported the following lockdep warning:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_INET);
lock(rtnl_mutex);
lock(sk_lock-AF_INET);
lock(rtnl_mutex);
This is due to that for IP_MSFILTER and MCAST_MSFILTER, we take
rtnl lock before the socket lock in setsockopt() path, but take
the socket lock before rtnl lock in getsockopt() path. All the
rest optnames are setsockopt()-only.
Fix this by aligning the getsockopt() path with the setsockopt()
path, so that all mcast socket path would be locked in the same
order.
Note, IPv6 part is different where rtnl lock is not held.
Fixes: 54ff9ef36bdf ("ipv4, ipv6: kill ip_mc_{join, leave}_group and ipv6_sock_mc_{join, drop}")
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/igmp.c | 12 ++++--------
net/ipv4/ip_sockglue.c | 45 ++++++++++++++++++++++++++++++---------------
2 files changed, 34 insertions(+), 23 deletions(-)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 9fdfd9d..53d5252 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -2368,11 +2368,11 @@ int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
struct ip_sf_socklist *psl;
struct net *net = sock_net(sk);
+ ASSERT_RTNL();
+
if (!ipv4_is_multicast(addr))
return -EINVAL;
- rtnl_lock();
-
imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
imr.imr_address.s_addr = msf->imsf_interface;
imr.imr_ifindex = 0;
@@ -2393,7 +2393,6 @@ int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
goto done;
msf->imsf_fmode = pmc->sfmode;
psl = rtnl_dereference(pmc->sflist);
- rtnl_unlock();
if (!psl) {
len = 0;
count = 0;
@@ -2412,7 +2411,6 @@ int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
return -EFAULT;
return 0;
done:
- rtnl_unlock();
return err;
}
@@ -2426,6 +2424,8 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
struct inet_sock *inet = inet_sk(sk);
struct ip_sf_socklist *psl;
+ ASSERT_RTNL();
+
psin = (struct sockaddr_in *)&gsf->gf_group;
if (psin->sin_family != AF_INET)
return -EINVAL;
@@ -2433,8 +2433,6 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
if (!ipv4_is_multicast(addr))
return -EINVAL;
- rtnl_lock();
-
err = -EADDRNOTAVAIL;
for_each_pmc_rtnl(inet, pmc) {
@@ -2446,7 +2444,6 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
goto done;
gsf->gf_fmode = pmc->sfmode;
psl = rtnl_dereference(pmc->sflist);
- rtnl_unlock();
count = psl ? psl->sl_count : 0;
copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc;
gsf->gf_numsrc = count;
@@ -2466,7 +2463,6 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
}
return 0;
done:
- rtnl_unlock();
return err;
}
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index c3c359a..5f73a7c 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1251,11 +1251,22 @@ EXPORT_SYMBOL(compat_ip_setsockopt);
* the _received_ ones. The set sets the _sent_ ones.
*/
+static bool getsockopt_needs_rtnl(int optname)
+{
+ switch (optname) {
+ case IP_MSFILTER:
+ case MCAST_MSFILTER:
+ return true;
+ }
+ return false;
+}
+
static int do_ip_getsockopt(struct sock *sk, int level, int optname,
char __user *optval, int __user *optlen, unsigned int flags)
{
struct inet_sock *inet = inet_sk(sk);
- int val;
+ bool needs_rtnl = getsockopt_needs_rtnl(optname);
+ int val, err = 0;
int len;
if (level != SOL_IP)
@@ -1269,6 +1280,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
if (len < 0)
return -EINVAL;
+ if (needs_rtnl)
+ rtnl_lock();
lock_sock(sk);
switch (optname) {
@@ -1386,39 +1399,35 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
case IP_MSFILTER:
{
struct ip_msfilter msf;
- int err;
if (len < IP_MSFILTER_SIZE(0)) {
- release_sock(sk);
- return -EINVAL;
+ err = -EINVAL;
+ goto out;
}
if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) {
- release_sock(sk);
- return -EFAULT;
+ err = -EFAULT;
+ goto out;
}
err = ip_mc_msfget(sk, &msf,
(struct ip_msfilter __user *)optval, optlen);
- release_sock(sk);
- return err;
+ goto out;
}
case MCAST_MSFILTER:
{
struct group_filter gsf;
- int err;
if (len < GROUP_FILTER_SIZE(0)) {
- release_sock(sk);
- return -EINVAL;
+ err = -EINVAL;
+ goto out;
}
if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) {
- release_sock(sk);
- return -EFAULT;
+ err = -EFAULT;
+ goto out;
}
err = ip_mc_gsfget(sk, &gsf,
(struct group_filter __user *)optval,
optlen);
- release_sock(sk);
- return err;
+ goto out;
}
case IP_MULTICAST_ALL:
val = inet->mc_all;
@@ -1485,6 +1494,12 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
return -EFAULT;
}
return 0;
+
+out:
+ release_sock(sk);
+ if (needs_rtnl)
+ rtnl_unlock();
+ return err;
}
int ip_getsockopt(struct sock *sk, int level,
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 171/211] perf trace: Fix documentation for -i
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (169 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 170/211] ipv4: fix a potential deadlock in mcast getsockopt() path Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 172/211] rtc: ds1307: Fix alarm programming for mcp794xx Kamal Mostafa
` (39 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Feiner, David Ahern, Arnaldo Carvalho de Melo, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Feiner <pfeiner@google.com>
commit 956959f6b7a982b2e789a7a8fa1de437074a5eb9 upstream.
The -i flag was incorrectly listed as a short flag for --no-inherit. It
should have only been listed as a short flag for --input.
This documentation error has existed since the --input flag was
introduced in 6810fc915f7a89d8134edb3996dbbf8eac386c26 (perf trace: Add
option to analyze events in a file versus live).
Signed-off-by: Peter Feiner <pfeiner@google.com>
Cc: David Ahern <dsahern@gmail.com>
Link: http://lkml.kernel.org/r/1446657706-14518-1-git-send-email-pfeiner@google.com
Fixes: 6810fc915f7a ("perf trace: Add option to analyze events in a file versus live")
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
tools/perf/Documentation/perf-trace.txt | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/perf/Documentation/perf-trace.txt b/tools/perf/Documentation/perf-trace.txt
index 7ea0786..13293de 100644
--- a/tools/perf/Documentation/perf-trace.txt
+++ b/tools/perf/Documentation/perf-trace.txt
@@ -62,7 +62,6 @@ OPTIONS
--verbose=::
Verbosity level.
--i::
--no-inherit::
Child tasks do not inherit counters.
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 172/211] rtc: ds1307: Fix alarm programming for mcp794xx
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (170 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 171/211] perf trace: Fix documentation for -i Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 173/211] NTB: fix 32-bit compiler warning Kamal Mostafa
` (38 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tero Kristo, Alexandre Belloni, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tero Kristo <t-kristo@ti.com>
commit 62c8c20af92ea312ecb22cec4e83082e5843076b upstream.
mcp794xx alarm registers must be written in BCD format. However, the
alarm programming logic neglected this by adding one to the value
after bin2bcd conversion has been already done, writing bad values
to month register in case the alarm being set is in October. In this
case, the alarm month value becomes 0x0a instead of the expected 0x10.
Fix by moving the +1 addition within the bin2bcd call also.
Fixes: 1d1945d261a2 ("drivers/rtc/rtc-ds1307.c: add alarm support for mcp7941x chips")
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Acked-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/rtc/rtc-ds1307.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
index 6e76de1..a2e36fb 100644
--- a/drivers/rtc/rtc-ds1307.c
+++ b/drivers/rtc/rtc-ds1307.c
@@ -734,9 +734,9 @@ static int mcp794xx_set_alarm(struct device *dev, struct rtc_wkalrm *t)
regs[3] = bin2bcd(t->time.tm_sec);
regs[4] = bin2bcd(t->time.tm_min);
regs[5] = bin2bcd(t->time.tm_hour);
- regs[6] = bin2bcd(t->time.tm_wday) + 1;
+ regs[6] = bin2bcd(t->time.tm_wday + 1);
regs[7] = bin2bcd(t->time.tm_mday);
- regs[8] = bin2bcd(t->time.tm_mon) + 1;
+ regs[8] = bin2bcd(t->time.tm_mon + 1);
/* Clear the alarm 0 interrupt flag. */
regs[6] &= ~MCP794XX_BIT_ALMX_IF;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 173/211] NTB: fix 32-bit compiler warning
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (171 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 172/211] rtc: ds1307: Fix alarm programming for mcp794xx Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 174/211] tpm_tis: free irq after probing Kamal Mostafa
` (37 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Arnd Bergmann, Jon Mason, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit fdcb4b2e78220bde95ce4ba3213088e3a1f1cec6 upstream.
resource_size_t may be 32-bit wide on some architectures, which causes
this warning when building the NTB code:
drivers/ntb/ntb_transport.c: In function 'ntb_transport_link_work':
drivers/ntb/ntb_transport.c:828:46: warning: right shift count >= width of type [-Wshift-count-overflow]
The warning is harmless but can be avoided by using the upper_32_bits()
macro.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: e26a5843f7f5 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/ntb/ntb_transport.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ntb/ntb_transport.c b/drivers/ntb/ntb_transport.c
index 1c6386d..f173d95 100644
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -806,10 +806,10 @@ static void ntb_transport_link_work(struct work_struct *work)
size = max_mw_size;
spad = MW0_SZ_HIGH + (i * 2);
- ntb_peer_spad_write(ndev, spad, (u32)(size >> 32));
+ ntb_peer_spad_write(ndev, spad, upper_32_bits(size));
spad = MW0_SZ_LOW + (i * 2);
- ntb_peer_spad_write(ndev, spad, (u32)size);
+ ntb_peer_spad_write(ndev, spad, lower_32_bits(size));
}
ntb_peer_spad_write(ndev, NUM_MWS, nt->mw_count);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 174/211] tpm_tis: free irq after probing
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (172 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 173/211] NTB: fix 32-bit compiler warning Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 175/211] TPM: revert the list handling logic fixed in 398a1e7 Kamal Mostafa
` (36 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Martin Wilck, Jarkko Sakkinen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Wilck <Martin.Wilck@ts.fujitsu.com>
commit 2aef9da60bfdeb68dbcd4f114c098cbaa841b4ee upstream.
Release IRQs used for probing only. Otherwise the TPM will end up
with all IRQs 3-15 assigned.
Fixes: afb5abc262e9 ("tpm: two-phase chip management functions")
Signed-off-by: Martin Wilck <Martin.Wilck@ts.fujitsu.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm_tis.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index 696ef1d..19f9c7dc 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -805,6 +805,8 @@ static int tpm_tis_init(struct device *dev, struct tpm_info *tpm_info,
iowrite32(intmask,
chip->vendor.iobase +
TPM_INT_ENABLE(chip->vendor.locality));
+
+ devm_free_irq(dev, i, chip);
}
}
if (chip->vendor.irq) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 175/211] TPM: revert the list handling logic fixed in 398a1e7
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (173 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 174/211] tpm_tis: free irq after probing Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 176/211] mvneta: add FIXED_PHY dependency Kamal Mostafa
` (35 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Jarkko Sakkinen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
commit b1a4144a695ff4a6834a2680600f36f991fa4926 upstream.
Mimi reported that afb5abc reverts the fix in 398a1e7. This patch
reverts it back.
Fixes: afb5abc262e9 ("tpm: two-phase chip management functions")
Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm-chip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 1082d4b..0f8623d 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -231,7 +231,7 @@ int tpm_chip_register(struct tpm_chip *chip)
/* Make the chip available. */
spin_lock(&driver_lock);
- list_add_rcu(&chip->list, &tpm_chip_list);
+ list_add_tail_rcu(&chip->list, &tpm_chip_list);
spin_unlock(&driver_lock);
chip->flags |= TPM_CHIP_FLAG_REGISTERED;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 176/211] mvneta: add FIXED_PHY dependency
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (174 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 175/211] TPM: revert the list handling logic fixed in 398a1e7 Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 177/211] TPM: Avoid reference to potentially freed memory Kamal Mostafa
` (34 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 4bed5395a521b475c2164510596d9af366a3d6dc upstream.
The fixed_phy infrastructure is done in a way that is optional,
by providing 'static inline' helper functions doing nothing in
include/linux/phy_fixed.h for all its APIs. However, three out
of the four users (DSA, BCMGENET, and SYSTEMPORT) always
'select FIXED_PHY', presumably because they need that.
MVNETA is the fourth one, and if that is built-in but FIXED_PHY
is configured as a loadable module, we get a link error:
drivers/built-in.o: In function `mvneta_fixed_link_update':
fpga-mgr.c:(.text+0x33ed80): undefined reference to `fixed_phy_update_state'
Presumably this driver has the same dependency as the others,
so this patch also uses 'select' to ensure that the fixed-phy
support is built-in.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 898b2970e2c9 ("mvneta: implement SGMII-based in-band link state signaling")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/marvell/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/marvell/Kconfig b/drivers/net/ethernet/marvell/Kconfig
index 80af9ff..a1c862b 100644
--- a/drivers/net/ethernet/marvell/Kconfig
+++ b/drivers/net/ethernet/marvell/Kconfig
@@ -44,6 +44,7 @@ config MVNETA
tristate "Marvell Armada 370/38x/XP network interface support"
depends on PLAT_ORION
select MVMDIO
+ select FIXED_PHY
---help---
This driver supports the network interface units in the
Marvell ARMADA XP, ARMADA 370 and ARMADA 38x SoC family.
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 177/211] TPM: Avoid reference to potentially freed memory
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (175 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 176/211] mvneta: add FIXED_PHY dependency Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 178/211] megaraid_sas: Make tape drives visible on PERC5 controllers Kamal Mostafa
` (33 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christophe JAILLET, Jarkko Sakkinen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit eb8ed1eb9a158c460d10205eaff71fd4ac67c160 upstream.
Reference to the 'np' node is dropped before dereferencing the 'sizep' and
'basep' pointers, which could by then point to junk if the node has been
freed.
Refactor code to call 'of_node_put' later.
Fixes: c5df39262dd5 ("drivers/char/tpm: Add securityfs support for event log")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm_of.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index eebe625..40f4150 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -53,17 +53,18 @@ int read_log(struct tpm_bios_log *log)
goto cleanup_eio;
}
- of_node_put(np);
log->bios_event_log = kmalloc(*sizep, GFP_KERNEL);
if (!log->bios_event_log) {
pr_err("%s: ERROR - Not enough memory for BIOS measurements\n",
__func__);
+ of_node_put(np);
return -ENOMEM;
}
log->bios_event_log_end = log->bios_event_log + *sizep;
memcpy(log->bios_event_log, __va(be64_to_cpup(basep)), *sizep);
+ of_node_put(np);
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 178/211] megaraid_sas: Make tape drives visible on PERC5 controllers
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (176 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 177/211] TPM: Avoid reference to potentially freed memory Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 179/211] ARC: Fix silly typo in MAINTAINERS file Kamal Mostafa
` (32 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kashyap Desai, Sumit Saxena, Martin K. Petersen, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sumit Saxena <sumit.saxena@avagotech.com>
commit aed335eecf8f09c28588b01c7f7e24ee78156e28 upstream.
The DELL PERC5 controller firmware does not list tape drives in response
to MR_DCMD_PD_LIST_QUERY. This causes tape drives not be exposed to the
OS when connected to a PERC5 controller.
This patch permits detection of tape drives connected to a PERC5
controller by exposing non-TYPE_DISK devices unconditionally.
Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>
Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/megaraid/megaraid_sas.h | 1 +
drivers/scsi/megaraid/megaraid_sas_base.c | 20 +++++++++++++++++---
2 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
index ebf821b..5194068 100644
--- a/drivers/scsi/megaraid/megaraid_sas.h
+++ b/drivers/scsi/megaraid/megaraid_sas.h
@@ -1750,6 +1750,7 @@ struct megasas_instance {
u8 UnevenSpanSupport;
u8 supportmax256vd;
+ u8 allow_fw_scan;
u16 fw_supported_vd_count;
u16 fw_supported_pd_count;
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 2ec768b..ffe1096 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -1650,6 +1650,20 @@ static struct megasas_instance *megasas_lookup_instance(u16 host_no)
static int megasas_slave_configure(struct scsi_device *sdev)
{
+ u16 pd_index = 0;
+ struct megasas_instance *instance;
+
+ instance = megasas_lookup_instance(sdev->host->host_no);
+ if (instance->allow_fw_scan) {
+ if (sdev->channel < MEGASAS_MAX_PD_CHANNELS &&
+ sdev->type == TYPE_DISK) {
+ pd_index = (sdev->channel * MEGASAS_MAX_DEV_PER_CHANNEL) +
+ sdev->id;
+ if (instance->pd_list[pd_index].driveState !=
+ MR_PD_STATE_SYSTEM)
+ return -ENXIO;
+ }
+ }
/*
* The RAID firmware may require extended timeouts.
*/
@@ -1671,9 +1685,8 @@ static int megasas_slave_alloc(struct scsi_device *sdev)
pd_index =
(sdev->channel * MEGASAS_MAX_DEV_PER_CHANNEL) +
sdev->id;
- if ((instance->pd_list[pd_index].driveState ==
- MR_PD_STATE_SYSTEM) ||
- (instance->pd_list[pd_index].driveType != TYPE_DISK)) {
+ if ((instance->allow_fw_scan || instance->pd_list[pd_index].driveState ==
+ MR_PD_STATE_SYSTEM)) {
return 0;
}
return -ENXIO;
@@ -4543,6 +4556,7 @@ static int megasas_init_fw(struct megasas_instance *instance)
case PCI_DEVICE_ID_DELL_PERC5:
default:
instance->instancet = &megasas_instance_template_xscale;
+ instance->allow_fw_scan = 1;
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 179/211] ARC: Fix silly typo in MAINTAINERS file
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (177 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 178/211] megaraid_sas: Make tape drives visible on PERC5 controllers Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 180/211] pppoe: fix memory corruption in padt work structure Kamal Mostafa
` (31 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 30b9dbee895ff0d5cbf155bd1ef3f0f5992bca6f upstream.
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 6c512d1..5ac682d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9882,7 +9882,7 @@ F: include/net/switchdev.h
SYNOPSYS ARC ARCHITECTURE
M: Vineet Gupta <vgupta@synopsys.com>
-L: linux-snps-arc@lists.infraded.org
+L: linux-snps-arc@lists.infradead.org
S: Supported
F: arch/arc/
F: Documentation/devicetree/bindings/arc/
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 180/211] pppoe: fix memory corruption in padt work structure
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (178 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 179/211] ARC: Fix silly typo in MAINTAINERS file Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 181/211] gre6: allow to update all parameters via rtnl Kamal Mostafa
` (30 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guillaume Nault, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Guillaume Nault <g.nault@alphalink.fr>
[ Upstream commit fe53985aaac83d516b38358d4f39921d9942a0e2 ]
pppoe_connect() mustn't touch the padt_work field of pppoe sockets
because that work could be already pending.
[ 21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004
[ 21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c
[ 21.475164] *pde = 00000000
[ 21.475513] Oops: 0000 [#1] SMP
[ 21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio
[ 21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1
[ 21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[ 21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000
[ 21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2
[ 21.476168] EIP is at process_one_work+0x29/0x31c
[ 21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000
[ 21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc
[ 21.484082] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690
[ 21.484082] Stack:
[ 21.484082] 00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000
[ 21.484082] 00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970
[ 21.484082] f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74
[ 21.484082] Call Trace:
[ 21.484082] [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30
[ 21.484082] [<c1043984>] worker_thread+0x1b1/0x244
[ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
[ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
[ 21.484082] [<c1047059>] kthread+0x8f/0x94
[ 21.484082] [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26
[ 21.484082] [<c1327ee9>] ret_from_kernel_thread+0x21/0x38
[ 21.484082] [<c1046fca>] ? kthread_parkme+0x19/0x19
[ 21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d
[ 21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc
[ 21.496082] CR2: 0000000000000004
[ 21.496082] ---[ end trace e362cc9cf10dae89 ]---
Reported-by: Andrew <nitr0@seti.kr.ua>
Fixes: 287f3a943fef ("pppoe: Use workqueue to die properly when a PADT is received")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ppp/pppoe.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c
index 5e0b432..0a37f84 100644
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
@@ -568,6 +568,9 @@ static int pppoe_create(struct net *net, struct socket *sock, int kern)
sk->sk_family = PF_PPPOX;
sk->sk_protocol = PX_PROTO_OE;
+ INIT_WORK(&pppox_sk(sk)->proto.pppoe.padt_work,
+ pppoe_unbind_sock_work);
+
return 0;
}
@@ -632,8 +635,6 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
lock_sock(sk);
- INIT_WORK(&po->proto.pppoe.padt_work, pppoe_unbind_sock_work);
-
error = -EINVAL;
if (sp->sa_protocol != PX_PROTO_OE)
goto end;
@@ -663,8 +664,13 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
po->pppoe_dev = NULL;
}
- memset(sk_pppox(po) + 1, 0,
- sizeof(struct pppox_sock) - sizeof(struct sock));
+ po->pppoe_ifindex = 0;
+ memset(&po->pppoe_pa, 0, sizeof(po->pppoe_pa));
+ memset(&po->pppoe_relay, 0, sizeof(po->pppoe_relay));
+ memset(&po->chan, 0, sizeof(po->chan));
+ po->next = NULL;
+ po->num = 0;
+
sk->sk_state = PPPOX_NONE;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 181/211] gre6: allow to update all parameters via rtnl
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (179 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 180/211] pppoe: fix memory corruption in padt work structure Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 182/211] atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation Kamal Mostafa
` (29 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nicolas Dichtel, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
[ Upstream commit 6a61d4dbf4f54b5683e0f1e58d873cecca7cb977 ]
Parameters were updated only if the kernel was unable to find the tunnel
with the new parameters, ie only if core pamareters were updated (keys,
addr, link, type).
Now it's possible to update ttl, hoplimit, flowinfo and flags.
Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/ip6_gre.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 69f4f68..76be7d3 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1553,13 +1553,11 @@ static int ip6gre_changelink(struct net_device *dev, struct nlattr *tb[],
return -EEXIST;
} else {
t = nt;
-
- ip6gre_tunnel_unlink(ign, t);
- ip6gre_tnl_change(t, &p, !tb[IFLA_MTU]);
- ip6gre_tunnel_link(ign, t);
- netdev_state_change(dev);
}
+ ip6gre_tunnel_unlink(ign, t);
+ ip6gre_tnl_change(t, &p, !tb[IFLA_MTU]);
+ ip6gre_tunnel_link(ign, t);
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 182/211] atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (180 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 181/211] gre6: allow to update all parameters via rtnl Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 183/211] ipv6: keep existing flags when setting IFA_F_OPTIMISTIC Kamal Mostafa
` (28 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Pavel Machek, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Machek <pavel@ucw.cz>
[ Upstream commit f2a3771ae8aca879c32336c76ad05a017629bae2 ]
atl1c driver is doing order-4 allocation with GFP_ATOMIC
priority. That often breaks networking after resume. Switch to
GFP_KERNEL. Still not ideal, but should be significantly better.
atl1c_setup_ring_resources() is called from .open() function, and
already uses GFP_KERNEL, so this change is safe.
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
index 932bd18..6e9036a 100644
--- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
+++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
@@ -1014,13 +1014,12 @@ static int atl1c_setup_ring_resources(struct atl1c_adapter *adapter)
sizeof(struct atl1c_recv_ret_status) * rx_desc_count +
8 * 4;
- ring_header->desc = pci_alloc_consistent(pdev, ring_header->size,
- &ring_header->dma);
+ ring_header->desc = dma_zalloc_coherent(&pdev->dev, ring_header->size,
+ &ring_header->dma, GFP_KERNEL);
if (unlikely(!ring_header->desc)) {
- dev_err(&pdev->dev, "pci_alloc_consistend failed\n");
+ dev_err(&pdev->dev, "could not get memory for DMA buffer\n");
goto err_nomem;
}
- memset(ring_header->desc, 0, ring_header->size);
/* init TPD ring */
tpd_ring[0].dma = roundup(ring_header->dma, 8);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 183/211] ipv6: keep existing flags when setting IFA_F_OPTIMISTIC
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (181 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 182/211] atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 184/211] vxlan: fix incorrect RCO bit in VXLAN header Kamal Mostafa
` (27 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Erik Kline, Fernando Gont, Lorenzo Colitti,
YOSHIFUJI Hideaki/吉藤英明,
Hannes Frederic Sowa, Bjørn Mork, David S. Miller,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
[ Upstream commit 9a1ec4612c9bfc94d4185e3459055a37a685e575 ]
Commit 64236f3f3d74 ("ipv6: introduce IFA_F_STABLE_PRIVACY flag")
failed to update the setting of the IFA_F_OPTIMISTIC flag, causing
the IFA_F_STABLE_PRIVACY flag to be lost if IFA_F_OPTIMISTIC is set.
Cc: Erik Kline <ek@google.com>
Cc: Fernando Gont <fgont@si6networks.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: YOSHIFUJI Hideaki/吉藤英明 <hideaki.yoshifuji@miraclelinux.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Fixes: 64236f3f3d74 ("ipv6: introduce IFA_F_STABLE_PRIVACY flag")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/addrconf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index c8c1fea..6ab56d8 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2386,7 +2386,7 @@ ok:
#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
if (in6_dev->cnf.optimistic_dad &&
!net->ipv6.devconf_all->forwarding && sllao)
- addr_flags = IFA_F_OPTIMISTIC;
+ addr_flags |= IFA_F_OPTIMISTIC;
#endif
/* Do not allow to create too much of autoconfigured
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 184/211] vxlan: fix incorrect RCO bit in VXLAN header
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (182 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 183/211] ipv6: keep existing flags when setting IFA_F_OPTIMISTIC Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 185/211] sctp: use the same clock as if sock source timestamps were on Kamal Mostafa
` (26 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Thomas Graf, Tom Herbert, Jiri Benc, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Benc <jbenc@redhat.com>
[ Upstream commit c5fb8caaf91ea6a92920cf24db10cfc94d58de0f ]
Commit 3511494ce2f3d ("vxlan: Group Policy extension") changed definition of
VXLAN_HF_RCO from 0x00200000 to BIT(24). This is obviously incorrect. It's
also in violation with the RFC draft.
Fixes: 3511494ce2f3d ("vxlan: Group Policy extension")
Cc: Thomas Graf <tgraf@suug.ch>
Cc: Tom Herbert <therbert@google.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/vxlan.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/net/vxlan.h b/include/net/vxlan.h
index 0082b5d..7ef9272 100644
--- a/include/net/vxlan.h
+++ b/include/net/vxlan.h
@@ -78,7 +78,7 @@ struct vxlanhdr {
};
/* VXLAN header flags. */
-#define VXLAN_HF_RCO BIT(24)
+#define VXLAN_HF_RCO BIT(21)
#define VXLAN_HF_VNI BIT(27)
#define VXLAN_HF_GBP BIT(31)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 185/211] sctp: use the same clock as if sock source timestamps were on
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (183 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 184/211] vxlan: fix incorrect RCO bit in VXLAN header Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 186/211] sctp: update the netstamp_needed counter when copying sockets Kamal Mostafa
` (25 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcelo Ricardo Leitner, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
[ Upstream commit cb5e173ed7c03a0d4630ce68a95a186cce3cc872 ]
SCTP echoes a cookie o INIT ACK chunks that contains a timestamp, for
detecting stale cookies. This cookie is echoed back to the server by the
client and then that timestamp is checked.
Thing is, if the listening socket is using packet timestamping, the
cookie is encoded with ktime_get() value and checked against
ktime_get_real(), as done by __net_timestamp().
The fix is to sctp also use ktime_get_real(), so we can compare bananas
with bananas later no matter if packet timestamping was enabled or not.
Fixes: 52db882f3fc2 ("net: sctp: migrate cookie life from timeval to ktime")
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sctp/sm_make_chunk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index a655ddc..abbb411 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1652,7 +1652,7 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
/* Set an expiration time for the cookie. */
cookie->c.expiration = ktime_add(asoc->cookie_life,
- ktime_get());
+ ktime_get_real());
/* Copy the peer's init packet. */
memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
@@ -1780,7 +1780,7 @@ no_hmac:
if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
kt = skb_get_ktime(skb);
else
- kt = ktime_get();
+ kt = ktime_get_real();
if (!asoc && ktime_before(bear_cookie->expiration, kt)) {
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 186/211] sctp: update the netstamp_needed counter when copying sockets
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (184 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 185/211] sctp: use the same clock as if sock source timestamps were on Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 187/211] sctp: also copy sk_tsflags when copying the socket Kamal Mostafa
` (24 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcelo Ricardo Leitner, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
[ Upstream commit 01ce63c90170283a9855d1db4fe81934dddce648 ]
Dmitry Vyukov reported that SCTP was triggering a WARN on socket destroy
related to disabling sock timestamp.
When SCTP accepts an association or peel one off, it copies sock flags
but forgot to call net_enable_timestamp() if a packet timestamping flag
was copied, leading to extra calls to net_disable_timestamp() whenever
such clones were closed.
The fix is to call net_enable_timestamp() whenever we copy a sock with
that flag on, like tcp does.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/sock.h | 2 ++
net/core/sock.c | 2 --
net/sctp/socket.c | 3 +++
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 4ca4c3f..4005c91 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -722,6 +722,8 @@ enum sock_flags {
SOCK_SELECT_ERR_QUEUE, /* Wake select on error queue */
};
+#define SK_FLAGS_TIMESTAMP ((1UL << SOCK_TIMESTAMP) | (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE))
+
static inline void sock_copy_flags(struct sock *nsk, struct sock *osk)
{
nsk->sk_flags = osk->sk_flags;
diff --git a/net/core/sock.c b/net/core/sock.c
index 193901d..544ff7d 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -422,8 +422,6 @@ static void sock_warn_obsolete_bsdism(const char *name)
}
}
-#define SK_FLAGS_TIMESTAMP ((1UL << SOCK_TIMESTAMP) | (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE))
-
static void sock_disable_timestamp(struct sock *sk, unsigned long flags)
{
if (sk->sk_flags & flags) {
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 3ec88be..f19a67c 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -7195,6 +7195,9 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk,
newinet->mc_ttl = 1;
newinet->mc_index = 0;
newinet->mc_list = NULL;
+
+ if (newsk->sk_flags & SK_FLAGS_TIMESTAMP)
+ net_enable_timestamp();
}
static inline void sctp_copy_descendant(struct sock *sk_to,
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 187/211] sctp: also copy sk_tsflags when copying the socket
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (185 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 186/211] sctp: update the netstamp_needed counter when copying sockets Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 188/211] net: cdc_mbim: add "NDP to end" quirk for Huawei E3372 Kamal Mostafa
` (23 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcelo Ricardo Leitner, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
[ Upstream commit 50a5ffb1ef535e3c6989711c51b5d61b543a3b45 ]
As we are keeping timestamps on when copying the socket, we also have to
copy sk_tsflags.
This is needed since b9f40e21ef42 ("net-timestamp: move timestamp flags
out of sk_flags").
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sctp/socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index f19a67c..84b1b50 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -7163,6 +7163,7 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk,
newsk->sk_type = sk->sk_type;
newsk->sk_bound_dev_if = sk->sk_bound_dev_if;
newsk->sk_flags = sk->sk_flags;
+ newsk->sk_tsflags = sk->sk_tsflags;
newsk->sk_no_check_tx = sk->sk_no_check_tx;
newsk->sk_no_check_rx = sk->sk_no_check_rx;
newsk->sk_reuse = sk->sk_reuse;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 188/211] net: cdc_mbim: add "NDP to end" quirk for Huawei E3372
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (186 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 187/211] sctp: also copy sk_tsflags when copying the socket Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 189/211] net: qca_spi: fix transmit queue timeout handling Kamal Mostafa
` (22 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Enrico Mioso, Bjørn Mork, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
[ Upstream commit f8c0cfa5eca902d388c0b57c7ca29a1ff2e6d8c6 ]
The Huawei E3372 (12d1:157d) needs this quirk in MBIM mode
as well. Allow this by forcing the NTB to contain only a
single NDP, and add a device specific entry for this ID.
Due to the way Huawei use device IDs, this might be applied
to other modems as well. It is assumed that those modems
will be based on the same firmware and will need this quirk
too. If not, it will still not harm normal usage, although
multiplexing performance could be impacted.
Cc: Enrico Mioso <mrkiko.rs@gmail.com>
Reported-by: Sami Farin <hvtaifwkbgefbaei@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-By: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/usb/cdc_mbim.c | 26 +++++++++++++++++++++++++-
drivers/net/usb/cdc_ncm.c | 10 +++++++++-
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c
index efc18e0..b6ea6ff 100644
--- a/drivers/net/usb/cdc_mbim.c
+++ b/drivers/net/usb/cdc_mbim.c
@@ -158,7 +158,7 @@ static int cdc_mbim_bind(struct usbnet *dev, struct usb_interface *intf)
if (!cdc_ncm_comm_intf_is_mbim(intf->cur_altsetting))
goto err;
- ret = cdc_ncm_bind_common(dev, intf, data_altsetting, 0);
+ ret = cdc_ncm_bind_common(dev, intf, data_altsetting, dev->driver_info->data);
if (ret)
goto err;
@@ -582,6 +582,26 @@ static const struct driver_info cdc_mbim_info_zlp = {
.tx_fixup = cdc_mbim_tx_fixup,
};
+/* The spefication explicitly allows NDPs to be placed anywhere in the
+ * frame, but some devices fail unless the NDP is placed after the IP
+ * packets. Using the CDC_NCM_FLAG_NDP_TO_END flags to force this
+ * behaviour.
+ *
+ * Note: The current implementation of this feature restricts each NTB
+ * to a single NDP, implying that multiplexed sessions cannot share an
+ * NTB. This might affect performace for multiplexed sessions.
+ */
+static const struct driver_info cdc_mbim_info_ndp_to_end = {
+ .description = "CDC MBIM",
+ .flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET | FLAG_WWAN,
+ .bind = cdc_mbim_bind,
+ .unbind = cdc_mbim_unbind,
+ .manage_power = cdc_mbim_manage_power,
+ .rx_fixup = cdc_mbim_rx_fixup,
+ .tx_fixup = cdc_mbim_tx_fixup,
+ .data = CDC_NCM_FLAG_NDP_TO_END,
+};
+
static const struct usb_device_id mbim_devs[] = {
/* This duplicate NCM entry is intentional. MBIM devices can
* be disguised as NCM by default, and this is necessary to
@@ -597,6 +617,10 @@ static const struct usb_device_id mbim_devs[] = {
{ USB_VENDOR_AND_INTERFACE_INFO(0x0bdb, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE),
.driver_info = (unsigned long)&cdc_mbim_info,
},
+ /* Huawei E3372 fails unless NDP comes after the IP packets */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x12d1, 0x157d, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE),
+ .driver_info = (unsigned long)&cdc_mbim_info_ndp_to_end,
+ },
/* default entry */
{ USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE),
.driver_info = (unsigned long)&cdc_mbim_info_zlp,
diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
index db40175..fa41a6d 100644
--- a/drivers/net/usb/cdc_ncm.c
+++ b/drivers/net/usb/cdc_ncm.c
@@ -1006,10 +1006,18 @@ static struct usb_cdc_ncm_ndp16 *cdc_ncm_ndp(struct cdc_ncm_ctx *ctx, struct sk_
* NTH16 header as we would normally do. NDP isn't written to the SKB yet, and
* the wNdpIndex field in the header is actually not consistent with reality. It will be later.
*/
- if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END)
+ if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END) {
if (ctx->delayed_ndp16->dwSignature == sign)
return ctx->delayed_ndp16;
+ /* We can only push a single NDP to the end. Return
+ * NULL to send what we've already got and queue this
+ * skb for later.
+ */
+ else if (ctx->delayed_ndp16->dwSignature)
+ return NULL;
+ }
+
/* follow the chain of NDPs, looking for a match */
while (ndpoffset) {
ndp16 = (struct usb_cdc_ncm_ndp16 *)(skb->data + ndpoffset);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 189/211] net: qca_spi: fix transmit queue timeout handling
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (187 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 188/211] net: cdc_mbim: add "NDP to end" quirk for Huawei E3372 Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 190/211] r8152: fix lockup when runtime PM is enabled Kamal Mostafa
` (21 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Stefan Wahren, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit ed7d42e24effbd3681e909711a7a2119a85e9217 ]
In case of a tx queue timeout every transmit is blocked until the
QCA7000 resets himself and triggers a sync which makes the driver
flushs the tx ring. So avoid this blocking situation by triggering
the sync immediately after the timeout. Waking the queue doesn't
make sense in this situation.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Fixes: 291ab06ecf67 ("net: qualcomm: new Ethernet over SPI driver for QCA7000")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/qualcomm/qca_spi.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/qualcomm/qca_spi.c b/drivers/net/ethernet/qualcomm/qca_spi.c
index 2f87909..60ccc29 100644
--- a/drivers/net/ethernet/qualcomm/qca_spi.c
+++ b/drivers/net/ethernet/qualcomm/qca_spi.c
@@ -736,9 +736,8 @@ qcaspi_netdev_tx_timeout(struct net_device *dev)
netdev_info(qca->net_dev, "Transmit timeout at %ld, latency %ld\n",
jiffies, jiffies - dev->trans_start);
qca->net_dev->stats.tx_errors++;
- /* wake the queue if there is room */
- if (qcaspi_tx_ring_has_space(&qca->txr))
- netif_wake_queue(dev);
+ /* Trigger tx queue flush and QCA7000 reset */
+ qca->sync = QCASPI_SYNC_UNKNOWN;
}
static int
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 190/211] r8152: fix lockup when runtime PM is enabled
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (188 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 189/211] net: qca_spi: fix transmit queue timeout handling Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 191/211] ipv6: sctp: clone options to avoid use after free Kamal Mostafa
` (20 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Wu, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Wu <peter@lekensteyn.nl>
[ Upstream commit 90186af404ada5a47b875bf3c16d0b02bb023ea0 ]
When an interface is brought up which was previously suspended (via
runtime PM), it would hang. This happens because napi_disable is called
before napi_enable.
Solve this by avoiding napi_enable in the resume during open function
(netif_running is true when open is called, IFF_UP is set after a
successful open; netif_running is false when close is called, but IFF_UP
is then still set).
While at it, remove WORK_ENABLE check from rtl8152_open (introduced with
the original change) because it cannot happen:
- After this patch, runtime resume will not set it during rtl8152_open.
- When link is up, rtl8152_open is not called.
- When link is down during system/auto suspend/resume, it is not set.
Fixes: 41cec84cf285 ("r8152: don't enable napi before rx ready")
Link: https://lkml.kernel.org/r/20151205105912.GA1766@al
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Acked-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/usb/r8152.c | 21 +++------------------
1 file changed, 3 insertions(+), 18 deletions(-)
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index ad8cbc6..d3d30e6 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -3025,17 +3025,6 @@ static int rtl8152_open(struct net_device *netdev)
mutex_lock(&tp->control);
- /* The WORK_ENABLE may be set when autoresume occurs */
- if (test_bit(WORK_ENABLE, &tp->flags)) {
- clear_bit(WORK_ENABLE, &tp->flags);
- usb_kill_urb(tp->intr_urb);
- cancel_delayed_work_sync(&tp->schedule);
-
- /* disable the tx/rx, if the workqueue has enabled them. */
- if (netif_carrier_ok(netdev))
- tp->rtl_ops.disable(tp);
- }
-
tp->rtl_ops.up(tp);
rtl8152_set_speed(tp, AUTONEG_ENABLE,
@@ -3082,12 +3071,6 @@ static int rtl8152_close(struct net_device *netdev)
} else {
mutex_lock(&tp->control);
- /* The autosuspend may have been enabled and wouldn't
- * be disable when autoresume occurs, because the
- * netif_running() would be false.
- */
- rtl_runtime_suspend_enable(tp, false);
-
tp->rtl_ops.down(tp);
mutex_unlock(&tp->control);
@@ -3442,7 +3425,7 @@ static int rtl8152_resume(struct usb_interface *intf)
netif_device_attach(tp->netdev);
}
- if (netif_running(tp->netdev)) {
+ if (netif_running(tp->netdev) && tp->netdev->flags & IFF_UP) {
if (test_bit(SELECTIVE_SUSPEND, &tp->flags)) {
rtl_runtime_suspend_enable(tp, false);
clear_bit(SELECTIVE_SUSPEND, &tp->flags);
@@ -3462,6 +3445,8 @@ static int rtl8152_resume(struct usb_interface *intf)
}
usb_submit_urb(tp->intr_urb, GFP_KERNEL);
} else if (test_bit(SELECTIVE_SUSPEND, &tp->flags)) {
+ if (tp->netdev->flags & IFF_UP)
+ rtl_runtime_suspend_enable(tp, false);
clear_bit(SELECTIVE_SUSPEND, &tp->flags);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 191/211] ipv6: sctp: clone options to avoid use after free
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (189 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 190/211] r8152: fix lockup when runtime PM is enabled Kamal Mostafa
@ 2016-01-05 19:44 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 192/211] phy: micrel: Fix finding PHY properties in MAC node Kamal Mostafa
` (19 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:44 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 9470e24f35ab81574da54e69df90c1eb4a96b43f ]
SCTP is lacking proper np->opt cloning at accept() time.
TCP and DCCP use ipv6_dup_options() helper, do the same
in SCTP.
We might later factorize this code in a common helper to avoid
future mistakes.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sctp/ipv6.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index e917d27..40677cf 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -635,6 +635,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
struct sock *newsk;
struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
struct sctp6_sock *newsctp6sk;
+ struct ipv6_txoptions *opt;
newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, 0);
if (!newsk)
@@ -654,6 +655,13 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
memcpy(newnp, np, sizeof(struct ipv6_pinfo));
+ rcu_read_lock();
+ opt = rcu_dereference(np->opt);
+ if (opt)
+ opt = ipv6_dup_options(newsk, opt);
+ RCU_INIT_POINTER(newnp->opt, opt);
+ rcu_read_unlock();
+
/* Initialize sk's sport, dport, rcv_saddr and daddr for getsockname()
* and getpeername().
*/
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 192/211] phy: micrel: Fix finding PHY properties in MAC node.
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (190 preceding siblings ...)
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 191/211] ipv6: sctp: clone options to avoid use after free Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 193/211] net: add validation for the socket syscall protocol argument Kamal Mostafa
` (18 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrew Lunn, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Lunn <andrew@lunn.ch>
[ Upstream commit 651df2183543bc92f5dbcf99cd9e236ead0bc4c5 ]
commit 8b63ec1837fa ("phylib: Make PHYs children of their MDIO bus,
not the bus' parent.") changed the parenting of PHY devices, making
them a child of the MDIO bus, instead of the MAC device. This broken
the Micrel PHY driver which has a deprecated feature of allowing PHY
properties to be placed into the MAC node.
In order to find the MAC node, we need to walk up the tree of devices
until we find one with an OF node attached.
Reported-by: Dinh Nguyen <dinguyen@opensource.altera.com>
Suggested-by: David Daney <david.daney@cavium.com>
Acked-by: David Daney <david.daney@cavium.com>
Fixes: 8b63ec1837fa ("phylib: Make PHYs children of their MDIO bus, not the bus' parent.")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Tested-by: Dinh Nguyen <dinguyen@opensource.altera.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/phy/micrel.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c
index 499185e..4bb8149 100644
--- a/drivers/net/phy/micrel.c
+++ b/drivers/net/phy/micrel.c
@@ -339,9 +339,18 @@ static int ksz9021_config_init(struct phy_device *phydev)
{
const struct device *dev = &phydev->dev;
const struct device_node *of_node = dev->of_node;
-
- if (!of_node && dev->parent->of_node)
- of_node = dev->parent->of_node;
+ const struct device *dev_walker;
+
+ /* The Micrel driver has a deprecated option to place phy OF
+ * properties in the MAC node. Walk up the tree of devices to
+ * find a device with an OF node.
+ */
+ dev_walker = &phydev->dev;
+ do {
+ of_node = dev_walker->of_node;
+ dev_walker = dev_walker->parent;
+
+ } while (!of_node && dev_walker);
if (of_node) {
ksz9021_load_values_from_of(phydev, of_node,
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 193/211] net: add validation for the socket syscall protocol argument
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (191 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 192/211] phy: micrel: Fix finding PHY properties in MAC node Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 194/211] sh_eth: fix kernel oops in skb_put() Kamal Mostafa
` (17 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Cong Wang, Hannes Frederic Sowa, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
[ Upstream commit 79462ad02e861803b3840cc782248c7359451cd9 ]
郭永刚 reported that one could simply crash the kernel as root by
using a simple program:
int socket_fd;
struct sockaddr_in addr;
addr.sin_port = 0;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_family = 10;
socket_fd = socket(10,3,0x40000000);
connect(socket_fd , &addr,16);
AF_INET, AF_INET6 sockets actually only support 8-bit protocol
identifiers. inet_sock's skc_protocol field thus is sized accordingly,
thus larger protocol identifiers simply cut off the higher bits and
store a zero in the protocol fields.
This could lead to e.g. NULL function pointer because as a result of
the cut off inet_num is zero and we call down to inet_autobind, which
is NULL for raw sockets.
kernel: Call Trace:
kernel: [<ffffffff816db90e>] ? inet_autobind+0x2e/0x70
kernel: [<ffffffff816db9a4>] inet_dgram_connect+0x54/0x80
kernel: [<ffffffff81645069>] SYSC_connect+0xd9/0x110
kernel: [<ffffffff810ac51b>] ? ptrace_notify+0x5b/0x80
kernel: [<ffffffff810236d8>] ? syscall_trace_enter_phase2+0x108/0x200
kernel: [<ffffffff81645e0e>] SyS_connect+0xe/0x10
kernel: [<ffffffff81779515>] tracesys_phase2+0x84/0x89
I found no particular commit which introduced this problem.
CVE: CVE-2015-8543
Cc: Cong Wang <cwang@twopensource.com>
Reported-by: 郭永刚 <guoyonggang@360.cn>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/sock.h | 1 +
net/ax25/af_ax25.c | 3 +++
net/decnet/af_decnet.c | 3 +++
net/ipv4/af_inet.c | 3 +++
net/ipv6/af_inet6.c | 3 +++
net/irda/af_irda.c | 3 +++
6 files changed, 16 insertions(+)
diff --git a/include/net/sock.h b/include/net/sock.h
index 4005c91..2996298 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -387,6 +387,7 @@ struct sock {
sk_no_check_rx : 1,
sk_userlocks : 4,
sk_protocol : 8,
+#define SK_PROTOCOL_MAX U8_MAX
sk_type : 16;
kmemcheck_bitfield_end(flags);
int sk_wmem_queued;
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index ae3a47f..fbd0acf 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -805,6 +805,9 @@ static int ax25_create(struct net *net, struct socket *sock, int protocol,
struct sock *sk;
ax25_cb *ax25;
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
+ return -EINVAL;
+
if (!net_eq(net, &init_net))
return -EAFNOSUPPORT;
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 675cf94..6feddca 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -678,6 +678,9 @@ static int dn_create(struct net *net, struct socket *sock, int protocol,
{
struct sock *sk;
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
+ return -EINVAL;
+
if (!net_eq(net, &init_net))
return -EAFNOSUPPORT;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 9532ee8..6de5b8f 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -259,6 +259,9 @@ static int inet_create(struct net *net, struct socket *sock, int protocol,
int try_loading_module = 0;
int err;
+ if (protocol < 0 || protocol >= IPPROTO_MAX)
+ return -EINVAL;
+
sock->state = SS_UNCONNECTED;
/* Look for the requested type/protocol pair. */
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index d87519e..358bba9 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -109,6 +109,9 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
int try_loading_module = 0;
int err;
+ if (protocol < 0 || protocol >= IPPROTO_MAX)
+ return -EINVAL;
+
/* Look for the requested type/protocol pair. */
lookup_protocol:
err = -ESOCKTNOSUPPORT;
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index fae6822..25f63a8 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1086,6 +1086,9 @@ static int irda_create(struct net *net, struct socket *sock, int protocol,
struct sock *sk;
struct irda_sock *self;
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
+ return -EINVAL;
+
if (net != &init_net)
return -EAFNOSUPPORT;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 194/211] sh_eth: fix kernel oops in skb_put()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (192 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 193/211] net: add validation for the socket syscall protocol argument Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 195/211] net: fix IP early demux races Kamal Mostafa
` (16 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sergei Shtylyov, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
[ Upstream commit 248be83dcb3feb3f6332eb3d010a016402138484 ]
In a low memory situation the following kernel oops occurs:
Unable to handle kernel NULL pointer dereference at virtual address 00000050
pgd = 8490c000
[00000050] *pgd=4651e831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT ARM
Modules linked in:
CPU: 0 Not tainted (3.4-at16 #9)
PC is at skb_put+0x10/0x98
LR is at sh_eth_poll+0x2c8/0xa10
pc : [<8035f780>] lr : [<8028bf50>] psr: 60000113
sp : 84eb1a90 ip : 84eb1ac8 fp : 84eb1ac4
r10: 0000003f r9 : 000005ea r8 : 00000000
r7 : 00000000 r6 : 940453b0 r5 : 00030000 r4 : 9381b180
r3 : 00000000 r2 : 00000000 r1 : 000005ea r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 10c53c7d Table: 4248c059 DAC: 00000015
Process klogd (pid: 2046, stack limit = 0x84eb02e8)
[...]
This is because netdev_alloc_skb() fails and 'mdp->rx_skbuff[entry]' is left
NULL but sh_eth_rx() later uses it without checking. Add such check...
Reported-by: Yasushi SHOJI <yashi@atmark-techno.com>
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/renesas/sh_eth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
index 7fb244f..13463c4 100644
--- a/drivers/net/ethernet/renesas/sh_eth.c
+++ b/drivers/net/ethernet/renesas/sh_eth.c
@@ -1481,6 +1481,7 @@ static int sh_eth_rx(struct net_device *ndev, u32 intr_status, int *quota)
if (mdp->cd->shift_rd0)
desc_status >>= 16;
+ skb = mdp->rx_skbuff[entry];
if (desc_status & (RD_RFS1 | RD_RFS2 | RD_RFS3 | RD_RFS4 |
RD_RFS5 | RD_RFS6 | RD_RFS10)) {
ndev->stats.rx_errors++;
@@ -1496,12 +1497,11 @@ static int sh_eth_rx(struct net_device *ndev, u32 intr_status, int *quota)
ndev->stats.rx_missed_errors++;
if (desc_status & RD_RFS10)
ndev->stats.rx_over_errors++;
- } else {
+ } else if (skb) {
if (!mdp->cd->hw_swap)
sh_eth_soft_swap(
phys_to_virt(ALIGN(rxdesc->addr, 4)),
pkt_len + 2);
- skb = mdp->rx_skbuff[entry];
mdp->rx_skbuff[entry] = NULL;
if (mdp->cd->rpadir)
skb_reserve(skb, NET_IP_ALIGN);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 195/211] net: fix IP early demux races
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (193 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 194/211] sh_eth: fix kernel oops in skb_put() Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 196/211] pptp: verify sockaddr_len in pptp_bind() and pptp_connect() Kamal Mostafa
` (15 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 5037e9ef9454917b047f9f3a19b4dd179fbf7cd4 ]
David Wilder reported crashes caused by dst reuse.
<quote David>
I am seeing a crash on a distro V4.2.3 kernel caused by a double
release of a dst_entry. In ipv4_dst_destroy() the call to
list_empty() finds a poisoned next pointer, indicating the dst_entry
has already been removed from the list and freed. The crash occurs
18 to 24 hours into a run of a network stress exerciser.
</quote>
Thanks to his detailed report and analysis, we were able to understand
the core issue.
IP early demux can associate a dst to skb, after a lookup in TCP/UDP
sockets.
When socket cache is not properly set, we want to store into
sk->sk_dst_cache the dst for future IP early demux lookups,
by acquiring a stable refcount on the dst.
Problem is this acquisition is simply using an atomic_inc(),
which works well, unless the dst was queued for destruction from
dst_release() noticing dst refcount went to zero, if DST_NOCACHE
was set on dst.
We need to make sure current refcount is not zero before incrementing
it, or risk double free as David reported.
This patch, being a stable candidate, adds two new helpers, and use
them only from IP early demux problematic paths.
It might be possible to merge in net-next skb_dst_force() and
skb_dst_force_safe(), but I prefer having the smallest patch for stable
kernels : Maybe some skb_dst_force() callers do not expect skb->dst
can suddenly be cleared.
Can probably be backported back to linux-3.6 kernels
Reported-by: David J. Wilder <dwilder@us.ibm.com>
Tested-by: David J. Wilder <dwilder@us.ibm.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/dst.h | 33 +++++++++++++++++++++++++++++++++
include/net/sock.h | 2 +-
net/ipv4/tcp_ipv4.c | 5 ++---
net/ipv6/tcp_ipv6.c | 3 +--
4 files changed, 37 insertions(+), 6 deletions(-)
diff --git a/include/net/dst.h b/include/net/dst.h
index 2bc73f8a..c34b277 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -306,6 +306,39 @@ static inline void skb_dst_force(struct sk_buff *skb)
}
}
+/**
+ * dst_hold_safe - Take a reference on a dst if possible
+ * @dst: pointer to dst entry
+ *
+ * This helper returns false if it could not safely
+ * take a reference on a dst.
+ */
+static inline bool dst_hold_safe(struct dst_entry *dst)
+{
+ if (dst->flags & DST_NOCACHE)
+ return atomic_inc_not_zero(&dst->__refcnt);
+ dst_hold(dst);
+ return true;
+}
+
+/**
+ * skb_dst_force_safe - makes sure skb dst is refcounted
+ * @skb: buffer
+ *
+ * If dst is not yet refcounted and not destroyed, grab a ref on it.
+ */
+static inline void skb_dst_force_safe(struct sk_buff *skb)
+{
+ if (skb_dst_is_noref(skb)) {
+ struct dst_entry *dst = skb_dst(skb);
+
+ if (!dst_hold_safe(dst))
+ dst = NULL;
+
+ skb->_skb_refdst = (unsigned long)dst;
+ }
+}
+
/**
* __skb_tunnel_rx - prepare skb for rx reinsert
diff --git a/include/net/sock.h b/include/net/sock.h
index 2996298..208c874 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -799,7 +799,7 @@ void sk_stream_write_space(struct sock *sk);
static inline void __sk_add_backlog(struct sock *sk, struct sk_buff *skb)
{
/* dont let skb dst not refcounted, we are going to leave rcu lock */
- skb_dst_force(skb);
+ skb_dst_force_safe(skb);
if (!sk->sk_backlog.tail)
sk->sk_backlog.head = skb;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 216be79..b78df51 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1509,7 +1509,7 @@ bool tcp_prequeue(struct sock *sk, struct sk_buff *skb)
if (likely(sk->sk_rx_dst))
skb_dst_drop(skb);
else
- skb_dst_force(skb);
+ skb_dst_force_safe(skb);
__skb_queue_tail(&tp->ucopy.prequeue, skb);
tp->ucopy.memory += skb->truesize;
@@ -1711,8 +1711,7 @@ void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
{
struct dst_entry *dst = skb_dst(skb);
- if (dst) {
- dst_hold(dst);
+ if (dst && dst_hold_safe(dst)) {
sk->sk_rx_dst = dst;
inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
}
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index bbe91f4..682756c 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -93,10 +93,9 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
{
struct dst_entry *dst = skb_dst(skb);
- if (dst) {
+ if (dst && dst_hold_safe(dst)) {
const struct rt6_info *rt = (const struct rt6_info *)dst;
- dst_hold(dst);
sk->sk_rx_dst = dst;
inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 196/211] pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (194 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 195/211] net: fix IP early demux races Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 197/211] vlan: Fix untag operations of stacked vlans with REORDER_HEADER off Kamal Mostafa
` (14 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Cong Wang, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: WANG Cong <xiyou.wangcong@gmail.com>
[ Upstream commit 09ccfd238e5a0e670d8178cf50180ea81ae09ae1 ]
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ppp/pptp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
index 686f37d..b910cae 100644
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -418,6 +418,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
struct pptp_opt *opt = &po->proto.pptp;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
lock_sock(sk);
opt->src_addr = sp->sa_addr.pptp;
@@ -439,6 +442,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
struct flowi4 fl4;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
if (sp->sa_protocol != PX_PROTO_PPTP)
return -EINVAL;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 197/211] vlan: Fix untag operations of stacked vlans with REORDER_HEADER off
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (195 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 196/211] pptp: verify sockaddr_len in pptp_bind() and pptp_connect() Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 198/211] skbuff: Fix offset error in skb_reorder_vlan_header Kamal Mostafa
` (13 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Vladislav Yasevich, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Yasevich <vyasevich@gmail.com>
[ Upstream commit a6e18ff111701b4ff6947605bfbe9594ec42a6e8 ]
When we have multiple stacked vlan devices all of which have
turned off REORDER_HEADER flag, the untag operation does not
locate the ethernet addresses correctly for nested vlans.
The reason is that in case of REORDER_HEADER flag being off,
the outer vlan headers are put back and the mac_len is adjusted
to account for the presense of the header. Then, the subsequent
untag operation, for the next level vlan, always use VLAN_ETH_HLEN
to locate the begining of the ethernet header and that ends up
being a multiple of 4 bytes short of the actuall beginning
of the mac header (the multiple depending on the how many vlan
encapsulations ethere are).
As a reslult, if there are multiple levles of vlan devices
with REODER_HEADER being off, the recevied packets end up
being dropped.
To solve this, we use skb->mac_len as the offset. The value
is always set on receive path and starts out as a ETH_HLEN.
The value is also updated when the vlan header manupations occur
so we know it will be correct.
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/core/skbuff.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 7bfa187..94c00af 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4268,7 +4268,8 @@ static struct sk_buff *skb_reorder_vlan_header(struct sk_buff *skb)
return NULL;
}
- memmove(skb->data - ETH_HLEN, skb->data - VLAN_ETH_HLEN, 2 * ETH_ALEN);
+ memmove(skb->data - ETH_HLEN, skb->data - skb->mac_len,
+ 2 * ETH_ALEN);
skb->mac_header += VLAN_HLEN;
return skb;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 198/211] skbuff: Fix offset error in skb_reorder_vlan_header
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (196 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 197/211] vlan: Fix untag operations of stacked vlans with REORDER_HEADER off Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 199/211] net: check both type and procotol for tcp sockets Kamal Mostafa
` (12 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nicolas Dichtel, Patrick McHardy, Vladislav Yasevich,
David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Yasevich <vyasevich@gmail.com>
[ Upstream commit f654861569872d10dcb79d9d7ca219b316f94ff0 ]
skb_reorder_vlan_header is called after the vlan header has
been pulled. As a result the offset of the begining of
the mac header has been incrased by 4 bytes (VLAN_HLEN).
When moving the mac addresses, include this incrase in
the offset calcualation so that the mac addresses are
copied correctly.
Fixes: a6e18ff1117 (vlan: Fix untag operations of stacked vlans with REORDER_HEADER off)
CC: Nicolas Dichtel <nicolas.dichtel@6wind.com>
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: Vladislav Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/core/skbuff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 94c00af..9ad9576 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4268,7 +4268,7 @@ static struct sk_buff *skb_reorder_vlan_header(struct sk_buff *skb)
return NULL;
}
- memmove(skb->data - ETH_HLEN, skb->data - skb->mac_len,
+ memmove(skb->data - ETH_HLEN, skb->data - skb->mac_len - VLAN_HLEN,
2 * ETH_ALEN);
skb->mac_header += VLAN_HLEN;
return skb;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 199/211] net: check both type and procotol for tcp sockets
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (197 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 198/211] skbuff: Fix offset error in skb_reorder_vlan_header Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 200/211] net_sched: make qdisc_tree_decrease_qlen() work for non mq Kamal Mostafa
` (11 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Willem de Bruijn, Eric Dumazet, Cong Wang, David S. Miller,
Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: WANG Cong <xiyou.wangcong@gmail.com>
[ Upstream commit ac5cc977991d2dce85fc734a6c71ddb33f6fe3c1 ]
Dmitry reported the following out-of-bound access:
Call Trace:
[<ffffffff816cec2e>] __asan_report_load4_noabort+0x3e/0x40
mm/kasan/report.c:294
[<ffffffff84affb14>] sock_setsockopt+0x1284/0x13d0 net/core/sock.c:880
[< inline >] SYSC_setsockopt net/socket.c:1746
[<ffffffff84aed7ee>] SyS_setsockopt+0x1fe/0x240 net/socket.c:1729
[<ffffffff85c18c76>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
This is because we mistake a raw socket as a tcp socket.
We should check both sk->sk_type and sk->sk_protocol to ensure
it is a tcp socket.
Willem points out __skb_complete_tx_timestamp() needs to fix as well.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/core/skbuff.c | 3 ++-
net/core/sock.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 9ad9576..dd6d553 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3643,7 +3643,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb,
serr->ee.ee_info = tstype;
if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) {
serr->ee.ee_data = skb_shinfo(skb)->tskey;
- if (sk->sk_protocol == IPPROTO_TCP)
+ if (sk->sk_protocol == IPPROTO_TCP &&
+ sk->sk_type == SOCK_STREAM)
serr->ee.ee_data -= sk->sk_tskey;
}
diff --git a/net/core/sock.c b/net/core/sock.c
index 544ff7d..623224a 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -860,7 +860,8 @@ set_rcvbuf:
if (val & SOF_TIMESTAMPING_OPT_ID &&
!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)) {
- if (sk->sk_protocol == IPPROTO_TCP) {
+ if (sk->sk_protocol == IPPROTO_TCP &&
+ sk->sk_type == SOCK_STREAM) {
if (sk->sk_state != TCP_ESTABLISHED) {
ret = -EINVAL;
break;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 200/211] net_sched: make qdisc_tree_decrease_qlen() work for non mq
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (198 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 199/211] net: check both type and procotol for tcp sockets Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 201/211] bluetooth: Validate socket address length in sco_sock_bind() Kamal Mostafa
` (10 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 225734de70cd0a9e0b978f3583a4a87939271d5e ]
Stas Nichiporovich reported a regression in his HFSC qdisc setup
on a non multi queue device.
It turns out I mistakenly added a TCQ_F_NOPARENT flag on all qdisc
allocated in qdisc_create() for non multi queue devices, which was
rather buggy. I was clearly mislead by the TCQ_F_ONETXQUEUE that is
also set here for no good reason, since it only matters for the root
qdisc.
Fixes: 4eaf3b84f288 ("net_sched: fix qdisc_tree_decrease_qlen() races")
Reported-by: Stas Nichiporovich <stasn77@gmail.com>
Tested-by: Stas Nichiporovich <stasn77@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sched/sch_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 1a0aa2a..ae795fd 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -950,7 +950,7 @@ qdisc_create(struct net_device *dev, struct netdev_queue *dev_queue,
}
lockdep_set_class(qdisc_lock(sch), &qdisc_tx_lock);
if (!netif_is_multiqueue(dev))
- sch->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT;
+ sch->flags |= TCQ_F_ONETXQUEUE;
}
sch->handle = handle;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 201/211] bluetooth: Validate socket address length in sco_sock_bind().
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (199 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 200/211] net_sched: make qdisc_tree_decrease_qlen() work for non mq Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 202/211] net: fix uninitialized variable issue Kamal Mostafa
` (9 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 5233252fce714053f0151680933571a2da9cbfb4 ]
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/bluetooth/sco.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 688a040..fc00e9a 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -520,6 +520,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
if (!addr || addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
+ if (addr_len < sizeof(struct sockaddr_sco))
+ return -EINVAL;
+
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 202/211] net: fix uninitialized variable issue
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (200 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 201/211] bluetooth: Validate socket address length in sco_sock_bind() Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 203/211] ipv6: automatically enable stable privacy mode if stable_secret set Kamal Mostafa
` (8 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tadeusz Struk, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "tadeusz.struk@intel.com" <tadeusz.struk@intel.com>
[ Upstream commit 130ed5d105dde141e7fe60d5440aa53e0a84f13b ]
msg_iocb needs to be initialized on the recv/recvfrom path.
Otherwise afalg will wrongly interpret it as an async call.
Reported-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/socket.c b/net/socket.c
index 9963a0b..f3fbe17 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1702,6 +1702,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
/* We assume all kernel code knows the size of sockaddr_storage */
msg.msg_namelen = 0;
+ msg.msg_iocb = NULL;
if (sock->file->f_flags & O_NONBLOCK)
flags |= MSG_DONTWAIT;
err = sock_recvmsg(sock, &msg, iov_iter_count(&msg.msg_iter), flags);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 203/211] ipv6: automatically enable stable privacy mode if stable_secret set
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (201 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 202/211] net: fix uninitialized variable issue Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 204/211] rhashtable: Enforce minimum size on initial hash table Kamal Mostafa
` (7 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bjørn Mork, Hannes Frederic Sowa, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
[ Upstream commit 9b29c6962b70f232cde4076b1020191e1be0889d ]
Bjørn reported that while we switch all interfaces to privacy stable mode
when setting the secret, we don't set this mode for new interfaces. This
does not make sense, so change this behaviour.
Fixes: 622c81d57b392cc ("ipv6: generation of stable privacy addresses for link-local and autoconf")
Reported-by: Bjørn Mork <bjorn@mork.no>
Cc: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/addrconf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 6ab56d8..f4d78a4 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -343,6 +343,12 @@ static struct inet6_dev *ipv6_add_dev(struct net_device *dev)
setup_timer(&ndev->rs_timer, addrconf_rs_timer,
(unsigned long)ndev);
memcpy(&ndev->cnf, dev_net(dev)->ipv6.devconf_dflt, sizeof(ndev->cnf));
+
+ if (ndev->cnf.stable_secret.initialized)
+ ndev->addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
+ else
+ ndev->addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64;
+
ndev->cnf.mtu6 = dev->mtu;
ndev->cnf.sysctl = NULL;
ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 204/211] rhashtable: Enforce minimum size on initial hash table
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (202 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 203/211] ipv6: automatically enable stable privacy mode if stable_secret set Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 205/211] gianfar: Don't enable RX Filer if not supported Kamal Mostafa
` (6 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Herbert Xu, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 3a324606bbabfc30084ce9d08169910773ba9a92 ]
William Hua <william.hua@canonical.com> wrote:
>
> I wasn't aware there was an enforced minimum size. I simply set the
> nelem_hint in the rhastable_params struct to 1, expecting it to grow as
> needed. This caused a segfault afterwards when trying to insert an
> element.
OK we're doing the size computation before we enforce the limit
on min_size.
---8<---
We need to do the initial hash table size computation after we
have obtained the correct min_size/max_size parameters. Otherwise
we may end up with a hash table whose size is outside the allowed
envelope.
Fixes: a998f712f77e ("rhashtable: Round up/down min/max_size to...")
Reported-by: William Hua <william.hua@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
lib/rhashtable.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/rhashtable.c b/lib/rhashtable.c
index cc0c697..7d79983 100644
--- a/lib/rhashtable.c
+++ b/lib/rhashtable.c
@@ -726,9 +726,6 @@ int rhashtable_init(struct rhashtable *ht,
if (params->nulls_base && params->nulls_base < (1U << RHT_BASE_SHIFT))
return -EINVAL;
- if (params->nelem_hint)
- size = rounded_hashtable_size(params);
-
memset(ht, 0, sizeof(*ht));
mutex_init(&ht->mutex);
spin_lock_init(&ht->lock);
@@ -748,6 +745,9 @@ int rhashtable_init(struct rhashtable *ht,
ht->p.min_size = max(ht->p.min_size, HASH_MIN_SIZE);
+ if (params->nelem_hint)
+ size = rounded_hashtable_size(&ht->p);
+
/* The maximum (not average) chain length grows with the
* size of the hash table, at a rate of (log N)/(log log N).
* The value of 16 is selected so that even if the hash
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 205/211] gianfar: Don't enable RX Filer if not supported
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (203 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 204/211] rhashtable: Enforce minimum size on initial hash table Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 206/211] fou: clean up socket with kfree_rcu Kamal Mostafa
` (5 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hamish Martin, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
[ Upstream commit 7bff47da1ee23d00d1257905f2944c29594f799d ]
After commit 15bf176db1fb ("gianfar: Don't enable the Filer w/o the
Parser"), 'TSEC' model controllers (for example as seen on MPC8541E)
always have 8 bytes stripped from the front of received frames.
Only 'eTSEC' gianfar controllers have the RX Filer capability (amongst
other enhancements). Previously this was treated as always enabled
for both 'TSEC' and 'eTSEC' controllers.
In commit 15bf176db1fb ("gianfar: Don't enable the Filer w/o the Parser")
a subtle change was made to the setting of 'uses_rxfcb' to effectively
always set it (since 'rx_filer_enable' was always true). This had the
side-effect of always stripping 8 bytes from the front of received frames
on 'TSEC' type controllers.
We now only enable the RX Filer capability on controller types that
support it, thereby avoiding the issue for 'TSEC' type controllers.
Reviewed-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Reviewed-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
Reviewed-by: Claudiu Manoil <claudiu.manoil@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/freescale/gianfar.c | 8 +++++---
drivers/net/ethernet/freescale/gianfar.h | 1 +
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
index 10b3bbbb..c2378af 100644
--- a/drivers/net/ethernet/freescale/gianfar.c
+++ b/drivers/net/ethernet/freescale/gianfar.c
@@ -928,7 +928,8 @@ static int gfar_of_init(struct platform_device *ofdev, struct net_device **pdev)
FSL_GIANFAR_DEV_HAS_VLAN |
FSL_GIANFAR_DEV_HAS_MAGIC_PACKET |
FSL_GIANFAR_DEV_HAS_EXTENDED_HASH |
- FSL_GIANFAR_DEV_HAS_TIMER;
+ FSL_GIANFAR_DEV_HAS_TIMER |
+ FSL_GIANFAR_DEV_HAS_RX_FILER;
err = of_property_read_string(np, "phy-connection-type", &ctype);
@@ -1431,8 +1432,9 @@ static int gfar_probe(struct platform_device *ofdev)
priv->rx_queue[i]->rxic = DEFAULT_RXIC;
}
- /* always enable rx filer */
- priv->rx_filer_enable = 1;
+ /* Always enable rx filer if available */
+ priv->rx_filer_enable =
+ (priv->device_flags & FSL_GIANFAR_DEV_HAS_RX_FILER) ? 1 : 0;
/* Enable most messages by default */
priv->msg_enable = (NETIF_MSG_IFUP << 1 ) - 1;
/* use pritority h/w tx queue scheduling for single queue devices */
diff --git a/drivers/net/ethernet/freescale/gianfar.h b/drivers/net/ethernet/freescale/gianfar.h
index 5545e41..056b894 100644
--- a/drivers/net/ethernet/freescale/gianfar.h
+++ b/drivers/net/ethernet/freescale/gianfar.h
@@ -917,6 +917,7 @@ struct gfar {
#define FSL_GIANFAR_DEV_HAS_BD_STASHING 0x00000200
#define FSL_GIANFAR_DEV_HAS_BUF_STASHING 0x00000400
#define FSL_GIANFAR_DEV_HAS_TIMER 0x00000800
+#define FSL_GIANFAR_DEV_HAS_RX_FILER 0x00002000
#if (MAXGROUPS == 2)
#define DEFAULT_MAPPING 0xAA
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 206/211] fou: clean up socket with kfree_rcu
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (204 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 205/211] gianfar: Don't enable RX Filer if not supported Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 207/211] af_unix: Revert 'lock_interruptible' in stream receive code Kamal Mostafa
` (4 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tom Herbert, Hannes Frederic Sowa, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
[ Upstream commit 3036facbb7be3a169e35be3b271162b0fa564a2d ]
fou->udp_offloads is managed by RCU. As it is actually included inside
the fou sockets, we cannot let the memory go out of scope before a grace
period. We either can synchronize_rcu or switch over to kfree_rcu to
manage the sockets. kfree_rcu seems appropriate as it is used by vxlan
and geneve.
Fixes: 23461551c00628c ("fou: Support for foo-over-udp RX path")
Cc: Tom Herbert <tom@herbertland.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/fou.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c
index 34968cd..4b67937 100644
--- a/net/ipv4/fou.c
+++ b/net/ipv4/fou.c
@@ -24,6 +24,7 @@ struct fou {
u16 type;
struct udp_offload udp_offloads;
struct list_head list;
+ struct rcu_head rcu;
};
#define FOU_F_REMCSUM_NOPARTIAL BIT(0)
@@ -421,7 +422,7 @@ static void fou_release(struct fou *fou)
list_del(&fou->list);
udp_tunnel_sock_release(sock);
- kfree(fou);
+ kfree_rcu(fou, rcu);
}
static int fou_encap_init(struct sock *sk, struct fou *fou, struct fou_cfg *cfg)
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 207/211] af_unix: Revert 'lock_interruptible' in stream receive code
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (205 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 206/211] fou: clean up socket with kfree_rcu Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 208/211] tcp: restore fastopen with no data in SYN packet Kamal Mostafa
` (3 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Rainer Weikusat, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Rainer Weikusat <rweikusat@mobileactivedefense.com>
[ Upstream commit 3822b5c2fc62e3de8a0f33806ff279fb7df92432 ]
With b3ca9b02b00704053a38bfe4c31dbbb9c13595d0, the AF_UNIX SOCK_STREAM
receive code was changed from using mutex_lock(&u->readlock) to
mutex_lock_interruptible(&u->readlock) to prevent signals from being
delayed for an indefinite time if a thread sleeping on the mutex
happened to be selected for handling the signal. But this was never a
problem with the stream receive code (as opposed to its datagram
counterpart) as that never went to sleep waiting for new messages with the
mutex held and thus, wouldn't cause secondary readers to block on the
mutex waiting for the sleeping primary reader. As the interruptible
locking makes the code more complicated in exchange for no benefit,
change it back to using mutex_lock.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/unix/af_unix.c | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 128b098..0fc6dba 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2255,14 +2255,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state)
/* Lock the socket to prevent queue disordering
* while sleeps in memcpy_tomsg
*/
- err = mutex_lock_interruptible(&u->readlock);
- if (unlikely(err)) {
- /* recvmsg() in non blocking mode is supposed to return -EAGAIN
- * sk_rcvtimeo is not honored by mutex_lock_interruptible()
- */
- err = noblock ? -EAGAIN : -ERESTARTSYS;
- goto out;
- }
+ mutex_lock(&u->readlock);
if (flags & MSG_PEEK)
skip = sk_peek_offset(sk, flags);
@@ -2306,12 +2299,12 @@ again:
timeo = unix_stream_data_wait(sk, timeo, last,
last_len);
- if (signal_pending(current) ||
- mutex_lock_interruptible(&u->readlock)) {
+ if (signal_pending(current)) {
err = sock_intr_errno(timeo);
goto out;
}
+ mutex_lock(&u->readlock);
continue;
unlock:
unix_state_unlock(sk);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 208/211] tcp: restore fastopen with no data in SYN packet
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (206 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 207/211] af_unix: Revert 'lock_interruptible' in stream receive code Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 209/211] rhashtable: Fix walker list corruption Kamal Mostafa
` (2 subsequent siblings)
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Al Viro, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 07e100f984975cb0417a7d5e626d0409efbad478 ]
Yuchung tracked a regression caused by commit 57be5bdad759 ("ip: convert
tcp_sendmsg() to iov_iter primitives") for TCP Fast Open.
Some Fast Open users do not actually add any data in the SYN packet.
Fixes: 57be5bdad759 ("ip: convert tcp_sendmsg() to iov_iter primitives")
Reported-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/tcp_output.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 747a4c4..71bbadd 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3148,7 +3148,7 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
{
struct tcp_sock *tp = tcp_sk(sk);
struct tcp_fastopen_request *fo = tp->fastopen_req;
- int syn_loss = 0, space, err = 0, copied;
+ int syn_loss = 0, space, err = 0;
unsigned long last_syn_loss = 0;
struct sk_buff *syn_data;
@@ -3186,17 +3186,18 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
goto fallback;
syn_data->ip_summed = CHECKSUM_PARTIAL;
memcpy(syn_data->cb, syn->cb, sizeof(syn->cb));
- copied = copy_from_iter(skb_put(syn_data, space), space,
- &fo->data->msg_iter);
- if (unlikely(!copied)) {
- kfree_skb(syn_data);
- goto fallback;
- }
- if (copied != space) {
- skb_trim(syn_data, copied);
- space = copied;
+ if (space) {
+ int copied = copy_from_iter(skb_put(syn_data, space), space,
+ &fo->data->msg_iter);
+ if (unlikely(!copied)) {
+ kfree_skb(syn_data);
+ goto fallback;
+ }
+ if (copied != space) {
+ skb_trim(syn_data, copied);
+ space = copied;
+ }
}
-
/* No more data pending in inet_wait_for_connect() */
if (space == fo->size)
fo->data = NULL;
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 209/211] rhashtable: Fix walker list corruption
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (207 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 208/211] tcp: restore fastopen with no data in SYN packet Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 210/211] KEYS: Fix race between read and revoke Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 211/211] KVM: x86: Reload pit counters for all channels when restoring state Kamal Mostafa
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Herbert Xu, David S. Miller, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit c6ff5268293ef98e48a99597e765ffc417e39fa5 ]
The commit ba7c95ea3870fe7b847466d39a049ab6f156aa2c ("rhashtable:
Fix sleeping inside RCU critical section in walk_stop") introduced
a new spinlock for the walker list. However, it did not convert
all existing users of the list over to the new spin lock. Some
continued to use the old mutext for this purpose. This obviously
led to corruption of the list.
The fix is to use the spin lock everywhere where we touch the list.
This also allows us to do rcu_rad_lock before we take the lock in
rhashtable_walk_start. With the old mutex this would've deadlocked
but it's safe with the new spin lock.
Fixes: ba7c95ea3870 ("rhashtable: Fix sleeping inside RCU...")
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
lib/rhashtable.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/lib/rhashtable.c b/lib/rhashtable.c
index 7d79983..c321134 100644
--- a/lib/rhashtable.c
+++ b/lib/rhashtable.c
@@ -506,10 +506,11 @@ int rhashtable_walk_init(struct rhashtable *ht, struct rhashtable_iter *iter)
if (!iter->walker)
return -ENOMEM;
- mutex_lock(&ht->mutex);
- iter->walker->tbl = rht_dereference(ht->tbl, ht);
+ spin_lock(&ht->lock);
+ iter->walker->tbl =
+ rcu_dereference_protected(ht->tbl, lockdep_is_held(&ht->lock));
list_add(&iter->walker->list, &iter->walker->tbl->walkers);
- mutex_unlock(&ht->mutex);
+ spin_unlock(&ht->lock);
return 0;
}
@@ -523,10 +524,10 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_init);
*/
void rhashtable_walk_exit(struct rhashtable_iter *iter)
{
- mutex_lock(&iter->ht->mutex);
+ spin_lock(&iter->ht->lock);
if (iter->walker->tbl)
list_del(&iter->walker->list);
- mutex_unlock(&iter->ht->mutex);
+ spin_unlock(&iter->ht->lock);
kfree(iter->walker);
}
EXPORT_SYMBOL_GPL(rhashtable_walk_exit);
@@ -550,14 +551,12 @@ int rhashtable_walk_start(struct rhashtable_iter *iter)
{
struct rhashtable *ht = iter->ht;
- mutex_lock(&ht->mutex);
+ rcu_read_lock();
+ spin_lock(&ht->lock);
if (iter->walker->tbl)
list_del(&iter->walker->list);
-
- rcu_read_lock();
-
- mutex_unlock(&ht->mutex);
+ spin_unlock(&ht->lock);
if (!iter->walker->tbl) {
iter->walker->tbl = rht_dereference_rcu(ht->tbl, ht);
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 210/211] KEYS: Fix race between read and revoke
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (208 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 209/211] rhashtable: Fix walker list corruption Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 211/211] KVM: x86: Reload pit counters for all channels when restoring state Kamal Mostafa
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Howells, James Morris, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
commit b4a1b4f5047e4f54e194681125c74c0aa64d637d upstream.
This fixes CVE-2015-7550.
There's a race between keyctl_read() and keyctl_revoke(). If the revoke
happens between keyctl_read() checking the validity of a key and the key's
semaphore being taken, then the key type read method will see a revoked key.
This causes a problem for the user-defined key type because it assumes in
its read method that there will always be a payload in a non-revoked key
and doesn't check for a NULL pointer.
Fix this by making keyctl_read() check the validity of a key after taking
semaphore instead of before.
I think the bug was introduced with the original keyrings code.
This was discovered by a multithreaded test program generated by syzkaller
(http://github.com/google/syzkaller). Here's a cleaned up version:
#include <sys/types.h>
#include <keyutils.h>
#include <pthread.h>
void *thr0(void *arg)
{
key_serial_t key = (unsigned long)arg;
keyctl_revoke(key);
return 0;
}
void *thr1(void *arg)
{
key_serial_t key = (unsigned long)arg;
char buffer[16];
keyctl_read(key, buffer, 16);
return 0;
}
int main()
{
key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
pthread_t th[5];
pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
pthread_join(th[0], 0);
pthread_join(th[1], 0);
pthread_join(th[2], 0);
pthread_join(th[3], 0);
return 0;
}
Build as:
cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread
Run as:
while keyctl-race; do :; done
as it may need several iterations to crash the kernel. The crash can be
summarised as:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [<ffffffff81279b08>] user_read+0x56/0xa3
...
Call Trace:
[<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
[<ffffffff81277815>] SyS_keyctl+0x83/0xe0
[<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
security/keys/keyctl.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 0b9ec78..26f0e0a 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -757,16 +757,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
/* the key is probably readable - now try to read it */
can_read_key:
- ret = key_validate(key);
- if (ret == 0) {
- ret = -EOPNOTSUPP;
- if (key->type->read) {
- /* read the data with the semaphore held (since we
- * might sleep) */
- down_read(&key->sem);
+ ret = -EOPNOTSUPP;
+ if (key->type->read) {
+ /* Read the data with the semaphore held (since we might sleep)
+ * to protect against the key being updated or revoked.
+ */
+ down_read(&key->sem);
+ ret = key_validate(key);
+ if (ret == 0)
ret = key->type->read(key, buffer, buflen);
- up_read(&key->sem);
- }
+ up_read(&key->sem);
}
error2:
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* [PATCH 4.2.y-ckt 211/211] KVM: x86: Reload pit counters for all channels when restoring state
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
` (209 preceding siblings ...)
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 210/211] KEYS: Fix race between read and revoke Kamal Mostafa
@ 2016-01-05 19:45 ` Kamal Mostafa
210 siblings, 0 replies; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-05 19:45 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andy Honig, Paolo Bonzini, Kamal Mostafa
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Honig <ahonig@google.com>
commit 0185604c2d82c560dab2f2933a18f797e74ab5a8 upstream.
Currently if userspace restores the pit counters with a count of 0
on channels 1 or 2 and the guest attempts to read the count on those
channels, then KVM will perform a mod of 0 and crash. This will ensure
that 0 values are converted to 65536 as per the spec.
This is CVE-2015-7513.
Signed-off-by: Andy Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/x86.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 2781e2b..a0d40d7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3641,11 +3641,13 @@ static int kvm_vm_ioctl_get_pit(struct kvm *kvm, struct kvm_pit_state *ps)
static int kvm_vm_ioctl_set_pit(struct kvm *kvm, struct kvm_pit_state *ps)
{
+ int i;
int r = 0;
mutex_lock(&kvm->arch.vpit->pit_state.lock);
memcpy(&kvm->arch.vpit->pit_state, ps, sizeof(struct kvm_pit_state));
- kvm_pit_load_count(kvm, 0, ps->channels[0].count, 0);
+ for (i = 0; i < 3; i++)
+ kvm_pit_load_count(kvm, i, ps->channels[i].count, 0);
mutex_unlock(&kvm->arch.vpit->pit_state.lock);
return r;
}
@@ -3666,6 +3668,7 @@ static int kvm_vm_ioctl_get_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
{
int r = 0, start = 0;
+ int i;
u32 prev_legacy, cur_legacy;
mutex_lock(&kvm->arch.vpit->pit_state.lock);
prev_legacy = kvm->arch.vpit->pit_state.flags & KVM_PIT_FLAGS_HPET_LEGACY;
@@ -3675,7 +3678,8 @@ static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
memcpy(&kvm->arch.vpit->pit_state.channels, &ps->channels,
sizeof(kvm->arch.vpit->pit_state.channels));
kvm->arch.vpit->pit_state.flags = ps->flags;
- kvm_pit_load_count(kvm, 0, kvm->arch.vpit->pit_state.channels[0].count, start);
+ for (i = 0; i < 3; i++)
+ kvm_pit_load_count(kvm, i, kvm->arch.vpit->pit_state.channels[i].count, start);
mutex_unlock(&kvm->arch.vpit->pit_state.lock);
return r;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 218+ messages in thread
* Re: [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD Kamal Mostafa
@ 2016-01-06 17:05 ` Ben Hutchings
2016-01-06 19:55 ` Kamal Mostafa
0 siblings, 1 reply; 218+ messages in thread
From: Ben Hutchings @ 2016-01-06 17:05 UTC (permalink / raw)
To: Kamal Mostafa, linux-kernel, stable, kernel-team
Cc: Mathias Nyman, Greg Kroah-Hartman
[-- Attachment #1: Type: text/plain, Size: 1210 bytes --]
On Tue, 2016-01-05 at 11:41 -0800, Kamal Mostafa wrote:
> 4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Mathias Nyman <mathias.nyman@linux.intel.com>
>
> commit e210c422b6fdd2dc123bedc588f399aefd8bf9de upstream.
>
> If the difference is big enough between the bytes asked and received
> in a bulk transfer we can get a short transfer event pointing to a TRB in
> the middle of the TD. We don't want to handle the TD yet as we will anyway
> receive a new event for the last TRB in the TD.
>
> Hold off from finishing the TD and removing it from the list until we
> receive an event for the last TRB in the TD
>
> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> [ kamal: backport to 4.2-stable: context ]
> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
[...]
This causes regressions (see https://bugs.debian.org/808602 and
https://bugs.debian.org/808953 ) so please hold off until there's a
complete fix upstream.
Ben.
--
Ben Hutchings
It is easier to write an incorrect program than to understand a correct one.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 218+ messages in thread
* Re: [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD
2016-01-06 17:05 ` Ben Hutchings
@ 2016-01-06 19:55 ` Kamal Mostafa
2016-01-07 2:52 ` Ben Hutchings
0 siblings, 1 reply; 218+ messages in thread
From: Kamal Mostafa @ 2016-01-06 19:55 UTC (permalink / raw)
To: Ben Hutchings, Luis Henriques
Cc: linux-kernel, stable, kernel-team, Mathias Nyman, Greg Kroah-Hartman
On Wed, 2016-01-06 at 17:05 +0000, Ben Hutchings wrote:
> On Tue, 2016-01-05 at 11:41 -0800, Kamal Mostafa wrote:
> > 4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Mathias Nyman <mathias.nyman@linux.intel.com>
> >
> > commit e210c422b6fdd2dc123bedc588f399aefd8bf9de upstream.
> >
> > If the difference is big enough between the bytes asked and received
> > in a bulk transfer we can get a short transfer event pointing to a TRB in
> > the middle of the TD. We don't want to handle the TD yet as we will anyway
> > receive a new event for the last TRB in the TD.
> >
> > Hold off from finishing the TD and removing it from the list until we
> > receive an event for the last TRB in the TD
> >
> > Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > [ kamal: backport to 4.2-stable: context ]
> > Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> [...]
>
> This causes regressions (see https://bugs.debian.org/808602 and
> https://bugs.debian.org/808953 ) so please hold off until there's a
> complete fix upstream.
Thanks for the heads-up, Ben. I'll defer it for 4.2-stable.
I'm thinking that it should also be reverted from the stable kernels
that already carry it (3.2, 3.13, 3.16, 3.19), unless that complete
upstream fix is really imminent. Is it?
-Kamal
^ permalink raw reply [flat|nested] 218+ messages in thread
* Re: [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD
2016-01-06 19:55 ` Kamal Mostafa
@ 2016-01-07 2:52 ` Ben Hutchings
0 siblings, 0 replies; 218+ messages in thread
From: Ben Hutchings @ 2016-01-07 2:52 UTC (permalink / raw)
To: Kamal Mostafa, Luis Henriques
Cc: linux-kernel, stable, kernel-team, Mathias Nyman, Greg Kroah-Hartman
[-- Attachment #1: Type: text/plain, Size: 1812 bytes --]
On Wed, 2016-01-06 at 11:55 -0800, Kamal Mostafa wrote:
> On Wed, 2016-01-06 at 17:05 +0000, Ben Hutchings wrote:
> > On Tue, 2016-01-05 at 11:41 -0800, Kamal Mostafa wrote:
> > > 4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me know.
> > >
> > > ------------------
> > >
> > > From: Mathias Nyman <mathias.nyman@linux.intel.com>
> > >
> > > commit e210c422b6fdd2dc123bedc588f399aefd8bf9de upstream.
> > >
> > > If the difference is big enough between the bytes asked and received
> > > in a bulk transfer we can get a short transfer event pointing to a TRB in
> > > the middle of the TD. We don't want to handle the TD yet as we will anyway
> > > receive a new event for the last TRB in the TD.
> > >
> > > Hold off from finishing the TD and removing it from the list until we
> > > receive an event for the last TRB in the TD
> > >
> > > Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
> > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > [ kamal: backport to 4.2-stable: context ]
> > > Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> > [...]
> >
> > This causes regressions (see https://bugs.debian.org/808602 and
> > https://bugs.debian.org/808953 ) so please hold off until there's a
> > complete fix upstream.
>
> Thanks for the heads-up, Ben. I'll defer it for 4.2-stable.
>
> I'm thinking that it should also be reverted from the stable kernels
> that already carry it (3.2, 3.13, 3.16, 3.19), unless that complete
> upstream fix is really imminent. Is it?
Normally if there's a regression that affects both mainline and stable
branches, we wait for it to be fixed in mainline first.
Ben.
--
Ben Hutchings
Life would be so much easier if we could look at the source code.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 218+ messages in thread
end of thread, other threads:[~2016-01-07 2:52 UTC | newest]
Thread overview: 218+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-05 19:41 [4.2.y-ckt stable] Linux 4.2.8-ckt1 stable review Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 001/211] mxc_nand: fix copy_spare Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 002/211] drivers: usb :fsl: Implement Workaround for USB Erratum A007792 Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 003/211] drivers: usb: fsl: Workaround for USB erratum-A005275 Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 004/211] x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 005/211] drm/radeon: add quirk for MSI R7 370 Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 006/211] drm/radeon: add quirk for ASUS " Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 007/211] drm/radeon: fix quirk for MSI R7 370 Armor 2X Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 008/211] cxl: Fix number of allocated pages in SPA Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 009/211] xhci: don't finish a TD if we get a short transfer event mid TD Kamal Mostafa
2016-01-06 17:05 ` Ben Hutchings
2016-01-06 19:55 ` Kamal Mostafa
2016-01-07 2:52 ` Ben Hutchings
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 010/211] pinctrl: single: dra7: remove PCS_QUIRK_SHARED_IRQ Kamal Mostafa
2016-01-05 19:41 ` [PATCH 4.2.y-ckt 011/211] net: bcmgenet: Use correct dev_id for free_irq Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 012/211] net: bcmgenet: Delay PHY initialization to bcmgenet_open() Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 013/211] bridge: fix netlink max attr size Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 014/211] ASoC: spear_pcm: Use devm_snd_dmaengine_pcm_register to fix resource leak Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 015/211] task_work: remove fifo ordering guarantee Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 016/211] ebpf: fix fd refcount leaks related to maps in bpf syscall Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 017/211] netlink, mmap: fix edge-case leakages in nf queue zero-copy Kamal Mostafa
2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 018/211] scsi_dh: fix randconfig build error Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 019/211] KEYS: Fix race between key destruction and finding a keyring by name Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 020/211] KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 021/211] KEYS: Don't permit request_key() to construct a new keyring Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 022/211] ARM: OMAP2+: board-generic: Remove stale of_irq macros Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 023/211] vxlan: set needed headroom correctly Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 024/211] isdn_ppp: Add checks for allocation failure in isdn_ppp_open() Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 025/211] ppp, slip: Validate VJ compression slot parameters completely Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 026/211] [media] media/vivid-osd: fix info leak in ioctl Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 027/211] staging/dgnc: " Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 028/211] ipv6: Fix IPsec pre-encap fragmentation check Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 029/211] KVM: svm: unconditionally intercept #DB Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 030/211] HID: core: Avoid uninitialized buffer access Kamal Mostafa
2016-01-05 19:42 ` Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 031/211] [media] v4l2-compat-ioctl32: fix alignment for ARM64 Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 032/211] mtd: mtdpart: fix add_mtd_partitions error path Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 033/211] [media] v4l2-ctrls: arrays are also considered compound controls Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 034/211] [media] media: v4l2-ctrls: Fix 64bit support in get_ctrl() Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 035/211] ubi: fastmap: Implement produce_free_peb() Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 036/211] drm/i915: Only update the current userptr worker Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 037/211] drm/i915: Fix userptr deadlock with aliased GTT mmappings Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 038/211] integrity: prevent loading untrusted certificates on the IMA trusted keyring Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 039/211] f2fs crypto: allocate buffer for decrypting filename Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 040/211] spi: ti-qspi: Fix data corruption seen on r/w stress test Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 041/211] lockd: create NSM handles per net namespace Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 042/211] iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 043/211] iommu/arm-smmu: Fix error checking for ASID and VMID allocation Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 044/211] jbd2: fix checkpoint list cleanup Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 045/211] [PATCH] fix calculation of meta_bg descriptor backups Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 046/211] vTPM: fix memory allocation flag for rtce buffer at kernel boot Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 047/211] tpm, tpm_crb: fix unaligned read of the command buffer address Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 048/211] tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0 Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 049/211] drm/amdgpu/gfx8: set TC_WB_ACTION_EN in RELEASE_MEM packet Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 050/211] spi: dw: explicitly free IRQ handler in dw_spi_remove_host() Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 051/211] [media] media: vb2 dma-contig: Fully cache synchronise buffers in prepare and finish Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 052/211] [media] media: vb2 dma-sg: " Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 053/211] [media] media/v4l2-ctrls: fix setting autocluster to manual with VIDIOC_S_CTRL Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 054/211] i2c: at91: fix write transfers by clearing pending interrupt first Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 055/211] spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 056/211] ACPI: Use correct IRQ when uninstalling ACPI interrupt handler Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 057/211] ACPI: Using correct irq when waiting for events Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 058/211] ACPI / PM: Fix incorrect wakeup IRQ setting during suspend-to-idle Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 059/211] i2c: at91: manage unexpected RXRDY flag when starting a transfer Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 060/211] ALSA: hda/realtek - Dell XPS one ALC3260 speaker no sound after resume back Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 061/211] ALSA: hda - Disable 64bit address for Creative HDA controllers Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 062/211] MAINTAINERS: Add public mailing list for ARC Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 063/211] drm/amdgpu: add some additional CZ revisions Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 064/211] spi/spi-xilinx: Fix race condition on last word read Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 065/211] megaraid_sas: Expose TAPE drives unconditionally Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 066/211] megaraid_sas: Do not use PAGE_SIZE for max_sectors Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 067/211] dm: initialize non-blk-mq queue data before queue is used Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 068/211] mtd: blkdevs: fix potential deadlock + lockdep warnings Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 069/211] Revert "dm mpath: fix stalls when handling invalid ioctls" Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 070/211] drm/i915: add quirk to enable backlight on Dell Chromebook 11 (2015) Kamal Mostafa
2016-01-05 19:42 ` [PATCH 4.2.y-ckt 071/211] crypto: algif_hash - Only export and import on sockets with data Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 072/211] xtensa: fixes for configs without loop option Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 073/211] drm/amdgpu: Make amdgpu_mn functions inline Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 074/211] ALSA: hda - Fix lost 4k BDL boundary workaround Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 075/211] tracing: Update instance_rmdir() to use tracefs_remove_recursive Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 076/211] PCI: spear: Fix dw_pcie_cfg_read/write() usage Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 077/211] megaraid_sas : SMAP restriction--do not access user memory from IOCTL code Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 078/211] xtensa: fix secondary core boot in SMP Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 079/211] recordmcount: Fix endianness handling bug for nop_mcount Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 080/211] recordmcount: arm64: Replace the ignored mcount call into nop Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 081/211] KVM: VMX: fix SMEP and SMAP without EPT Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 082/211] vfio: Fix bug in vfio_device_get_from_name() Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 083/211] thermal: exynos: Fix unbalanced regulator disable on probe failure Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 084/211] timers: Use proper base migration in add_timer_on() Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 085/211] ALSA: hda - Apply pin fixup for HP ProBook 6550b Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 086/211] tracefs: Fix refcount imbalance in start_creating() Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 087/211] ALSA: hda - Add Intel Lewisburg device IDs Audio Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 088/211] drm: Use userspace compatible type in fourcc_mod_code macro Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 089/211] scsi: restart list search after unlock in scsi_remove_target Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 090/211] toshiba_acpi: Initialize hotkey_event_type variable Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 091/211] mm: slab: only move management objects off-slab for sizes larger than KMALLOC_MIN_SIZE Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 092/211] mm/oom_kill.c: reverse the order of setting TIF_MEMDIE and sending SIGKILL Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 093/211] memcg: fix thresholds for 32b architectures Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 094/211] arm64: bpf: fix div-by-zero case Kamal Mostafa
2016-01-05 19:43 ` Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 095/211] arm64: bpf: fix mod-by-zero case Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 096/211] Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 097/211] proc: actually make proc_fd_permission() thread-friendly Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 098/211] printk: prevent userland from spoofing kernel messages Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 099/211] lib/hexdump.c: truncate output in case of overflow Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 100/211] fs, seqfile: always allow oom killer Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 101/211] parisc: Fixes and cleanups in kernel uapi header files Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 102/211] perf: Fix inherited events vs. tracepoint filters Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 103/211] scsi_sysfs: Fix queue_ramp_up_period return code Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 104/211] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 105/211] storvsc: Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 106/211] drivers: of: of_reserved_mem: fixup the alignment with CMA setup Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 107/211] drm/ast: Initialized data needed to map fbdev memory Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 108/211] FS-Cache: Increase reference of parent after registering, netfs success Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 109/211] FS-Cache: Don't override netfs's primary_index if registering failed Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 110/211] FS-Cache: Handle a write to the page immediately beyond the EOF marker Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 111/211] binfmt_elf: Don't clobber passed executable's file header Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 112/211] fs/pipe.c: return error code rather than 0 in pipe_write() Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 113/211] dax_io(): don't let non-error value escape via retval instead of EFAULT Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 114/211] iio:magnetometer:bmc150_magn: sort entry alphabetically Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 115/211] ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 116/211] net-sysfs: get_netdev_queue_index() cleanup Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 117/211] crypto: crc32c-pclmul - use .rodata instead of .rotata Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 118/211] tools build: Fixup feature detection display function name Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 119/211] wm831x_power: Use IRQF_ONESHOT to request threaded IRQs Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 120/211] dmaengine: dw: convert to __ffs() Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 121/211] tcp: call sk_mark_napi_id() on the child, not the listener Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 122/211] [media] vivid: Fix iteration in driver removal path Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 123/211] devres: fix a for loop bounds check Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 124/211] netfilter: remove dead code Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 125/211] ipv4: Fix ip_local_out_sk by passing the sk into __ip_local_out_sk Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 126/211] ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 127/211] i2c: img-scb: enable fencing for all versions of the ip Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 128/211] i2c: img-scb: do dummy writes before fifo access Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 129/211] i2c: img-scb: use DIV_ROUND_UP to round divisor values Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 130/211] i2c: img-scb: fix LOW and HIGH period values for the SCL clock Kamal Mostafa
2016-01-05 19:43 ` [PATCH 4.2.y-ckt 131/211] i2c: img-scb: Clear line and interrupt status before starting a transfer Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 132/211] i2c: img-scb: verify support for requested bit rate Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 133/211] packet: fix match_fanout_group() Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 134/211] hsi: fix double kfree Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 135/211] hsi: omap_ssi_port: Prevent warning if cawake_gpio is not defined Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 136/211] regulator: arizona-ldo1: Fix handling of GPIO 0 Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 137/211] ALSA: fireworks/bebob/oxfw/dice: enable to make as built-in Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 138/211] drm: Fix return value of drm_framebuffer_init() Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 139/211] ALSA: dice: correct variable types for __be32 data Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 140/211] ALSA: dice: assign converted data to the same type of variable Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 141/211] ALSA: fireworks: use u32 type for be32_to_cpup() macro Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 142/211] ALSA: bebob: use correct type for __be32 data Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 143/211] kconfig: Fix copy&paste error Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 144/211] tcp: apply Kern's check on RTTs used for congestion control Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 145/211] RDMA/cxgb4: re-fix 32-bit build warning Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 146/211] IB/core: avoid 32-bit warning Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 147/211] spi: omap2-mcspi: disable other channels CHCONF_FORCE in prepare_message Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 148/211] perf annotate: Fix 'annotate.use_offset' config variable usage Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 149/211] sunrpc: avoid warning in gss_key_timeout Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 150/211] MIPS: atomic: Fix comment describing atomic64_add_unless's return value Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 151/211] DT: mmc: sh_mmcif: fix "compatible" property text Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 152/211] netfilter: nf_nat_redirect: add missing NULL pointer check Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 153/211] of/fdt: fix error checking for earlycon address Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 154/211] netfilter: nfnetlink: don't probe module if it exists Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 155/211] PCI: Set SR-IOV NumVFs to zero after enumeration Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 156/211] sparc/PCI: Add mem64 resource parsing for root bus Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 157/211] IB/core, cma: Make __attribute_const__ declarations sparse-friendly Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 158/211] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 159/211] cpufreq: arm_big_little: fix frequency check when bL switcher is active Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 160/211] xprtrdma: Re-arm after missed events Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 161/211] xprtrdma: Prevent loss of completion signals Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 162/211] qmi_wwan: fix entry for HP lt4112 LTE/HSPA+ Gobi 4G Module Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 163/211] tracepoints: Fix documentation of RCU lockdep checks Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 164/211] net: fix percpu memory leaks Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 165/211] ipv6: fix tunnel error handling Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 166/211] vfio/platform: store mapped memory in region, instead of an on-stack copy Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 167/211] selftests: kprobe: Choose an always-defined function to probe Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 168/211] selftests: Make scripts executable Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 169/211] thermal: exynos: Fix first temperature read after registering sensor Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 170/211] ipv4: fix a potential deadlock in mcast getsockopt() path Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 171/211] perf trace: Fix documentation for -i Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 172/211] rtc: ds1307: Fix alarm programming for mcp794xx Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 173/211] NTB: fix 32-bit compiler warning Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 174/211] tpm_tis: free irq after probing Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 175/211] TPM: revert the list handling logic fixed in 398a1e7 Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 176/211] mvneta: add FIXED_PHY dependency Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 177/211] TPM: Avoid reference to potentially freed memory Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 178/211] megaraid_sas: Make tape drives visible on PERC5 controllers Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 179/211] ARC: Fix silly typo in MAINTAINERS file Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 180/211] pppoe: fix memory corruption in padt work structure Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 181/211] gre6: allow to update all parameters via rtnl Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 182/211] atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 183/211] ipv6: keep existing flags when setting IFA_F_OPTIMISTIC Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 184/211] vxlan: fix incorrect RCO bit in VXLAN header Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 185/211] sctp: use the same clock as if sock source timestamps were on Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 186/211] sctp: update the netstamp_needed counter when copying sockets Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 187/211] sctp: also copy sk_tsflags when copying the socket Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 188/211] net: cdc_mbim: add "NDP to end" quirk for Huawei E3372 Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 189/211] net: qca_spi: fix transmit queue timeout handling Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 190/211] r8152: fix lockup when runtime PM is enabled Kamal Mostafa
2016-01-05 19:44 ` [PATCH 4.2.y-ckt 191/211] ipv6: sctp: clone options to avoid use after free Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 192/211] phy: micrel: Fix finding PHY properties in MAC node Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 193/211] net: add validation for the socket syscall protocol argument Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 194/211] sh_eth: fix kernel oops in skb_put() Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 195/211] net: fix IP early demux races Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 196/211] pptp: verify sockaddr_len in pptp_bind() and pptp_connect() Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 197/211] vlan: Fix untag operations of stacked vlans with REORDER_HEADER off Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 198/211] skbuff: Fix offset error in skb_reorder_vlan_header Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 199/211] net: check both type and procotol for tcp sockets Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 200/211] net_sched: make qdisc_tree_decrease_qlen() work for non mq Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 201/211] bluetooth: Validate socket address length in sco_sock_bind() Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 202/211] net: fix uninitialized variable issue Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 203/211] ipv6: automatically enable stable privacy mode if stable_secret set Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 204/211] rhashtable: Enforce minimum size on initial hash table Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 205/211] gianfar: Don't enable RX Filer if not supported Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 206/211] fou: clean up socket with kfree_rcu Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 207/211] af_unix: Revert 'lock_interruptible' in stream receive code Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 208/211] tcp: restore fastopen with no data in SYN packet Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 209/211] rhashtable: Fix walker list corruption Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 210/211] KEYS: Fix race between read and revoke Kamal Mostafa
2016-01-05 19:45 ` [PATCH 4.2.y-ckt 211/211] KVM: x86: Reload pit counters for all channels when restoring state Kamal Mostafa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.