* [PATCH 3.17 000/319] 3.17.3-stable review
@ 2014-11-12 1:12 Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 001/319] tracing/syscalls: Ignore numbers outside NR_syscalls range Greg Kroah-Hartman
` (303 more replies)
0 siblings, 304 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, satoru.takeuchi,
shuah.kh, stable
This is the start of the stable review cycle for the 3.17.3 release.
There are 319 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri Nov 14 01:07:52 UTC 2014.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.17.3-rc1.gz
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 3.17.3-rc1
Olivier Gay <ogay@logitech.com>
HID: add keyboard input assist hid usages
Dave Chinner <dchinner@redhat.com>
xfs: track bulkstat progress by agino
Dave Chinner <dchinner@redhat.com>
xfs: bulkstat error handling is broken
Dave Chinner <dchinner@redhat.com>
xfs: bulkstat main loop logic is a mess
Dave Chinner <dchinner@redhat.com>
xfs: bulkstat chunk-formatter has issues
Dave Chinner <dchinner@redhat.com>
xfs: bulkstat chunk formatting cursor is broken
Dave Chinner <dchinner@redhat.com>
xfs: bulkstat btree walk doesn't terminate
Jan Kara <jack@suse.cz>
xfs: Check error during inode btree iteration in xfs_bulkstat()
Dave Chinner <dchinner@redhat.com>
xfs: bulkstat doesn't release AGI buffer on error
Chris Mason <clm@fb.com>
Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup
Grant Likely <grant.likely@linaro.org>
of: Fix overflow bug in string property parsing functions
Andreas Färber <afaerber@suse.de>
ARM: dts: zynq: Enable PL clocks for Parallella
Yijing Wang <wangyijing@huawei.com>
sysfs: driver core: Fix glue dir race condition by gdp_mutex
Wolfram Sang <wsa@the-dreams.de>
i2c: at91: don't account as iowait
Grzegorz Jaszczyk <jaz@semihalf.com>
irqchip: armada-370-xp: Fix MPIC interrupt handling
Grzegorz Jaszczyk <jaz@semihalf.com>
irqchip: armada-370-xp: Fix MSI interrupt handling
Krzysztof Kozlowski <k.kozlowski@samsung.com>
regulator: max77693: Fix use of uninitialized regulator config
Hui Wang <hui.wang@canonical.com>
ALSA: hda - fix mute led problem for three HP laptops
Anton Blanchard <anton@samba.org>
powerpc: do_notify_resume can be called with bad thread_info flags argument
Benjamin Herrenschmidt <benh@kernel.crashing.org>
powerpc/powernv: Properly fix LPC debugfs endianness
Dan Streetman <ddstreet@ieee.org>
powerpc: use device_online/offline() instead of cpu_up/down()
Robert Jarzmik <robert.jarzmik@free.fr>
ARM: pxa: fix hang on startup with DEBUG_LL
David Cohen <david.a.cohen@linux.intel.com>
pinctrl: baytrail: show output gpio state correctly on Intel Baytrail
Al Viro <viro@zeniv.linux.org.uk>
fix breakage in o2net_send_tcp_msg()
Hans de Goede <hdegoede@redhat.com>
samsung-laptop: Add broken-acpi-video quirk for NC210/NC110
Hans de Goede <hdegoede@redhat.com>
acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80
Jan Kara <jack@suse.cz>
rbd: Fix error recovery in rbd_obj_read_sync()
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
mm: cma: Don't crash on allocation if CMA area can't be activated
jens stein <jens.s.stein@gmail.com>
drm/i915: Ignore VBT backlight check on Macbook 2, 1
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix GMBUSFREQ on vlv/chv
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Do a dummy DPCD read before the actual read
Alex Deucher <alexander.deucher@amd.com>
drm/radeon: remove invalid pci id
Alex Deucher <alexander.deucher@amd.com>
drm/radeon: dpm fixes for asrock systems
Michel Dänzer <michel.daenzer@amd.com>
drm/radeon: Use drm_malloc_ab instead of kmalloc_array
Alex Deucher <alexander.deucher@amd.com>
drm/radeon/dpm: disable ulv support on SI
Sinclair Yeh <syeh@vmware.com>
drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size.
Jiang Liu <jiang.liu@linux.intel.com>
x86, intel-mid: Create IRQs for APB timers and RTC timers
Kirill Tkhai <ktkhai@parallels.com>
sched: Use rq->rd in sched_setaffinity() under RCU read lock
Felipe Balbi <balbi@ti.com>
usb: gadget: function: acm: make f_acm pass USB20CV Chapter9
Felipe Balbi <balbi@ti.com>
usb: dwc3: gadget: fix set_halt() bug with pending transfers
Ben Hutchings <ben@decadent.org.uk>
mtd: m25p80: Fix module aliases for m25p80
Ondrej Kozina <okozina@redhat.com>
crypto: algif - avoid excessive use of socket buffer in skcipher
Sylwester Nawrocki <s.nawrocki@samsung.com>
media: Remove references to non-existent PLAT_S5P symbol
Jan Kara <jack@suse.cz>
mm: Remove false WARN_ON from pagecache_isize_extended()
Andy Lutomirski <luto@amacapital.net>
x86, apic: Handle a bad TSC more gracefully
Mathias Krause <minipli@googlemail.com>
posix-timers: Fix stack info leak in timer_create()
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
mtd: cfi_cmdset_0001.c: fix resume for LH28F640BF chips
Karl Beldan <karl.beldan@rivierawaves.com>
mac80211: fix typo in starting baserate for rts_cts_rate_idx
Ian Abbott <abbotti@mev.co.uk>
staging: comedi: fix memory leak / bad pointer freeing for chanlist
Ian Abbott <abbotti@mev.co.uk>
staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl
Imre Deak <imre.deak@intel.com>
PM / Sleep: fix recovery during resuming from hibernation
Imre Deak <imre.deak@intel.com>
PM / Sleep: fix async suspend_late/freeze_late error handling
Peter Hurley <peter@hurleysoftware.com>
tty: Fix high cpu load if tty is unreleaseable
Imre Deak <imre.deak@intel.com>
tty/vt: don't set font mappings on vc not supporting this
Jan Kara <jack@suse.cz>
quota: Properly return errors from dquot_writeback_dquots()
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PCI: Rename sysfs 'enabled' file back to 'enable'
Jan Kara <jack@suse.cz>
ext3: Don't check quota format when there are no quota files
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: dvm: drop non VO frames when flushing
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: configure the LTR
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: BT Coex - update the MPLUT Boost register value
Will Deacon <will.deacon@arm.com>
zap_pte_range: update addr when forcing flush after TLB batching faiure
J. Bruce Fields <bfields@redhat.com>
nfsd4: fix crash on unknown operation number
J. Bruce Fields <bfields@redhat.com>
nfsd4: fix response size estimation for OP_SEQUENCE
Jason Baron <jbaron@akamai.com>
cpc925_edac: Report UE events properly
Jason Baron <jbaron@akamai.com>
e7xxx_edac: Report CE events properly
Jason Baron <jbaron@akamai.com>
i3200_edac: Report CE events properly
Jason Baron <jbaron@akamai.com>
i82860_edac: Report CE events properly
Christoph Hellwig <hch@lst.de>
scsi: set REQ_QUEUE for the blk-mq case
Tony Battersby <tonyb@cybernetics.com>
lib/scatterlist: fix memory leak with scsi-mq
Jan Kara <jack@suse.cz>
scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND
Hans de Goede <hdegoede@redhat.com>
xhci: Disable streams on Asmedia 1042 xhci controllers
Oliver Neukum <oneukum@suse.de>
xhci: no switching back on non-ULT Haswell
Konstantin Khlebnikov <k.khlebnikov@samsung.com>
mm/balloon_compaction: fix deflation when compaction is disabled
Jan Kara <jack@suse.cz>
lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}()
Johannes Weiner <hannes@cmpxchg.org>
mm: memcontrol: fix missed end-writeback page accounting
Johannes Weiner <hannes@cmpxchg.org>
mm: page-writeback: inline account_page_dirtied() into single caller
Wang Nan <wangnan0@huawei.com>
cgroup/kmemleak: add kmemleak_free() for cgroup deallocations.
Yu Zhao <yuzhao@google.com>
mm: free compound page with correct order
Andriy Skulysh <askulysh@gmail.com>
sh: fix sh770x SCIF memory regions
Dmitry Kasatkin <d.kasatkin@samsung.com>
ima: check xattr value length and type in the ima_inode_setxattr()
Sylwester Nawrocki <s.nawrocki@samsung.com>
usb: Remove references to non-existent PLAT_S5P symbol
Johan Hovold <johan@kernel.org>
USB: kobil_sct: fix non-atomic allocation in write path
Hans de Goede <hdegoede@redhat.com>
usb: Do not allow usb_alloc_streams on unconfigured devices
Johan Hovold <johan@kernel.org>
USB: opticon: fix non-atomic allocation in write path
Alan Stern <stern@rowland.harvard.edu>
usb-storage: handle a skipped data phase
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect
Felipe Balbi <balbi@ti.com>
usb: gadget: udc: core: fix kernel oops with soft-connect
Adel Gadllah <adel.gadllah@gmail.com>
HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f
Adel Gadllah <adel.gadllah@gmail.com>
HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b
Oliver Neukum <oneukum@suse.de>
HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL
Oliver Neukum <oneukum@suse.de>
HID: usbhid: fix PIXART optical mouse
Johan Hovold <johan@kernel.org>
HID: usbhid: enable always-poll quirk for Elan Touchscreen
Johan Hovold <johan@kernel.org>
HID: usbhid: add always-poll quirk
Adel Gadllah <adel.gadllah@gmail.com>
USB: quirks: enable device-qualifier quirk for yet another Elan touchscreen
Adel Gadllah <adel.gadllah@gmail.com>
USB: quirks: enable device-qualifier quirk for another Elan touchscreen
Johan Hovold <johan@kernel.org>
USB: quirks: enable device-qualifier quirk for Elan Touchscreen
Johan Hovold <johan@kernel.org>
USB: core: add device-qualifier quirk
Torsten Fleischer <to-fleischer@t-online.de>
usb: chipidea: Fix oops when removing the ci_hdrc module
David Cohen <david.a.cohen@linux.intel.com>
usb: ffs: fix regression when quirk_ep_out_aligned_size flag is set
Robert Baldyga <r.baldyga@samsung.com>
usb: gadget: f_fs: remove redundant ffs_data_get()
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
usb: musb: dsps: start OTG timer on resume again
Thomas Gleixner <tglx@linutronix.de>
usb: musb: cppi41: restart hrtimer only if not yet done
Hans de Goede <hdegoede@redhat.com>
uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model
Hans de Goede <hdegoede@redhat.com>
uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models
Hans de Goede <hdegoede@redhat.com>
uas: Add NO_ATA_1X for VIA VL711 devices
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
spi: pxa2xx: toggle clocks on suspend if not disabled by runtime PM
Alexander Stein <alexander.stein@systec-electronic.com>
spi: fsl-dspi: Fix CTAR selection
Ray Jui <rjui@broadcom.com>
spi: pl022: Fix incorrect dma_unmap_sg
Jack Pham <jackp@codeaurora.org>
usb: dwc3: gadget: Properly initialize LINK TRB
Roger Quadros <rogerq@ti.com>
Revert "usb: dwc3: dwc3-omap: Disable/Enable only wrapper interrupts in prepare/complete"
Cyril Brulebois <kibi@debian.org>
wireless: rt2x00: add new rt2800usb device
Canek Peláez Valdés <canek@ciencias.unam.mx>
rt2x00: support Ralink 5362.
Dan Williams <dcbw@redhat.com>
USB: option: add Haier CE81B CDMA modem
Daniele Palmas <dnlplm@gmail.com>
usb: option: add support for Telit LE910
Oussama Ghorbel <ghorbel@pivasoftware.com>
phy: omap-usb2: Enable runtime PM of omap-usb2 phy properly
Johan Hovold <johan@kernel.org>
USB: cdc-acm: add quirk for control-line state requests
Johan Hovold <johan@kernel.org>
USB: cdc-acm: only raise DTR on transitions from B0
Johan Hovold <johan@kernel.org>
USB: cdc-acm: add device id for GW Instek AFG-2225
Perry Hung <iperry@gmail.com>
usb: serial: ftdi_sio: add "bricked" FTDI device PID
Frans Klaver <frans.klaver@xsens.com>
usb: serial: ftdi_sio: add Awinda Station and Dongle products
Nathaniel Ting <nathaniel.ting@silabs.com>
USB: serial: cp210x: add Silicon Labs 358x VID and PID
Peter Hurley <peter@hurleysoftware.com>
serial: Fix divide-by-zero fault in uart_get_divisor()
Stephen Boyd <sboyd@codeaurora.org>
serial: msm_serial: Fix kgdb continue
Lars-Peter Clausen <lars@metafoo.de>
staging:iio:ade7758: Remove "raw" from channel name
Lars-Peter Clausen <lars@metafoo.de>
staging:iio:ade7758: Fix check if channels are enabled in prenable
Lars-Peter Clausen <lars@metafoo.de>
staging:iio:ade7758: Fix NULL pointer deref when enabling buffer
George McCollister <george.mccollister@gmail.com>
iio: as3935: allocate correct iio_device size
Lars-Peter Clausen <lars@metafoo.de>
staging:iio:ad5933: Drop "raw" from channel names
Lars-Peter Clausen <lars@metafoo.de>
staging:iio:ad5933: Fix NULL pointer deref when enabling buffer
Fabio Estevam <fabio.estevam@freescale.com>
iio: adc: mxs-lradc: Disable the clock on probe failure
Robin van der Gracht <robin@protonic.nl>
iio: st_sensors: Fix buffer copy
Michal Hocko <mhocko@suse.cz>
OOM, PM: OOM killed task shouldn't escape PM suspend
Lv Zheng <lv.zheng@intel.com>
ACPI / EC: Fix regression due to conflicting firmware behavior between Samsung and Acer.
Jiang Liu <jiang.liu@linux.intel.com>
ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi()
Jiang Liu <jiang.liu@linux.intel.com>
x86: ACPI: Do not translate GSI number if IOAPIC is disabled
Zhang Rui <rui.zhang@intel.com>
ACPI: invoke acpi_device_wakeup() with correct parameters
Al Viro <viro@zeniv.linux.org.uk>
fix inode leaks on d_splice_alias() failure exits
Cong Wang <xiyou.wangcong@gmail.com>
freezer: Do not freeze tasks killed by OOM killer
Dirk Brandewie <dirk.j.brandewie@intel.com>
intel_pstate: Correct BYT VID values.
Dirk Brandewie <dirk.j.brandewie@intel.com>
intel_pstate: Fix BYT frequency reporting
Dirk Brandewie <dirk.j.brandewie@intel.com>
intel_pstate: Don't lose sysfs settings during cpu offline
Matt Fleming <matt.fleming@intel.com>
rtc: Disable EFI rtc for x86
Bryan O'Donoghue <pure.logic@nexus-software.ie>
x86: Add cpu_detect_cache_sizes to init_intel() add Quark legacy_cache()
David E. Box <david.e.box@linux.intel.com>
x86/platform/intel/iosf: Add Braswell PCI ID
Pali Rohár <pali.rohar@gmail.com>
cpufreq: intel_pstate: Fix setting max_perf_pct in performance policy
Gabriele Mazzotta <gabriele.mzt@gmail.com>
cpufreq: intel_pstate: Reflect current no_turbo state correctly
Dirk Brandewie <dirk.j.brandewie@intel.com>
cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers
Alex Deucher <alexander.deucher@amd.com>
drm/radeon: fix vm page table block size calculation
Alex Deucher <alexander.deucher@amd.com>
drm/radeon: use gart memory for DMA ring tests
Alex Deucher <alexander.deucher@amd.com>
drm/radeon: fix speaker allocation setup
Paulo Zanoni <paulo.r.zanoni@intel.com>
drm/i915: properly reenable gen8 pipe IRQs
U. Artie Eoff <ullysses.a.eoff@intel.com>
drm/i915: intel_backlight scale() math WA
Ben Skeggs <bskeggs@redhat.com>
drm/nouveau: fix regression on agp boards
Brian Silverman <bsilver16384@gmail.com>
futex: Fix a race condition between REQUEUE_PI and task death
Dmitry Monakhov <dmonakhov@openvz.org>
ext4: prevent bugon on race between write/fcntl
Darrick J. Wong <darrick.wong@oracle.com>
ext4: enable journal checksum when metadata checksum feature enabled
Jan Kara <jack@suse.cz>
ext4: fix overflow when updating superblock backups after resize
Jan Kara <jack@suse.cz>
ext4: fix oops when loading block bitmap failed
Darrick J. Wong <darrick.wong@oracle.com>
ext4: check s_chksum_driver when looking for bg csum presence
Dmitry Monakhov <dmonakhov@openvz.org>
ext4: move error report out of atomic context in ext4_init_block_bitmap()
Dmitry Monakhov <dmonakhov@openvz.org>
ext4: Replace open coded mdata csum feature to helper function
Eric Sandeen <sandeen@redhat.com>
ext4: fix reservation overflow in ext4_da_write_begin
Theodore Ts'o <tytso@mit.edu>
ext4: don't orphan or truncate the boot loader inode
Theodore Ts'o <tytso@mit.edu>
ext4: add ext4_iget_normal() which is to be used for dir tree lookups
Dmitry Monakhov <dmonakhov@openvz.org>
ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT
Jan Kara <jack@suse.cz>
ext4: fix mmap data corruption when blocksize < pagesize
Jan Kara <jack@suse.cz>
ext4: don't check quota format when there are no quota files
Darrick J. Wong <darrick.wong@oracle.com>
ext4: check EA value offset when loading
Darrick J. Wong <darrick.wong@oracle.com>
jbd2: free bh when descriptor block checksum fails
Marc-André Lureau <marcandre.lureau@gmail.com>
qxl: don't create too large primary surface
David Daney <david.daney@cavium.com>
MIPS: tlbex: Properly fix HUGE TLB Refill exception handler
Markos Chandras <markos.chandras@imgtec.com>
MIPS: ftrace: Fix a microMIPS build problem
Markos Chandras <markos.chandras@imgtec.com>
MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions
Aaro Koskinen <aaro.koskinen@iki.fi>
MIPS: loongson2_cpufreq: Fix CPU clock rate setting mismerge
Aaro Koskinen <aaro.koskinen@iki.fi>
MIPS: ptrace.h: Add a missing include
Nicholas Bellinger <nab@linux-iscsi.org>
target: Fix APTPL metadata handling for dynamic MappedLUNs
Quinn Tran <quinn.tran@qlogic.com>
target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
Nicholas Bellinger <nab@linux-iscsi.org>
iser-target: Disable TX completion interrupt coalescing
Joern Engel <joern@logfs.org>
qla_target: don't delete changed nacls
Vineet Gupta <vgupta@synopsys.com>
ARC: unbork FPU save/restore
Anton Kolesov <Anton.Kolesov@synopsys.com>
ARC: Update order of registers in KGDB to match GDB 7.5
Vineet Gupta <vgupta@synopsys.com>
ARC: [nsimosci] Allow "headless" models to boot
Petr Matousek <pmatouse@redhat.com>
kvm: vmx: handle invvpid vm exit gracefully
Nadav Amit <namit@cs.technion.ac.il>
KVM: x86: Handle errors when RIP is set during far jumps
Nadav Amit <namit@cs.technion.ac.il>
KVM: x86: Emulator fixes for eip canonical checks on near branches
Nadav Amit <namit@cs.technion.ac.il>
KVM: x86: Fix wrong masking on relative jump/call
Michael S. Tsirkin <mst@redhat.com>
kvm: x86: don't kill guest on unknown exit reason
Nadav Amit <namit@cs.technion.ac.il>
KVM: x86: Check non-canonical addresses upon WRMSR
Andy Honig <ahonig@google.com>
KVM: x86: Improve thread safety in pit
Andy Honig <ahonig@google.com>
KVM: x86: Prevent host from panicking on shared MSR writes.
Nadav Amit <namit@cs.technion.ac.il>
KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
Nadav Amit <namit@cs.technion.ac.il>
KVM: x86: Emulator does not decode clflush well
Nadav Amit <namit@cs.technion.ac.il>
KVM: x86: Decoding guest instructions which cross page boundary may fail
Quentin Casasnovas <quentin.casasnovas@oracle.com>
kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
Paolo Bonzini <pbonzini@redhat.com>
KVM: emulate: avoid accessing NULL ctxt->memopp
Dan Carpenter <dan.carpenter@oracle.com>
media: vmalloc_sg: off by one in error handling
Axel Lin <axel.lin@ingics.com>
media: tda7432: Fix setting TDA7432_MUTE bit for TDA7432_RF register
Tomas Melin <tomas.melin@iki.fi>
media: rc-core: fix protocol_change regression in ir_raw_event_register
Ulrich Eckhardt <uli-lirc@uli-eckhardt.de>
media: ds3000: fix LNB supply voltage on Tevii S480 on initialization
Ulrich Eckhardt <uli-lirc@uli-eckhardt.de>
media: imon: fix other RC type protocol support
Frank Schaefer <fschaefer.oss@googlemail.com>
media: em28xx-v4l: fix video buffer field order reporting in progressive mode
Frank Schaefer <fschaefer.oss@googlemail.com>
media: em28xx-v4l: give back all active video buffers to the vb2 core properly on streaming stop
Antti Palosaari <crope@iki.fi>
media: m88ts2022: fix 32bit overflow on filter calc
Mauro Carvalho Chehab <m.chehab@samsung.com>
media: siano: add support for PCTV 77e
Frank Schaefer <fschaefer.oss@googlemail.com>
media: em28xx: check if a device has audio earlier"
Paul Fertser <fercerpav@gmail.com>
media: usb: uvc: add a quirk for Dell XPS M1330 webcam
Maciej Matraszek <m.matraszek@samsung.com>
media: v4l2-common: fix overflow in v4l_bound_align_image()
Ben Skeggs <bskeggs@redhat.com>
drm/gt214-/kms: fix hda eld regression
Ben Skeggs <bskeggs@redhat.com>
drm/nouveau/bios: memset dcb struct to zero before parsing
Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
drm/tilcdc: Fix the error path in tilcdc_load()
Josh Boyer <jwboyer@fedoraproject.org>
drm/vmwgfx: Fix drm.h include
Tvrtko Ursulin <tvrtko.ursulin@intel.com>
drm/i915: Do not leak pages when freeing userptr objects
Chris Wilson <chris@chris-wilson.co.uk>
drm/i915: Do not store the error pointer for a failed userptr registration
Emil Velikov <emil.l.velikov@gmail.com>
drm/nouveau/gpio: rename g92 class to g94
Benjamin Herrenschmidt <benh@kernel.crashing.org>
drm/ast: Fix HW cursor image
Jason Gerecke <killertofu@gmail.com>
HID: input: Fix TransducerSerialNumber implementation
Hans de Goede <hdegoede@redhat.com>
Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544
Andreas Bosch <linux@progandy.de>
Input: alps - fix v4 button press recognition
Hans de Goede <hdegoede@redhat.com>
Input: i8042 - add noloop quirk for Asus X750LN
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Input: synaptics - gate forcepad support by DMI check
Mikulas Patocka <mpatocka@redhat.com>
framebuffer: fix border color
Mikulas Patocka <mpatocka@redhat.com>
framebuffer: fix screen corruption when copying
Prarit Bhargava <prarit@redhat.com>
modules, lock around setting of MODULE_STATE_UNFORMED
Alexey Khoroshilov <khoroshilov@ispras.ru>
dm log userspace: fix memory leak in dm_ulog_tfr_init failure path
Christoph Hellwig <hch@lst.de>
Revert "block: all blk-mq requests are tagged"
Mike Snitzer <snitzer@redhat.com>
block: fix alignment_offset math that assumes io_min is a power-of-2
Lai Jiangshan <laijs@cn.fujitsu.com>
drbd: compute the end before rb_insert_augmented()
Mikulas Patocka <mpatocka@redhat.com>
dm bufio: when done scanning return from __scan immediately
Joe Thornber <ejt@redhat.com>
dm bufio: update last_accessed when relinking a buffer
Jens Axboe <axboe@fb.com>
blk-mq: fix potential hang if rolling wakeup depth is too high
Olaf Hering <olaf@aepfle.de>
drm/cirrus: bind also to qemu-xen-traditional
Roger Pau Monné <roger.pau@citrix.com>
xen-blkback: fix leak on grant map error path
Vitaly Kuznetsov <vkuznets@redhat.com>
xen/blkback: unmap all persistent grants when frontend gets disconnected
Michael S. Tsirkin <mst@redhat.com>
virtio_pci: fix virtio spec compliance on restore
Krzysztof Kozlowski <k.kozlowski@samsung.com>
power: charger-manager: Fix NULL pointer exception with missing cm-fuel-gauge
Stephen Smalley <sds@tycho.nsa.gov>
selinux: fix inode security list corruption
Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
pstore: Fix duplicate {console,ftrace}-efi entries
Alex Williamson <alex.williamson@redhat.com>
iommu/amd: Split init_iommu_group() from iommu_init_device()
Alex Williamson <alex.williamson@redhat.com>
iommu: Rework iommu_group_get_for_pci_dev()
Chris Ball <chris@printf.net>
mfd: rtsx_pcr: Fix MSI enable error handling
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
mfd: ti_am335x_tscadc: Fix TSC resume
Vignesh R <vigneshr@ti.com>
mfd: ti_am335x_tscadc: Fix TSC operation after ADC continouous mode
Eric W. Biederman <ebiederm@xmission.com>
mnt: Prevent pivot_root from creating a loop in the mount tree
Richard Genoud <richard.genoud@gmail.com>
UBI: add missing kmem_cache_free() in process_pool_aeb error path
Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
UBI: Dispatch update notification if the volume is updated
Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
UBI: block: Add support for the UBI_VOLUME_UPDATED notification
Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
UBI: block: Fix block device size setting
Martin Schwidefsky <schwidefsky@de.ibm.com>
s390/topology: call set_sched_topology early
Daniel Borkmann <dborkman@redhat.com>
random: add and use memzero_explicit() for clearing data
Thorsten Knabe <linux@thorsten-knabe.de>
um: ubd: Fix for processes stuck in D state forever
Kirill Tkhai <ktkhai@parallels.com>
sched: Use dl_bw_of() under RCU read lock
Ilya Dryomov <idryomov@redhat.com>
libceph: ceph-msgr workqueue needs a resque worker
Ilya Dryomov <idryomov@redhat.com>
rbd: rbd workqueues need a resque worker
Al Viro <viro@zeniv.linux.org.uk>
fix misuses of f_count() in ppp and netlink
Al Viro <viro@ZenIV.linux.org.uk>
kill wbuf_queued/wbuf_dwork_lock
Al Viro <viro@zeniv.linux.org.uk>
missing data dependency barrier in prepend_name()
Takashi Iwai <tiwai@suse.de>
ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode
Christian Vogel <vogelchr@vogel.cx>
ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Add workaround for CMI8888 snoop behavior
Dmitry Kasatkin <d.kasatkin@samsung.com>
evm: check xattr value length and type in evm_inode_setxattr()
Dmitry Kasatkin <d.kasatkin@samsung.com>
evm: properly handle INTEGRITY_NOXATTRS EVM status
Peter Zijlstra <peterz@infradead.org>
perf: Fix unclone_ctx() vs. locking
Dexuan Cui <decui@microsoft.com>
x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
Andy Lutomirski <luto@amacapital.net>
x86_64, entry: Fix out of bounds read on sysenter
Andy Lutomirski <luto@amacapital.net>
x86_64, entry: Filter RFLAGS.NT on entry from userspace
Oleg Nesterov <oleg@redhat.com>
x86, fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal()
Oleg Nesterov <oleg@redhat.com>
x86, fpu: __restore_xstate_sig()->math_state_restore() needs preempt_disable()
Ben Hutchings <ben@decadent.org.uk>
x86: Reject x32 executables if x32 ABI not supported
Jan Kara <jack@suse.cz>
vfs: fix data corruption when blocksize < pagesize for mmaped data
Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
UBIFS: fix free log space calculation
Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
UBIFS: fix a race condition
Eric Rannaud <e@nanocritical.com>
fs: allow open(dir, O_TMPFILE|..., 0) with mode 0
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
fs: Fix theoretical division by 0 in super_cache_scan().
Mikulas Patocka <mpatocka@redhat.com>
fs: make cont_expand_zero interruptible
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
mmc: sdhci-s3c: fix runtime PM handling on sdhci_add_host() failure
Roger Tseng <rogerable@realtek.com>
mmc: rtsx_pci_sdmmc: fix incorrect last byte in R2 response
Stephen Warren <swarren@nvidia.com>
mmc: don't request CD IRQ until mmc_start_host()
Roger Tseng <rogerable@realtek.com>
mmc: rtsx_usb_sdmmc: fix incorrect last byte in R2 response
Peter Griffin <peter.griffin@linaro.org>
mmc: sdhci-pxav3: set_uhs_signaling is initialized twice differently
Fu Zhonghui <zhonghui.fu@linux.intel.com>
mmc: core: sdio: Fix unconditional wake_up_process() on sdio thread
Lars-Peter Clausen <lars@metafoo.de>
ASoC: adau1761: Fix input PGA volume
Liam Girdwood <liam.r.girdwood@linux.intel.com>
ASoC: Intel: HSW/BDW only support S16 and S24 formats.
Dmitry Lavnikevich <d.lavnikevich@sam-solutions.com>
ASoC: tlv320aic3x: fix PLL D configuration
Daniel Mack <daniel@zonque.org>
ASoC: soc-pcm: fix sig_bits determination in soc_pcm_apply_msb()
Daniel Mack <daniel@zonque.org>
ASoC: soc-dapm: fix use after free
Daniel Mack <daniel@zonque.org>
ASoC: core: fix use after free in snd_soc_remove_platform()
Ondrej Zary <linux@rainbow-software.org>
libata-sff: Fix controllers with no ctl port
Scott Carter <ccscott@funsoft.com>
pata_serverworks: disable 64-KB DMA transfers on Broadcom OSB4 IDE Controller
Guenter Roeck <linux@roeck-us.net>
Revert "percpu: free percpu allocation info for uniprocessor system"
Trond Myklebust <trond.myklebust@primarydata.com>
SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT
Benjamin Coddington <bcodding@redhat.com>
SUNRPC: Don't wake tasks during connection abort
Benjamin Coddington <bcodding@redhat.com>
lockd: Try to reconnect if statd has moved
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
stmmac: pci: set default of the filter bins
Ben Hutchings <ben@decadent.org.uk>
drivers/net: macvtap and tun depend on INET
Ben Hutchings <ben@decadent.org.uk>
drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
Ben Hutchings <ben@decadent.org.uk>
drivers/net: Disable UFO through virtio
Tom Herbert <therbert@google.com>
gre: Use inner mac length when computing tunnel length
Or Gerlitz <ogerlitz@mellanox.com>
mlx4: Avoid leaking steering rules on flow creation error flow
Or Gerlitz <ogerlitz@mellanox.com>
net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN
Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
ipv4: Do not cache routing failures due to disabled forwarding.
Anish Bhatt <anish@chelsio.com>
cxgb4 : Fix missing initialization of win0_lock
Eric Dumazet <edumazet@google.com>
macvlan: fix a race on port dismantle and possible skb leaks
Eric Dumazet <edumazet@google.com>
tcp: md5: do not use alloc_percpu()
Haiyang Zhang <haiyangz@microsoft.com>
hyperv: Fix the total_data_buflen in send path
Sathya Perla <sathya.perla@emulex.com>
net: fix saving TX flow hash in sock for outgoing connections
Karl Beldan <karl.beldan@rivierawaves.com>
net: tso: fix unaligned access to crafted TCP header in helper API
Thomas Graf <tgraf@suug.ch>
netlink: Re-add locking to netlink_lookup() and seq walker
Ian Morgan <imorgan@primordial.ca>
ax88179_178a: fix bonding failure
Jon Paul Maloy <jon.maloy@ericsson.com>
tipc: fix bug in bundled buffer reception
Li RongQing <roy.qing.li@gmail.com>
ipv4: fix a potential use after free in ip_tunnel_core.c
Vasily Averin <vvs@parallels.com>
ipv4: dst_entry leak in ip_send_unicast_reply()
Li RongQing <roy.qing.li@gmail.com>
vxlan: fix a free after use
Li RongQing <roy.qing.li@gmail.com>
vxlan: using pskb_may_pull as early as possible
Li RongQing <roy.qing.li@gmail.com>
vxlan: fix a use after free in vxlan_encap_bypass
Jiri Pirko <jiri@resnulli.us>
ipv4: fix nexthop attlen check in fib_nh_match
Alexei Starovoitov <ast@plumgrid.com>
x86: bpf_jit: fix two bugs in eBPF JIT compiler
Paolo Bonzini <pbonzini@redhat.com>
KVM: emulator: fix execution close to the segment limit
Rabin Vincent <rabin@rab.in>
tracing/syscalls: Ignore numbers outside NR_syscalls' range
-------------
Diffstat:
Makefile | 4 +-
arch/arc/boot/dts/nsimosci.dts | 2 +-
arch/arc/include/asm/arcregs.h | 8 -
arch/arc/include/asm/kgdb.h | 32 ++-
arch/arc/include/asm/processor.h | 9 +
arch/arm/Kconfig.debug | 2 +-
arch/arm/boot/dts/zynq-parallella.dts | 4 +
arch/arm/mach-pxa/include/mach/addr-map.h | 5 +
arch/mips/include/asm/ftrace.h | 4 +-
arch/mips/include/uapi/asm/ptrace.h | 2 +
arch/mips/loongson/lemote-2f/clock.c | 5 +-
arch/mips/math-emu/cp1emu.c | 4 +-
arch/mips/mm/tlbex.c | 6 +-
arch/powerpc/kernel/entry_64.S | 6 +
arch/powerpc/platforms/powernv/opal-lpc.c | 59 +++++
arch/powerpc/platforms/pseries/dlpar.c | 4 +-
arch/s390/kernel/topology.c | 18 +-
arch/sh/kernel/cpu/sh3/setup-sh770x.c | 6 +-
arch/um/drivers/ubd_kern.c | 5 +-
arch/x86/ia32/ia32entry.S | 18 +-
arch/x86/include/asm/elf.h | 5 +-
arch/x86/include/asm/kvm_host.h | 16 +-
arch/x86/include/uapi/asm/vmx.h | 2 +
arch/x86/kernel/acpi/boot.c | 16 +-
arch/x86/kernel/apb_timer.c | 2 -
arch/x86/kernel/apic/apic.c | 4 +-
arch/x86/kernel/cpu/common.c | 2 +-
arch/x86/kernel/cpu/intel.c | 17 +-
arch/x86/kernel/iosf_mbi.c | 2 +
arch/x86/kernel/signal.c | 5 +
arch/x86/kernel/tsc.c | 5 +-
arch/x86/kernel/xsave.c | 7 +-
arch/x86/kvm/emulate.c | 293 +++++++++++++++------
arch/x86/kvm/i8254.c | 2 +
arch/x86/kvm/svm.c | 8 +-
arch/x86/kvm/vmx.c | 24 +-
arch/x86/kvm/x86.c | 38 ++-
arch/x86/mm/pageattr.c | 2 +-
arch/x86/net/bpf_jit_comp.c | 25 +-
arch/x86/platform/intel-mid/sfi.c | 2 +
block/blk-mq-tag.c | 4 +-
block/blk-settings.c | 4 +-
block/scsi_ioctl.c | 3 +-
crypto/algif_skcipher.c | 2 +-
drivers/acpi/device_pm.c | 2 +-
drivers/acpi/ec.c | 25 +-
drivers/ata/libata-sff.c | 20 +-
drivers/ata/pata_serverworks.c | 13 +-
drivers/base/core.c | 4 +-
drivers/base/power/main.c | 2 +
drivers/block/drbd/drbd_interval.c | 4 +
drivers/block/rbd.c | 5 +-
drivers/block/xen-blkback/blkback.c | 1 +
drivers/block/xen-blkback/xenbus.c | 6 +-
drivers/char/random.c | 8 +-
drivers/cpufreq/cpufreq.c | 23 +-
drivers/cpufreq/intel_pstate.c | 110 ++++++--
drivers/edac/cpc925_edac.c | 2 +-
drivers/edac/e7xxx_edac.c | 2 +-
drivers/edac/i3200_edac.c | 4 +-
drivers/edac/i82860_edac.c | 2 +-
drivers/gpu/drm/ast/ast_mode.c | 4 +-
drivers/gpu/drm/cirrus/cirrus_drv.c | 2 +
drivers/gpu/drm/i915/i915_gem_userptr.c | 31 ++-
drivers/gpu/drm/i915/i915_irq.c | 5 +-
drivers/gpu/drm/i915/intel_display.c | 5 +-
drivers/gpu/drm/i915/intel_dp.c | 7 +
drivers/gpu/drm/i915/intel_panel.c | 8 +-
drivers/gpu/drm/nouveau/Makefile | 2 +-
drivers/gpu/drm/nouveau/core/engine/device/nv50.c | 22 +-
drivers/gpu/drm/nouveau/core/engine/device/nvc0.c | 14 +-
drivers/gpu/drm/nouveau/core/include/subdev/gpio.h | 2 +-
drivers/gpu/drm/nouveau/core/subdev/bios/dcb.c | 1 +
drivers/gpu/drm/nouveau/core/subdev/gpio/nv92.c | 74 ------
drivers/gpu/drm/nouveau/core/subdev/gpio/nv94.c | 74 ++++++
drivers/gpu/drm/nouveau/core/subdev/gpio/nvd0.c | 4 +-
drivers/gpu/drm/nouveau/core/subdev/gpio/priv.h | 4 +-
drivers/gpu/drm/nouveau/nouveau_chan.c | 12 +-
drivers/gpu/drm/nouveau/nv50_display.c | 18 +-
drivers/gpu/drm/qxl/qxl_display.c | 16 +-
drivers/gpu/drm/radeon/cik_sdma.c | 21 +-
drivers/gpu/drm/radeon/dce3_1_afmt.c | 4 +-
drivers/gpu/drm/radeon/dce6_afmt.c | 6 +-
drivers/gpu/drm/radeon/evergreen_hdmi.c | 6 +-
drivers/gpu/drm/radeon/kv_dpm.c | 19 +-
drivers/gpu/drm/radeon/r600_dma.c | 21 +-
drivers/gpu/drm/radeon/radeon.h | 2 +
drivers/gpu/drm/radeon/radeon_cs.c | 2 +-
drivers/gpu/drm/radeon/radeon_device.c | 2 +-
drivers/gpu/drm/radeon/radeon_ring.c | 4 +-
drivers/gpu/drm/radeon/radeon_vm.c | 4 +-
drivers/gpu/drm/radeon/si_dpm.c | 2 +-
drivers/gpu/drm/tilcdc/tilcdc_drv.c | 60 ++++-
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 6 +-
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 16 +-
drivers/hid/hid-debug.c | 6 +
drivers/hid/hid-ids.h | 7 +
drivers/hid/hid-input.c | 12 +-
drivers/hid/usbhid/hid-core.c | 26 +-
drivers/hid/usbhid/hid-quirks.c | 5 +
drivers/i2c/busses/i2c-at91.c | 2 +-
drivers/iio/common/st_sensors/st_sensors_buffer.c | 2 +-
drivers/iio/proximity/as3935.c | 2 +-
drivers/infiniband/hw/mlx4/main.c | 10 +-
drivers/infiniband/ulp/isert/ib_isert.c | 4 +-
drivers/input/mouse/alps.c | 4 +-
drivers/input/mouse/synaptics.c | 22 +-
drivers/input/mouse/synaptics.h | 8 +-
drivers/input/serio/i8042-x86ia64io.h | 22 ++
drivers/iommu/amd_iommu.c | 27 +-
drivers/iommu/iommu.c | 163 +++++++-----
drivers/irqchip/irq-armada-370-xp.c | 23 +-
drivers/md/dm-bufio.c | 5 +-
drivers/md/dm-log-userspace-transfer.c | 2 +-
drivers/media/common/siano/sms-cards.c | 6 +
drivers/media/common/siano/sms-cards.h | 1 +
drivers/media/dvb-frontends/ds3000.c | 7 +
drivers/media/i2c/tda7432.c | 2 +-
drivers/media/platform/Kconfig | 6 +-
drivers/media/platform/exynos4-is/Kconfig | 2 +-
drivers/media/platform/s5p-tv/Kconfig | 2 +-
drivers/media/rc/imon.c | 3 +-
drivers/media/rc/rc-ir-raw.c | 1 -
drivers/media/rc/rc-main.c | 2 +
drivers/media/tuners/m88ts2022.c | 2 +-
drivers/media/usb/em28xx/em28xx-cards.c | 11 -
drivers/media/usb/em28xx/em28xx-core.c | 12 +-
drivers/media/usb/em28xx/em28xx-video.c | 15 +-
drivers/media/usb/siano/smsusb.c | 2 +
drivers/media/usb/uvc/uvc_driver.c | 9 +
drivers/media/v4l2-core/v4l2-common.c | 9 +-
drivers/media/v4l2-core/videobuf-dma-sg.c | 6 +-
drivers/mfd/rtsx_pcr.c | 2 +-
drivers/mfd/ti_am335x_tscadc.c | 5 +-
drivers/mmc/core/sdio.c | 12 +-
drivers/mmc/core/sdio_irq.c | 4 +-
drivers/mmc/core/slot-gpio.c | 2 -
drivers/mmc/host/mmc_spi.c | 1 +
drivers/mmc/host/rtsx_pci_sdmmc.c | 7 +
drivers/mmc/host/rtsx_usb_sdmmc.c | 7 +
drivers/mmc/host/sdhci-pxav3.c | 3 +-
drivers/mmc/host/sdhci-s3c.c | 4 +-
drivers/mmc/host/sdhci-sirf.c | 1 +
drivers/mmc/host/tmio_mmc_pio.c | 1 +
drivers/mtd/chips/cfi_cmdset_0001.c | 2 +
drivers/mtd/devices/m25p80.c | 50 ++++
drivers/mtd/ubi/block.c | 25 +-
drivers/mtd/ubi/cdev.c | 4 +-
drivers/mtd/ubi/fastmap.c | 1 +
drivers/net/Kconfig | 2 +
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 1 +
drivers/net/ethernet/mellanox/mlx4/en_tx.c | 7 +-
drivers/net/ethernet/mellanox/mlx4/mcg.c | 4 +
drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 7 +
drivers/net/hyperv/netvsc_drv.c | 1 +
drivers/net/macvlan.c | 10 +-
drivers/net/macvtap.c | 16 +-
drivers/net/ppp/ppp_generic.c | 2 +-
drivers/net/tun.c | 25 +-
drivers/net/usb/ax88179_178a.c | 7 +-
drivers/net/virtio_net.c | 24 +-
drivers/net/vxlan.c | 15 +-
drivers/net/wireless/iwlwifi/dvm/mac80211.c | 24 +-
drivers/net/wireless/iwlwifi/iwl-trans.h | 2 +
drivers/net/wireless/iwlwifi/mvm/coex.c | 4 +-
drivers/net/wireless/iwlwifi/mvm/coex_legacy.c | 4 +-
drivers/net/wireless/iwlwifi/mvm/fw-api-power.h | 35 ++-
drivers/net/wireless/iwlwifi/mvm/fw-api.h | 1 +
drivers/net/wireless/iwlwifi/mvm/fw.c | 9 +
drivers/net/wireless/iwlwifi/mvm/ops.c | 1 +
drivers/net/wireless/iwlwifi/mvm/tx.c | 8 +-
drivers/net/wireless/iwlwifi/pcie/trans.c | 16 +-
drivers/net/wireless/rt2x00/rt2800.h | 4 +-
drivers/net/wireless/rt2x00/rt2800lib.c | 6 +
drivers/net/wireless/rt2x00/rt2800usb.c | 1 +
drivers/of/base.c | 88 ++-----
drivers/of/selftest.c | 66 ++++-
drivers/of/testcase-data/tests-phandle.dtsi | 2 +
drivers/pci/pci-sysfs.c | 8 +-
drivers/phy/phy-omap-usb2.c | 6 +-
drivers/pinctrl/pinctrl-baytrail.c | 2 +-
drivers/platform/x86/acer-wmi.c | 11 +
drivers/platform/x86/samsung-laptop.c | 10 +
drivers/power/charger-manager.c | 5 +
drivers/regulator/max77693.c | 2 +-
drivers/rtc/Kconfig | 2 +-
drivers/scsi/qla2xxx/tcm_qla2xxx.c | 11 +-
drivers/scsi/scsi_lib.c | 5 +
drivers/spi/spi-fsl-dspi.c | 4 +-
drivers/spi/spi-pl022.c | 2 +-
drivers/spi/spi-pxa2xx.c | 7 +-
drivers/staging/comedi/comedi_fops.c | 18 +-
drivers/staging/iio/adc/mxs-lradc.c | 12 +-
drivers/staging/iio/impedance-analyzer/ad5933.c | 15 +-
drivers/staging/iio/meter/ade7758.h | 1 -
drivers/staging/iio/meter/ade7758_core.c | 57 +---
drivers/staging/iio/meter/ade7758_ring.c | 5 +-
drivers/target/target_core_device.c | 3 +-
drivers/target/target_core_pr.c | 6 +-
drivers/target/target_core_pr.h | 2 +-
drivers/target/target_core_tpg.c | 8 +
drivers/target/target_core_transport.c | 3 +-
drivers/tty/serial/msm_serial.c | 22 +-
drivers/tty/serial/serial_core.c | 2 +-
drivers/tty/tty_io.c | 7 +-
drivers/tty/vt/consolemap.c | 7 +
drivers/usb/chipidea/core.c | 1 -
drivers/usb/class/cdc-acm.c | 20 +-
drivers/usb/class/cdc-acm.h | 2 +
drivers/usb/core/hcd.c | 2 +
drivers/usb/core/hub.c | 3 +
drivers/usb/core/quirks.c | 10 +
drivers/usb/dwc3/dwc3-omap.c | 15 +-
drivers/usb/dwc3/ep0.c | 4 +-
drivers/usb/dwc3/gadget.c | 19 +-
drivers/usb/dwc3/gadget.h | 2 +-
drivers/usb/gadget/function/f_acm.c | 7 +-
drivers/usb/gadget/function/f_fs.c | 42 ++-
drivers/usb/gadget/udc/udc-core.c | 5 +
drivers/usb/host/Kconfig | 4 +-
drivers/usb/host/xhci-pci.c | 18 +-
drivers/usb/musb/musb_cppi41.c | 3 +-
drivers/usb/musb/musb_dsps.c | 4 +-
drivers/usb/serial/cp210x.c | 1 +
drivers/usb/serial/ftdi_sio.c | 3 +
drivers/usb/serial/ftdi_sio_ids.h | 12 +-
drivers/usb/serial/kobil_sct.c | 5 +-
drivers/usb/serial/opticon.c | 2 +-
drivers/usb/serial/option.c | 10 +
drivers/usb/storage/transport.c | 26 ++
drivers/usb/storage/unusual_uas.h | 28 ++
drivers/video/console/bitblit.c | 3 +-
drivers/video/console/fbcon_ccw.c | 3 +-
drivers/video/console/fbcon_cw.c | 3 +-
drivers/video/console/fbcon_ud.c | 3 +-
drivers/video/fbdev/core/cfbcopyarea.c | 13 +-
drivers/virtio/virtio_pci.c | 33 ++-
fs/btrfs/file-item.c | 2 +-
fs/buffer.c | 8 +
fs/dcache.c | 7 +
fs/ext3/super.c | 7 -
fs/ext4/balloc.c | 12 +-
fs/ext4/bitmap.c | 12 +-
fs/ext4/ext4.h | 13 +-
fs/ext4/extents.c | 6 +-
fs/ext4/file.c | 2 +-
fs/ext4/ialloc.c | 7 +-
fs/ext4/inline.c | 3 +-
fs/ext4/inode.c | 46 +++-
fs/ext4/ioctl.c | 13 +-
fs/ext4/mmp.c | 6 +-
fs/ext4/namei.c | 45 ++--
fs/ext4/resize.c | 5 +-
fs/ext4/super.c | 32 +--
fs/ext4/xattr.c | 38 ++-
fs/jbd2/recovery.c | 1 +
fs/jffs2/jffs2_fs_sb.h | 2 -
fs/jffs2/wbuf.c | 17 +-
fs/lockd/mon.c | 6 +
fs/namei.c | 3 +-
fs/namespace.c | 3 +
fs/nfsd/nfs4proc.c | 7 +-
fs/ocfs2/cluster/tcp.c | 2 +-
fs/pstore/inode.c | 4 +-
fs/quota/dquot.c | 2 +-
fs/super.c | 2 +
fs/ubifs/commit.c | 8 +-
fs/ubifs/log.c | 19 +-
fs/xfs/xfs_itable.c | 250 +++++++++---------
fs/xfs/xfs_itable.h | 16 --
include/drm/drm_pciids.h | 1 -
include/linux/blkdev.h | 8 +-
include/linux/hid.h | 1 +
include/linux/memcontrol.h | 58 ++--
include/linux/mm.h | 2 +-
include/linux/of.h | 84 +++++-
include/linux/oom.h | 3 +
include/linux/string.h | 5 +-
include/linux/sunrpc/xprt.h | 1 +
include/linux/usb/quirks.h | 3 +
include/net/ipv6.h | 2 +
include/scsi/scsi_tcq.h | 8 +-
include/uapi/drm/vmwgfx_drm.h | 2 +-
include/uapi/linux/input.h | 7 +
kernel/events/core.c | 54 ++--
kernel/freezer.c | 3 +
kernel/futex.c | 22 +-
kernel/module.c | 2 +
kernel/power/hibernate.c | 8 +-
kernel/power/process.c | 40 ++-
kernel/sched/core.c | 19 +-
kernel/time/posix-timers.c | 1 +
kernel/trace/trace_syscalls.c | 8 +-
lib/bitmap.c | 8 +-
lib/scatterlist.c | 6 +-
lib/string.c | 16 ++
mm/balloon_compaction.c | 2 +
mm/cma.c | 1 +
mm/huge_memory.c | 4 +-
mm/memcontrol.c | 105 ++++----
mm/memory.c | 1 +
mm/oom_kill.c | 17 ++
mm/page-writeback.c | 43 ++-
mm/page_alloc.c | 8 +
mm/page_cgroup.c | 1 +
mm/percpu.c | 2 -
mm/rmap.c | 20 +-
mm/truncate.c | 56 ++++
net/ceph/messenger.c | 6 +-
net/core/tso.c | 3 +-
net/ipv4/fib_semantics.c | 2 +-
net/ipv4/gre_offload.c | 2 +-
net/ipv4/ip_output.c | 12 +-
net/ipv4/ip_tunnel_core.c | 3 +-
net/ipv4/route.c | 1 +
net/ipv4/tcp.c | 59 ++---
net/ipv4/tcp_ipv4.c | 4 +-
net/ipv6/output_core.c | 34 +++
net/ipv6/tcp_ipv6.c | 4 +-
net/mac80211/rate.c | 2 +-
net/netlink/af_netlink.c | 39 ++-
net/sunrpc/clnt.c | 3 +
net/sunrpc/xprtsock.c | 4 +
net/tipc/link.c | 7 +-
security/integrity/evm/evm_main.c | 16 +-
security/integrity/ima/ima_appraise.c | 2 +
security/integrity/integrity.h | 1 +
security/selinux/hooks.c | 2 +-
sound/core/pcm_compat.c | 2 +
sound/firewire/bebob/bebob_focusrite.c | 62 ++++-
sound/firewire/bebob/bebob_stream.c | 18 +-
sound/pci/hda/hda_intel.c | 4 +-
sound/pci/hda/patch_realtek.c | 3 -
sound/soc/codecs/adau1761.c | 4 +
sound/soc/codecs/tlv320aic3x.c | 13 +
sound/soc/intel/sst-haswell-pcm.c | 4 +-
sound/soc/soc-core.c | 4 +-
sound/soc/soc-dapm.c | 25 +-
sound/soc/soc-pcm.c | 2 +-
sound/usb/card.c | 9 +-
virt/kvm/iommu.c | 8 +-
341 files changed, 3006 insertions(+), 1524 deletions(-)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 001/319] tracing/syscalls: Ignore numbers outside NR_syscalls range
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 002/319] KVM: emulator: fix execution close to the segment limit Greg Kroah-Hartman
` (302 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rabin Vincent, Steven Rostedt
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rabin Vincent <rabin@rab.in>
commit 086ba77a6db00ed858ff07451bedee197df868c9 upstream.
ARM has some private syscalls (for example, set_tls(2)) which lie
outside the range of NR_syscalls. If any of these are called while
syscall tracing is being performed, out-of-bounds array access will
occur in the ftrace and perf sys_{enter,exit} handlers.
# trace-cmd record -e raw_syscalls:* true && trace-cmd report
...
true-653 [000] 384.675777: sys_enter: NR 192 (0, 1000, 3, 4000022, ffffffff, 0)
true-653 [000] 384.675812: sys_exit: NR 192 = 1995915264
true-653 [000] 384.675971: sys_enter: NR 983045 (76f74480, 76f74000, 76f74b28, 76f74480, 76f76f74, 1)
true-653 [000] 384.675988: sys_exit: NR 983045 = 0
...
# trace-cmd record -e syscalls:* true
[ 17.289329] Unable to handle kernel paging request at virtual address aaaaaace
[ 17.289590] pgd = 9e71c000
[ 17.289696] [aaaaaace] *pgd=00000000
[ 17.289985] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 17.290169] Modules linked in:
[ 17.290391] CPU: 0 PID: 704 Comm: true Not tainted 3.18.0-rc2+ #21
[ 17.290585] task: 9f4dab00 ti: 9e710000 task.ti: 9e710000
[ 17.290747] PC is at ftrace_syscall_enter+0x48/0x1f8
[ 17.290866] LR is at syscall_trace_enter+0x124/0x184
Fix this by ignoring out-of-NR_syscalls-bounds syscall numbers.
Commit cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls"
added the check for less than zero, but it should have also checked
for greater than NR_syscalls.
Link: http://lkml.kernel.org/p/1414620418-29472-1-git-send-email-rabin@rab.in
Fixes: cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls"
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_syscalls.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/kernel/trace/trace_syscalls.c
+++ b/kernel/trace/trace_syscalls.c
@@ -313,7 +313,7 @@ static void ftrace_syscall_enter(void *d
int size;
syscall_nr = trace_get_syscall_nr(current, regs);
- if (syscall_nr < 0)
+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
return;
/* Here we're inside tp handler's rcu_read_lock_sched (__DO_TRACE) */
@@ -360,7 +360,7 @@ static void ftrace_syscall_exit(void *da
int syscall_nr;
syscall_nr = trace_get_syscall_nr(current, regs);
- if (syscall_nr < 0)
+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
return;
/* Here we're inside tp handler's rcu_read_lock_sched (__DO_TRACE()) */
@@ -567,7 +567,7 @@ static void perf_syscall_enter(void *ign
int size;
syscall_nr = trace_get_syscall_nr(current, regs);
- if (syscall_nr < 0)
+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
return;
if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
return;
@@ -641,7 +641,7 @@ static void perf_syscall_exit(void *igno
int size;
syscall_nr = trace_get_syscall_nr(current, regs);
- if (syscall_nr < 0)
+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
return;
if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
return;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 002/319] KVM: emulator: fix execution close to the segment limit
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 001/319] tracing/syscalls: Ignore numbers outside NR_syscalls range Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 003/319] x86: bpf_jit: fix two bugs in eBPF JIT compiler Greg Kroah-Hartman
` (301 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Borislav Petkov, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit fd56e1546a5f734290cbedd2b81c518850736511 upstream.
Emulation of code that is 14 bytes to the segment limit or closer
(e.g. RIP = 0xFFFFFFF2 after reset) is broken because we try to read as
many as 15 bytes from the beginning of the instruction, and __linearize
fails when the passed (address, size) pair reaches out of the segment.
To fix this, let __linearize return the maximum accessible size (clamped
to 2^32-1) for usage in __do_insn_fetch_bytes, and avoid the limit check
by passing zero for the desired size.
For expand-down segments, __linearize is performing a redundant check.
(u32)(addr.ea + size - 1) <= lim can only happen if addr.ea is close
to 4GB; in this case, addr.ea + size - 1 will also fail the check against
the upper bound of the segment (which is provided by the D/B bit).
After eliminating the redundant check, it is simple to compute
the *max_size for expand-down segments too.
Now that the limit check is done in __do_insn_fetch_bytes, we want
to inject a general protection fault there if size < op_size (like
__linearize would have done), instead of just aborting.
This fixes booting Tiano Core from emulated flash with EPT disabled.
Fixes: 719d5a9b2487e0562f178f61e323c3dc18a8b200
Reported-by: Borislav Petkov <bp@suse.de>
Tested-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 43 +++++++++++++++++++++++++++++++++----------
1 file changed, 33 insertions(+), 10 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -613,7 +613,8 @@ static bool insn_aligned(struct x86_emul
static int __linearize(struct x86_emulate_ctxt *ctxt,
struct segmented_address addr,
- unsigned size, bool write, bool fetch,
+ unsigned *max_size, unsigned size,
+ bool write, bool fetch,
ulong *linear)
{
struct desc_struct desc;
@@ -624,10 +625,15 @@ static int __linearize(struct x86_emulat
unsigned cpl;
la = seg_base(ctxt, addr.seg) + addr.ea;
+ *max_size = 0;
switch (ctxt->mode) {
case X86EMUL_MODE_PROT64:
if (((signed long)la << 16) >> 16 != la)
return emulate_gp(ctxt, 0);
+
+ *max_size = min_t(u64, ~0u, (1ull << 48) - la);
+ if (size > *max_size)
+ goto bad;
break;
default:
usable = ctxt->ops->get_segment(ctxt, &sel, &desc, NULL,
@@ -645,20 +651,25 @@ static int __linearize(struct x86_emulat
if ((ctxt->mode == X86EMUL_MODE_REAL) && !fetch &&
(ctxt->d & NoBigReal)) {
/* la is between zero and 0xffff */
- if (la > 0xffff || (u32)(la + size - 1) > 0xffff)
+ if (la > 0xffff)
goto bad;
+ *max_size = 0x10000 - la;
} else if ((desc.type & 8) || !(desc.type & 4)) {
/* expand-up segment */
- if (addr.ea > lim || (u32)(addr.ea + size - 1) > lim)
+ if (addr.ea > lim)
goto bad;
+ *max_size = min_t(u64, ~0u, (u64)lim + 1 - addr.ea);
} else {
/* expand-down segment */
- if (addr.ea <= lim || (u32)(addr.ea + size - 1) <= lim)
+ if (addr.ea <= lim)
goto bad;
lim = desc.d ? 0xffffffff : 0xffff;
- if (addr.ea > lim || (u32)(addr.ea + size - 1) > lim)
+ if (addr.ea > lim)
goto bad;
+ *max_size = min_t(u64, ~0u, (u64)lim + 1 - addr.ea);
}
+ if (size > *max_size)
+ goto bad;
cpl = ctxt->ops->cpl(ctxt);
if (!(desc.type & 8)) {
/* data segment */
@@ -693,7 +704,8 @@ static int linearize(struct x86_emulate_
unsigned size, bool write,
ulong *linear)
{
- return __linearize(ctxt, addr, size, write, false, linear);
+ unsigned max_size;
+ return __linearize(ctxt, addr, &max_size, size, write, false, linear);
}
@@ -718,17 +730,27 @@ static int segmented_read_std(struct x86
static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size)
{
int rc;
- unsigned size;
+ unsigned size, max_size;
unsigned long linear;
int cur_size = ctxt->fetch.end - ctxt->fetch.data;
struct segmented_address addr = { .seg = VCPU_SREG_CS,
.ea = ctxt->eip + cur_size };
- size = 15UL ^ cur_size;
- rc = __linearize(ctxt, addr, size, false, true, &linear);
+ /*
+ * We do not know exactly how many bytes will be needed, and
+ * __linearize is expensive, so fetch as much as possible. We
+ * just have to avoid going beyond the 15 byte limit, the end
+ * of the segment, or the end of the page.
+ *
+ * __linearize is called with size 0 so that it does not do any
+ * boundary check itself. Instead, we use max_size to check
+ * against op_size.
+ */
+ rc = __linearize(ctxt, addr, &max_size, 0, false, true, &linear);
if (unlikely(rc != X86EMUL_CONTINUE))
return rc;
+ size = min_t(unsigned, 15UL ^ cur_size, max_size);
size = min_t(unsigned, size, PAGE_SIZE - offset_in_page(linear));
/*
@@ -738,7 +760,8 @@ static int __do_insn_fetch_bytes(struct
* still, we must have hit the 15-byte boundary.
*/
if (unlikely(size < op_size))
- return X86EMUL_UNHANDLEABLE;
+ return emulate_gp(ctxt, 0);
+
rc = ctxt->ops->fetch(ctxt, linear, ctxt->fetch.end,
size, &ctxt->exception);
if (unlikely(rc != X86EMUL_CONTINUE))
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 003/319] x86: bpf_jit: fix two bugs in eBPF JIT compiler
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 001/319] tracing/syscalls: Ignore numbers outside NR_syscalls range Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 002/319] KVM: emulator: fix execution close to the segment limit Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 004/319] ipv4: fix nexthop attlen check in fib_nh_match Greg Kroah-Hartman
` (300 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Alexei Starovoitov,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexei Starovoitov <ast@plumgrid.com>
[ Upstream commit e0ee9c12157dc74e49e4731e0d07512e7d1ceb95 ]
1.
JIT compiler using multi-pass approach to converge to final image size,
since x86 instructions are variable length. It starts with large
gaps between instructions (so some jumps may use imm32 instead of imm8)
and iterates until total program size is the same as in previous pass.
This algorithm works only if program size is strictly decreasing.
Programs that use LD_ABS insn need additional code in prologue, but it
was not emitted during 1st pass, so there was a chance that 2nd pass would
adjust imm32->imm8 jump offsets to the same number of bytes as increase in
prologue, which may cause algorithm to erroneously decide that size converged.
Fix it by always emitting largest prologue in the first pass which
is detected by oldproglen==0 check.
Also change error check condition 'proglen != oldproglen' to fail gracefully.
2.
while staring at the code realized that 64-byte buffer may not be enough
when 1st insn is large, so increase it to 128 to avoid buffer overflow
(theoretical maximum size of prologue+div is 109) and add runtime check.
Fixes: 622582786c9e ("net: filter: x86: internal BPF JIT")
Reported-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Tested-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/net/bpf_jit_comp.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -211,12 +211,17 @@ struct jit_context {
bool seen_ld_abs;
};
+/* maximum number of bytes emitted while JITing one eBPF insn */
+#define BPF_MAX_INSN_SIZE 128
+#define BPF_INSN_SAFETY 64
+
static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
int oldproglen, struct jit_context *ctx)
{
struct bpf_insn *insn = bpf_prog->insnsi;
int insn_cnt = bpf_prog->len;
- u8 temp[64];
+ bool seen_ld_abs = ctx->seen_ld_abs | (oldproglen == 0);
+ u8 temp[BPF_MAX_INSN_SIZE + BPF_INSN_SAFETY];
int i;
int proglen = 0;
u8 *prog = temp;
@@ -254,7 +259,7 @@ static int do_jit(struct bpf_prog *bpf_p
EMIT2(0x31, 0xc0); /* xor eax, eax */
EMIT3(0x4D, 0x31, 0xED); /* xor r13, r13 */
- if (ctx->seen_ld_abs) {
+ if (seen_ld_abs) {
/* r9d : skb->len - skb->data_len (headlen)
* r10 : skb->data
*/
@@ -655,7 +660,7 @@ xadd: if (is_imm8(insn->off))
case BPF_JMP | BPF_CALL:
func = (u8 *) __bpf_call_base + imm32;
jmp_offset = func - (image + addrs[i]);
- if (ctx->seen_ld_abs) {
+ if (seen_ld_abs) {
EMIT2(0x41, 0x52); /* push %r10 */
EMIT2(0x41, 0x51); /* push %r9 */
/* need to adjust jmp offset, since
@@ -669,7 +674,7 @@ xadd: if (is_imm8(insn->off))
return -EINVAL;
}
EMIT1_off32(0xE8, jmp_offset);
- if (ctx->seen_ld_abs) {
+ if (seen_ld_abs) {
EMIT2(0x41, 0x59); /* pop %r9 */
EMIT2(0x41, 0x5A); /* pop %r10 */
}
@@ -774,7 +779,8 @@ emit_jmp:
goto common_load;
case BPF_LD | BPF_ABS | BPF_W:
func = CHOOSE_LOAD_FUNC(imm32, sk_load_word);
-common_load: ctx->seen_ld_abs = true;
+common_load:
+ ctx->seen_ld_abs = seen_ld_abs = true;
jmp_offset = func - (image + addrs[i]);
if (!func || !is_simm32(jmp_offset)) {
pr_err("unsupported bpf func %d addr %p image %p\n",
@@ -848,6 +854,11 @@ common_load: ctx->seen_ld_abs = true;
}
ilen = prog - temp;
+ if (ilen > BPF_MAX_INSN_SIZE) {
+ pr_err("bpf_jit_compile fatal insn size error\n");
+ return -EFAULT;
+ }
+
if (image) {
if (unlikely(proglen + ilen > oldproglen)) {
pr_err("bpf_jit_compile fatal error\n");
@@ -904,9 +915,11 @@ void bpf_int_jit_compile(struct bpf_prog
goto out;
}
if (image) {
- if (proglen != oldproglen)
+ if (proglen != oldproglen) {
pr_err("bpf_jit: proglen=%d != oldproglen=%d\n",
proglen, oldproglen);
+ goto out;
+ }
break;
}
if (proglen == oldproglen) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 004/319] ipv4: fix nexthop attlen check in fib_nh_match
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 003/319] x86: bpf_jit: fix two bugs in eBPF JIT compiler Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 005/319] vxlan: fix a use after free in vxlan_encap_bypass Greg Kroah-Hartman
` (299 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Pirko, Eric Dumazet, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Pirko <jiri@resnulli.us>
[ Upstream commit f76936d07c4eeb36d8dbb64ebd30ab46ff85d9f7 ]
fib_nh_match does not match nexthops correctly. Example:
ip route add 172.16.10/24 nexthop via 192.168.122.12 dev eth0 \
nexthop via 192.168.122.13 dev eth0
ip route del 172.16.10/24 nexthop via 192.168.122.14 dev eth0 \
nexthop via 192.168.122.15 dev eth0
Del command is successful and route is removed. After this patch
applied, the route is correctly matched and result is:
RTNETLINK answers: No such process
Please consider this for stable trees as well.
Fixes: 4e902c57417c4 ("[IPv4]: FIB configuration using struct fib_config")
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/fib_semantics.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -535,7 +535,7 @@ int fib_nh_match(struct fib_config *cfg,
return 1;
attrlen = rtnh_attrlen(rtnh);
- if (attrlen < 0) {
+ if (attrlen > 0) {
struct nlattr *nla, *attrs = rtnh_attrs(rtnh);
nla = nla_find(attrs, attrlen, RTA_GATEWAY);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 005/319] vxlan: fix a use after free in vxlan_encap_bypass
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 004/319] ipv4: fix nexthop attlen check in fib_nh_match Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 006/319] vxlan: using pskb_may_pull as early as possible Greg Kroah-Hartman
` (298 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Li RongQing, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li RongQing <roy.qing.li@gmail.com>
[ Upstream commit ce6502a8f9572179f044a4d62667c4645256d6e4 ]
when netif_rx() is done, the netif_rx handled skb maybe be freed,
and should not be used.
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/vxlan.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1717,6 +1717,8 @@ static void vxlan_encap_bypass(struct sk
struct pcpu_sw_netstats *tx_stats, *rx_stats;
union vxlan_addr loopback;
union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip;
+ struct net_device *dev = skb->dev;
+ int len = skb->len;
tx_stats = this_cpu_ptr(src_vxlan->dev->tstats);
rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats);
@@ -1740,16 +1742,16 @@ static void vxlan_encap_bypass(struct sk
u64_stats_update_begin(&tx_stats->syncp);
tx_stats->tx_packets++;
- tx_stats->tx_bytes += skb->len;
+ tx_stats->tx_bytes += len;
u64_stats_update_end(&tx_stats->syncp);
if (netif_rx(skb) == NET_RX_SUCCESS) {
u64_stats_update_begin(&rx_stats->syncp);
rx_stats->rx_packets++;
- rx_stats->rx_bytes += skb->len;
+ rx_stats->rx_bytes += len;
u64_stats_update_end(&rx_stats->syncp);
} else {
- skb->dev->stats.rx_dropped++;
+ dev->stats.rx_dropped++;
}
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 006/319] vxlan: using pskb_may_pull as early as possible
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 005/319] vxlan: fix a use after free in vxlan_encap_bypass Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 007/319] vxlan: fix a free after use Greg Kroah-Hartman
` (297 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cong Wang, Li RongQing, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li RongQing <roy.qing.li@gmail.com>
[ Upstream commit 91269e390d062b526432f2ef1352b8df82e0e0bc ]
pskb_may_pull should be used to check if skb->data has enough space,
skb->len can not ensure that.
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/vxlan.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1440,9 +1440,6 @@ static int neigh_reduce(struct net_devic
if (!in6_dev)
goto out;
- if (!pskb_may_pull(skb, skb->len))
- goto out;
-
iphdr = ipv6_hdr(skb);
saddr = &iphdr->saddr;
daddr = &iphdr->daddr;
@@ -1929,7 +1926,8 @@ static netdev_tx_t vxlan_xmit(struct sk_
return arp_reduce(dev, skb);
#if IS_ENABLED(CONFIG_IPV6)
else if (ntohs(eth->h_proto) == ETH_P_IPV6 &&
- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) &&
+ pskb_may_pull(skb, sizeof(struct ipv6hdr)
+ + sizeof(struct nd_msg)) &&
ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
struct nd_msg *msg;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 007/319] vxlan: fix a free after use
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 006/319] vxlan: using pskb_may_pull as early as possible Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 008/319] ipv4: dst_entry leak in ip_send_unicast_reply() Greg Kroah-Hartman
` (296 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Li RongQing, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li RongQing <roy.qing.li@gmail.com>
[ Upstream commit 7a9f526fc3ee49b6034af2f243676ee0a27dcaa8 ]
pskb_may_pull maybe change skb->data and make eth pointer oboslete,
so eth needs to reload
Fixes: 91269e390d062 ("vxlan: using pskb_may_pull as early as possible")
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/vxlan.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1936,6 +1936,7 @@ static netdev_tx_t vxlan_xmit(struct sk_
msg->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION)
return neigh_reduce(dev, skb);
}
+ eth = eth_hdr(skb);
#endif
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 008/319] ipv4: dst_entry leak in ip_send_unicast_reply()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 007/319] vxlan: fix a free after use Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 009/319] ipv4: fix a potential use after free in ip_tunnel_core.c Greg Kroah-Hartman
` (295 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vasily Averin, Eric Dumazet, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vasily Averin <vvs@parallels.com>
[ Upstream commit 4062090e3e5caaf55bed4523a69f26c3265cc1d2 ]
ip_setup_cork() called inside ip_append_data() steals dst entry from rt to cork
and in case errors in __ip_append_data() nobody frees stolen dst entry
Fixes: 2e77d89b2fa8 ("net: avoid a pair of dst_hold()/dst_release() in ip_append_data()")
Signed-off-by: Vasily Averin <vvs@parallels.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_output.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1533,6 +1533,7 @@ void ip_send_unicast_reply(struct net *n
struct sk_buff *nskb;
struct sock *sk;
struct inet_sock *inet;
+ int err;
if (ip_options_echo(&replyopts.opt.opt, skb))
return;
@@ -1572,8 +1573,13 @@ void ip_send_unicast_reply(struct net *n
sock_net_set(sk, net);
__skb_queue_head_init(&sk->sk_write_queue);
sk->sk_sndbuf = sysctl_wmem_default;
- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0,
- &ipc, &rt, MSG_DONTWAIT);
+ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base,
+ len, 0, &ipc, &rt, MSG_DONTWAIT);
+ if (unlikely(err)) {
+ ip_flush_pending_frames(sk);
+ goto out;
+ }
+
nskb = skb_peek(&sk->sk_write_queue);
if (nskb) {
if (arg->csumoffset >= 0)
@@ -1585,7 +1591,7 @@ void ip_send_unicast_reply(struct net *n
skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
ip_push_pending_frames(sk, &fl4);
}
-
+out:
put_cpu_var(unicast_sock);
ip_rt_put(rt);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 009/319] ipv4: fix a potential use after free in ip_tunnel_core.c
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 008/319] ipv4: dst_entry leak in ip_send_unicast_reply() Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 010/319] tipc: fix bug in bundled buffer reception Greg Kroah-Hartman
` (294 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pravin B Shelar, Li RongQing,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li RongQing <roy.qing.li@gmail.com>
[ Upstream commit 1245dfc8cadb258386fcd27df38215a0eccb1f17 ]
pskb_may_pull() maybe change skb->data and make eth pointer oboslete,
so set eth after pskb_may_pull()
Fixes:3d7b46cd("ip_tunnel: push generic protocol handling to ip_tunnel module")
Cc: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_tunnel_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff
skb_pull_rcsum(skb, hdr_len);
if (inner_proto == htons(ETH_P_TEB)) {
- struct ethhdr *eh = (struct ethhdr *)skb->data;
+ struct ethhdr *eh;
if (unlikely(!pskb_may_pull(skb, ETH_HLEN)))
return -ENOMEM;
+ eh = (struct ethhdr *)skb->data;
if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN))
skb->protocol = eh->h_proto;
else
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 010/319] tipc: fix bug in bundled buffer reception
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 009/319] ipv4: fix a potential use after free in ip_tunnel_core.c Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 011/319] ax88179_178a: fix bonding failure Greg Kroah-Hartman
` (293 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jon Maloy, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jon Paul Maloy <jon.maloy@ericsson.com>
[ Upstream commit 643566d4b47e2956110e79c0e6f65db9b9ea42c6 ]
In commit ec8a2e5621db2da24badb3969eda7fd359e1869f ("tipc: same receive
code path for connection protocol and data messages") we omitted the
the possiblilty that an arriving message extracted from a bundle buffer
may be a multicast message. Such messages need to be to be delivered to
the socket via a separate function, tipc_sk_mcast_rcv(). As a result,
small multicast messages arriving as members of a bundle buffer will be
silently dropped.
This commit corrects the error by considering this case in the function
tipc_link_bundle_rcv().
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tipc/link.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1936,7 +1936,12 @@ void tipc_link_bundle_rcv(struct sk_buff
}
omsg = buf_msg(obuf);
pos += align(msg_size(omsg));
- if (msg_isdata(omsg) || (msg_user(omsg) == CONN_MANAGER)) {
+ if (msg_isdata(omsg)) {
+ if (unlikely(msg_type(omsg) == TIPC_MCAST_MSG))
+ tipc_sk_mcast_rcv(obuf);
+ else
+ tipc_sk_rcv(obuf);
+ } else if (msg_user(omsg) == CONN_MANAGER) {
tipc_sk_rcv(obuf);
} else if (msg_user(omsg) == NAME_DISTRIBUTOR) {
tipc_named_rcv(obuf);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 011/319] ax88179_178a: fix bonding failure
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 010/319] tipc: fix bug in bundled buffer reception Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 012/319] netlink: Re-add locking to netlink_lookup() and seq walker Greg Kroah-Hartman
` (292 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ian Morgan, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Morgan <imorgan@primordial.ca>
[ Upstream commit 95ff88688781db2f64042e69bd499e518bbb36e5 ]
The following patch fixes a bug which causes the ax88179_178a driver to be
incapable of being added to a bond.
When I brought up the issue with the bonding maintainers, they indicated
that the real problem was with the NIC driver which must return zero for
success (of setting the MAC address). I see that several other NIC drivers
follow that pattern by either simply always returing zero, or by passing
through a negative (error) result while rewriting any positive return code
to zero. With that same philisophy applied to the ax88179_178a driver, it
allows it to work correctly with the bonding driver.
I believe this is suitable for queuing in -stable, as it's a small, simple,
and obvious fix that corrects a defect with no other known workaround.
This patch is against vanilla 3.17(.0).
Signed-off-by: Ian Morgan <imorgan@primordial.ca>
drivers/net/usb/ax88179_178a.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/ax88179_178a.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/net/usb/ax88179_178a.c
+++ b/drivers/net/usb/ax88179_178a.c
@@ -937,6 +937,7 @@ static int ax88179_set_mac_addr(struct n
{
struct usbnet *dev = netdev_priv(net);
struct sockaddr *addr = p;
+ int ret;
if (netif_running(net))
return -EBUSY;
@@ -946,8 +947,12 @@ static int ax88179_set_mac_addr(struct n
memcpy(net->dev_addr, addr->sa_data, ETH_ALEN);
/* Set the MAC address */
- return ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_NODE_ID, ETH_ALEN,
+ ret = ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_NODE_ID, ETH_ALEN,
ETH_ALEN, net->dev_addr);
+ if (ret < 0)
+ return ret;
+
+ return 0;
}
static const struct net_device_ops ax88179_netdev_ops = {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 012/319] netlink: Re-add locking to netlink_lookup() and seq walker
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 011/319] ax88179_178a: fix bonding failure Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 013/319] net: tso: fix unaligned access to crafted TCP header in helper API Greg Kroah-Hartman
` (291 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David S. Miller, Eric Dumazet,
Steinar H. Gunderson, Thomas Graf
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Graf <tgraf@suug.ch>
[ Upstream commit 78fd1d0ab072d4d9b5f0b7c14a1516665170b565 ]
The synchronize_rcu() in netlink_release() introduces unacceptable
latency. Reintroduce minimal lookup so we can drop the
synchronize_rcu() until socket destruction has been RCUfied.
Cc: David S. Miller <davem@davemloft.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Reported-by: Steinar H. Gunderson <sgunderson@bigfoot.com>
Reported-and-tested-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netlink/af_netlink.c | 37 +++++++++++++++++++++++++------------
1 file changed, 25 insertions(+), 12 deletions(-)
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -96,6 +96,14 @@ static DECLARE_WAIT_QUEUE_HEAD(nl_table_
static int netlink_dump(struct sock *sk);
static void netlink_skb_destructor(struct sk_buff *skb);
+/* nl_table locking explained:
+ * Lookup and traversal are protected with nl_sk_hash_lock or nl_table_lock
+ * combined with an RCU read-side lock. Insertion and removal are protected
+ * with nl_sk_hash_lock while using RCU list modification primitives and may
+ * run in parallel to nl_table_lock protected lookups. Destruction of the
+ * Netlink socket may only occur *after* nl_table_lock has been acquired
+ * either during or after the socket has been removed from the list.
+ */
DEFINE_RWLOCK(nl_table_lock);
EXPORT_SYMBOL_GPL(nl_table_lock);
static atomic_t nl_table_users = ATOMIC_INIT(0);
@@ -109,10 +117,10 @@ EXPORT_SYMBOL_GPL(nl_sk_hash_lock);
static int lockdep_nl_sk_hash_is_held(void)
{
#ifdef CONFIG_LOCKDEP
- return (debug_locks) ? lockdep_is_held(&nl_sk_hash_lock) : 1;
-#else
- return 1;
+ if (debug_locks)
+ return lockdep_is_held(&nl_sk_hash_lock) || lockdep_is_held(&nl_table_lock);
#endif
+ return 1;
}
static ATOMIC_NOTIFIER_HEAD(netlink_chain);
@@ -1028,11 +1036,13 @@ static struct sock *netlink_lookup(struc
struct netlink_table *table = &nl_table[protocol];
struct sock *sk;
+ read_lock(&nl_table_lock);
rcu_read_lock();
sk = __netlink_lookup(table, portid, net);
if (sk)
sock_hold(sk);
rcu_read_unlock();
+ read_unlock(&nl_table_lock);
return sk;
}
@@ -1257,9 +1267,6 @@ static int netlink_release(struct socket
}
netlink_table_ungrab();
- /* Wait for readers to complete */
- synchronize_net();
-
kfree(nlk->groups);
nlk->groups = NULL;
@@ -1281,6 +1288,7 @@ static int netlink_autobind(struct socke
retry:
cond_resched();
+ netlink_table_grab();
rcu_read_lock();
if (__netlink_lookup(table, portid, net)) {
/* Bind collision, search negative portid values. */
@@ -1288,9 +1296,11 @@ retry:
if (rover > -4097)
rover = -4097;
rcu_read_unlock();
+ netlink_table_ungrab();
goto retry;
}
rcu_read_unlock();
+ netlink_table_ungrab();
err = netlink_insert(sk, net, portid);
if (err == -EADDRINUSE)
@@ -2921,14 +2931,16 @@ static struct sock *netlink_seq_socket_i
}
static void *netlink_seq_start(struct seq_file *seq, loff_t *pos)
- __acquires(RCU)
+ __acquires(nl_table_lock) __acquires(RCU)
{
+ read_lock(&nl_table_lock);
rcu_read_lock();
return *pos ? netlink_seq_socket_idx(seq, *pos - 1) : SEQ_START_TOKEN;
}
static void *netlink_seq_next(struct seq_file *seq, void *v, loff_t *pos)
{
+ struct rhashtable *ht;
struct netlink_sock *nlk;
struct nl_seq_iter *iter;
struct net *net;
@@ -2943,19 +2955,19 @@ static void *netlink_seq_next(struct seq
iter = seq->private;
nlk = v;
- rht_for_each_entry_rcu(nlk, nlk->node.next, node)
+ i = iter->link;
+ ht = &nl_table[i].hash;
+ rht_for_each_entry(nlk, nlk->node.next, ht, node)
if (net_eq(sock_net((struct sock *)nlk), net))
return nlk;
- i = iter->link;
j = iter->hash_idx + 1;
do {
- struct rhashtable *ht = &nl_table[i].hash;
const struct bucket_table *tbl = rht_dereference_rcu(ht->tbl, ht);
for (; j < tbl->size; j++) {
- rht_for_each_entry_rcu(nlk, tbl->buckets[j], node) {
+ rht_for_each_entry(nlk, tbl->buckets[j], ht, node) {
if (net_eq(sock_net((struct sock *)nlk), net)) {
iter->link = i;
iter->hash_idx = j;
@@ -2971,9 +2983,10 @@ static void *netlink_seq_next(struct seq
}
static void netlink_seq_stop(struct seq_file *seq, void *v)
- __releases(RCU)
+ __releases(RCU) __releases(nl_table_lock)
{
rcu_read_unlock();
+ read_unlock(&nl_table_lock);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 013/319] net: tso: fix unaligned access to crafted TCP header in helper API
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 012/319] netlink: Re-add locking to netlink_lookup() and seq walker Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 014/319] net: fix saving TX flow hash in sock for outgoing connections Greg Kroah-Hartman
` (290 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Karl Beldan, Ezequiel Garcia,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karl Beldan <karl.beldan@rivierawaves.com>
[ Upstream commit a63ba13eec092b70d4e5522d692eaeb2f9747387 ]
The crafted header start address is from a driver supplied buffer, which
one can reasonably expect to be aligned on a 4-bytes boundary.
However ATM the TSO helper API is only used by ethernet drivers and
the tcp header will then be aligned to a 2-bytes only boundary from the
header start address.
Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
Cc: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/tso.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/core/tso.c
+++ b/net/core/tso.c
@@ -1,6 +1,7 @@
#include <linux/export.h>
#include <net/ip.h>
#include <net/tso.h>
+#include <asm/unaligned.h>
/* Calculate expected number of TX descriptors */
int tso_count_descs(struct sk_buff *skb)
@@ -23,7 +24,7 @@ void tso_build_hdr(struct sk_buff *skb,
iph->id = htons(tso->ip_id);
iph->tot_len = htons(size + hdr_len - mac_hdr_len);
tcph = (struct tcphdr *)(hdr + skb_transport_offset(skb));
- tcph->seq = htonl(tso->tcp_seq);
+ put_unaligned_be32(tso->tcp_seq, &tcph->seq);
tso->ip_id++;
if (!is_last) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 014/319] net: fix saving TX flow hash in sock for outgoing connections
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 013/319] net: tso: fix unaligned access to crafted TCP header in helper API Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 015/319] hyperv: Fix the total_data_buflen in send path Greg Kroah-Hartman
` (289 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sathya Perla, Eric Dumazet, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sathya Perla <sathya.perla@emulex.com>
[ Upstream commit 9e7ceb060754f134231f68cb29d5db31419fe1ed ]
The commit "net: Save TX flow hash in sock and set in skbuf on xmit"
introduced the inet_set_txhash() and ip6_set_txhash() routines to calculate
and record flow hash(sk_txhash) in the socket structure. sk_txhash is used
to set skb->hash which is used to spread flows across multiple TXQs.
But, the above routines are invoked before the source port of the connection
is created. Because of this all outgoing connections that just differ in the
source port get hashed into the same TXQ.
This patch fixes this problem for IPv4/6 by invoking the the above routines
after the source port is available for the socket.
Fixes: b73c3d0e4("net: Save TX flow hash in sock and set in skbuf on xmit")
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_ipv4.c | 4 ++--
net/ipv6/tcp_ipv6.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -208,8 +208,6 @@ int tcp_v4_connect(struct sock *sk, stru
inet->inet_dport = usin->sin_port;
inet->inet_daddr = daddr;
- inet_set_txhash(sk);
-
inet_csk(sk)->icsk_ext_hdr_len = 0;
if (inet_opt)
inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
@@ -226,6 +224,8 @@ int tcp_v4_connect(struct sock *sk, stru
if (err)
goto failure;
+ inet_set_txhash(sk);
+
rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
inet->inet_sport, inet->inet_dport, sk);
if (IS_ERR(rt)) {
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -198,8 +198,6 @@ static int tcp_v6_connect(struct sock *s
sk->sk_v6_daddr = usin->sin6_addr;
np->flow_label = fl6.flowlabel;
- ip6_set_txhash(sk);
-
/*
* TCP over IPv4
*/
@@ -295,6 +293,8 @@ static int tcp_v6_connect(struct sock *s
if (err)
goto late_failure;
+ ip6_set_txhash(sk);
+
if (!tp->write_seq && likely(!tp->repair))
tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
sk->sk_v6_daddr.s6_addr32,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 015/319] hyperv: Fix the total_data_buflen in send path
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 014/319] net: fix saving TX flow hash in sock for outgoing connections Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 016/319] tcp: md5: do not use alloc_percpu() Greg Kroah-Hartman
` (288 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haiyang Zhang, K. Y. Srinivasan,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Haiyang Zhang <haiyangz@microsoft.com>
[ Upstream commit 942396b01989d54977120f3625e5ba31afe7a75c ]
total_data_buflen is used by netvsc_send() to decide if a packet can be put
into send buffer. It should also include the size of RNDIS message before the
Ethernet frame. Otherwise, a messge with total size bigger than send_section_size
may be copied into the send buffer, and cause data corruption.
[Request to include this patch to the Stable branches]
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc_drv.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -556,6 +556,7 @@ do_lso:
do_send:
/* Start filling in the page buffers with the rndis hdr */
rndis_msg->msg_len += rndis_msg_size;
+ packet->total_data_buflen = rndis_msg->msg_len;
packet->page_buf_cnt = init_page_array(rndis_msg, rndis_msg_size,
skb, &packet->page_buf[0]);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 016/319] tcp: md5: do not use alloc_percpu()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 015/319] hyperv: Fix the total_data_buflen in send path Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 017/319] macvlan: fix a race on port dismantle and possible skb leaks Greg Kroah-Hartman
` (287 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Crestez Dan Leonard,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 349ce993ac706869d553a1816426d3a4bfda02b1 ]
percpu tcp_md5sig_pool contains memory blobs that ultimately
go through sg_set_buf().
-> sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
This requires that whole area is in a physically contiguous portion
of memory. And that @buf is not backed by vmalloc().
Given that alloc_percpu() can use vmalloc() areas, this does not
fit the requirements.
Replace alloc_percpu() by a static DEFINE_PER_CPU() as tcp_md5sig_pool
is small anyway, there is no gain to dynamically allocate it.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: 765cf9976e93 ("tcp: md5: remove one indirection level in tcp_md5sig_pool")
Reported-by: Crestez Dan Leonard <cdleonard@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp.c | 59 +++++++++++++++++++--------------------------------------
1 file changed, 20 insertions(+), 39 deletions(-)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2985,61 +2985,42 @@ EXPORT_SYMBOL(compat_tcp_getsockopt);
#endif
#ifdef CONFIG_TCP_MD5SIG
-static struct tcp_md5sig_pool __percpu *tcp_md5sig_pool __read_mostly;
+static DEFINE_PER_CPU(struct tcp_md5sig_pool, tcp_md5sig_pool);
static DEFINE_MUTEX(tcp_md5sig_mutex);
-
-static void __tcp_free_md5sig_pool(struct tcp_md5sig_pool __percpu *pool)
-{
- int cpu;
-
- for_each_possible_cpu(cpu) {
- struct tcp_md5sig_pool *p = per_cpu_ptr(pool, cpu);
-
- if (p->md5_desc.tfm)
- crypto_free_hash(p->md5_desc.tfm);
- }
- free_percpu(pool);
-}
+static bool tcp_md5sig_pool_populated = false;
static void __tcp_alloc_md5sig_pool(void)
{
int cpu;
- struct tcp_md5sig_pool __percpu *pool;
-
- pool = alloc_percpu(struct tcp_md5sig_pool);
- if (!pool)
- return;
for_each_possible_cpu(cpu) {
- struct crypto_hash *hash;
+ if (!per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm) {
+ struct crypto_hash *hash;
- hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR_OR_NULL(hash))
- goto out_free;
-
- per_cpu_ptr(pool, cpu)->md5_desc.tfm = hash;
+ hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR_OR_NULL(hash))
+ return;
+ per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm = hash;
+ }
}
- /* before setting tcp_md5sig_pool, we must commit all writes
- * to memory. See ACCESS_ONCE() in tcp_get_md5sig_pool()
+ /* before setting tcp_md5sig_pool_populated, we must commit all writes
+ * to memory. See smp_rmb() in tcp_get_md5sig_pool()
*/
smp_wmb();
- tcp_md5sig_pool = pool;
- return;
-out_free:
- __tcp_free_md5sig_pool(pool);
+ tcp_md5sig_pool_populated = true;
}
bool tcp_alloc_md5sig_pool(void)
{
- if (unlikely(!tcp_md5sig_pool)) {
+ if (unlikely(!tcp_md5sig_pool_populated)) {
mutex_lock(&tcp_md5sig_mutex);
- if (!tcp_md5sig_pool)
+ if (!tcp_md5sig_pool_populated)
__tcp_alloc_md5sig_pool();
mutex_unlock(&tcp_md5sig_mutex);
}
- return tcp_md5sig_pool != NULL;
+ return tcp_md5sig_pool_populated;
}
EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
@@ -3053,13 +3034,13 @@ EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
*/
struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
{
- struct tcp_md5sig_pool __percpu *p;
-
local_bh_disable();
- p = ACCESS_ONCE(tcp_md5sig_pool);
- if (p)
- return __this_cpu_ptr(p);
+ if (tcp_md5sig_pool_populated) {
+ /* coupled with smp_wmb() in __tcp_alloc_md5sig_pool() */
+ smp_rmb();
+ return this_cpu_ptr(&tcp_md5sig_pool);
+ }
local_bh_enable();
return NULL;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 017/319] macvlan: fix a race on port dismantle and possible skb leaks
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 016/319] tcp: md5: do not use alloc_percpu() Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 018/319] cxgb4 : Fix missing initialization of win0_lock Greg Kroah-Hartman
` (286 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Herbert Xu, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit fe0ca7328d03d36aafecebb3af650e1bb2841c20 ]
We need to cancel the work queue after rcu grace period,
otherwise it can be rescheduled by incoming packets.
We need to purge queue if some skbs are still in it.
We can use __skb_queue_head_init() variant in
macvlan_process_broadcast()
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: 412ca1550cbec ("macvlan: Move broadcasts into a work queue")
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macvlan.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -201,7 +201,7 @@ static void macvlan_process_broadcast(st
struct sk_buff *skb;
struct sk_buff_head list;
- skb_queue_head_init(&list);
+ __skb_queue_head_init(&list);
spin_lock_bh(&port->bc_queue.lock);
skb_queue_splice_tail_init(&port->bc_queue, &list);
@@ -941,9 +941,15 @@ static void macvlan_port_destroy(struct
{
struct macvlan_port *port = macvlan_port_get_rtnl(dev);
- cancel_work_sync(&port->bc_work);
dev->priv_flags &= ~IFF_MACVLAN_PORT;
netdev_rx_handler_unregister(dev);
+
+ /* After this point, no packet can schedule bc_work anymore,
+ * but we need to cancel it and purge left skbs if any.
+ */
+ cancel_work_sync(&port->bc_work);
+ __skb_queue_purge(&port->bc_queue);
+
kfree_rcu(port, rcu);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 018/319] cxgb4 : Fix missing initialization of win0_lock
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 017/319] macvlan: fix a race on port dismantle and possible skb leaks Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 019/319] ipv4: Do not cache routing failures due to disabled forwarding Greg Kroah-Hartman
` (285 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anish Bhatt, Casey Leedom, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anish Bhatt <anish@chelsio.com>
[ Upstream commit e327c225c911529898ec300cb96d2088893de3df ]
win0_lock was being used un-initialized, resulting in warning traces
being seen when lock debugging is enabled (and just wrong)
Fixes : fc5ab0209650 ('cxgb4: Replaced the backdoor mechanism to access the HW
memory with PCIe Window method')
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Signed-off-by: Casey Leedom <leedom@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6557,6 +6557,7 @@ static int init_one(struct pci_dev *pdev
spin_lock_init(&adapter->stats_lock);
spin_lock_init(&adapter->tid_release_lock);
+ spin_lock_init(&adapter->win0_lock);
INIT_WORK(&adapter->tid_release_task, process_tid_release_list);
INIT_WORK(&adapter->db_full_task, process_db_full);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 019/319] ipv4: Do not cache routing failures due to disabled forwarding.
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 018/319] cxgb4 : Fix missing initialization of win0_lock Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 020/319] net/mlx4_en: Dont attempt to TX offload the outer UDP checksum for VXLAN Greg Kroah-Hartman
` (284 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Cavallari, Julian Anastasov,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
[ Upstream commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58 ]
If we cache them, the kernel will reuse them, independently of
whether forwarding is enabled or not. Which means that if forwarding is
disabled on the input interface where the first routing request comes
from, then that unreachable result will be cached and reused for
other interfaces, even if forwarding is enabled on them. The opposite
is also true.
This can be verified with two interfaces A and B and an output interface
C, where B has forwarding enabled, but not A and trying
ip route get $dst iif A from $src && ip route get $dst iif B from $src
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Reviewed-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/route.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1798,6 +1798,7 @@ local_input:
no_route:
RT_CACHE_STAT_INC(in_no_route);
res.type = RTN_UNREACHABLE;
+ res.fi = NULL;
goto local_input;
/*
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 020/319] net/mlx4_en: Dont attempt to TX offload the outer UDP checksum for VXLAN
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 019/319] ipv4: Do not cache routing failures due to disabled forwarding Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 021/319] mlx4: Avoid leaking steering rules on flow creation error flow Greg Kroah-Hartman
` (283 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Or Gerlitz, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Or Gerlitz <ogerlitz@mellanox.com>
[ Upstream commit a4f2dacbf2a5045e34b98a35d9a3857800f25a7b ]
For VXLAN/NVGRE encapsulation, the current HW doesn't support offloading
both the outer UDP TX checksum and the inner TCP/UDP TX checksum.
The driver doesn't advertize SKB_GSO_UDP_TUNNEL_CSUM, however we are wrongly
telling the HW to offload the outer UDP checksum for encapsulated packets,
fix that.
Fixes: 837052d0ccc5 ('net/mlx4_en: Add netdev support for TCP/IP
offloads of vxlan tunneling')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx4/en_tx.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
@@ -808,8 +808,11 @@ netdev_tx_t mlx4_en_xmit(struct sk_buff
tx_desc->ctrl.fence_size = (real_size / 16) & 0x3f;
tx_desc->ctrl.srcrb_flags = priv->ctrl_flags;
if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
- tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM |
- MLX4_WQE_CTRL_TCP_UDP_CSUM);
+ if (!skb->encapsulation)
+ tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM |
+ MLX4_WQE_CTRL_TCP_UDP_CSUM);
+ else
+ tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM);
ring->tx_csum++;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 021/319] mlx4: Avoid leaking steering rules on flow creation error flow
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 020/319] net/mlx4_en: Dont attempt to TX offload the outer UDP checksum for VXLAN Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 022/319] gre: Use inner mac length when computing tunnel length Greg Kroah-Hartman
` (282 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Or Gerlitz, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Or Gerlitz <ogerlitz@mellanox.com>
[ Upstream commit 571e1b2c7a4c2fd5faa1648462a6b65fa26530d7 ]
If mlx4_ib_create_flow() attempts to create > 1 rules with the
firmware, and one of these registrations fail, we leaked the
already created flow rules.
One example of the leak is when the registration of the VXLAN ghost
steering rule fails, we didn't unregister the original rule requested
by the user, introduced in commit d2fce8a9060d "mlx4: Set
user-space raw Ethernet QPs to properly handle VXLAN traffic".
While here, add dump of the VXLAN portion of steering rules
so it can actually be seen when flow creation fails.
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx4/main.c | 10 ++++++++--
drivers/net/ethernet/mellanox/mlx4/mcg.c | 4 ++++
2 files changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -1173,18 +1173,24 @@ static struct ib_flow *mlx4_ib_create_fl
err = __mlx4_ib_create_flow(qp, flow_attr, domain, type[i],
&mflow->reg_id[i]);
if (err)
- goto err_free;
+ goto err_create_flow;
i++;
}
if (i < ARRAY_SIZE(type) && flow_attr->type == IB_FLOW_ATTR_NORMAL) {
err = mlx4_ib_tunnel_steer_add(qp, flow_attr, &mflow->reg_id[i]);
if (err)
- goto err_free;
+ goto err_create_flow;
+ i++;
}
return &mflow->ibflow;
+err_create_flow:
+ while (i) {
+ (void)__mlx4_ib_destroy_flow(to_mdev(qp->device)->dev, mflow->reg_id[i]);
+ i--;
+ }
err_free:
kfree(mflow);
return ERR_PTR(err);
--- a/drivers/net/ethernet/mellanox/mlx4/mcg.c
+++ b/drivers/net/ethernet/mellanox/mlx4/mcg.c
@@ -955,6 +955,10 @@ static void mlx4_err_rule(struct mlx4_de
cur->ib.dst_gid_msk);
break;
+ case MLX4_NET_TRANS_RULE_ID_VXLAN:
+ len += snprintf(buf + len, BUF_SIZE - len,
+ "VNID = %d ", be32_to_cpu(cur->vxlan.vni));
+ break;
case MLX4_NET_TRANS_RULE_ID_IPV6:
break;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 022/319] gre: Use inner mac length when computing tunnel length
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 021/319] mlx4: Avoid leaking steering rules on flow creation error flow Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio Greg Kroah-Hartman
` (281 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Herbert, Alexander Duyck,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tom Herbert <therbert@google.com>
[ Upstream commit 14051f0452a2c26a3f4791e6ad6a435e8f1945ff ]
Currently, skb_inner_network_header is used but this does not account
for Ethernet header for ETH_P_TEB. Use skb_inner_mac_header which
handles TEB and also should work with IP encapsulation in which case
inner mac and inner network headers are the same.
Tested: Ran TCP_STREAM over GRE, worked as expected.
Signed-off-by: Tom Herbert <therbert@google.com>
Acked-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/gre_offload.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/gre_offload.c
+++ b/net/ipv4/gre_offload.c
@@ -51,7 +51,7 @@ static struct sk_buff *gre_gso_segment(s
greh = (struct gre_base_hdr *)skb_transport_header(skb);
- ghl = skb_inner_network_header(skb) - skb_transport_header(skb);
+ ghl = skb_inner_mac_header(skb) - skb_transport_header(skb);
if (unlikely(ghl < sizeof(*greh)))
goto out;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 022/319] gre: Use inner mac length when computing tunnel length Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 21:03 ` Ben Hutchings
2014-11-12 1:12 ` [PATCH 3.17 024/319] drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets Greg Kroah-Hartman
` (280 subsequent siblings)
303 siblings, 1 reply; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Hutchings, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
[ Upstream commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 ]
IPv6 does not allow fragmentation by routers, so there is no
fragmentation ID in the fixed header. UFO for IPv6 requires the ID to
be passed separately, but there is no provision for this in the virtio
net protocol.
Until recently our software implementation of UFO/IPv6 generated a new
ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet
passed through a tap, which is even worse.
Unfortunately there is no distinction between UFO/IPv4 and v6
features, so disable UFO on taps and virtio_net completely until we
have a proper solution.
We cannot depend on VM managers respecting the tap feature flags, so
keep accepting UFO packets but log a warning the first time we do
this.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macvtap.c | 13 +++++--------
drivers/net/tun.c | 19 +++++++++++--------
drivers/net/virtio_net.c | 24 ++++++++++++++----------
3 files changed, 30 insertions(+), 26 deletions(-)
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -65,7 +65,7 @@ static struct cdev macvtap_cdev;
static const struct proto_ops macvtap_socket_ops;
#define TUN_OFFLOADS (NETIF_F_HW_CSUM | NETIF_F_TSO_ECN | NETIF_F_TSO | \
- NETIF_F_TSO6 | NETIF_F_UFO)
+ NETIF_F_TSO6)
#define RX_OFFLOADS (NETIF_F_GRO | NETIF_F_LRO)
#define TAP_FEATURES (NETIF_F_GSO | NETIF_F_SG)
@@ -569,6 +569,8 @@ static int macvtap_skb_from_vnet_hdr(str
gso_type = SKB_GSO_TCPV6;
break;
case VIRTIO_NET_HDR_GSO_UDP:
+ pr_warn_once("macvtap: %s: using disabled UFO feature; please fix this program\n",
+ current->comm);
gso_type = SKB_GSO_UDP;
break;
default:
@@ -614,8 +616,6 @@ static void macvtap_skb_to_vnet_hdr(cons
vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
else if (sinfo->gso_type & SKB_GSO_TCPV6)
vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
- else if (sinfo->gso_type & SKB_GSO_UDP)
- vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_UDP;
else
BUG();
if (sinfo->gso_type & SKB_GSO_TCP_ECN)
@@ -950,9 +950,6 @@ static int set_offload(struct macvtap_qu
if (arg & TUN_F_TSO6)
feature_mask |= NETIF_F_TSO6;
}
-
- if (arg & TUN_F_UFO)
- feature_mask |= NETIF_F_UFO;
}
/* tun/tap driver inverts the usage for TSO offloads, where
@@ -963,7 +960,7 @@ static int set_offload(struct macvtap_qu
* When user space turns off TSO, we turn off GSO/LRO so that
* user-space will not receive TSO frames.
*/
- if (feature_mask & (NETIF_F_TSO | NETIF_F_TSO6 | NETIF_F_UFO))
+ if (feature_mask & (NETIF_F_TSO | NETIF_F_TSO6))
features |= RX_OFFLOADS;
else
features &= ~RX_OFFLOADS;
@@ -1064,7 +1061,7 @@ static long macvtap_ioctl(struct file *f
case TUNSETOFFLOAD:
/* let the user check for future flags */
if (arg & ~(TUN_F_CSUM | TUN_F_TSO4 | TUN_F_TSO6 |
- TUN_F_TSO_ECN | TUN_F_UFO))
+ TUN_F_TSO_ECN))
return -EINVAL;
rtnl_lock();
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -174,7 +174,7 @@ struct tun_struct {
struct net_device *dev;
netdev_features_t set_features;
#define TUN_USER_FEATURES (NETIF_F_HW_CSUM|NETIF_F_TSO_ECN|NETIF_F_TSO| \
- NETIF_F_TSO6|NETIF_F_UFO)
+ NETIF_F_TSO6)
int vnet_hdr_sz;
int sndbuf;
@@ -1149,8 +1149,18 @@ static ssize_t tun_get_user(struct tun_s
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
break;
case VIRTIO_NET_HDR_GSO_UDP:
+ {
+ static bool warned;
+
+ if (!warned) {
+ warned = true;
+ netdev_warn(tun->dev,
+ "%s: using disabled UFO feature; please fix this program\n",
+ current->comm);
+ }
skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
break;
+ }
default:
tun->dev->stats.rx_frame_errors++;
kfree_skb(skb);
@@ -1251,8 +1261,6 @@ static ssize_t tun_put_user(struct tun_s
gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
else if (sinfo->gso_type & SKB_GSO_TCPV6)
gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
- else if (sinfo->gso_type & SKB_GSO_UDP)
- gso.gso_type = VIRTIO_NET_HDR_GSO_UDP;
else {
pr_err("unexpected GSO type: "
"0x%x, gso_size %d, hdr_len %d\n",
@@ -1762,11 +1770,6 @@ static int set_offload(struct tun_struct
features |= NETIF_F_TSO6;
arg &= ~(TUN_F_TSO4|TUN_F_TSO6);
}
-
- if (arg & TUN_F_UFO) {
- features |= NETIF_F_UFO;
- arg &= ~TUN_F_UFO;
- }
}
/* This gives the user a way to test for new features in future by
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -497,8 +497,17 @@ static void receive_buf(struct receive_q
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
break;
case VIRTIO_NET_HDR_GSO_UDP:
+ {
+ static bool warned;
+
+ if (!warned) {
+ warned = true;
+ netdev_warn(dev,
+ "host using disabled UFO feature; please fix it\n");
+ }
skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
break;
+ }
case VIRTIO_NET_HDR_GSO_TCPV6:
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
break;
@@ -885,8 +894,6 @@ static int xmit_skb(struct send_queue *s
hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)
hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
- else if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP)
- hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP;
else
BUG();
if (skb_shinfo(skb)->gso_type & SKB_GSO_TCP_ECN)
@@ -1710,7 +1717,7 @@ static int virtnet_probe(struct virtio_d
dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) {
- dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO
+ dev->hw_features |= NETIF_F_TSO
| NETIF_F_TSO_ECN | NETIF_F_TSO6;
}
/* Individual feature bits: what can host handle? */
@@ -1720,11 +1727,9 @@ static int virtnet_probe(struct virtio_d
dev->hw_features |= NETIF_F_TSO6;
if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_ECN))
dev->hw_features |= NETIF_F_TSO_ECN;
- if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UFO))
- dev->hw_features |= NETIF_F_UFO;
if (gso)
- dev->features |= dev->hw_features & (NETIF_F_ALL_TSO|NETIF_F_UFO);
+ dev->features |= dev->hw_features & NETIF_F_ALL_TSO;
/* (!csum && gso) case will be fixed by register_netdev() */
}
if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM))
@@ -1764,8 +1769,7 @@ static int virtnet_probe(struct virtio_d
/* If we can receive ANY GSO packets, we must allocate large ones. */
if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) ||
virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO6) ||
- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN) ||
- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UFO))
+ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN))
vi->big_packets = true;
if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF))
@@ -1965,9 +1969,9 @@ static struct virtio_device_id id_table[
static unsigned int features[] = {
VIRTIO_NET_F_CSUM, VIRTIO_NET_F_GUEST_CSUM,
VIRTIO_NET_F_GSO, VIRTIO_NET_F_MAC,
- VIRTIO_NET_F_HOST_TSO4, VIRTIO_NET_F_HOST_UFO, VIRTIO_NET_F_HOST_TSO6,
+ VIRTIO_NET_F_HOST_TSO4, VIRTIO_NET_F_HOST_TSO6,
VIRTIO_NET_F_HOST_ECN, VIRTIO_NET_F_GUEST_TSO4, VIRTIO_NET_F_GUEST_TSO6,
- VIRTIO_NET_F_GUEST_ECN, VIRTIO_NET_F_GUEST_UFO,
+ VIRTIO_NET_F_GUEST_ECN,
VIRTIO_NET_F_MRG_RXBUF, VIRTIO_NET_F_STATUS, VIRTIO_NET_F_CTRL_VQ,
VIRTIO_NET_F_CTRL_RX, VIRTIO_NET_F_CTRL_VLAN,
VIRTIO_NET_F_GUEST_ANNOUNCE, VIRTIO_NET_F_MQ,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 024/319] drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 025/319] drivers/net: macvtap and tun depend on INET Greg Kroah-Hartman
` (279 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Hutchings, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
[ Upstream commit 5188cd44c55db3e92cd9e77a40b5baa7ed4340f7 ]
UFO is now disabled on all drivers that work with virtio net headers,
but userland may try to send UFO/IPv6 packets anyway. Instead of
sending with ID=0, we should select identifiers on their behalf (as we
used to).
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macvtap.c | 3 +++
drivers/net/tun.c | 6 +++++-
include/net/ipv6.h | 2 ++
net/ipv6/output_core.c | 34 ++++++++++++++++++++++++++++++++++
4 files changed, 44 insertions(+), 1 deletion(-)
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -16,6 +16,7 @@
#include <linux/idr.h>
#include <linux/fs.h>
+#include <net/ipv6.h>
#include <net/net_namespace.h>
#include <net/rtnetlink.h>
#include <net/sock.h>
@@ -572,6 +573,8 @@ static int macvtap_skb_from_vnet_hdr(str
pr_warn_once("macvtap: %s: using disabled UFO feature; please fix this program\n",
current->comm);
gso_type = SKB_GSO_UDP;
+ if (skb->protocol == htons(ETH_P_IPV6))
+ ipv6_proxy_select_ident(skb);
break;
default:
return -EINVAL;
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -65,6 +65,7 @@
#include <linux/nsproxy.h>
#include <linux/virtio_net.h>
#include <linux/rcupdate.h>
+#include <net/ipv6.h>
#include <net/net_namespace.h>
#include <net/netns/generic.h>
#include <net/rtnetlink.h>
@@ -1139,6 +1140,8 @@ static ssize_t tun_get_user(struct tun_s
break;
}
+ skb_reset_network_header(skb);
+
if (gso.gso_type != VIRTIO_NET_HDR_GSO_NONE) {
pr_debug("GSO!\n");
switch (gso.gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {
@@ -1159,6 +1162,8 @@ static ssize_t tun_get_user(struct tun_s
current->comm);
}
skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
+ if (skb->protocol == htons(ETH_P_IPV6))
+ ipv6_proxy_select_ident(skb);
break;
}
default:
@@ -1189,7 +1194,6 @@ static ssize_t tun_get_user(struct tun_s
skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
}
- skb_reset_network_header(skb);
skb_probe_transport_header(skb, 0);
rxhash = skb_get_hash(skb);
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -669,6 +669,8 @@ static inline int ipv6_addr_diff(const s
return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
}
+void ipv6_proxy_select_ident(struct sk_buff *skb);
+
int ip6_dst_hoplimit(struct dst_entry *dst);
static inline int ip6_sk_dst_hoplimit(struct ipv6_pinfo *np, struct flowi6 *fl6,
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -3,11 +3,45 @@
* not configured or static. These functions are needed by GSO/GRO implementation.
*/
#include <linux/export.h>
+#include <net/ip.h>
#include <net/ipv6.h>
#include <net/ip6_fib.h>
#include <net/addrconf.h>
#include <net/secure_seq.h>
+/* This function exists only for tap drivers that must support broken
+ * clients requesting UFO without specifying an IPv6 fragment ID.
+ *
+ * This is similar to ipv6_select_ident() but we use an independent hash
+ * seed to limit information leakage.
+ *
+ * The network header must be set before calling this.
+ */
+void ipv6_proxy_select_ident(struct sk_buff *skb)
+{
+ static u32 ip6_proxy_idents_hashrnd __read_mostly;
+ struct in6_addr buf[2];
+ struct in6_addr *addrs;
+ u32 hash, id;
+
+ addrs = skb_header_pointer(skb,
+ skb_network_offset(skb) +
+ offsetof(struct ipv6hdr, saddr),
+ sizeof(buf), buf);
+ if (!addrs)
+ return;
+
+ net_get_random_once(&ip6_proxy_idents_hashrnd,
+ sizeof(ip6_proxy_idents_hashrnd));
+
+ hash = __ipv6_addr_jhash(&addrs[1], ip6_proxy_idents_hashrnd);
+ hash = __ipv6_addr_jhash(&addrs[0], hash);
+
+ id = ip_idents_reserve(hash, 1);
+ skb_shinfo(skb)->ip6_frag_id = htonl(id);
+}
+EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
+
int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
{
u16 offset = sizeof(struct ipv6hdr);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 025/319] drivers/net: macvtap and tun depend on INET
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 024/319] drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 026/319] stmmac: pci: set default of the filter bins Greg Kroah-Hartman
` (278 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Ben Hutchings,
David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
[ Upstream commit de11b0e8c569b96c2cf6a811e3805b7aeef498a3 ]
These drivers now call ipv6_proxy_select_ident(), which is defined
only if CONFIG_INET is enabled. However, they have really depended
on CONFIG_INET for as long as they have allowed sending GSO packets
from userland.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
Fixes: b9fb9ee07e67 ("macvtap: add GSO/csum offload support")
Fixes: 5188cd44c55d ("drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/Kconfig | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -135,6 +135,7 @@ config MACVLAN
config MACVTAP
tristate "MAC-VLAN based tap driver"
depends on MACVLAN
+ depends on INET
help
This adds a specialized tap character device driver that is based
on the MAC-VLAN network interface, called macvtap. A macvtap device
@@ -201,6 +202,7 @@ config RIONET_RX_SIZE
config TUN
tristate "Universal TUN/TAP device driver support"
+ depends on INET
select CRC32
---help---
TUN/TAP provides packet reception and transmission for user space
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 026/319] stmmac: pci: set default of the filter bins
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 025/319] drivers/net: macvtap and tun depend on INET Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 027/319] lockd: Try to reconnect if statd has moved Greg Kroah-Hartman
` (277 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, David S. Miller
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 1e19e084eae727654052339757ab7f1eaff58bad ]
The commit 3b57de958e2a brought the support for a different amount of the
filter bins, but didn't update the PCI driver accordingly. This patch appends
the default values when the device is enumerated via PCI bus.
Fixes: 3b57de958e2a (net: stmmac: Support devicetree configs for mcast and ucast filter entries)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
@@ -33,6 +33,7 @@ static struct stmmac_dma_cfg dma_cfg;
static void stmmac_default_data(void)
{
memset(&plat_dat, 0, sizeof(struct plat_stmmacenet_data));
+
plat_dat.bus_id = 1;
plat_dat.phy_addr = 0;
plat_dat.interface = PHY_INTERFACE_MODE_GMII;
@@ -47,6 +48,12 @@ static void stmmac_default_data(void)
dma_cfg.pbl = 32;
dma_cfg.burst_len = DMA_AXI_BLEN_256;
plat_dat.dma_cfg = &dma_cfg;
+
+ /* Set default value for multicast hash bins */
+ plat_dat.multicast_filter_bins = HASH_TABLE_SIZE;
+
+ /* Set default value for unicast filter entries */
+ plat_dat.unicast_filter_entries = 1;
}
/**
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 027/319] lockd: Try to reconnect if statd has moved
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 026/319] stmmac: pci: set default of the filter bins Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 028/319] SUNRPC: Dont wake tasks during connection abort Greg Kroah-Hartman
` (276 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Coddington, Trond Myklebust
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
commit 173b3afceebe76fa2205b2c8808682d5b541fe3c upstream.
If rpc.statd is restarted, upcalls to monitor hosts can fail with
ECONNREFUSED. In that case force a lookup of statd's new port and retry the
upcall.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/lockd/mon.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/lockd/mon.c
+++ b/fs/lockd/mon.c
@@ -159,6 +159,12 @@ static int nsm_mon_unmon(struct nsm_hand
msg.rpc_proc = &clnt->cl_procinfo[proc];
status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN);
+ if (status == -ECONNREFUSED) {
+ dprintk("lockd: NSM upcall RPC failed, status=%d, forcing rebind\n",
+ status);
+ rpc_force_rebind(clnt);
+ status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN);
+ }
if (status < 0)
dprintk("lockd: NSM upcall RPC failed, status=%d\n",
status);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 028/319] SUNRPC: Dont wake tasks during connection abort
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 027/319] lockd: Try to reconnect if statd has moved Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 029/319] SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT Greg Kroah-Hartman
` (275 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Coddington, Trond Myklebust
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
commit a743419f420a64d442280845c0377a915b76644f upstream.
When aborting a connection to preserve source ports, don't wake the task in
xs_error_report. This allows tasks with RPC_TASK_SOFTCONN to succeed if the
connection needs to be re-established since it preserves the task's status
instead of setting it to the status of the aborting kernel_connect().
This may also avoid a potential conflict on the socket's lock.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/sunrpc/xprt.h | 1 +
net/sunrpc/xprtsock.c | 4 ++++
2 files changed, 5 insertions(+)
--- a/include/linux/sunrpc/xprt.h
+++ b/include/linux/sunrpc/xprt.h
@@ -357,6 +357,7 @@ int xs_swapper(struct rpc_xprt *xprt,
#define XPRT_CONNECTION_ABORT (7)
#define XPRT_CONNECTION_CLOSE (8)
#define XPRT_CONGESTED (9)
+#define XPRT_CONNECTION_REUSE (10)
static inline void xprt_set_connected(struct rpc_xprt *xprt)
{
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -845,6 +845,8 @@ static void xs_error_report(struct sock
dprintk("RPC: xs_error_report client %p, error=%d...\n",
xprt, -err);
trace_rpc_socket_error(xprt, sk->sk_socket, err);
+ if (test_bit(XPRT_CONNECTION_REUSE, &xprt->state))
+ goto out;
xprt_wake_pending_tasks(xprt, err);
out:
read_unlock_bh(&sk->sk_callback_lock);
@@ -2245,7 +2247,9 @@ static void xs_tcp_setup_socket(struct w
abort_and_exit = test_and_clear_bit(XPRT_CONNECTION_ABORT,
&xprt->state);
/* "close" the socket, preserving the local port */
+ set_bit(XPRT_CONNECTION_REUSE, &xprt->state);
xs_tcp_reuse_connection(transport);
+ clear_bit(XPRT_CONNECTION_REUSE, &xprt->state);
if (abort_and_exit)
goto out_eagain;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 029/319] SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 028/319] SUNRPC: Dont wake tasks during connection abort Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 030/319] Revert "percpu: free percpu allocation info for uniprocessor system" Greg Kroah-Hartman
` (274 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trond.myklebust@primarydata.com>
commit 2aca5b869ace67a63aab895659e5dc14c33a4d6e upstream.
The flag RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT was intended introduced in
order to allow NFSv4 clients to disable resend timeouts. Since those
cause the RPC layer to break the connection, they mess up the duplicate
reply caches that remain indexed on the port number in NFSv4..
This patch includes the code that was missing in the original to
set the appropriate flag in struct rpc_clnt, when the caller of
rpc_create() sets RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT.
Fixes: 8a19a0b6cb2e (SUNRPC: Add RPC task and client level options to...)
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/clnt.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -461,6 +461,8 @@ struct rpc_clnt *rpc_create_xprt(struct
if (args->flags & RPC_CLNT_CREATE_AUTOBIND)
clnt->cl_autobind = 1;
+ if (args->flags & RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT)
+ clnt->cl_noretranstimeo = 1;
if (args->flags & RPC_CLNT_CREATE_DISCRTRY)
clnt->cl_discrtry = 1;
if (!(args->flags & RPC_CLNT_CREATE_QUIET))
@@ -579,6 +581,7 @@ static struct rpc_clnt *__rpc_clone_clie
/* Turn off autobind on clones */
new->cl_autobind = 0;
new->cl_softrtry = clnt->cl_softrtry;
+ new->cl_noretranstimeo = clnt->cl_noretranstimeo;
new->cl_discrtry = clnt->cl_discrtry;
new->cl_chatty = clnt->cl_chatty;
return new;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 030/319] Revert "percpu: free percpu allocation info for uniprocessor system"
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 029/319] SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 031/319] pata_serverworks: disable 64-KB DMA transfers on Broadcom OSB4 IDE Controller Greg Kroah-Hartman
` (273 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tejun Heo, Honggang Li, Guenter Roeck
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
commit bb2e226b3bef596dd56be97df655d857b4603923 upstream.
This reverts commit 3189eddbcafc ("percpu: free percpu allocation info for
uniprocessor system").
The commit causes a hang with a crisv32 image. This may be an architecture
problem, but at least for now the revert is necessary to be able to boot a
crisv32 image.
Cc: Tejun Heo <tj@kernel.org>
Cc: Honggang Li <enjoymindful@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes: 3189eddbcafc ("percpu: free percpu allocation info for uniprocessor system")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/percpu.c | 2 --
1 file changed, 2 deletions(-)
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -1932,8 +1932,6 @@ void __init setup_per_cpu_areas(void)
if (pcpu_setup_first_chunk(ai, fc) < 0)
panic("Failed to initialize percpu areas.");
-
- pcpu_free_alloc_info(ai);
}
#endif /* CONFIG_SMP */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 031/319] pata_serverworks: disable 64-KB DMA transfers on Broadcom OSB4 IDE Controller
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 030/319] Revert "percpu: free percpu allocation info for uniprocessor system" Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 032/319] libata-sff: Fix controllers with no ctl port Greg Kroah-Hartman
` (272 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Scott Carter, Tejun Heo
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Scott Carter <ccscott@funsoft.com>
commit 37017ac6849e772e67dd187ba2fbd056c4afa533 upstream.
The Broadcom OSB4 IDE Controller (vendor and device IDs: 1166:0211)
does not support 64-KB DMA transfers.
Whenever a 64-KB DMA transfer is attempted,
the transfer fails and messages similar to the following
are written to the console log:
[ 2431.851125] sr 0:0:0:0: [sr0] Unhandled sense code
[ 2431.851139] sr 0:0:0:0: [sr0] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 2431.851152] sr 0:0:0:0: [sr0] Sense Key : Hardware Error [current]
[ 2431.851166] sr 0:0:0:0: [sr0] Add. Sense: Logical unit communication time-out
[ 2431.851182] sr 0:0:0:0: [sr0] CDB: Read(10): 28 00 00 00 76 f4 00 00 40 00
[ 2431.851210] end_request: I/O error, dev sr0, sector 121808
When the libata and pata_serverworks modules
are recompiled with ATA_DEBUG and ATA_VERBOSE_DEBUG defined in libata.h,
the 64-KB transfer size in the scatter-gather list can be seen
in the console log:
[ 2664.897267] sr 9:0:0:0: [sr0] Send:
[ 2664.897274] 0xf63d85e0
[ 2664.897283] sr 9:0:0:0: [sr0] CDB:
[ 2664.897288] Read(10): 28 00 00 00 7f b4 00 00 40 00
[ 2664.897319] buffer = 0xf6d6fbc0, bufflen = 131072, queuecommand 0xf81b7700
[ 2664.897331] ata_scsi_dump_cdb: CDB (1:0,0,0) 28 00 00 00 7f b4 00 00 40
[ 2664.897338] ata_scsi_translate: ENTER
[ 2664.897345] ata_sg_setup: ENTER, ata1
[ 2664.897356] ata_sg_setup: 3 sg elements mapped
[ 2664.897364] ata_bmdma_fill_sg: PRD[0] = (0x66FD2000, 0xE000)
[ 2664.897371] ata_bmdma_fill_sg: PRD[1] = (0x65000000, 0x10000)
------------------------------------------------------> =======
[ 2664.897378] ata_bmdma_fill_sg: PRD[2] = (0x66A10000, 0x2000)
[ 2664.897386] ata1: ata_dev_select: ENTER, device 0, wait 1
[ 2664.897422] ata_sff_tf_load: feat 0x1 nsect 0x0 lba 0x0 0x0 0xFC
[ 2664.897428] ata_sff_tf_load: device 0xA0
[ 2664.897448] ata_sff_exec_command: ata1: cmd 0xA0
[ 2664.897457] ata_scsi_translate: EXIT
[ 2664.897462] leaving scsi_dispatch_cmnd()
[ 2664.897497] Doing sr request, dev = sr0, block = 0
[ 2664.897507] sr0 : reading 64/256 512 byte blocks.
[ 2664.897553] ata_sff_hsm_move: ata1: protocol 7 task_state 1 (dev_stat 0x58)
[ 2664.897560] atapi_send_cdb: send cdb
[ 2666.910058] ata_bmdma_port_intr: ata1: host_stat 0x64
[ 2666.910079] __ata_sff_port_intr: ata1: protocol 7 task_state 3
[ 2666.910093] ata_sff_hsm_move: ata1: protocol 7 task_state 3 (dev_stat 0x51)
[ 2666.910101] ata_sff_hsm_move: ata1: protocol 7 task_state 4 (dev_stat 0x51)
[ 2666.910129] sr 9:0:0:0: [sr0] Done:
[ 2666.910136] 0xf63d85e0 TIMEOUT
lspci shows that the driver used for the Broadcom OSB4 IDE Controller is
pata_serverworks:
00:0f.1 IDE interface: Broadcom OSB4 IDE Controller (prog-if 8e [Master SecP SecO PriP])
Flags: bus master, medium devsel, latency 64
[virtual] Memory at 000001f0 (32-bit, non-prefetchable) [size=8]
[virtual] Memory at 000003f0 (type 3, non-prefetchable) [size=1]
I/O ports at 0170 [size=8]
I/O ports at 0374 [size=4]
I/O ports at 1440 [size=16]
Kernel driver in use: pata_serverworks
The pata_serverworks driver supports five distinct device IDs,
one being the OSB4 and the other four belonging to the CSB series.
The CSB series appears to support 64-KB DMA transfers,
as tests on a machine with an SAI2 motherboard
containing a Broadcom CSB5 IDE Controller (vendor and device IDs: 1166:0212)
showed no problems with 64-KB DMA transfers.
This problem was first discovered when attempting to install openSUSE
from a DVD on a machine with an STL2 motherboard.
Using the pata_serverworks module,
older releases of openSUSE will not install at all due to the timeouts.
Releases of openSUSE prior to 11.3 can be installed by disabling
the pata_serverworks module using the brokenmodules boot parameter,
which causes the serverworks module to be used instead.
Recent releases of openSUSE (12.2 and later) include better error recovery and
will install, though very slowly.
On all openSUSE releases, the problem can be recreated
on a machine containing a Broadcom OSB4 IDE Controller
by mounting an install DVD and running a command similar to the following:
find /mnt -type f -print | xargs cat > /dev/null
The patch below corrects the problem.
Similar to the other ATA drivers that do not support 64-KB DMA transfers,
the patch changes the ata_port_operations qc_prep vector to point to a routine
that breaks any 64-KB segment into two 32-KB segments and
changes the scsi_host_template sg_tablesize element to reduce by half
the number of scatter/gather elements allowed.
These two changes affect only the OSB4.
Signed-off-by: Scott Carter <ccscott@funsoft.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/pata_serverworks.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/drivers/ata/pata_serverworks.c
+++ b/drivers/ata/pata_serverworks.c
@@ -251,12 +251,18 @@ static void serverworks_set_dmamode(stru
pci_write_config_byte(pdev, 0x54, ultra_cfg);
}
-static struct scsi_host_template serverworks_sht = {
+static struct scsi_host_template serverworks_osb4_sht = {
+ ATA_BMDMA_SHT(DRV_NAME),
+ .sg_tablesize = LIBATA_DUMB_MAX_PRD,
+};
+
+static struct scsi_host_template serverworks_csb_sht = {
ATA_BMDMA_SHT(DRV_NAME),
};
static struct ata_port_operations serverworks_osb4_port_ops = {
.inherits = &ata_bmdma_port_ops,
+ .qc_prep = ata_bmdma_dumb_qc_prep,
.cable_detect = serverworks_cable_detect,
.mode_filter = serverworks_osb4_filter,
.set_piomode = serverworks_set_piomode,
@@ -265,6 +271,7 @@ static struct ata_port_operations server
static struct ata_port_operations serverworks_csb_port_ops = {
.inherits = &serverworks_osb4_port_ops,
+ .qc_prep = ata_bmdma_qc_prep,
.mode_filter = serverworks_csb_filter,
};
@@ -404,6 +411,7 @@ static int serverworks_init_one(struct p
}
};
const struct ata_port_info *ppi[] = { &info[id->driver_data], NULL };
+ struct scsi_host_template *sht = &serverworks_csb_sht;
int rc;
rc = pcim_enable_device(pdev);
@@ -417,6 +425,7 @@ static int serverworks_init_one(struct p
/* Select non UDMA capable OSB4 if we can't do fixups */
if (rc < 0)
ppi[0] = &info[1];
+ sht = &serverworks_osb4_sht;
}
/* setup CSB5/CSB6 : South Bridge and IDE option RAID */
else if ((pdev->device == PCI_DEVICE_ID_SERVERWORKS_CSB5IDE) ||
@@ -433,7 +442,7 @@ static int serverworks_init_one(struct p
ppi[1] = &ata_dummy_port_info;
}
- return ata_pci_bmdma_init_one(pdev, ppi, &serverworks_sht, NULL, 0);
+ return ata_pci_bmdma_init_one(pdev, ppi, sht, NULL, 0);
}
#ifdef CONFIG_PM_SLEEP
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 032/319] libata-sff: Fix controllers with no ctl port
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 031/319] pata_serverworks: disable 64-KB DMA transfers on Broadcom OSB4 IDE Controller Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 033/319] ASoC: core: fix use after free in snd_soc_remove_platform() Greg Kroah-Hartman
` (271 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ondrej Zary, Tejun Heo
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ondrej Zary <linux@rainbow-software.org>
commit 6d8ca28fa688a9354bc9fbc935bdaeb3651b6677 upstream.
Currently, ata_sff_softreset is skipped for controllers with no ctl port.
But that also skips ata_sff_dev_classify required for device detection.
This means that libata is currently broken on controllers with no ctl port.
No device connected:
[ 1.872480] pata_isapnp 01:01.02: activated
[ 1.889823] scsi2 : pata_isapnp
[ 1.890109] ata3: PATA max PIO0 cmd 0x1e8 ctl 0x0 irq 11
[ 6.888110] ata3.01: qc timeout (cmd 0xec)
[ 6.888179] ata3.01: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 16.888085] ata3.01: qc timeout (cmd 0xec)
[ 16.888147] ata3.01: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 46.888086] ata3.01: qc timeout (cmd 0xec)
[ 46.888148] ata3.01: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 51.888100] ata3.00: qc timeout (cmd 0xec)
[ 51.888160] ata3.00: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 61.888079] ata3.00: qc timeout (cmd 0xec)
[ 61.888141] ata3.00: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 91.888089] ata3.00: qc timeout (cmd 0xec)
[ 91.888152] ata3.00: failed to IDENTIFY (I/O error, err_mask=0x5)
ATAPI device connected:
[ 1.882061] pata_isapnp 01:01.02: activated
[ 1.893430] scsi2 : pata_isapnp
[ 1.893719] ata3: PATA max PIO0 cmd 0x1e8 ctl 0x0 irq 11
[ 6.892107] ata3.01: qc timeout (cmd 0xec)
[ 6.892171] ata3.01: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 16.892079] ata3.01: qc timeout (cmd 0xec)
[ 16.892138] ata3.01: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 46.892079] ata3.01: qc timeout (cmd 0xec)
[ 46.892138] ata3.01: failed to IDENTIFY (I/O error, err_mask=0x5)
[ 46.908586] ata3.00: ATAPI: ACER CD-767E/O, V1.5X, max PIO2, CDB intr
[ 46.924570] ata3.00: configured for PIO0 (device error ignored)
[ 46.926295] scsi 2:0:0:0: CD-ROM ACER CD-767E/O 1.5X PQ: 0 ANSI: 5
[ 46.984519] sr0: scsi3-mmc drive: 6x/6x xa/form2 tray
[ 46.984592] cdrom: Uniform CD-ROM driver Revision: 3.20
So don't skip ata_sff_softreset, just skip the reset part of ata_bus_softreset
if the ctl port is not available.
This makes IDE port on ES968 behave correctly:
No device connected:
[ 4.670888] pata_isapnp 01:01.02: activated
[ 4.673207] scsi host2: pata_isapnp
[ 4.673675] ata3: PATA max PIO0 cmd 0x1e8 ctl 0x0 irq 11
[ 7.081840] Adding 2541652k swap on /dev/sda2. Priority:-1 extents:1 across:2541652k
ATAPI device connected:
[ 4.704362] pata_isapnp 01:01.02: activated
[ 4.706620] scsi host2: pata_isapnp
[ 4.706877] ata3: PATA max PIO0 cmd 0x1e8 ctl 0x0 irq 11
[ 4.872782] ata3.00: ATAPI: ACER CD-767E/O, V1.5X, max PIO2, CDB intr
[ 4.888673] ata3.00: configured for PIO0 (device error ignored)
[ 4.893984] scsi 2:0:0:0: CD-ROM ACER CD-767E/O 1.5X PQ: 0 ANSI: 5
[ 7.015578] Adding 2541652k swap on /dev/sda2. Priority:-1 extents:1 across:2541652k
Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-sff.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
--- a/drivers/ata/libata-sff.c
+++ b/drivers/ata/libata-sff.c
@@ -2008,13 +2008,15 @@ static int ata_bus_softreset(struct ata_
DPRINTK("ata%u: bus reset via SRST\n", ap->print_id);
- /* software reset. causes dev0 to be selected */
- iowrite8(ap->ctl, ioaddr->ctl_addr);
- udelay(20); /* FIXME: flush */
- iowrite8(ap->ctl | ATA_SRST, ioaddr->ctl_addr);
- udelay(20); /* FIXME: flush */
- iowrite8(ap->ctl, ioaddr->ctl_addr);
- ap->last_ctl = ap->ctl;
+ if (ap->ioaddr.ctl_addr) {
+ /* software reset. causes dev0 to be selected */
+ iowrite8(ap->ctl, ioaddr->ctl_addr);
+ udelay(20); /* FIXME: flush */
+ iowrite8(ap->ctl | ATA_SRST, ioaddr->ctl_addr);
+ udelay(20); /* FIXME: flush */
+ iowrite8(ap->ctl, ioaddr->ctl_addr);
+ ap->last_ctl = ap->ctl;
+ }
/* wait the port to become ready */
return ata_sff_wait_after_reset(&ap->link, devmask, deadline);
@@ -2215,10 +2217,6 @@ void ata_sff_error_handler(struct ata_po
spin_unlock_irqrestore(ap->lock, flags);
- /* ignore ata_sff_softreset if ctl isn't accessible */
- if (softreset == ata_sff_softreset && !ap->ioaddr.ctl_addr)
- softreset = NULL;
-
/* ignore built-in hardresets if SCR access is not available */
if ((hardreset == sata_std_hardreset ||
hardreset == sata_sff_hardreset) && !sata_scr_valid(&ap->link))
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 033/319] ASoC: core: fix use after free in snd_soc_remove_platform()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 032/319] libata-sff: Fix controllers with no ctl port Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 034/319] ASoC: soc-dapm: fix use after free Greg Kroah-Hartman
` (270 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Mack, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Mack <daniel@zonque.org>
commit decc27b01d584c985c231e73d3b493de6ec07af8 upstream.
Coverity spotted an use-after-free condition in snd_soc_remove_platform().
Fix this by moving snd_soc_component_cleanup() after the debug print
statement which uses the component's string.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/soc-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -4315,10 +4315,10 @@ void snd_soc_remove_platform(struct snd_
snd_soc_component_del_unlocked(&platform->component);
mutex_unlock(&client_mutex);
- snd_soc_component_cleanup(&platform->component);
-
dev_dbg(platform->dev, "ASoC: Unregistered platform '%s'\n",
platform->component.name);
+
+ snd_soc_component_cleanup(&platform->component);
}
EXPORT_SYMBOL_GPL(snd_soc_remove_platform);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 034/319] ASoC: soc-dapm: fix use after free
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 033/319] ASoC: core: fix use after free in snd_soc_remove_platform() Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 035/319] ASoC: soc-pcm: fix sig_bits determination in soc_pcm_apply_msb() Greg Kroah-Hartman
` (269 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Mack, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Mack <daniel@zonque.org>
commit e5092c96c9c28f4d12811edcd02ca8eec16e748e upstream.
Coverity spotted the following possible use-after-free condition in
dapm_create_or_share_mixmux_kcontrol():
If kcontrol is NULL, and (wname_in_long_name && kcname_in_long_name)
validates to true, 'name' will be set to an allocated string, and be
freed a few lines later via the 'long_name' alias. 'name', however,
is used by dev_err() in case snd_ctl_add() fails.
Fix this by adding a jump label that frees 'long_name' at the end of
the function.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/soc-dapm.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -591,9 +591,9 @@ static int dapm_create_or_share_mixmux_k
int shared;
struct snd_kcontrol *kcontrol;
bool wname_in_long_name, kcname_in_long_name;
- char *long_name;
+ char *long_name = NULL;
const char *name;
- int ret;
+ int ret = 0;
prefix = soc_dapm_prefix(dapm);
if (prefix)
@@ -652,15 +652,17 @@ static int dapm_create_or_share_mixmux_k
kcontrol = snd_soc_cnew(&w->kcontrol_news[kci], NULL, name,
prefix);
- kfree(long_name);
- if (!kcontrol)
- return -ENOMEM;
+ if (!kcontrol) {
+ ret = -ENOMEM;
+ goto exit_free;
+ }
+
kcontrol->private_free = dapm_kcontrol_free;
ret = dapm_kcontrol_data_alloc(w, kcontrol);
if (ret) {
snd_ctl_free_one(kcontrol);
- return ret;
+ goto exit_free;
}
ret = snd_ctl_add(card, kcontrol);
@@ -668,17 +670,18 @@ static int dapm_create_or_share_mixmux_k
dev_err(dapm->dev,
"ASoC: failed to add widget %s dapm kcontrol %s: %d\n",
w->name, name, ret);
- return ret;
+ goto exit_free;
}
}
ret = dapm_kcontrol_add_widget(kcontrol, w);
- if (ret)
- return ret;
+ if (ret == 0)
+ w->kcontrols[kci] = kcontrol;
- w->kcontrols[kci] = kcontrol;
+exit_free:
+ kfree(long_name);
- return 0;
+ return ret;
}
/* create new dapm mixer control */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 035/319] ASoC: soc-pcm: fix sig_bits determination in soc_pcm_apply_msb()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 034/319] ASoC: soc-dapm: fix use after free Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 036/319] ASoC: tlv320aic3x: fix PLL D configuration Greg Kroah-Hartman
` (268 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Mack, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Mack <daniel@zonque.org>
commit 5e63dfccf34d4dbf21429c4919f33c028ff49991 upstream.
In the SNDRV_PCM_STREAM_CAPTURE branch in soc_pcm_apply_msb(), look at
sig_bits of the capture stream, not the playback one.
Spotted by coverity.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/soc-pcm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -352,7 +352,7 @@ static void soc_pcm_apply_msb(struct snd
} else {
for (i = 0; i < rtd->num_codecs; i++) {
codec_dai = rtd->codec_dais[i];
- if (codec_dai->driver->playback.sig_bits == 0) {
+ if (codec_dai->driver->capture.sig_bits == 0) {
bits = 0;
break;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 036/319] ASoC: tlv320aic3x: fix PLL D configuration
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 035/319] ASoC: soc-pcm: fix sig_bits determination in soc_pcm_apply_msb() Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 037/319] ASoC: Intel: HSW/BDW only support S16 and S24 formats Greg Kroah-Hartman
` (267 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Lavnikevich, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Lavnikevich <d.lavnikevich@sam-solutions.com>
commit 31d9f8faf9a54c851e835af489c82f45105a442f upstream.
Current caching implementation during regcache_sync() call bypasses
all register writes of values that are already known as default
(regmap reg_defaults). Same time in TLV320AIC3x codecs register 5
(AIC3X_PLL_PROGC_REG) write should be immediately followed by register
6 write (AIC3X_PLL_PROGD_REG) even if it was not changed. Otherwise
both registers will not be written.
This brings to issue that appears particulary in case of 44.1kHz
playback with 19.2MHz master clock. In this case AIC3X_PLL_PROGC_REG
is 0x6e while AIC3X_PLL_PROGD_REG is 0x0 (same as register
default). Thus AIC3X_PLL_PROGC_REG also remains not written and we get
wrong playback speed.
In this patch snd_soc_read() is used to get cached pll values and
snd_soc_write() (unlike regcache_sync() this function doesn't bypasses
hardware default values) to write them to registers.
Signed-off-by: Dmitry Lavnikevich <d.lavnikevich@sam-solutions.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/tlv320aic3x.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/sound/soc/codecs/tlv320aic3x.c
+++ b/sound/soc/codecs/tlv320aic3x.c
@@ -1121,6 +1121,7 @@ static int aic3x_regulator_event(struct
static int aic3x_set_power(struct snd_soc_codec *codec, int power)
{
struct aic3x_priv *aic3x = snd_soc_codec_get_drvdata(codec);
+ unsigned int pll_c, pll_d;
int ret;
if (power) {
@@ -1138,6 +1139,18 @@ static int aic3x_set_power(struct snd_so
/* Sync reg_cache with the hardware */
regcache_cache_only(aic3x->regmap, false);
regcache_sync(aic3x->regmap);
+
+ /* Rewrite paired PLL D registers in case cached sync skipped
+ * writing one of them and thus caused other one also not
+ * being written
+ */
+ pll_c = snd_soc_read(codec, AIC3X_PLL_PROGC_REG);
+ pll_d = snd_soc_read(codec, AIC3X_PLL_PROGD_REG);
+ if (pll_c == aic3x_reg[AIC3X_PLL_PROGC_REG].def ||
+ pll_d == aic3x_reg[AIC3X_PLL_PROGD_REG].def) {
+ snd_soc_write(codec, AIC3X_PLL_PROGC_REG, pll_c);
+ snd_soc_write(codec, AIC3X_PLL_PROGD_REG, pll_d);
+ }
} else {
/*
* Do soft reset to this codec instance in order to clear
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 037/319] ASoC: Intel: HSW/BDW only support S16 and S24 formats.
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 036/319] ASoC: tlv320aic3x: fix PLL D configuration Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 038/319] ASoC: adau1761: Fix input PGA volume Greg Kroah-Hartman
` (266 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liam Girdwood, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liam Girdwood <liam.r.girdwood@linux.intel.com>
commit 2ccf3bd4f8b120936cdfc796baf40c5d3dfab68d upstream.
Fix driver with correct formats.
Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/sst-haswell-pcm.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/sound/soc/intel/sst-haswell-pcm.c
+++ b/sound/soc/intel/sst-haswell-pcm.c
@@ -693,9 +693,7 @@ static int hsw_pcm_new(struct snd_soc_pc
}
#define HSW_FORMATS \
- (SNDRV_PCM_FMTBIT_S32_LE | SNDRV_PCM_FMTBIT_S24_LE | \
- SNDRV_PCM_FMTBIT_S20_3LE | SNDRV_PCM_FMTBIT_S16_LE |\
- SNDRV_PCM_FMTBIT_S8)
+ (SNDRV_PCM_FMTBIT_S24_LE | SNDRV_PCM_FMTBIT_S16_LE)
static struct snd_soc_dai_driver hsw_dais[] = {
{
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 038/319] ASoC: adau1761: Fix input PGA volume
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 037/319] ASoC: Intel: HSW/BDW only support S16 and S24 formats Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 039/319] mmc: core: sdio: Fix unconditional wake_up_process() on sdio thread Greg Kroah-Hartman
` (265 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 3b283f0893f55cb79e4507e5ec34e49c17d0a787 upstream.
For the input PGA to work correctly the ALC clock needs to be active.
Otherwise volume changes are not applied.
Fixes: dab464b60b2 ("ASoC: Add ADAU1361/ADAU1761 audio CODEC support")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/adau1761.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/soc/codecs/adau1761.c
+++ b/sound/soc/codecs/adau1761.c
@@ -405,6 +405,7 @@ static const struct snd_soc_dapm_widget
2, 0, NULL, 0),
SND_SOC_DAPM_SUPPLY("Slew Clock", ADAU1761_CLK_ENABLE0, 6, 0, NULL, 0),
+ SND_SOC_DAPM_SUPPLY("ALC Clock", ADAU1761_CLK_ENABLE0, 5, 0, NULL, 0),
SND_SOC_DAPM_SUPPLY_S("Digital Clock 0", 1, ADAU1761_CLK_ENABLE1,
0, 0, NULL, 0),
@@ -436,6 +437,9 @@ static const struct snd_soc_dapm_route a
{ "Right Playback Mixer", NULL, "Slew Clock" },
{ "Left Playback Mixer", NULL, "Slew Clock" },
+ { "Left Input Mixer", NULL, "ALC Clock" },
+ { "Right Input Mixer", NULL, "ALC Clock" },
+
{ "Digital Clock 0", NULL, "SYSCLK" },
{ "Digital Clock 1", NULL, "SYSCLK" },
};
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 039/319] mmc: core: sdio: Fix unconditional wake_up_process() on sdio thread
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 038/319] ASoC: adau1761: Fix input PGA volume Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 040/319] mmc: sdhci-pxav3: set_uhs_signaling is initialized twice differently Greg Kroah-Hartman
` (264 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jaehoon Chung, Chris Ball,
Fu Zhonghui, Ulf Hansson
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fu Zhonghui <zhonghui.fu@linux.intel.com>
commit dea67c4ec8218b301d7cac7ee6e63dac0bc566cb upstream.
781e989cf59 ("mmc: sdhci: convert to new SDIO IRQ handling") and
bf3b5ec66bd ("mmc: sdio_irq: rework sdio irq handling") disabled
the use of our own custom threaded IRQ handler, but left in an
unconditional wake_up_process() on that handler at resume-time.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=80151
In addition, the check for MMC_CAP_SDIO_IRQ capability is added
before enable sdio IRQ.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Chris Ball <chris@printf.net>
Signed-off-by: Fu Zhonghui <zhonghui.fu@linux.intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/sdio.c | 12 ++++++++++--
drivers/mmc/core/sdio_irq.c | 4 ++--
2 files changed, 12 insertions(+), 4 deletions(-)
--- a/drivers/mmc/core/sdio.c
+++ b/drivers/mmc/core/sdio.c
@@ -992,8 +992,16 @@ static int mmc_sdio_resume(struct mmc_ho
}
}
- if (!err && host->sdio_irqs)
- wake_up_process(host->sdio_irq_thread);
+ if (!err && host->sdio_irqs) {
+ if (!(host->caps2 & MMC_CAP2_SDIO_IRQ_NOTHREAD)) {
+ wake_up_process(host->sdio_irq_thread);
+ } else if (host->caps & MMC_CAP_SDIO_IRQ) {
+ mmc_host_clk_hold(host);
+ host->ops->enable_sdio_irq(host, 1);
+ mmc_host_clk_release(host);
+ }
+ }
+
mmc_release_host(host);
host->pm_flags &= ~MMC_PM_KEEP_POWER;
--- a/drivers/mmc/core/sdio_irq.c
+++ b/drivers/mmc/core/sdio_irq.c
@@ -208,7 +208,7 @@ static int sdio_card_irq_get(struct mmc_
host->sdio_irqs--;
return err;
}
- } else {
+ } else if (host->caps & MMC_CAP_SDIO_IRQ) {
mmc_host_clk_hold(host);
host->ops->enable_sdio_irq(host, 1);
mmc_host_clk_release(host);
@@ -229,7 +229,7 @@ static int sdio_card_irq_put(struct mmc_
if (!(host->caps2 & MMC_CAP2_SDIO_IRQ_NOTHREAD)) {
atomic_set(&host->sdio_irq_thread_abort, 1);
kthread_stop(host->sdio_irq_thread);
- } else {
+ } else if (host->caps & MMC_CAP_SDIO_IRQ) {
mmc_host_clk_hold(host);
host->ops->enable_sdio_irq(host, 0);
mmc_host_clk_release(host);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 040/319] mmc: sdhci-pxav3: set_uhs_signaling is initialized twice differently
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 039/319] mmc: core: sdio: Fix unconditional wake_up_process() on sdio thread Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 041/319] mmc: rtsx_usb_sdmmc: fix incorrect last byte in R2 response Greg Kroah-Hartman
` (263 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Peter Griffin, Ulf Hansson
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Griffin <peter.griffin@linaro.org>
commit b315376573778b195e640a163675fb9f5937ddca upstream.
.set_uhs_signaling field is currently initialised twice once to the
arch specific callback pxav3_set_uhs_signaling, and also to the generic
sdhci_set_uhs_signaling callback.
This means that uhs is currently broken for this platform currently, as pxav3
has some special constriants which means it can't use the generic callback.
This happened in
commit 96d7b78cfc2f ("mmc: sdhci: convert sdhci_set_uhs_signaling() into a library function")
commit a702c8abb2a9 ("mmc: host: split up sdhci-pxa, create sdhci-pxav3.c")'
Fix this and hopefully prevent it happening in the future by ensuring named
initialisers always follow the declaration order in the structure definition.
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pxav3.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/mmc/host/sdhci-pxav3.c
+++ b/drivers/mmc/host/sdhci-pxav3.c
@@ -224,12 +224,11 @@ static void pxav3_set_uhs_signaling(stru
static const struct sdhci_ops pxav3_sdhci_ops = {
.set_clock = sdhci_set_clock,
- .set_uhs_signaling = pxav3_set_uhs_signaling,
.platform_send_init_74_clocks = pxav3_gen_init_74_clocks,
.get_max_clock = sdhci_pltfm_clk_get_max_clock,
.set_bus_width = sdhci_set_bus_width,
.reset = pxav3_reset,
- .set_uhs_signaling = sdhci_set_uhs_signaling,
+ .set_uhs_signaling = pxav3_set_uhs_signaling,
};
static struct sdhci_pltfm_data sdhci_pxav3_pdata = {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 041/319] mmc: rtsx_usb_sdmmc: fix incorrect last byte in R2 response
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 040/319] mmc: sdhci-pxav3: set_uhs_signaling is initialized twice differently Greg Kroah-Hartman
@ 2014-11-12 1:12 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 042/319] mmc: dont request CD IRQ until mmc_start_host() Greg Kroah-Hartman
` (262 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roger Tseng, Ulf Hansson
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Tseng <rogerable@realtek.com>
commit 6f67cc6fd1cf339a0f19b9d4a998ec3c0123b1b6 upstream.
Current code erroneously fill the last byte of R2 response with an undefined
value. In addition, the controller actually 'offloads' the last byte
(CRC7, end bit) while receiving R2 response and thus it's impossible to get the
actual value. This could cause mmc stack to obtain inconsistent CID from the
same card after resume and misidentify it as a different card.
Fix by assigning dummy CRC and end bit: {7'b0, 1} = 0x1 to the last byte of R2.
Fixes: c7f6558d84af ("mmc: Add realtek USB sdmmc host driver")
Signed-off-by: Roger Tseng <rogerable@realtek.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/rtsx_usb_sdmmc.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/mmc/host/rtsx_usb_sdmmc.c
+++ b/drivers/mmc/host/rtsx_usb_sdmmc.c
@@ -435,6 +435,13 @@ static void sd_send_cmd_get_rsp(struct r
}
if (rsp_type == SD_RSP_TYPE_R2) {
+ /*
+ * The controller offloads the last byte {CRC-7, end bit 1'b1}
+ * of response type R2. Assign dummy CRC, 0, and end bit to the
+ * byte(ptr[16], goes into the LSB of resp[3] later).
+ */
+ ptr[16] = 1;
+
for (i = 0; i < 4; i++) {
cmd->resp[i] = get_unaligned_be32(ptr + 1 + i * 4);
dev_dbg(sdmmc_dev(host), "cmd->resp[%d] = 0x%08x\n",
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 042/319] mmc: dont request CD IRQ until mmc_start_host()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2014-11-12 1:12 ` [PATCH 3.17 041/319] mmc: rtsx_usb_sdmmc: fix incorrect last byte in R2 response Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 043/319] mmc: rtsx_pci_sdmmc: fix incorrect last byte in R2 response Greg Kroah-Hartman
` (261 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King, Adrian Hunter,
Alexandre Courbot, Linus Walleij, Stephen Warren, Ulf Hansson
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Warren <swarren@nvidia.com>
commit d4d11449088ee9aca16fd1884b852b8b73a4bda1 upstream.
As soon as the CD IRQ is requested, it can trigger, since it's an
externally controlled event. If it does, delayed_work host->detect will
be scheduled.
Many host controller probe()s are roughly structured as:
*_probe() {
host = sdhci_pltfm_init();
mmc_of_parse(host->mmc);
rc = sdhci_add_host(host);
if (rc) {
sdhci_pltfm_free();
return rc;
}
In 3.17, CD IRQs can are enabled quite early via *_probe() ->
mmc_of_parse() -> mmc_gpio_request_cd() -> mmc_gpiod_request_cd_irq().
Note that in linux-next, mmc_of_parse() calls mmc_gpio*d*_request_cd()
rather than mmc_gpio_request_cd(), and mmc_gpio*d*_request_cd() doesn't
call mmc_gpiod_request_cd_irq(). However, this issue still exists if
mmc_gpio_request_cd() is called directly before mmc_start_host().
sdhci_add_host() may fail part way through (e.g. due to deferred
probe for a vmmc regulator), and sdhci_pltfm_free() does nothing to
unrequest the CD IRQ nor cancel the delayed_work. sdhci_pltfm_free() is
coded to assume that if sdhci_add_host() failed, then the delayed_work
cannot (or should not) have been triggered.
This can lead to the following with CONFIG_DEBUG_OBJECTS_* enabled, when
kfree(host) is eventually called inside sdhci_pltfm_free():
WARNING: CPU: 2 PID: 6 at lib/debugobjects.c:263 debug_print_object+0x8c/0xb4()
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x18
The object being complained about is host->detect.
There's no need to request the CD IRQ so early; mmc_start_host() already
requests it. For most SDHCI hosts at least, the typical call path that
does this is: *_probe() -> sdhci_add_host() -> mmc_add_host() ->
mmc_start_host(). Therefore, remove the call to mmc_gpiod_request_cd_irq()
from mmc_gpio_request_cd(). This also matches mmc_gpio*d*_request_cd(),
which already doesn't call mmc_gpiod_request_cd_irq().
However, some host controller drivers call mmc_gpio_request_cd() after
mmc_start_host() has already been called, and assume that this will also
call mmc_gpiod_request_cd_irq(). Update those drivers to explicitly call
mmc_gpiod_request_cd_irq() themselves. Ideally, these drivers should be
modified to move their call to mmc_gpio_request_cd() before their call
to mmc_add_host(). However that's too large a change for stable.
This solves the problem (eliminates the kernel error message above),
since it guarantees that the IRQ can't trigger before mmc_start_host()
is called.
The critical point here is that once sdhci_add_host() calls
mmc_add_host() -> mmc_start_host(), sdhci_add_host() is coded not to
fail. In other words, if there's a chance that mmc_start_host() may have
been called, and CD IRQs triggered, and the delayed_work scheduled,
sdhci_add_host() won't fail, and so cleanup is no longer via
sdhci_pltfm_free() (which doesn't free the IRQ or cancel the work queue)
but instead must be via sdhci_remove_host(), which calls mmc_remove_host()
-> mmc_stop_host(), which does free the IRQ and cancel the work queue.
CC: Russell King <linux@arm.linux.org.uk>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexandre Courbot <acourbot@nvidia.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/slot-gpio.c | 2 --
drivers/mmc/host/mmc_spi.c | 1 +
drivers/mmc/host/sdhci-sirf.c | 1 +
drivers/mmc/host/tmio_mmc_pio.c | 1 +
4 files changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/mmc/core/slot-gpio.c
+++ b/drivers/mmc/core/slot-gpio.c
@@ -221,8 +221,6 @@ int mmc_gpio_request_cd(struct mmc_host
ctx->override_cd_active_level = true;
ctx->cd_gpio = gpio_to_desc(gpio);
- mmc_gpiod_request_cd_irq(host);
-
return 0;
}
EXPORT_SYMBOL(mmc_gpio_request_cd);
--- a/drivers/mmc/host/mmc_spi.c
+++ b/drivers/mmc/host/mmc_spi.c
@@ -1436,6 +1436,7 @@ static int mmc_spi_probe(struct spi_devi
host->pdata->cd_debounce);
if (status != 0)
goto fail_add_host;
+ mmc_gpiod_request_cd_irq(mmc);
}
if (host->pdata && host->pdata->flags & MMC_SPI_USE_RO_GPIO) {
--- a/drivers/mmc/host/sdhci-sirf.c
+++ b/drivers/mmc/host/sdhci-sirf.c
@@ -94,6 +94,7 @@ static int sdhci_sirf_probe(struct platf
ret);
goto err_request_cd;
}
+ mmc_gpiod_request_cd_irq(host->mmc);
}
return 0;
--- a/drivers/mmc/host/tmio_mmc_pio.c
+++ b/drivers/mmc/host/tmio_mmc_pio.c
@@ -1103,6 +1103,7 @@ int tmio_mmc_host_probe(struct tmio_mmc_
tmio_mmc_host_remove(_host);
return ret;
}
+ mmc_gpiod_request_cd_irq(mmc);
}
*host = _host;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 043/319] mmc: rtsx_pci_sdmmc: fix incorrect last byte in R2 response
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 042/319] mmc: dont request CD IRQ until mmc_start_host() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 044/319] mmc: sdhci-s3c: fix runtime PM handling on sdhci_add_host() failure Greg Kroah-Hartman
` (260 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roger Tseng, Ulf Hansson
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Tseng <rogerable@realtek.com>
commit d1419d50c1bf711e9fd27b516a739c86b23f7cf9 upstream.
Current code erroneously fill the last byte of R2 response with an undefined
value. In addition, the controller actually 'offloads' the last byte
(CRC7, end bit) while receiving R2 response and thus it's impossible to get the
actual value. This could cause mmc stack to obtain inconsistent CID from the
same card after resume and misidentify it as a different card.
Fix by assigning dummy CRC and end bit: {7'b0, 1} = 0x1 to the last byte of R2.
Fixes: ff984e57d36e ("mmc: Add realtek pcie sdmmc host driver")
Signed-off-by: Roger Tseng <rogerable@realtek.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/rtsx_pci_sdmmc.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/mmc/host/rtsx_pci_sdmmc.c
+++ b/drivers/mmc/host/rtsx_pci_sdmmc.c
@@ -412,6 +412,13 @@ static void sd_send_cmd_get_rsp(struct r
}
if (rsp_type == SD_RSP_TYPE_R2) {
+ /*
+ * The controller offloads the last byte {CRC-7, end bit 1'b1}
+ * of response type R2. Assign dummy CRC, 0, and end bit to the
+ * byte(ptr[16], goes into the LSB of resp[3] later).
+ */
+ ptr[16] = 1;
+
for (i = 0; i < 4; i++) {
cmd->resp[i] = get_unaligned_be32(ptr + 1 + i * 4);
dev_dbg(sdmmc_dev(host), "cmd->resp[%d] = 0x%08x\n",
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 044/319] mmc: sdhci-s3c: fix runtime PM handling on sdhci_add_host() failure
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 043/319] mmc: rtsx_pci_sdmmc: fix incorrect last byte in R2 response Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 045/319] fs: make cont_expand_zero interruptible Greg Kroah-Hartman
` (259 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Brown, Jaehoon Chung, Ben Dooks,
Bartlomiej Zolnierkiewicz, Kyungmin Park, Ulf Hansson
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
commit 221414db1934c1c883501998f510bb75acfbaa51 upstream.
Runtime Power Management handling for the sdhci_add_host() failure
case in sdhci_s3c_probe() should match the code in sdhci_s3c_remove()
(which uses pm_runtime_disable() call which matches the earlier
pm_runtime_enable() one). Fix it.
This patch fixes "BUG: spinlock bad magic on CPU#0, swapper/0/1" and
"Unbalanced pm_runtime_enable!" warnings.
>From the kernel log:
...
[ 1.659631] s3c-sdhci 12530000.sdhci: sdhci_add_host() failed
[ 1.665096] BUG: spinlock bad magic on CPU#0, swapper/0/1
[ 1.670433] lock: 0xea01e484, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
[ 1.677895] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.16.0-next-20140804-00008-ga59480f-dirty #707
[ 1.687037] [<c0013ae4>] (unwind_backtrace) from [<c0010d70>] (show_stack+0x10/0x14)
[ 1.694740] [<c0010d70>] (show_stack) from [<c04050c8>] (dump_stack+0x68/0xb8)
[ 1.701948] [<c04050c8>] (dump_stack) from [<c0052558>] (do_raw_spin_lock+0x15c/0x1a4)
[ 1.709848] [<c0052558>] (do_raw_spin_lock) from [<c040a630>] (_raw_spin_lock_irqsave+0x20/0x28)
[ 1.718619] [<c040a630>] (_raw_spin_lock_irqsave) from [<c030d7d0>] (sdhci_do_set_ios+0x1c/0x5cc)
[ 1.727464] [<c030d7d0>] (sdhci_do_set_ios) from [<c030ddfc>] (sdhci_runtime_resume_host+0x50/0x104)
[ 1.736574] [<c030ddfc>] (sdhci_runtime_resume_host) from [<c02462dc>] (pm_generic_runtime_resume+0x2c/0x40)
[ 1.746383] [<c02462dc>] (pm_generic_runtime_resume) from [<c0247898>] (__rpm_callback+0x34/0x70)
[ 1.755233] [<c0247898>] (__rpm_callback) from [<c02478fc>] (rpm_callback+0x28/0x88)
[ 1.762958] [<c02478fc>] (rpm_callback) from [<c02486f0>] (rpm_resume+0x384/0x4ec)
[ 1.770511] [<c02486f0>] (rpm_resume) from [<c02488b0>] (pm_runtime_forbid+0x58/0x64)
[ 1.778325] [<c02488b0>] (pm_runtime_forbid) from [<c030ea70>] (sdhci_s3c_probe+0x4a4/0x540)
[ 1.786749] [<c030ea70>] (sdhci_s3c_probe) from [<c02429cc>] (platform_drv_probe+0x2c/0x5c)
[ 1.795076] [<c02429cc>] (platform_drv_probe) from [<c02415f0>] (driver_probe_device+0x114/0x234)
[ 1.803929] [<c02415f0>] (driver_probe_device) from [<c024179c>] (__driver_attach+0x8c/0x90)
[ 1.812347] [<c024179c>] (__driver_attach) from [<c023ffb4>] (bus_for_each_dev+0x54/0x88)
[ 1.820506] [<c023ffb4>] (bus_for_each_dev) from [<c0240df8>] (bus_add_driver+0xd8/0x1cc)
[ 1.828665] [<c0240df8>] (bus_add_driver) from [<c0241db8>] (driver_register+0x78/0xf4)
[ 1.836652] [<c0241db8>] (driver_register) from [<c00088a4>] (do_one_initcall+0x80/0x1d0)
[ 1.844816] [<c00088a4>] (do_one_initcall) from [<c059ac94>] (kernel_init_freeable+0x108/0x1d4)
[ 1.853503] [<c059ac94>] (kernel_init_freeable) from [<c0401300>] (kernel_init+0x8/0xe4)
[ 1.861568] [<c0401300>] (kernel_init) from [<c000e538>] (ret_from_fork+0x14/0x3c)
[ 1.869582] platform 12530000.sdhci: Driver s3c-sdhci requests probe deferral
...
[ 1.997047] s3c-sdhci 12530000.sdhci: Unbalanced pm_runtime_enable!
...
[ 2.027235] s3c-sdhci 12530000.sdhci: sdhci_add_host() failed
[ 2.032884] platform 12530000.sdhci: Driver s3c-sdhci requests probe deferral
...
Tested on Hardkernel's Exynos4412 based ODROID-U3 board.
Fixes: 9f4e8151dbbc ("mmc: sdhci-s3c: Enable runtime power management")
Cc: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Acked-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-s3c.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/mmc/host/sdhci-s3c.c
+++ b/drivers/mmc/host/sdhci-s3c.c
@@ -606,8 +606,6 @@ static int sdhci_s3c_probe(struct platfo
ret = sdhci_add_host(host);
if (ret) {
dev_err(dev, "sdhci_add_host() failed\n");
- pm_runtime_forbid(&pdev->dev);
- pm_runtime_get_noresume(&pdev->dev);
goto err_req_regs;
}
@@ -618,6 +616,8 @@ static int sdhci_s3c_probe(struct platfo
return 0;
err_req_regs:
+ pm_runtime_disable(&pdev->dev);
+
err_no_busclks:
clk_disable_unprepare(sc->clk_io);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 045/319] fs: make cont_expand_zero interruptible
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 044/319] mmc: sdhci-s3c: fix runtime PM handling on sdhci_add_host() failure Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 046/319] fs: Fix theoretical division by 0 in super_cache_scan() Greg Kroah-Hartman
` (258 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Al Viro
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit c2ca0fcd202863b14bd041a7fece2e789926c225 upstream.
This patch makes it possible to kill a process looping in
cont_expand_zero. A process may spend a lot of time in this function, so
it is desirable to be able to kill it.
It happened to me that I wanted to copy a piece data from the disk to a
file. By mistake, I used the "seek" parameter to dd instead of "skip". Due
to the "seek" parameter, dd attempted to extend the file and became stuck
doing so - the only possibility was to reset the machine or wait many
hours until the filesystem runs out of space and cont_expand_zero fails.
We need this patch to be able to terminate the process.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/buffer.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2318,6 +2318,11 @@ static int cont_expand_zero(struct file
err = 0;
balance_dirty_pages_ratelimited(mapping);
+
+ if (unlikely(fatal_signal_pending(current))) {
+ err = -EINTR;
+ goto out;
+ }
}
/* page covers the boundary, find the boundary offset */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 046/319] fs: Fix theoretical division by 0 in super_cache_scan().
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 045/319] fs: make cont_expand_zero interruptible Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 047/319] fs: allow open(dir, O_TMPFILE|..., 0) with mode 0 Greg Kroah-Hartman
` (257 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tetsuo Handa, Christoph Hellwig, Al Viro
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 475d0db742e3755c6b267f48577ff7cbb7dfda0d upstream.
total_objects could be 0 and is used as a denom.
While total_objects is a "long", total_objects == 0 unlikely happens for
3.12 and later kernels because 32-bit architectures would not be able to
hold (1 << 32) objects. However, total_objects == 0 may happen for kernels
between 3.1 and 3.11 because total_objects in prune_super() was an "int"
and (e.g.) x86_64 architecture might be able to hold (1 << 32) objects.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/super.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/super.c
+++ b/fs/super.c
@@ -80,6 +80,8 @@ static unsigned long super_cache_scan(st
inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid);
dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid);
total_objects = dentries + inodes + fs_objects + 1;
+ if (!total_objects)
+ total_objects = 1;
/* proportion the scan between the caches */
dentries = mult_frac(sc->nr_to_scan, dentries, total_objects);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 047/319] fs: allow open(dir, O_TMPFILE|..., 0) with mode 0
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 046/319] fs: Fix theoretical division by 0 in super_cache_scan() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 048/319] UBIFS: fix a race condition Greg Kroah-Hartman
` (256 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Rannaud, Andy Lutomirski,
Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Rannaud <e@nanocritical.com>
commit 69a91c237ab0ebe4e9fdeaf6d0090c85275594ec upstream.
The man page for open(2) indicates that when O_CREAT is specified, the
'mode' argument applies only to future accesses to the file:
Note that this mode applies only to future accesses of the newly
created file; the open() call that creates a read-only file
may well return a read/write file descriptor.
The man page for open(2) implies that 'mode' is treated identically by
O_CREAT and O_TMPFILE.
O_TMPFILE, however, behaves differently:
int fd = open("/tmp", O_TMPFILE | O_RDWR, 0);
assert(fd == -1);
assert(errno == EACCES);
int fd = open("/tmp", O_TMPFILE | O_RDWR, 0600);
assert(fd > 0);
For O_CREAT, do_last() sets acc_mode to MAY_OPEN only:
if (*opened & FILE_CREATED) {
/* Don't check for write permission, don't truncate */
open_flag &= ~O_TRUNC;
will_truncate = false;
acc_mode = MAY_OPEN;
path_to_nameidata(path, nd);
goto finish_open_created;
}
But for O_TMPFILE, do_tmpfile() passes the full op->acc_mode to
may_open().
This patch lines up the behavior of O_TMPFILE with O_CREAT. After the
inode is created, may_open() is called with acc_mode = MAY_OPEN, in
do_tmpfile().
A different, but related glibc bug revealed the discrepancy:
https://sourceware.org/bugzilla/show_bug.cgi?id=17523
The glibc lazily loads the 'mode' argument of open() and openat() using
va_arg() only if O_CREAT is present in 'flags' (to support both the 2
argument and the 3 argument forms of open; same idea for openat()).
However, the glibc ignores the 'mode' argument if O_TMPFILE is in
'flags'.
On x86_64, for open(), it magically works anyway, as 'mode' is in
RDX when entering open(), and is still in RDX on SYSCALL, which is where
the kernel looks for the 3rd argument of a syscall.
But openat() is not quite so lucky: 'mode' is in RCX when entering the
glibc wrapper for openat(), while the kernel looks for the 4th argument
of a syscall in R10. Indeed, the syscall calling convention differs from
the regular calling convention in this respect on x86_64. So the kernel
sees mode = 0 when trying to use glibc openat() with O_TMPFILE, and
fails with EACCES.
Signed-off-by: Eric Rannaud <e@nanocritical.com>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namei.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3154,7 +3154,8 @@ static int do_tmpfile(int dfd, struct fi
if (error)
goto out2;
audit_inode(pathname, nd->path.dentry, 0);
- error = may_open(&nd->path, op->acc_mode, op->open_flag);
+ /* Don't check for other permissions, the inode was just created */
+ error = may_open(&nd->path, MAY_OPEN, op->open_flag);
if (error)
goto out2;
file->f_path.mnt = nd->path.mnt;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 048/319] UBIFS: fix a race condition
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 047/319] fs: allow open(dir, O_TMPFILE|..., 0) with mode 0 Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 049/319] UBIFS: fix free log space calculation Greg Kroah-Hartman
` (255 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, hujianyang, Artem Bityutskiy
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
commit 052c28073ff26f771d44ef33952a41d18dadd255 upstream.
Hu (hujianyang@huawei.com) discovered a race condition which may lead to a
situation when UBIFS is unable to mount the file-system after an unclean
reboot. The problem is theoretical, though.
In UBIFS, we have the log, which basically a set of LEBs in a certain area. The
log has the tail and the head.
Every time user writes data to the file-system, the UBIFS journal grows, and
the log grows as well, because we append new reference nodes to the head of the
log. So the head moves forward all the time, while the log tail stays at the
same position.
At any time, the UBIFS master node points to the tail of the log. When we mount
the file-system, we scan the log, and we always start from its tail, because
this is where the master node points to. The only occasion when the tail of the
log changes is the commit operation.
The commit operation has 2 phases - "commit start" and "commit end". The former
is relatively short, and does not involve much I/O. During this phase we mostly
just build various in-memory lists of the things which have to be written to
the flash media during "commit end" phase.
During the commit start phase, what we do is we "clean" the log. Indeed, the
commit operation will index all the data in the journal, so the entire journal
"disappears", and therefore the data in the log become unneeded. So we just
move the head of the log to the next LEB, and write the CS node there. This LEB
will be the tail of the new log when the commit operation finishes.
When the "commit start" phase finishes, users may write more data to the
file-system, in parallel with the ongoing "commit end" operation. At this point
the log tail was not changed yet, it is the same as it had been before we
started the commit. The log head keeps moving forward, though.
The commit operation now needs to write the new master node, and the new master
node should point to the new log tail. After this the LEBs between the old log
tail and the new log tail can be unmapped and re-used again.
And here is the possible problem. We do 2 operations: (a) We first update the
log tail position in memory (see 'ubifs_log_end_commit()'). (b) And then we
write the master node (see the big lock of code in 'do_commit()').
But nothing prevents the log head from moving forward between (a) and (b), and
the log head may "wrap" now to the old log tail. And when the "wrap" happens,
the contends of the log tail gets erased. Now a power cut happens and we are in
trouble. We end up with the old master node pointing to the old tail, which was
erased. And replay fails because it expects the master node to point to the
correct log tail at all times.
This patch merges the abovementioned (a) and (b) operations by moving the master
node change code to the 'ubifs_log_end_commit()' function, so that it runs with
the log mutex locked, which will prevent the log from being changed benween
operations (a) and (b).
Reported-by: hujianyang <hujianyang@huawei.com>
Tested-by: hujianyang <hujianyang@huawei.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/commit.c | 8 +++-----
fs/ubifs/log.c | 11 ++++++++---
2 files changed, 11 insertions(+), 8 deletions(-)
--- a/fs/ubifs/commit.c
+++ b/fs/ubifs/commit.c
@@ -166,10 +166,6 @@ static int do_commit(struct ubifs_info *
err = ubifs_orphan_end_commit(c);
if (err)
goto out;
- old_ltail_lnum = c->ltail_lnum;
- err = ubifs_log_end_commit(c, new_ltail_lnum);
- if (err)
- goto out;
err = dbg_check_old_index(c, &zroot);
if (err)
goto out;
@@ -202,7 +198,9 @@ static int do_commit(struct ubifs_info *
c->mst_node->flags |= cpu_to_le32(UBIFS_MST_NO_ORPHS);
else
c->mst_node->flags &= ~cpu_to_le32(UBIFS_MST_NO_ORPHS);
- err = ubifs_write_master(c);
+
+ old_ltail_lnum = c->ltail_lnum;
+ err = ubifs_log_end_commit(c, new_ltail_lnum);
if (err)
goto out;
--- a/fs/ubifs/log.c
+++ b/fs/ubifs/log.c
@@ -447,9 +447,9 @@ out:
* @ltail_lnum: new log tail LEB number
*
* This function is called on when the commit operation was finished. It
- * moves log tail to new position and unmaps LEBs which contain obsolete data.
- * Returns zero in case of success and a negative error code in case of
- * failure.
+ * moves log tail to new position and updates the master node so that it stores
+ * the new log tail LEB number. Returns zero in case of success and a negative
+ * error code in case of failure.
*/
int ubifs_log_end_commit(struct ubifs_info *c, int ltail_lnum)
{
@@ -477,7 +477,12 @@ int ubifs_log_end_commit(struct ubifs_in
spin_unlock(&c->buds_lock);
err = dbg_check_bud_bytes(c);
+ if (err)
+ goto out;
+ err = ubifs_write_master(c);
+
+out:
mutex_unlock(&c->log_mutex);
return err;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 049/319] UBIFS: fix free log space calculation
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 048/319] UBIFS: fix a race condition Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 050/319] vfs: fix data corruption when blocksize < pagesize for mmaped data Greg Kroah-Hartman
` (254 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, hujianyang, Artem Bityutskiy
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
commit ba29e721eb2df6df8f33c1f248388bb037a47914 upstream.
Hu (hujianyang <hujianyang@huawei.com>) discovered an issue in the
'empty_log_bytes()' function, which calculates how many bytes are left in the
log:
"
If 'c->lhead_lnum + 1 == c->ltail_lnum' and 'c->lhead_offs == c->leb_size', 'h'
would equalent to 't' and 'empty_log_bytes()' would return 'c->log_bytes'
instead of 0.
"
At this point it is not clear what would be the consequences of this, and
whether this may lead to any problems, but this patch addresses the issue just
in case.
Tested-by: hujianyang <hujianyang@huawei.com>
Reported-by: hujianyang <hujianyang@huawei.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/log.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/ubifs/log.c
+++ b/fs/ubifs/log.c
@@ -106,10 +106,14 @@ static inline long long empty_log_bytes(
h = (long long)c->lhead_lnum * c->leb_size + c->lhead_offs;
t = (long long)c->ltail_lnum * c->leb_size;
- if (h >= t)
+ if (h > t)
return c->log_bytes - h + t;
- else
+ else if (h != t)
return t - h;
+ else if (c->lhead_lnum != c->ltail_lnum)
+ return 0;
+ else
+ return c->log_bytes;
}
/**
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 050/319] vfs: fix data corruption when blocksize < pagesize for mmaped data
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 049/319] UBIFS: fix free log space calculation Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 051/319] x86: Reject x32 executables if x32 ABI not supported Greg Kroah-Hartman
` (253 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 90a8020278c1598fafd071736a0846b38510309c upstream.
->page_mkwrite() is used by filesystems to allocate blocks under a page
which is becoming writeably mmapped in some process' address space. This
allows a filesystem to return a page fault if there is not enough space
available, user exceeds quota or similar problem happens, rather than
silently discarding data later when writepage is called.
However VFS fails to call ->page_mkwrite() in all the cases where
filesystems need it when blocksize < pagesize. For example when
blocksize = 1024, pagesize = 4096 the following is problematic:
ftruncate(fd, 0);
pwrite(fd, buf, 1024, 0);
map = mmap(NULL, 1024, PROT_WRITE, MAP_SHARED, fd, 0);
map[0] = 'a'; ----> page_mkwrite() for index 0 is called
ftruncate(fd, 10000); /* or even pwrite(fd, buf, 1, 10000) */
mremap(map, 1024, 10000, 0);
map[4095] = 'a'; ----> no page_mkwrite() called
At the moment ->page_mkwrite() is called, filesystem can allocate only
one block for the page because i_size == 1024. Otherwise it would create
blocks beyond i_size which is generally undesirable. But later at
->writepage() time, we also need to store data at offset 4095 but we
don't have block allocated for it.
This patch introduces a helper function filesystems can use to have
->page_mkwrite() called at all the necessary moments.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/buffer.c | 3 ++
include/linux/mm.h | 1
mm/truncate.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 61 insertions(+)
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2082,6 +2082,7 @@ int generic_write_end(struct file *file,
struct page *page, void *fsdata)
{
struct inode *inode = mapping->host;
+ loff_t old_size = inode->i_size;
int i_size_changed = 0;
copied = block_write_end(file, mapping, pos, len, copied, page, fsdata);
@@ -2101,6 +2102,8 @@ int generic_write_end(struct file *file,
unlock_page(page);
page_cache_release(page);
+ if (old_size < pos)
+ pagecache_isize_extended(inode, old_size, pos);
/*
* Don't mark the inode dirty under page lock. First, it unnecessarily
* makes the holding time of page lock longer. Second, it forces lock
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1174,6 +1174,7 @@ static inline void unmap_shared_mapping_
extern void truncate_pagecache(struct inode *inode, loff_t new);
extern void truncate_setsize(struct inode *inode, loff_t newsize);
+void pagecache_isize_extended(struct inode *inode, loff_t from, loff_t to);
void truncate_pagecache_range(struct inode *inode, loff_t offset, loff_t end);
int truncate_inode_page(struct address_space *mapping, struct page *page);
int generic_error_remove_page(struct address_space *mapping, struct page *page);
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -20,6 +20,7 @@
#include <linux/buffer_head.h> /* grr. try_to_release_page,
do_invalidatepage */
#include <linux/cleancache.h>
+#include <linux/rmap.h>
#include "internal.h"
static void clear_exceptional_entry(struct address_space *mapping,
@@ -719,12 +720,68 @@ EXPORT_SYMBOL(truncate_pagecache);
*/
void truncate_setsize(struct inode *inode, loff_t newsize)
{
+ loff_t oldsize = inode->i_size;
+
i_size_write(inode, newsize);
+ if (newsize > oldsize)
+ pagecache_isize_extended(inode, oldsize, newsize);
truncate_pagecache(inode, newsize);
}
EXPORT_SYMBOL(truncate_setsize);
/**
+ * pagecache_isize_extended - update pagecache after extension of i_size
+ * @inode: inode for which i_size was extended
+ * @from: original inode size
+ * @to: new inode size
+ *
+ * Handle extension of inode size either caused by extending truncate or by
+ * write starting after current i_size. We mark the page straddling current
+ * i_size RO so that page_mkwrite() is called on the nearest write access to
+ * the page. This way filesystem can be sure that page_mkwrite() is called on
+ * the page before user writes to the page via mmap after the i_size has been
+ * changed.
+ *
+ * The function must be called after i_size is updated so that page fault
+ * coming after we unlock the page will already see the new i_size.
+ * The function must be called while we still hold i_mutex - this not only
+ * makes sure i_size is stable but also that userspace cannot observe new
+ * i_size value before we are prepared to store mmap writes at new inode size.
+ */
+void pagecache_isize_extended(struct inode *inode, loff_t from, loff_t to)
+{
+ int bsize = 1 << inode->i_blkbits;
+ loff_t rounded_from;
+ struct page *page;
+ pgoff_t index;
+
+ WARN_ON(!mutex_is_locked(&inode->i_mutex));
+ WARN_ON(to > inode->i_size);
+
+ if (from >= to || bsize == PAGE_CACHE_SIZE)
+ return;
+ /* Page straddling @from will not have any hole block created? */
+ rounded_from = round_up(from, bsize);
+ if (to <= rounded_from || !(rounded_from & (PAGE_CACHE_SIZE - 1)))
+ return;
+
+ index = from >> PAGE_CACHE_SHIFT;
+ page = find_lock_page(inode->i_mapping, index);
+ /* Page not cached? Nothing to do */
+ if (!page)
+ return;
+ /*
+ * See clear_page_dirty_for_io() for details why set_page_dirty()
+ * is needed.
+ */
+ if (page_mkclean(page))
+ set_page_dirty(page);
+ unlock_page(page);
+ page_cache_release(page);
+}
+EXPORT_SYMBOL(pagecache_isize_extended);
+
+/**
* truncate_pagecache_range - unmap and remove pagecache that is hole-punched
* @inode: inode
* @lstart: offset of beginning of hole
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 051/319] x86: Reject x32 executables if x32 ABI not supported
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 050/319] vfs: fix data corruption when blocksize < pagesize for mmaped data Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 052/319] x86, fpu: __restore_xstate_sig()->math_state_restore() needs preempt_disable() Greg Kroah-Hartman
` (252 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Hutchings, Thomas Gleixner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 0e6d3112a4e95d55cf6dca88f298d5f4b8f29bd1 upstream.
It is currently possible to execve() an x32 executable on an x86_64
kernel that has only ia32 compat enabled. However all its syscalls
will fail, even _exit(). This usually causes it to segfault.
Change the ELF compat architecture check so that x32 executables are
rejected if we don't support the x32 ABI.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Link: http://lkml.kernel.org/r/1410120305.6822.9.camel@decadent.org.uk
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/elf.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -160,8 +160,9 @@ do { \
#define elf_check_arch(x) \
((x)->e_machine == EM_X86_64)
-#define compat_elf_check_arch(x) \
- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64)
+#define compat_elf_check_arch(x) \
+ (elf_check_arch_ia32(x) || \
+ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))
#if __USER32_DS != __USER_DS
# error "The following code assumes __USER32_DS == __USER_DS"
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 052/319] x86, fpu: __restore_xstate_sig()->math_state_restore() needs preempt_disable()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 051/319] x86: Reject x32 executables if x32 ABI not supported Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 053/319] x86, fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() Greg Kroah-Hartman
` (251 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleg Nesterov, Suresh Siddha, H. Peter Anvin
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit df24fb859a4e200d9324e2974229fbb7adf00aef upstream.
Add preempt_disable() + preempt_enable() around math_state_restore() in
__restore_xstate_sig(). Otherwise __switch_to() after __thread_fpu_begin()
can overwrite fpu->state we are going to restore.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Link: http://lkml.kernel.org/r/20140902175717.GA21649@redhat.com
Reviewed-by: Suresh Siddha <sbsiddha@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/xsave.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -402,8 +402,11 @@ int __restore_xstate_sig(void __user *bu
set_used_math();
}
- if (use_eager_fpu())
+ if (use_eager_fpu()) {
+ preempt_disable();
math_state_restore();
+ preempt_enable();
+ }
return err;
} else {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 053/319] x86, fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 052/319] x86, fpu: __restore_xstate_sig()->math_state_restore() needs preempt_disable() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 054/319] x86_64, entry: Filter RFLAGS.NT on entry from userspace Greg Kroah-Hartman
` (250 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bean Anderson, Oleg Nesterov, H. Peter Anvin
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 66463db4fc5605d51c7bb81d009d5bf30a783a2c upstream.
save_xstate_sig()->drop_init_fpu() doesn't look right. setup_rt_frame()
can fail after that, in this case the next setup_rt_frame() triggered
by SIGSEGV won't save fpu simply because the old state was lost. This
obviously mean that fpu won't be restored after sys_rt_sigreturn() from
SIGSEGV handler.
Shift drop_init_fpu() into !failed branch in handle_signal().
Test-case (needs -O2):
#include <stdio.h>
#include <signal.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/mman.h>
#include <pthread.h>
#include <assert.h>
volatile double D;
void test(double d)
{
int pid = getpid();
for (D = d; D == d; ) {
/* sys_tkill(pid, SIGHUP); asm to avoid save/reload
* fp regs around "C" call */
asm ("" : : "a"(200), "D"(pid), "S"(1));
asm ("syscall" : : : "ax");
}
printf("ERR!!\n");
}
void sigh(int sig)
{
}
char altstack[4096 * 10] __attribute__((aligned(4096)));
void *tfunc(void *arg)
{
for (;;) {
mprotect(altstack, sizeof(altstack), PROT_READ);
mprotect(altstack, sizeof(altstack), PROT_READ|PROT_WRITE);
}
}
int main(void)
{
stack_t st = {
.ss_sp = altstack,
.ss_size = sizeof(altstack),
.ss_flags = SS_ONSTACK,
};
struct sigaction sa = {
.sa_handler = sigh,
};
pthread_t pt;
sigaction(SIGSEGV, &sa, NULL);
sigaltstack(&st, NULL);
sa.sa_flags = SA_ONSTACK;
sigaction(SIGHUP, &sa, NULL);
pthread_create(&pt, NULL, tfunc, NULL);
test(123.456);
return 0;
}
Reported-by: Bean Anderson <bean@azulsystems.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Link: http://lkml.kernel.org/r/20140902175713.GA21646@redhat.com
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/signal.c | 5 +++++
arch/x86/kernel/xsave.c | 2 --
2 files changed, 5 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -675,6 +675,11 @@ handle_signal(struct ksignal *ksig, stru
* handler too.
*/
regs->flags &= ~(X86_EFLAGS_DF|X86_EFLAGS_RF|X86_EFLAGS_TF);
+ /*
+ * Ensure the signal handler starts with the new fpu state.
+ */
+ if (used_math())
+ drop_init_fpu(current);
}
signal_setup_done(failed, ksig, test_thread_flag(TIF_SINGLESTEP));
}
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -271,8 +271,6 @@ int save_xstate_sig(void __user *buf, vo
if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
return -1;
- drop_init_fpu(tsk); /* trigger finit */
-
return 0;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 054/319] x86_64, entry: Filter RFLAGS.NT on entry from userspace
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 053/319] x86, fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 055/319] x86_64, entry: Fix out of bounds read on sysenter Greg Kroah-Hartman
` (249 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anish Bhatt, Andy Lutomirski, H. Peter Anvin
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto@amacapital.net>
commit 8c7aa698baca5e8f1ba9edb68081f1e7a1abf455 upstream.
The NT flag doesn't do anything in long mode other than causing IRET
to #GP. Oddly, CPL3 code can still set NT using popf.
Entry via hardware or software interrupt clears NT automatically, so
the only relevant entries are fast syscalls.
If user code causes kernel code to run with NT set, then there's at
least some (small) chance that it could cause trouble. For example,
user code could cause a call to EFI code with NT set, and who knows
what would happen? Apparently some games on Wine sometimes do
this (!), and, if an IRET return happens, they will segfault. That
segfault cannot be handled, because signal delivery fails, too.
This patch programs the CPU to clear NT on entry via SYSCALL (both
32-bit and 64-bit, by my reading of the AMD APM), and it clears NT
in software on entry via SYSENTER.
To save a few cycles, this borrows a trick from Jan Beulich in Xen:
it checks whether NT is set before trying to clear it. As a result,
it seems to have very little effect on SYSENTER performance on my
machine.
There's another minor bug fix in here: it looks like the CFI
annotations were wrong if CONFIG_AUDITSYSCALL=n.
Testers beware: on Xen, SYSENTER with NT set turns into a GPF.
I haven't touched anything on 32-bit kernels.
The syscall mask change comes from a variant of this patch by Anish
Bhatt.
Note to stable maintainers: there is no known security issue here.
A misguided program can set NT and cause the kernel to try and fail
to deliver SIGSEGV, crashing the program. This patch fixes Far Cry
on Wine: https://bugs.winehq.org/show_bug.cgi?id=33275
Reported-by: Anish Bhatt <anish@chelsio.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/r/395749a5d39a29bd3e4b35899cf3a3c1340e5595.1412189265.git.luto@amacapital.net
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/ia32/ia32entry.S | 18 +++++++++++++++++-
arch/x86/kernel/cpu/common.c | 2 +-
2 files changed, 18 insertions(+), 2 deletions(-)
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -151,6 +151,16 @@ ENTRY(ia32_sysenter_target)
1: movl (%rbp),%ebp
_ASM_EXTABLE(1b,ia32_badarg)
ASM_CLAC
+
+ /*
+ * Sysenter doesn't filter flags, so we need to clear NT
+ * ourselves. To save a few cycles, we can check whether
+ * NT was set instead of doing an unconditional popfq.
+ */
+ testl $X86_EFLAGS_NT,EFLAGS(%rsp) /* saved EFLAGS match cpu */
+ jnz sysenter_fix_flags
+sysenter_flags_fixed:
+
orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
CFI_REMEMBER_STATE
@@ -184,6 +194,8 @@ sysexit_from_sys_call:
TRACE_IRQS_ON
ENABLE_INTERRUPTS_SYSEXIT32
+ CFI_RESTORE_STATE
+
#ifdef CONFIG_AUDITSYSCALL
.macro auditsys_entry_common
movl %esi,%r9d /* 6th arg: 4th syscall arg */
@@ -226,7 +238,6 @@ sysexit_from_sys_call:
.endm
sysenter_auditsys:
- CFI_RESTORE_STATE
auditsys_entry_common
movl %ebp,%r9d /* reload 6th syscall arg */
jmp sysenter_dispatch
@@ -235,6 +246,11 @@ sysexit_audit:
auditsys_exit sysexit_from_sys_call
#endif
+sysenter_fix_flags:
+ pushq_cfi $(X86_EFLAGS_IF|X86_EFLAGS_FIXED)
+ popfq_cfi
+ jmp sysenter_flags_fixed
+
sysenter_tracesys:
#ifdef CONFIG_AUDITSYSCALL
testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1184,7 +1184,7 @@ void syscall_init(void)
/* Flags to clear on syscall */
wrmsrl(MSR_SYSCALL_MASK,
X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF|
- X86_EFLAGS_IOPL|X86_EFLAGS_AC);
+ X86_EFLAGS_IOPL|X86_EFLAGS_AC|X86_EFLAGS_NT);
}
/*
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 055/319] x86_64, entry: Fix out of bounds read on sysenter
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 054/319] x86_64, entry: Filter RFLAGS.NT on entry from userspace Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 056/319] x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE Greg Kroah-Hartman
` (248 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rusty Russell, Andy Lutomirski,
Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto@amacapital.net>
commit 653bc77af60911ead1f423e588f54fc2547c4957 upstream.
Rusty noticed a Really Bad Bug (tm) in my NT fix. The entry code
reads out of bounds, causing the NT fix to be unreliable. But, and
this is much, much worse, if your stack is somehow just below the
top of the direct map (or a hole), you read out of bounds and crash.
Excerpt from the crash:
[ 1.129513] RSP: 0018:ffff88001da4bf88 EFLAGS: 00010296
2b:* f7 84 24 90 00 00 00 testl $0x4000,0x90(%rsp)
That read is deterministically above the top of the stack. I
thought I even single-stepped through this code when I wrote it to
check the offset, but I clearly screwed it up.
Fixes: 8c7aa698baca ("x86_64, entry: Filter RFLAGS.NT on entry from userspace")
Reported-by: Rusty Russell <rusty@ozlabs.org>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/ia32/ia32entry.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -157,7 +157,7 @@ ENTRY(ia32_sysenter_target)
* ourselves. To save a few cycles, we can check whether
* NT was set instead of doing an unconditional popfq.
*/
- testl $X86_EFLAGS_NT,EFLAGS(%rsp) /* saved EFLAGS match cpu */
+ testl $X86_EFLAGS_NT,EFLAGS-ARGOFFSET(%rsp)
jnz sysenter_fix_flags
sysenter_flags_fixed:
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 056/319] x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 055/319] x86_64, entry: Fix out of bounds read on sysenter Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 057/319] perf: Fix unclone_ctx() vs. locking Greg Kroah-Hartman
` (247 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dexuan Cui, K. Y. Srinivasan,
Haiyang Zhang, linux-mm, olaf, apw, jasowang, dave.hansen, riel,
Thomas Gleixner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dexuan Cui <decui@microsoft.com>
commit d1cd1210834649ce1ca6bafe5ac25d2f40331343 upstream.
pte_pfn() returns a PFN of long (32 bits in 32-PAE), so "long <<
PAGE_SHIFT" will overflow for PFNs above 4GB.
Due to this issue, some Linux 32-PAE distros, running as guests on Hyper-V,
with 5GB memory assigned, can't load the netvsc driver successfully and
hence the synthetic network device can't work (we can use the kernel parameter
mem=3000M to work around the issue).
Cast pte_pfn() to phys_addr_t before shifting.
Fixes: "commit d76565344512: x86, mm: Create slow_virt_to_phys()"
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: gregkh@linuxfoundation.org
Cc: linux-mm@kvack.org
Cc: olaf@aepfle.de
Cc: apw@canonical.com
Cc: jasowang@redhat.com
Cc: dave.hansen@intel.com
Cc: riel@redhat.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1414580017-27444-1-git-send-email-decui@microsoft.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/pageattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -409,7 +409,7 @@ phys_addr_t slow_virt_to_phys(void *__vi
psize = page_level_size(level);
pmask = page_level_mask(level);
offset = virt_addr & ~pmask;
- phys_addr = pte_pfn(*pte) << PAGE_SHIFT;
+ phys_addr = (phys_addr_t)pte_pfn(*pte) << PAGE_SHIFT;
return (phys_addr | offset);
}
EXPORT_SYMBOL_GPL(slow_virt_to_phys);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 057/319] perf: Fix unclone_ctx() vs. locking
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 056/319] x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 058/319] evm: properly handle INTEGRITY_NOXATTRS EVM status Greg Kroah-Hartman
` (246 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sasha Levin, Peter Zijlstra (Intel),
Paul Mackerras, Arnaldo Carvalho de Melo, Cong Wang,
Linus Torvalds, Ingo Molnar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
commit 211de6eba8960521e2be450a7d07db85fba4604c upstream.
The idiot who did 4a1c0f262f88 ("perf: Fix lockdep warning on process exit")
forgot to pay attention and fix all similar cases. Do so now.
In particular, unclone_ctx() must be called while holding ctx->lock,
therefore all such sites are broken for the same reason. Pull the
put_ctx() call out from under ctx->lock.
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Probably-also-reported-by: Vince Weaver <vincent.weaver@maine.edu>
Fixes: 4a1c0f262f88 ("perf: Fix lockdep warning on process exit")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Cong Wang <cwang@twopensource.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20140930172308.GI4241@worktop.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/core.c | 54 +++++++++++++++++++++++++++++----------------------
1 file changed, 31 insertions(+), 23 deletions(-)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -902,13 +902,23 @@ static void put_ctx(struct perf_event_co
}
}
-static void unclone_ctx(struct perf_event_context *ctx)
+/*
+ * This must be done under the ctx->lock, such as to serialize against
+ * context_equiv(), therefore we cannot call put_ctx() since that might end up
+ * calling scheduler related locks and ctx->lock nests inside those.
+ */
+static __must_check struct perf_event_context *
+unclone_ctx(struct perf_event_context *ctx)
{
- if (ctx->parent_ctx) {
- put_ctx(ctx->parent_ctx);
+ struct perf_event_context *parent_ctx = ctx->parent_ctx;
+
+ lockdep_assert_held(&ctx->lock);
+
+ if (parent_ctx)
ctx->parent_ctx = NULL;
- }
ctx->generation++;
+
+ return parent_ctx;
}
static u32 perf_event_pid(struct perf_event *event, struct task_struct *p)
@@ -2210,6 +2220,9 @@ static void ctx_sched_out(struct perf_ev
static int context_equiv(struct perf_event_context *ctx1,
struct perf_event_context *ctx2)
{
+ lockdep_assert_held(&ctx1->lock);
+ lockdep_assert_held(&ctx2->lock);
+
/* Pinning disables the swap optimization */
if (ctx1->pin_count || ctx2->pin_count)
return 0;
@@ -2943,6 +2956,7 @@ static int event_enable_on_exec(struct p
*/
static void perf_event_enable_on_exec(struct perf_event_context *ctx)
{
+ struct perf_event_context *clone_ctx = NULL;
struct perf_event *event;
unsigned long flags;
int enabled = 0;
@@ -2974,7 +2988,7 @@ static void perf_event_enable_on_exec(st
* Unclone this context if we enabled any event.
*/
if (enabled)
- unclone_ctx(ctx);
+ clone_ctx = unclone_ctx(ctx);
raw_spin_unlock(&ctx->lock);
@@ -2984,6 +2998,9 @@ static void perf_event_enable_on_exec(st
perf_event_context_sched_in(ctx, ctx->task);
out:
local_irq_restore(flags);
+
+ if (clone_ctx)
+ put_ctx(clone_ctx);
}
void perf_event_exec(void)
@@ -3135,7 +3152,7 @@ errout:
static struct perf_event_context *
find_get_context(struct pmu *pmu, struct task_struct *task, int cpu)
{
- struct perf_event_context *ctx;
+ struct perf_event_context *ctx, *clone_ctx = NULL;
struct perf_cpu_context *cpuctx;
unsigned long flags;
int ctxn, err;
@@ -3169,9 +3186,12 @@ find_get_context(struct pmu *pmu, struct
retry:
ctx = perf_lock_task_context(task, ctxn, &flags);
if (ctx) {
- unclone_ctx(ctx);
+ clone_ctx = unclone_ctx(ctx);
++ctx->pin_count;
raw_spin_unlock_irqrestore(&ctx->lock, flags);
+
+ if (clone_ctx)
+ put_ctx(clone_ctx);
} else {
ctx = alloc_perf_context(pmu, task);
err = -ENOMEM;
@@ -7523,7 +7543,7 @@ __perf_event_exit_task(struct perf_event
static void perf_event_exit_task_context(struct task_struct *child, int ctxn)
{
struct perf_event *child_event, *next;
- struct perf_event_context *child_ctx, *parent_ctx;
+ struct perf_event_context *child_ctx, *clone_ctx = NULL;
unsigned long flags;
if (likely(!child->perf_event_ctxp[ctxn])) {
@@ -7550,28 +7570,16 @@ static void perf_event_exit_task_context
child->perf_event_ctxp[ctxn] = NULL;
/*
- * In order to avoid freeing: child_ctx->parent_ctx->task
- * under perf_event_context::lock, grab another reference.
- */
- parent_ctx = child_ctx->parent_ctx;
- if (parent_ctx)
- get_ctx(parent_ctx);
-
- /*
* If this context is a clone; unclone it so it can't get
* swapped to another process while we're removing all
* the events from it.
*/
- unclone_ctx(child_ctx);
+ clone_ctx = unclone_ctx(child_ctx);
update_context_time(child_ctx);
raw_spin_unlock_irqrestore(&child_ctx->lock, flags);
- /*
- * Now that we no longer hold perf_event_context::lock, drop
- * our extra child_ctx->parent_ctx reference.
- */
- if (parent_ctx)
- put_ctx(parent_ctx);
+ if (clone_ctx)
+ put_ctx(clone_ctx);
/*
* Report the task dead after unscheduling the events so that we
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 058/319] evm: properly handle INTEGRITY_NOXATTRS EVM status
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 057/319] perf: Fix unclone_ctx() vs. locking Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 059/319] evm: check xattr value length and type in evm_inode_setxattr() Greg Kroah-Hartman
` (245 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Kasatkin, Mimi Zohar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
commit 3dcbad52cf18c3c379e96b992d22815439ebbe53 upstream.
Unless an LSM labels a file during d_instantiate(), newly created
files are not labeled with an initial security.evm xattr, until
the file closes. EVM, before allowing a protected, security xattr
to be written, verifies the existing 'security.evm' value is good.
For newly created files without a security.evm label, this
verification prevents writing any protected, security xattrs,
until the file closes.
Following is the example when this happens:
fd = open("foo", O_CREAT | O_WRONLY, 0644);
setxattr("foo", "security.SMACK64", value, sizeof(value), 0);
close(fd);
While INTEGRITY_NOXATTRS status is handled in other places, such
as evm_inode_setattr(), it does not handle it in all cases in
evm_protect_xattr(). By limiting the use of INTEGRITY_NOXATTRS to
newly created files, we can now allow setting "protected" xattrs.
Changelog:
- limit the use of INTEGRITY_NOXATTRS to IMA identified new files
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/evm/evm_main.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -284,6 +284,13 @@ static int evm_protect_xattr(struct dent
goto out;
}
evm_status = evm_verify_current_integrity(dentry);
+ if (evm_status == INTEGRITY_NOXATTRS) {
+ struct integrity_iint_cache *iint;
+
+ iint = integrity_iint_find(dentry->d_inode);
+ if (iint && (iint->flags & IMA_NEW_FILE))
+ return 0;
+ }
out:
if (evm_status != INTEGRITY_PASS)
integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 059/319] evm: check xattr value length and type in evm_inode_setxattr()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 058/319] evm: properly handle INTEGRITY_NOXATTRS EVM status Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 060/319] ALSA: hda - Add workaround for CMI8888 snoop behavior Greg Kroah-Hartman
` (244 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Dmitry Kasatkin, Mimi Zohar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
commit 3b1deef6b1289a99505858a3b212c5b50adf0c2f upstream.
evm_inode_setxattr() can be called with no value. The function does not
check the length so that following command can be used to produce the
kernel oops: setfattr -n security.evm FOO. This patch fixes it.
Changes in v3:
* there is no reason to return different error codes for EVM_XATTR_HMAC
and non EVM_XATTR_HMAC. Remove unnecessary test then.
Changes in v2:
* testing for validity of xattr type
[ 1106.396921] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 1106.398192] IP: [<ffffffff812af7b8>] evm_inode_setxattr+0x2a/0x48
[ 1106.399244] PGD 29048067 PUD 290d7067 PMD 0
[ 1106.399953] Oops: 0000 [#1] SMP
[ 1106.400020] Modules linked in: bridge stp llc evdev serio_raw i2c_piix4 button fuse
[ 1106.400020] CPU: 0 PID: 3635 Comm: setxattr Not tainted 3.16.0-kds+ #2936
[ 1106.400020] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1106.400020] task: ffff8800291a0000 ti: ffff88002917c000 task.ti: ffff88002917c000
[ 1106.400020] RIP: 0010:[<ffffffff812af7b8>] [<ffffffff812af7b8>] evm_inode_setxattr+0x2a/0x48
[ 1106.400020] RSP: 0018:ffff88002917fd50 EFLAGS: 00010246
[ 1106.400020] RAX: 0000000000000000 RBX: ffff88002917fdf8 RCX: 0000000000000000
[ 1106.400020] RDX: 0000000000000000 RSI: ffffffff818136d3 RDI: ffff88002917fdf8
[ 1106.400020] RBP: ffff88002917fd68 R08: 0000000000000000 R09: 00000000003ec1df
[ 1106.400020] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800438a0a00
[ 1106.400020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1106.400020] FS: 00007f7dfa7d7740(0000) GS:ffff88005da00000(0000) knlGS:0000000000000000
[ 1106.400020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1106.400020] CR2: 0000000000000000 CR3: 000000003763e000 CR4: 00000000000006f0
[ 1106.400020] Stack:
[ 1106.400020] ffff8800438a0a00 ffff88002917fdf8 0000000000000000 ffff88002917fd98
[ 1106.400020] ffffffff812a1030 ffff8800438a0a00 ffff88002917fdf8 0000000000000000
[ 1106.400020] 0000000000000000 ffff88002917fde0 ffffffff8116d08a ffff88002917fdc8
[ 1106.400020] Call Trace:
[ 1106.400020] [<ffffffff812a1030>] security_inode_setxattr+0x5d/0x6a
[ 1106.400020] [<ffffffff8116d08a>] vfs_setxattr+0x6b/0x9f
[ 1106.400020] [<ffffffff8116d1e0>] setxattr+0x122/0x16c
[ 1106.400020] [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
[ 1106.400020] [<ffffffff8114d011>] ? __sb_start_write+0x10f/0x143
[ 1106.400020] [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
[ 1106.400020] [<ffffffff811687c0>] ? __mnt_want_write+0x48/0x4f
[ 1106.400020] [<ffffffff8116d3e6>] SyS_setxattr+0x6e/0xb0
[ 1106.400020] [<ffffffff81529da9>] system_call_fastpath+0x16/0x1b
[ 1106.400020] Code: c3 0f 1f 44 00 00 55 48 89 e5 41 55 49 89 d5 41 54 49 89 fc 53 48 89 f3 48 c7 c6 d3 36 81 81 48 89 df e8 18 22 04 00 85 c0 75 07 <41> 80 7d 00 02 74 0d 48 89 de 4c 89 e7 e8 5a fe ff ff eb 03 83
[ 1106.400020] RIP [<ffffffff812af7b8>] evm_inode_setxattr+0x2a/0x48
[ 1106.400020] RSP <ffff88002917fd50>
[ 1106.400020] CR2: 0000000000000000
[ 1106.428061] ---[ end trace ae08331628ba3050 ]---
Reported-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/evm/evm_main.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -318,9 +318,12 @@ int evm_inode_setxattr(struct dentry *de
{
const struct evm_ima_xattr_data *xattr_data = xattr_value;
- if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0)
- && (xattr_data->type == EVM_XATTR_HMAC))
- return -EPERM;
+ if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
+ if (!xattr_value_len)
+ return -EINVAL;
+ if (xattr_data->type != EVM_IMA_XATTR_DIGSIG)
+ return -EPERM;
+ }
return evm_protect_xattr(dentry, xattr_name, xattr_value,
xattr_value_len);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 060/319] ALSA: hda - Add workaround for CMI8888 snoop behavior
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 059/319] evm: check xattr value length and type in evm_inode_setxattr() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 061/319] ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get Greg Kroah-Hartman
` (243 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 3b70bdba2fcb374a2235a56ab73334348d819579 upstream.
CMI8888 shows the stuttering playback when the snooping is disabled
on the audio buffer. Meanwhile, we've got reports that CORB/RIRB
doesn't work in the snooped mode. So, as a compromise, disable the
snoop only for CORB/RIRB and enable the snoop for the stream buffers.
The resultant patch became a bit ugly, unfortunately, but we still can
live with it.
Reported-and-tested-by: Geoffrey McRae <geoff@spacevs.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/hda_intel.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -373,6 +373,8 @@ static void __mark_pages_wc(struct azx *
#ifdef CONFIG_SND_DMA_SGBUF
if (dmab->dev.type == SNDRV_DMA_TYPE_DEV_SG) {
struct snd_sg_buf *sgbuf = dmab->private_data;
+ if (chip->driver_type == AZX_DRIVER_CMEDIA)
+ return; /* deal with only CORB/RIRB buffers */
if (on)
set_pages_array_wc(sgbuf->page_table, sgbuf->pages);
else
@@ -1768,7 +1770,7 @@ static void pcm_mmap_prepare(struct snd_
#ifdef CONFIG_X86
struct azx_pcm *apcm = snd_pcm_substream_chip(substream);
struct azx *chip = apcm->chip;
- if (!azx_snoop(chip))
+ if (!azx_snoop(chip) && chip->driver_type != AZX_DRIVER_CMEDIA)
area->vm_page_prot = pgprot_writecombine(area->vm_page_prot);
#endif
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 061/319] ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 060/319] ALSA: hda - Add workaround for CMI8888 snoop behavior Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 062/319] ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode Greg Kroah-Hartman
` (242 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Vogel, Takashi Sakamoto,
Takashi Iwai
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Vogel <vogelchr@vogel.cx>
commit d1d0b6b668818571122d30d68a0b3f768bd83a52 upstream.
snd_bebob_stream_check_internal_clock() may get an id from
saffirepro_both_clk_src_get (via clk_src->get()) that was uninitialized.
a) make logic in saffirepro_both_clk_src_get explicit
b) test if id used in snd_bebob_stream_check_internal_clock matches array size
[fixed missing signed prefix to *_maps[] by tiwai]
Signed-off-by: Christian Vogel <vogelchr@vogel.cx>
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/firewire/bebob/bebob_focusrite.c | 62 +++++++++++++++++++++++++--------
sound/firewire/bebob/bebob_stream.c | 18 +++++++--
2 files changed, 63 insertions(+), 17 deletions(-)
--- a/sound/firewire/bebob/bebob_focusrite.c
+++ b/sound/firewire/bebob/bebob_focusrite.c
@@ -27,12 +27,14 @@
#define SAFFIRE_CLOCK_SOURCE_INTERNAL 0
#define SAFFIRE_CLOCK_SOURCE_SPDIF 1
-/* '1' is absent, why... */
+/* clock sources as returned from register of Saffire Pro 10 and 26 */
#define SAFFIREPRO_CLOCK_SOURCE_INTERNAL 0
+#define SAFFIREPRO_CLOCK_SOURCE_SKIP 1 /* never used on hardware */
#define SAFFIREPRO_CLOCK_SOURCE_SPDIF 2
-#define SAFFIREPRO_CLOCK_SOURCE_ADAT1 3
-#define SAFFIREPRO_CLOCK_SOURCE_ADAT2 4
+#define SAFFIREPRO_CLOCK_SOURCE_ADAT1 3 /* not used on s.pro. 10 */
+#define SAFFIREPRO_CLOCK_SOURCE_ADAT2 4 /* not used on s.pro. 10 */
#define SAFFIREPRO_CLOCK_SOURCE_WORDCLOCK 5
+#define SAFFIREPRO_CLOCK_SOURCE_COUNT 6
/* S/PDIF, ADAT1, ADAT2 is enabled or not. three quadlets */
#define SAFFIREPRO_ENABLE_DIG_IFACES 0x01a4
@@ -101,13 +103,34 @@ saffire_write_quad(struct snd_bebob *beb
&data, sizeof(__be32), 0);
}
+static char *const saffirepro_10_clk_src_labels[] = {
+ SND_BEBOB_CLOCK_INTERNAL, "S/PDIF", "Word Clock"
+};
static char *const saffirepro_26_clk_src_labels[] = {
SND_BEBOB_CLOCK_INTERNAL, "S/PDIF", "ADAT1", "ADAT2", "Word Clock"
};
-
-static char *const saffirepro_10_clk_src_labels[] = {
- SND_BEBOB_CLOCK_INTERNAL, "S/PDIF", "Word Clock"
+/* Value maps between registers and labels for SaffirePro 10/26. */
+static const signed char saffirepro_clk_maps[][SAFFIREPRO_CLOCK_SOURCE_COUNT] = {
+ /* SaffirePro 10 */
+ [0] = {
+ [SAFFIREPRO_CLOCK_SOURCE_INTERNAL] = 0,
+ [SAFFIREPRO_CLOCK_SOURCE_SKIP] = -1, /* not supported */
+ [SAFFIREPRO_CLOCK_SOURCE_SPDIF] = 1,
+ [SAFFIREPRO_CLOCK_SOURCE_ADAT1] = -1, /* not supported */
+ [SAFFIREPRO_CLOCK_SOURCE_ADAT2] = -1, /* not supported */
+ [SAFFIREPRO_CLOCK_SOURCE_WORDCLOCK] = 2,
+ },
+ /* SaffirePro 26 */
+ [1] = {
+ [SAFFIREPRO_CLOCK_SOURCE_INTERNAL] = 0,
+ [SAFFIREPRO_CLOCK_SOURCE_SKIP] = -1, /* not supported */
+ [SAFFIREPRO_CLOCK_SOURCE_SPDIF] = 1,
+ [SAFFIREPRO_CLOCK_SOURCE_ADAT1] = 2,
+ [SAFFIREPRO_CLOCK_SOURCE_ADAT2] = 3,
+ [SAFFIREPRO_CLOCK_SOURCE_WORDCLOCK] = 4,
+ }
};
+
static int
saffirepro_both_clk_freq_get(struct snd_bebob *bebob, unsigned int *rate)
{
@@ -138,24 +161,35 @@ saffirepro_both_clk_freq_set(struct snd_
return saffire_write_quad(bebob, SAFFIREPRO_RATE_NOREBOOT, id);
}
+
+/*
+ * query hardware for current clock source, return our internally
+ * used clock index in *id, depending on hardware.
+ */
static int
saffirepro_both_clk_src_get(struct snd_bebob *bebob, unsigned int *id)
{
int err;
- u32 value;
+ u32 value; /* clock source read from hw register */
+ const signed char *map;
err = saffire_read_quad(bebob, SAFFIREPRO_OFFSET_CLOCK_SOURCE, &value);
if (err < 0)
goto end;
- if (bebob->spec->clock->labels == saffirepro_10_clk_src_labels) {
- if (value == SAFFIREPRO_CLOCK_SOURCE_WORDCLOCK)
- *id = 2;
- else if (value == SAFFIREPRO_CLOCK_SOURCE_SPDIF)
- *id = 1;
- } else if (value > 1) {
- *id = value - 1;
+ /* depending on hardware, use a different mapping */
+ if (bebob->spec->clock->labels == saffirepro_10_clk_src_labels)
+ map = saffirepro_clk_maps[0];
+ else
+ map = saffirepro_clk_maps[1];
+
+ /* In a case that this driver cannot handle the value of register. */
+ if (value >= SAFFIREPRO_CLOCK_SOURCE_COUNT || map[value] < 0) {
+ err = -EIO;
+ goto end;
}
+
+ *id = (unsigned int)map[value];
end:
return err;
}
--- a/sound/firewire/bebob/bebob_stream.c
+++ b/sound/firewire/bebob/bebob_stream.c
@@ -129,12 +129,24 @@ snd_bebob_stream_check_internal_clock(st
/* 1.The device has its own operation to switch source of clock */
if (clk_spec) {
err = clk_spec->get(bebob, &id);
- if (err < 0)
+ if (err < 0) {
dev_err(&bebob->unit->device,
"fail to get clock source: %d\n", err);
- else if (strncmp(clk_spec->labels[id], SND_BEBOB_CLOCK_INTERNAL,
- strlen(SND_BEBOB_CLOCK_INTERNAL)) == 0)
+ goto end;
+ }
+
+ if (id >= clk_spec->num) {
+ dev_err(&bebob->unit->device,
+ "clock source %d out of range 0..%d\n",
+ id, clk_spec->num - 1);
+ err = -EIO;
+ goto end;
+ }
+
+ if (strncmp(clk_spec->labels[id], SND_BEBOB_CLOCK_INTERNAL,
+ strlen(SND_BEBOB_CLOCK_INTERNAL)) == 0)
*internal = true;
+
goto end;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 062/319] ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 061/319] ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 063/319] missing data dependency barrier in prepend_name() Greg Kroah-Hartman
` (241 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart, Takashi Iwai
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 317168d0c766defd14b3d0e9c2c4a9a258b803ee upstream.
In compat mode, we copy each field of snd_pcm_status struct but don't
touch the reserved fields, and this leaves uninitialized values
there. Meanwhile the native ioctl does zero-clear the whole
structure, so we should follow the same rule in compat mode, too.
Reported-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/pcm_compat.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/core/pcm_compat.c
+++ b/sound/core/pcm_compat.c
@@ -210,6 +210,8 @@ static int snd_pcm_status_user_compat(st
if (err < 0)
return err;
+ if (clear_user(src, sizeof(*src)))
+ return -EFAULT;
if (put_user(status.state, &src->state) ||
compat_put_timespec(&status.trigger_tstamp, &src->trigger_tstamp) ||
compat_put_timespec(&status.tstamp, &src->tstamp) ||
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 063/319] missing data dependency barrier in prepend_name()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 062/319] ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 064/319] [jffs2] kill wbuf_queued/wbuf_dwork_lock Greg Kroah-Hartman
` (240 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 6d13f69444bd3d4888e43f7756449748f5a98bad upstream.
AFAICS, prepend_name() is broken on SMP alpha. Disclaimer: I don't have
SMP alpha boxen to reproduce it on. However, it really looks like the race
is real.
CPU1: d_path() on /mnt/ramfs/<255-character>/foo
CPU2: mv /mnt/ramfs/<255-character> /mnt/ramfs/<63-character>
CPU2 does d_alloc(), which allocates an external name, stores the name there
including terminating NUL, does smp_wmb() and stores its address in
dentry->d_name.name. It proceeds to d_add(dentry, NULL) and d_move()
old dentry over to that. ->d_name.name value ends up in that dentry.
In the meanwhile, CPU1 gets to prepend_name() for that dentry. It fetches
->d_name.name and ->d_name.len; the former ends up pointing to new name
(64-byte kmalloc'ed array), the latter - 255 (length of the old name).
Nothing to force the ordering there, and normally that would be OK, since we'd
run into the terminating NUL and stop. Except that it's alpha, and we'd need
a data dependency barrier to guarantee that we see that store of NUL
__d_alloc() has done. In a similar situation dentry_cmp() would survive; it
does explicit smp_read_barrier_depends() after fetching ->d_name.name.
prepend_name() doesn't and it risks walking past the end of kmalloc'ed object
and possibly oops due to taking a page fault in kernel mode.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2810,6 +2810,9 @@ static int prepend(char **buffer, int *b
* the beginning of the name. The sequence number check at the caller will
* retry it again when a d_move() does happen. So any garbage in the buffer
* due to mismatched pointer and length will be discarded.
+ *
+ * Data dependency barrier is needed to make sure that we see that terminating
+ * NUL. Alpha strikes again, film at 11...
*/
static int prepend_name(char **buffer, int *buflen, struct qstr *name)
{
@@ -2817,6 +2820,8 @@ static int prepend_name(char **buffer, i
u32 dlen = ACCESS_ONCE(name->len);
char *p;
+ smp_read_barrier_depends();
+
*buflen -= dlen + 1;
if (*buflen < 0)
return -ENAMETOOLONG;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 064/319] [jffs2] kill wbuf_queued/wbuf_dwork_lock
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 063/319] missing data dependency barrier in prepend_name() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 065/319] fix misuses of f_count() in ppp and netlink Greg Kroah-Hartman
` (239 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Harris, Al Viro
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@ZenIV.linux.org.uk>
commit 99358a1ca53e8e6ce09423500191396f0e6584d2 upstream.
schedule_delayed_work() happening when the work is already pending is
a cheap no-op. Don't bother with ->wbuf_queued logics - it's both
broken (cancelling ->wbuf_dwork leaves it set, as spotted by Jeff Harris)
and pointless. It's cheaper to let schedule_delayed_work() handle that
case.
Reported-by: Jeff Harris <jefftharris@gmail.com>
Tested-by: Jeff Harris <jefftharris@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/jffs2_fs_sb.h | 2 --
fs/jffs2/wbuf.c | 17 ++---------------
2 files changed, 2 insertions(+), 17 deletions(-)
--- a/fs/jffs2/jffs2_fs_sb.h
+++ b/fs/jffs2/jffs2_fs_sb.h
@@ -134,8 +134,6 @@ struct jffs2_sb_info {
struct rw_semaphore wbuf_sem; /* Protects the write buffer */
struct delayed_work wbuf_dwork; /* write-buffer write-out work */
- int wbuf_queued; /* non-zero delayed work is queued */
- spinlock_t wbuf_dwork_lock; /* protects wbuf_dwork and and wbuf_queued */
unsigned char *oobbuf;
int oobavail; /* How many bytes are available for JFFS2 in OOB */
--- a/fs/jffs2/wbuf.c
+++ b/fs/jffs2/wbuf.c
@@ -1162,10 +1162,6 @@ static void delayed_wbuf_sync(struct wor
struct jffs2_sb_info *c = work_to_sb(work);
struct super_block *sb = OFNI_BS_2SFFJ(c);
- spin_lock(&c->wbuf_dwork_lock);
- c->wbuf_queued = 0;
- spin_unlock(&c->wbuf_dwork_lock);
-
if (!(sb->s_flags & MS_RDONLY)) {
jffs2_dbg(1, "%s()\n", __func__);
jffs2_flush_wbuf_gc(c, 0);
@@ -1180,14 +1176,9 @@ void jffs2_dirty_trigger(struct jffs2_sb
if (sb->s_flags & MS_RDONLY)
return;
- spin_lock(&c->wbuf_dwork_lock);
- if (!c->wbuf_queued) {
+ delay = msecs_to_jiffies(dirty_writeback_interval * 10);
+ if (queue_delayed_work(system_long_wq, &c->wbuf_dwork, delay))
jffs2_dbg(1, "%s()\n", __func__);
- delay = msecs_to_jiffies(dirty_writeback_interval * 10);
- queue_delayed_work(system_long_wq, &c->wbuf_dwork, delay);
- c->wbuf_queued = 1;
- }
- spin_unlock(&c->wbuf_dwork_lock);
}
int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
@@ -1211,7 +1202,6 @@ int jffs2_nand_flash_setup(struct jffs2_
/* Initialise write buffer */
init_rwsem(&c->wbuf_sem);
- spin_lock_init(&c->wbuf_dwork_lock);
INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
c->wbuf_pagesize = c->mtd->writesize;
c->wbuf_ofs = 0xFFFFFFFF;
@@ -1251,7 +1241,6 @@ int jffs2_dataflash_setup(struct jffs2_s
/* Initialize write buffer */
init_rwsem(&c->wbuf_sem);
- spin_lock_init(&c->wbuf_dwork_lock);
INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
c->wbuf_pagesize = c->mtd->erasesize;
@@ -1311,7 +1300,6 @@ int jffs2_nor_wbuf_flash_setup(struct jf
/* Initialize write buffer */
init_rwsem(&c->wbuf_sem);
- spin_lock_init(&c->wbuf_dwork_lock);
INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
c->wbuf_pagesize = c->mtd->writesize;
@@ -1346,7 +1334,6 @@ int jffs2_ubivol_setup(struct jffs2_sb_i
return 0;
init_rwsem(&c->wbuf_sem);
- spin_lock_init(&c->wbuf_dwork_lock);
INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
c->wbuf_pagesize = c->mtd->writesize;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 065/319] fix misuses of f_count() in ppp and netlink
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 064/319] [jffs2] kill wbuf_queued/wbuf_dwork_lock Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 066/319] rbd: rbd workqueues need a resque worker Greg Kroah-Hartman
` (238 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 24dff96a37a2ca319e75a74d3929b2de22447ca6 upstream.
we used to check for "nobody else could start doing anything with
that opened file" by checking that refcount was 2 or less - one
for descriptor table and one we'd acquired in fget() on the way to
wherever we are. That was race-prone (somebody else might have
had a reference to descriptor table and do fget() just as we'd
been checking) and it had become flat-out incorrect back when
we switched to fget_light() on those codepaths - unlike fget(),
it doesn't grab an extra reference unless the descriptor table
is shared. The same change allowed a race-free check, though -
we are safe exactly when refcount is less than 2.
It was a long time ago; pre-2.6.12 for ioctl() (the codepath leading
to ppp one) and 2.6.17 for sendmsg() (netlink one). OTOH,
netlink hadn't grown that check until 3.9 and ppp used to live
in drivers/net, not drivers/net/ppp until 3.1. The bug existed
well before that, though, and the same fix used to apply in old
location of file.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ppp/ppp_generic.c | 2 +-
net/netlink/af_netlink.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -594,7 +594,7 @@ static long ppp_ioctl(struct file *file,
if (file == ppp->owner)
ppp_shutdown_interface(ppp);
}
- if (atomic_long_read(&file->f_count) <= 2) {
+ if (atomic_long_read(&file->f_count) < 2) {
ppp_release(NULL, file);
err = 0;
} else
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -723,7 +723,7 @@ static int netlink_mmap_sendmsg(struct s
* after validation, the socket and the ring may only be used by a
* single process, otherwise we fall back to copying.
*/
- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 ||
+ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 ||
atomic_read(&nlk->mapped) > 1)
excl = false;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 066/319] rbd: rbd workqueues need a resque worker
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 065/319] fix misuses of f_count() in ppp and netlink Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 067/319] libceph: ceph-msgr workqueue needs " Greg Kroah-Hartman
` (237 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Dryomov, Micha Krause, Sage Weil
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilya Dryomov <idryomov@redhat.com>
commit 792c3a914910bd34302c5345578f85cfcb5e2c01 upstream.
Need to use WQ_MEM_RECLAIM for our workqueues to prevent I/O lockups
under memory pressure - we sit on the memory reclaim path.
Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
Tested-by: Micha Krause <micha@krausam.de>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/rbd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -5087,7 +5087,8 @@ static int rbd_dev_device_setup(struct r
set_capacity(rbd_dev->disk, rbd_dev->mapping.size / SECTOR_SIZE);
set_disk_ro(rbd_dev->disk, rbd_dev->mapping.read_only);
- rbd_dev->rq_wq = alloc_workqueue("%s", 0, 0, rbd_dev->disk->disk_name);
+ rbd_dev->rq_wq = alloc_workqueue("%s", WQ_MEM_RECLAIM, 0,
+ rbd_dev->disk->disk_name);
if (!rbd_dev->rq_wq) {
ret = -ENOMEM;
goto err_out_mapping;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 067/319] libceph: ceph-msgr workqueue needs a resque worker
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 066/319] rbd: rbd workqueues need a resque worker Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 068/319] sched: Use dl_bw_of() under RCU read lock Greg Kroah-Hartman
` (236 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Dryomov, Micha Krause, Sage Weil
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilya Dryomov <idryomov@redhat.com>
commit f9865f06f7f18c6661c88d0511f05c48612319cc upstream.
Commit f363e45fd118 ("net/ceph: make ceph_msgr_wq non-reentrant")
effectively removed WQ_MEM_RECLAIM flag from ceph_msgr_wq. This is
wrong - libceph is very much a memory reclaim path, so restore it.
Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
Tested-by: Micha Krause <micha@krausam.de>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ceph/messenger.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -292,7 +292,11 @@ int ceph_msgr_init(void)
if (ceph_msgr_slab_init())
return -ENOMEM;
- ceph_msgr_wq = alloc_workqueue("ceph-msgr", 0, 0);
+ /*
+ * The number of active work items is limited by the number of
+ * connections, so leave @max_active at default.
+ */
+ ceph_msgr_wq = alloc_workqueue("ceph-msgr", WQ_MEM_RECLAIM, 0);
if (ceph_msgr_wq)
return 0;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 068/319] sched: Use dl_bw_of() under RCU read lock
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 067/319] libceph: ceph-msgr workqueue needs " Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 069/319] um: ubd: Fix for processes stuck in D state forever Greg Kroah-Hartman
` (235 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kirill Tkhai, Peter Zijlstra (Intel),
Paul E. McKenney, Linus Torvalds, Ingo Molnar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kirill Tkhai <ktkhai@parallels.com>
commit 66339c31bc3978d5fff9c4b4cb590a861def4db2 upstream.
dl_bw_of() dereferences rq->rd which has to have RCU read lock held.
Probability of use-after-free isn't zero here.
Also add lockdep assert into dl_bw_cpus().
Signed-off-by: Kirill Tkhai <ktkhai@parallels.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20140922183624.11015.71558.stgit@localhost
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/core.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1977,6 +1977,8 @@ unsigned long to_ratio(u64 period, u64 r
#ifdef CONFIG_SMP
inline struct dl_bw *dl_bw_of(int i)
{
+ rcu_lockdep_assert(rcu_read_lock_sched_held(),
+ "sched RCU must be held");
return &cpu_rq(i)->rd->dl_bw;
}
@@ -1985,6 +1987,8 @@ static inline int dl_bw_cpus(int i)
struct root_domain *rd = cpu_rq(i)->rd;
int cpus = 0;
+ rcu_lockdep_assert(rcu_read_lock_sched_held(),
+ "sched RCU must be held");
for_each_cpu_and(i, rd->span, cpu_active_mask)
cpus++;
@@ -7580,6 +7584,8 @@ static int sched_dl_global_constraints(v
int cpu, ret = 0;
unsigned long flags;
+ rcu_read_lock();
+
/*
* Here we want to check the bandwidth not being set to some
* value smaller than the currently allocated bandwidth in
@@ -7601,6 +7607,8 @@ static int sched_dl_global_constraints(v
break;
}
+ rcu_read_unlock();
+
return ret;
}
@@ -7616,6 +7624,7 @@ static void sched_dl_do_global(void)
if (global_rt_runtime() != RUNTIME_INF)
new_bw = to_ratio(global_rt_period(), global_rt_runtime());
+ rcu_read_lock();
/*
* FIXME: As above...
*/
@@ -7626,6 +7635,7 @@ static void sched_dl_do_global(void)
dl_b->bw = new_bw;
raw_spin_unlock_irqrestore(&dl_b->lock, flags);
}
+ rcu_read_unlock();
}
static int sched_rt_global_validate(void)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 069/319] um: ubd: Fix for processes stuck in D state forever
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 068/319] sched: Use dl_bw_of() under RCU read lock Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 070/319] random: add and use memzero_explicit() for clearing data Greg Kroah-Hartman
` (234 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thorsten Knabe, Richard Weinberger
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thorsten Knabe <linux@thorsten-knabe.de>
commit 2a2361228c5e6d8c1733f00653481de918598e50 upstream.
Starting with Linux 3.12 processes get stuck in D state forever in
UserModeLinux under sync heavy workloads. This bug was introduced by
commit 805f11a0d5 (um: ubd: Add REQ_FLUSH suppport).
Fix bug by adding a check if FLUSH request was successfully submitted to
the I/O thread and keeping the FLUSH request on the request queue on
submission failures.
Fixes: 805f11a0d5 (um: ubd: Add REQ_FLUSH suppport)
Signed-off-by: Thorsten Knabe <linux@thorsten-knabe.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/drivers/ubd_kern.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/um/drivers/ubd_kern.c
+++ b/arch/um/drivers/ubd_kern.c
@@ -1277,7 +1277,7 @@ static void do_ubd_request(struct reques
while(1){
struct ubd *dev = q->queuedata;
- if(dev->end_sg == 0){
+ if(dev->request == NULL){
struct request *req = blk_fetch_request(q);
if(req == NULL)
return;
@@ -1299,7 +1299,8 @@ static void do_ubd_request(struct reques
return;
}
prepare_flush_request(req, io_req);
- submit_request(io_req, dev);
+ if (submit_request(io_req, dev) == false)
+ return;
}
while(dev->start_sg < dev->end_sg){
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 070/319] random: add and use memzero_explicit() for clearing data
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 069/319] um: ubd: Fix for processes stuck in D state forever Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 071/319] s390/topology: call set_sched_topology early Greg Kroah-Hartman
` (233 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, zatimend, Daniel Borkmann,
Hannes Frederic Sowa, Alexey Dobriyan, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <dborkman@redhat.com>
commit d4c5efdb97773f59a2b711754ca0953f24516739 upstream.
zatimend has reported that in his environment (3.16/gcc4.8.3/corei7)
memset() calls which clear out sensitive data in extract_{buf,entropy,
entropy_user}() in random driver are being optimized away by gcc.
Add a helper memzero_explicit() (similarly as explicit_bzero() variants)
that can be used in such cases where a variable with sensitive data is
being cleared out in the end. Other use cases might also be in crypto
code. [ I have put this into lib/string.c though, as it's always built-in
and doesn't need any dependencies then. ]
Fixes kernel bugzilla: 82041
Reported-by: zatimend@hotmail.co.uk
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 8 ++++----
include/linux/string.h | 5 +++--
lib/string.c | 16 ++++++++++++++++
3 files changed, 23 insertions(+), 6 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1106,7 +1106,7 @@ static void extract_buf(struct entropy_s
__mix_pool_bytes(r, hash.w, sizeof(hash.w));
spin_unlock_irqrestore(&r->lock, flags);
- memset(workspace, 0, sizeof(workspace));
+ memzero_explicit(workspace, sizeof(workspace));
/*
* In case the hash function has some recognizable output
@@ -1118,7 +1118,7 @@ static void extract_buf(struct entropy_s
hash.w[2] ^= rol32(hash.w[2], 16);
memcpy(out, &hash, EXTRACT_SIZE);
- memset(&hash, 0, sizeof(hash));
+ memzero_explicit(&hash, sizeof(hash));
}
/*
@@ -1175,7 +1175,7 @@ static ssize_t extract_entropy(struct en
}
/* Wipe data just returned from memory */
- memset(tmp, 0, sizeof(tmp));
+ memzero_explicit(tmp, sizeof(tmp));
return ret;
}
@@ -1218,7 +1218,7 @@ static ssize_t extract_entropy_user(stru
}
/* Wipe data just returned from memory */
- memset(tmp, 0, sizeof(tmp));
+ memzero_explicit(tmp, sizeof(tmp));
return ret;
}
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -132,7 +132,7 @@ int bprintf(u32 *bin_buf, size_t size, c
#endif
extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
- const void *from, size_t available);
+ const void *from, size_t available);
/**
* strstarts - does @str start with @prefix?
@@ -144,7 +144,8 @@ static inline bool strstarts(const char
return strncmp(str, prefix, strlen(prefix)) == 0;
}
-extern size_t memweight(const void *ptr, size_t bytes);
+size_t memweight(const void *ptr, size_t bytes);
+void memzero_explicit(void *s, size_t count);
/**
* kbasename - return the last part of a pathname.
--- a/lib/string.c
+++ b/lib/string.c
@@ -604,6 +604,22 @@ void *memset(void *s, int c, size_t coun
EXPORT_SYMBOL(memset);
#endif
+/**
+ * memzero_explicit - Fill a region of memory (e.g. sensitive
+ * keying data) with 0s.
+ * @s: Pointer to the start of the area.
+ * @count: The size of the area.
+ *
+ * memzero_explicit() doesn't need an arch-specific version as
+ * it just invokes the one of memset() implicitly.
+ */
+void memzero_explicit(void *s, size_t count)
+{
+ memset(s, 0, count);
+ OPTIMIZER_HIDE_VAR(s);
+}
+EXPORT_SYMBOL(memzero_explicit);
+
#ifndef __HAVE_ARCH_MEMCPY
/**
* memcpy - Copy one area of memory to another
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 071/319] s390/topology: call set_sched_topology early
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 070/319] random: add and use memzero_explicit() for clearing data Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 072/319] UBI: block: Fix block device size setting Greg Kroah-Hartman
` (232 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Martin Schwidefsky
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
commit 48e9a6c1f54695609b709bf674aac133794ada00 upstream.
The call to topology_init is too late for the set_sched_topology call.
The initial scheduling domain structure has already been established
with default topology array. Use the smp_cpus_done() call to get the
s390 specific topology array registered early enough.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/topology.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
--- a/arch/s390/kernel/topology.c
+++ b/arch/s390/kernel/topology.c
@@ -464,15 +464,17 @@ static struct sched_domain_topology_leve
static int __init topology_init(void)
{
- if (!MACHINE_HAS_TOPOLOGY) {
+ if (MACHINE_HAS_TOPOLOGY)
+ set_topology_timer();
+ else
topology_update_polarization_simple();
- goto out;
- }
- set_topology_timer();
-out:
-
- set_sched_topology(s390_topology);
-
return device_create_file(cpu_subsys.dev_root, &dev_attr_dispatching);
}
device_initcall(topology_init);
+
+static int __init early_topology_init(void)
+{
+ set_sched_topology(s390_topology);
+ return 0;
+}
+early_initcall(early_topology_init);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 072/319] UBI: block: Fix block device size setting
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 071/319] s390/topology: call set_sched_topology early Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 073/319] UBI: block: Add support for the UBI_VOLUME_UPDATED notification Greg Kroah-Hartman
` (231 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Artem Bityutskiy
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
commit 978d6496758d19de2431ebf163337fc7b92f8c45 upstream.
We are currently taking the block device size from the ubi_volume_info.size
field. However, this is not the amount of data in the volume, but the
number of reserved physical eraseblocks, and hence leads to an incorrect
representation of the volume.
In particular, this produces I/O errors on static volumes as the block
interface may attempt to read unmapped PEBs:
$ cat /dev/ubiblock0_0 > /dev/null
UBI error: ubiblock_read_to_buf: ubiblock0_0 ubi_read error -22
end_request: I/O error, dev ubiblock0_0, sector 9536
Buffer I/O error on device ubiblock0_0, logical block 2384
[snip]
Fix this by using the ubi_volume_info.used_bytes field which is set to the
actual number of data bytes for both static and dynamic volumes.
While here, improve the error message to be less stupid and more useful:
UBI error: ubiblock_read_to_buf: ubiblock0_1 ubi_read error -9 on LEB=0, off=15872, len=512
It's worth noticing that the 512-byte sector representation of the volume
is only correct if the volume size is multiple of 512-bytes. This is true for
virtually any NAND device, given eraseblocks and pages are 512-byte multiple
and hence so is the LEB size.
Artem: tweak the error message and make it look more like other UBI error
messages.
Fixes: 9d54c8a33eec ("UBI: R/O block driver on top of UBI volumes")
Signed-off-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/block.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -188,8 +188,9 @@ static int ubiblock_read_to_buf(struct u
ret = ubi_read(dev->desc, leb, buffer, offset, len);
if (ret) {
- ubi_err("%s ubi_read error %d",
- dev->gd->disk_name, ret);
+ ubi_err("%s: error %d while reading from LEB %d (offset %d, "
+ "length %d)", dev->gd->disk_name, ret, leb, offset,
+ len);
return ret;
}
return 0;
@@ -378,7 +379,7 @@ int ubiblock_create(struct ubi_volume_in
{
struct ubiblock *dev;
struct gendisk *gd;
- u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
+ u64 disk_capacity = vi->used_bytes >> 9;
int ret;
if ((sector_t)disk_capacity != disk_capacity)
@@ -502,7 +503,7 @@ int ubiblock_remove(struct ubi_volume_in
static int ubiblock_resize(struct ubi_volume_info *vi)
{
struct ubiblock *dev;
- u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
+ u64 disk_capacity = vi->used_bytes >> 9;
if ((sector_t)disk_capacity != disk_capacity) {
ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
@@ -523,7 +524,7 @@ static int ubiblock_resize(struct ubi_vo
mutex_lock(&dev->dev_mutex);
set_capacity(dev->gd, disk_capacity);
- ubi_msg("%s resized to %d LEBs", dev->gd->disk_name, vi->size);
+ ubi_msg("%s resized to %lld bytes", dev->gd->disk_name, vi->used_bytes);
mutex_unlock(&dev->dev_mutex);
mutex_unlock(&devices_mutex);
return 0;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 073/319] UBI: block: Add support for the UBI_VOLUME_UPDATED notification
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 072/319] UBI: block: Fix block device size setting Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 074/319] UBI: Dispatch update notification if the volume is updated Greg Kroah-Hartman
` (230 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Artem Bityutskiy
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
commit 06d9c2905f745c8b1920a335cbb366ba6b0fc754 upstream.
Static volumes can change its 'used_bytes' when they get updated,
and so the block interface must listen to the UBI_VOLUME_UPDATED
notification to resize the block device accordingly.
Signed-off-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/block.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -523,8 +523,12 @@ static int ubiblock_resize(struct ubi_vo
}
mutex_lock(&dev->dev_mutex);
- set_capacity(dev->gd, disk_capacity);
- ubi_msg("%s resized to %lld bytes", dev->gd->disk_name, vi->used_bytes);
+
+ if (get_capacity(dev->gd) != disk_capacity) {
+ set_capacity(dev->gd, disk_capacity);
+ ubi_msg("%s resized to %lld bytes", dev->gd->disk_name,
+ vi->used_bytes);
+ }
mutex_unlock(&dev->dev_mutex);
mutex_unlock(&devices_mutex);
return 0;
@@ -548,6 +552,14 @@ static int ubiblock_notify(struct notifi
case UBI_VOLUME_RESIZED:
ubiblock_resize(&nt->vi);
break;
+ case UBI_VOLUME_UPDATED:
+ /*
+ * If the volume is static, a content update might mean the
+ * size (i.e. used_bytes) was also changed.
+ */
+ if (nt->vi.vol_type == UBI_STATIC_VOLUME)
+ ubiblock_resize(&nt->vi);
+ break;
default:
break;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 074/319] UBI: Dispatch update notification if the volume is updated
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 073/319] UBI: block: Add support for the UBI_VOLUME_UPDATED notification Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 075/319] UBI: add missing kmem_cache_free() in process_pool_aeb error path Greg Kroah-Hartman
` (229 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Artem Bityutskiy
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
commit fda322a1b3b9e8ee231913c500f73c6988b1aff5 upstream.
The UBI_IOCVOLUP ioctl is used to start an update and also to
truncate a volume. In the first case, a "volume updated" notification
is dispatched when the update is done.
This commit adds the "volume updated" notification to be also sent when
the volume is truncated. This is required for UBI block and gluebi to get
notified about the new volume size.
Signed-off-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/cdev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/mtd/ubi/cdev.c
+++ b/drivers/mtd/ubi/cdev.c
@@ -425,8 +425,10 @@ static long vol_cdev_ioctl(struct file *
break;
err = ubi_start_update(ubi, vol, bytes);
- if (bytes == 0)
+ if (bytes == 0) {
+ ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
revoke_exclusive(desc, UBI_READWRITE);
+ }
break;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 075/319] UBI: add missing kmem_cache_free() in process_pool_aeb error path
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 074/319] UBI: Dispatch update notification if the volume is updated Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 076/319] mnt: Prevent pivot_root from creating a loop in the mount tree Greg Kroah-Hartman
` (228 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Richard Genoud
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Genoud <richard.genoud@gmail.com>
commit 1bf1890e86869032099b539bc83b098be12fc5a7 upstream.
I ran into this error after a ubiupdatevol, because I forgot to backport
e9110361a9a4 UBI: fix the volumes tree sorting criteria.
UBI error: process_pool_aeb: orphaned volume in fastmap pool
UBI error: ubi_scan_fastmap: Attach by fastmap failed, doing a full scan!
kmem_cache_destroy ubi_ainf_peb_slab: Slab cache still has objects
CPU: 0 PID: 1 Comm: swapper Not tainted 3.14.18-00053-gf05cac8dbf85 #1
[<c000d298>] (unwind_backtrace) from [<c000baa8>] (show_stack+0x10/0x14)
[<c000baa8>] (show_stack) from [<c01b7a68>] (destroy_ai+0x230/0x244)
[<c01b7a68>] (destroy_ai) from [<c01b8fd4>] (ubi_attach+0x98/0x1ec)
[<c01b8fd4>] (ubi_attach) from [<c01ade90>] (ubi_attach_mtd_dev+0x2b8/0x868)
[<c01ade90>] (ubi_attach_mtd_dev) from [<c038b510>] (ubi_init+0x1dc/0x2ac)
[<c038b510>] (ubi_init) from [<c0008860>] (do_one_initcall+0x94/0x140)
[<c0008860>] (do_one_initcall) from [<c037aadc>] (kernel_init_freeable+0xe8/0x1b0)
[<c037aadc>] (kernel_init_freeable) from [<c02730ac>] (kernel_init+0x8/0xe4)
[<c02730ac>] (kernel_init) from [<c00093f0>] (ret_from_fork+0x14/0x24)
UBI: scanning is finished
Freeing the cache in the error path fixes the Slab error.
Tested on at91sam9g35 (3.14.18+fastmap backports)
Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/fastmap.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/ubi/fastmap.c
+++ b/drivers/mtd/ubi/fastmap.c
@@ -330,6 +330,7 @@ static int process_pool_aeb(struct ubi_d
av = tmp_av;
else {
ubi_err("orphaned volume in fastmap pool!");
+ kmem_cache_free(ai->aeb_slab_cache, new_aeb);
return UBI_BAD_FASTMAP;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 076/319] mnt: Prevent pivot_root from creating a loop in the mount tree
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 075/319] UBI: add missing kmem_cache_free() in process_pool_aeb error path Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 077/319] mfd: ti_am335x_tscadc: Fix TSC operation after ADC continouous mode Greg Kroah-Hartman
` (227 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Lutomirski, Eric W. Biederman
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit 0d0826019e529f21c84687521d03f60cd241ca7d upstream.
Andy Lutomirski recently demonstrated that when chroot is used to set
the root path below the path for the new ``root'' passed to pivot_root
the pivot_root system call succeeds and leaks mounts.
In examining the code I see that starting with a new root that is
below the current root in the mount tree will result in a loop in the
mount tree after the mounts are detached and then reattached to one
another. Resulting in all kinds of ugliness including a leak of that
mounts involved in the leak of the mount loop.
Prevent this problem by ensuring that the new mount is reachable from
the current root of the mount tree.
[Added stable cc. Fixes CVE-2014-7970. --Andy]
Reported-by: Andy Lutomirski <luto@amacapital.net>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/r/87bnpmihks.fsf@x220.int.ebiederm.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namespace.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2822,6 +2822,9 @@ SYSCALL_DEFINE2(pivot_root, const char _
/* make sure we can reach put_old from new_root */
if (!is_path_reachable(old_mnt, old.dentry, &new))
goto out4;
+ /* make certain new is below the root */
+ if (!is_path_reachable(new_mnt, new.dentry, &root))
+ goto out4;
root_mp->m_count++; /* pin it so it won't go away */
lock_mount_hash();
detach_mnt(new_mnt, &parent_path);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 077/319] mfd: ti_am335x_tscadc: Fix TSC operation after ADC continouous mode
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 076/319] mnt: Prevent pivot_root from creating a loop in the mount tree Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 078/319] mfd: ti_am335x_tscadc: Fix TSC resume Greg Kroah-Hartman
` (226 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vignesh R, Lee Jones
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vignesh R <vigneshr@ti.com>
commit 6ac734d2242949f41eb1346ca0fd4ed010c937aa upstream.
After enabling and disabling ADC continuous mode via sysfs, ts_print_raw
fails to return any data. This is because when ADC is configured for
continuous mode, it disables touch screen steps.These steps are not
re-enabled when ADC continuous mode is disabled. Therefore existing values
of REG_SE needs to be cached before enabling continuous mode and
disabling touch screen steps and enabling ADC steps. The cached value
are to be restored to REG_SE once ADC is disabled.
Fixes: 7ca6740cd1cd ("mfd: input: iio: ti_amm335x: Rework TSC/ADC synchronization")
Signed-off-by: Vignesh R <vigneshr@ti.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mfd/ti_am335x_tscadc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/mfd/ti_am335x_tscadc.c
+++ b/drivers/mfd/ti_am335x_tscadc.c
@@ -53,7 +53,7 @@ void am335x_tsc_se_set_cache(struct ti_t
unsigned long flags;
spin_lock_irqsave(&tsadc->reg_lock, flags);
- tsadc->reg_se_cache = val;
+ tsadc->reg_se_cache |= val;
if (tsadc->adc_waiting)
wake_up(&tsadc->reg_se_wait);
else if (!tsadc->adc_in_use)
@@ -96,6 +96,7 @@ static void am335x_tscadc_need_adc(struc
void am335x_tsc_se_set_once(struct ti_tscadc_dev *tsadc, u32 val)
{
spin_lock_irq(&tsadc->reg_lock);
+ tsadc->reg_se_cache |= val;
am335x_tscadc_need_adc(tsadc);
tscadc_writel(tsadc, REG_SE, val);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 078/319] mfd: ti_am335x_tscadc: Fix TSC resume
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 077/319] mfd: ti_am335x_tscadc: Fix TSC operation after ADC continouous mode Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 079/319] mfd: rtsx_pcr: Fix MSI enable error handling Greg Kroah-Hartman
` (225 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior, Lee Jones
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
commit 6a71f38dd87f255a0586104ce2a14d5a3ddf3401 upstream.
In the resume path, the ADC invokes am335x_tsc_se_set_cache() with 0 as
the steps argument if continous mode is not in use. This in turn disables
all steps and so the TSC is not working until one ADC sampling is
performed.
This patch fixes it by writing the current cached mask instead of the
passed steps.
Fixes: 7ca6740cd1cd ("mfd: input: iio: ti_amm335x: Rework TSC/ADCA
synchronization")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mfd/ti_am335x_tscadc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mfd/ti_am335x_tscadc.c
+++ b/drivers/mfd/ti_am335x_tscadc.c
@@ -57,7 +57,7 @@ void am335x_tsc_se_set_cache(struct ti_t
if (tsadc->adc_waiting)
wake_up(&tsadc->reg_se_wait);
else if (!tsadc->adc_in_use)
- tscadc_writel(tsadc, REG_SE, val);
+ tscadc_writel(tsadc, REG_SE, tsadc->reg_se_cache);
spin_unlock_irqrestore(&tsadc->reg_lock, flags);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 079/319] mfd: rtsx_pcr: Fix MSI enable error handling
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 078/319] mfd: ti_am335x_tscadc: Fix TSC resume Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 080/319] iommu: Rework iommu_group_get_for_pci_dev() Greg Kroah-Hartman
` (224 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, D. Jared Dominguez, Chris Ball, Lee Jones
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Ball <chris@printf.net>
commit 5152970538a5e16c03bbcb9f1c780489a795ed40 upstream.
pci_enable_msi() can return failure with both positive and negative
integers -- it returns 0 for success -- but is only tested here for
"if (ret < 0)". This causes us to try to use MSI on the RTS5249 SD
reader in the Dell XPS 11 when enabling MSI failed, causing:
[ 1.737110] rtsx_pci: probe of 0000:05:00.0 failed with error -110
Reported-by: D. Jared Dominguez <Jared_Dominguez@Dell.com>
Tested-by: D. Jared Dominguez <Jared_Dominguez@Dell.com>
Signed-off-by: Chris Ball <chris@printf.net>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mfd/rtsx_pcr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mfd/rtsx_pcr.c
+++ b/drivers/mfd/rtsx_pcr.c
@@ -1197,7 +1197,7 @@ static int rtsx_pci_probe(struct pci_dev
pcr->msi_en = msi_en;
if (pcr->msi_en) {
ret = pci_enable_msi(pcidev);
- if (ret < 0)
+ if (ret)
pcr->msi_en = false;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 080/319] iommu: Rework iommu_group_get_for_pci_dev()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 079/319] mfd: rtsx_pcr: Fix MSI enable error handling Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 081/319] iommu/amd: Split init_iommu_group() from iommu_init_device() Greg Kroah-Hartman
` (223 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Williamson, Joerg Roedel
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit f096c061f5525d1b35a65b793057b52061dcb486 upstream.
It turns out that our assumption that aliases are always to the same
slot isn't true. One particular platform reports an IVRS alias of the
SATA controller (00:11.0) for the legacy IDE controller (00:14.1).
When we hit this, we attempt to use a single IOMMU group for
everything on the same bus, which in this case is the root complex.
We already have multiple groups defined for the root complex by this
point, resulting in multiple WARN_ON hits.
This patch makes these sorts of aliases work again with IOMMU groups
by reworking how we search through the PCI address space to find
existing groups. This should also now handle looped dependencies and
all sorts of crazy inter-dependencies that we'll likely never see.
The recursion used here should never be very deep. It's unlikely to
have individual aliases and only theoretical that we'd ever see a
chain where one alias causes us to search through to yet another
alias. We're also only dealing with PCIe device on a single bus,
which means we'll typically only see multiple slots in use on the root
complex. Loops are also a theoretically possibility, which I've
tested using fake DMA alias quirks and prevent from causing problems
using a bitmap of the devfn space that's been visited.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/iommu.c | 163 +++++++++++++++++++++++++++++---------------------
1 file changed, 96 insertions(+), 67 deletions(-)
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -30,6 +30,7 @@
#include <linux/notifier.h>
#include <linux/err.h>
#include <linux/pci.h>
+#include <linux/bitops.h>
#include <trace/events/iommu.h>
static struct kset *iommu_group_kset;
@@ -519,6 +520,9 @@ int iommu_group_id(struct iommu_group *g
}
EXPORT_SYMBOL_GPL(iommu_group_id);
+static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
+ unsigned long *devfns);
+
/*
* To consider a PCI device isolated, we require ACS to support Source
* Validation, Request Redirection, Completer Redirection, and Upstream
@@ -529,6 +533,86 @@ EXPORT_SYMBOL_GPL(iommu_group_id);
*/
#define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
+/*
+ * For multifunction devices which are not isolated from each other, find
+ * all the other non-isolated functions and look for existing groups. For
+ * each function, we also need to look for aliases to or from other devices
+ * that may already have a group.
+ */
+static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev,
+ unsigned long *devfns)
+{
+ struct pci_dev *tmp = NULL;
+ struct iommu_group *group;
+
+ if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS))
+ return NULL;
+
+ for_each_pci_dev(tmp) {
+ if (tmp == pdev || tmp->bus != pdev->bus ||
+ PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
+ pci_acs_enabled(tmp, REQ_ACS_FLAGS))
+ continue;
+
+ group = get_pci_alias_group(tmp, devfns);
+ if (group) {
+ pci_dev_put(tmp);
+ return group;
+ }
+ }
+
+ return NULL;
+}
+
+/*
+ * Look for aliases to or from the given device for exisiting groups. The
+ * dma_alias_devfn only supports aliases on the same bus, therefore the search
+ * space is quite small (especially since we're really only looking at pcie
+ * device, and therefore only expect multiple slots on the root complex or
+ * downstream switch ports). It's conceivable though that a pair of
+ * multifunction devices could have aliases between them that would cause a
+ * loop. To prevent this, we use a bitmap to track where we've been.
+ */
+static struct iommu_group *get_pci_alias_group(struct pci_dev *pdev,
+ unsigned long *devfns)
+{
+ struct pci_dev *tmp = NULL;
+ struct iommu_group *group;
+
+ if (test_and_set_bit(pdev->devfn & 0xff, devfns))
+ return NULL;
+
+ group = iommu_group_get(&pdev->dev);
+ if (group)
+ return group;
+
+ for_each_pci_dev(tmp) {
+ if (tmp == pdev || tmp->bus != pdev->bus)
+ continue;
+
+ /* We alias them or they alias us */
+ if (((pdev->dev_flags & PCI_DEV_FLAGS_DMA_ALIAS_DEVFN) &&
+ pdev->dma_alias_devfn == tmp->devfn) ||
+ ((tmp->dev_flags & PCI_DEV_FLAGS_DMA_ALIAS_DEVFN) &&
+ tmp->dma_alias_devfn == pdev->devfn)) {
+
+ group = get_pci_alias_group(tmp, devfns);
+ if (group) {
+ pci_dev_put(tmp);
+ return group;
+ }
+
+ group = get_pci_function_alias_group(tmp, devfns);
+ if (group) {
+ pci_dev_put(tmp);
+ return group;
+ }
+ }
+ }
+
+ return NULL;
+}
+
struct group_for_pci_data {
struct pci_dev *pdev;
struct iommu_group *group;
@@ -557,7 +641,7 @@ static struct iommu_group *iommu_group_g
struct group_for_pci_data data;
struct pci_bus *bus;
struct iommu_group *group = NULL;
- struct pci_dev *tmp;
+ u64 devfns[4] = { 0 };
/*
* Find the upstream DMA alias for the device. A device must not
@@ -591,76 +675,21 @@ static struct iommu_group *iommu_group_g
}
/*
- * Next we need to consider DMA alias quirks. If one device aliases
- * to another, they should be grouped together. It's theoretically
- * possible that aliases could create chains of devices where each
- * device aliases another device. If we then factor in multifunction
- * ACS grouping requirements, each alias could incorporate a new slot
- * with multiple functions, each with aliases. This is all extremely
- * unlikely as DMA alias quirks are typically only used for PCIe
- * devices where we usually have a single slot per bus. Furthermore,
- * the alias quirk is usually to another function within the slot
- * (and ACS multifunction is not supported) or to a different slot
- * that doesn't physically exist. The likely scenario is therefore
- * that everything on the bus gets grouped together. To reduce the
- * problem space, share the IOMMU group for all devices on the bus
- * if a DMA alias quirk is present on the bus.
- */
- tmp = NULL;
- for_each_pci_dev(tmp) {
- if (tmp->bus != pdev->bus ||
- !(tmp->dev_flags & PCI_DEV_FLAGS_DMA_ALIAS_DEVFN))
- continue;
-
- pci_dev_put(tmp);
- tmp = NULL;
-
- /* We have an alias quirk, search for an existing group */
- for_each_pci_dev(tmp) {
- struct iommu_group *group_tmp;
-
- if (tmp->bus != pdev->bus)
- continue;
-
- group_tmp = iommu_group_get(&tmp->dev);
- if (!group) {
- group = group_tmp;
- continue;
- }
-
- if (group_tmp) {
- WARN_ON(group != group_tmp);
- iommu_group_put(group_tmp);
- }
- }
-
- return group ? group : iommu_group_alloc();
- }
-
- /*
- * Non-multifunction devices or multifunction devices supporting
- * ACS get their own group.
+ * Look for existing groups on device aliases. If we alias another
+ * device or another device aliases us, use the same group.
*/
- if (!pdev->multifunction || pci_acs_enabled(pdev, REQ_ACS_FLAGS))
- return iommu_group_alloc();
+ group = get_pci_alias_group(pdev, (unsigned long *)devfns);
+ if (group)
+ return group;
/*
- * Multifunction devices not supporting ACS share a group with other
- * similar devices in the same slot.
+ * Look for existing groups on non-isolated functions on the same
+ * slot and aliases of those funcions, if any. No need to clear
+ * the search bitmap, the tested devfns are still valid.
*/
- tmp = NULL;
- for_each_pci_dev(tmp) {
- if (tmp == pdev || tmp->bus != pdev->bus ||
- PCI_SLOT(tmp->devfn) != PCI_SLOT(pdev->devfn) ||
- pci_acs_enabled(tmp, REQ_ACS_FLAGS))
- continue;
-
- group = iommu_group_get(&tmp->dev);
- if (group) {
- pci_dev_put(tmp);
- return group;
- }
- }
+ group = get_pci_function_alias_group(pdev, (unsigned long *)devfns);
+ if (group)
+ return group;
/* No shared group found, allocate new */
return iommu_group_alloc();
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 081/319] iommu/amd: Split init_iommu_group() from iommu_init_device()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 080/319] iommu: Rework iommu_group_get_for_pci_dev() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 082/319] pstore: Fix duplicate {console,ftrace}-efi entries Greg Kroah-Hartman
` (222 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Williamson, Joerg Roedel
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit 25b11ce2a3607d7c39a2ca121eea0c67c722b34e upstream.
For a PCI device, aliases from the IVRS table won't be populated
into dma_alias_devfn until after iommu_init_device() is called on
each device. We therefore want to split init_iommu_group() to
be called from a separate loop immediately following.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/amd_iommu.c | 27 +++++++++++++--------------
1 file changed, 13 insertions(+), 14 deletions(-)
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -260,17 +260,13 @@ static bool check_device(struct device *
return true;
}
-static int init_iommu_group(struct device *dev)
+static void init_iommu_group(struct device *dev)
{
struct iommu_group *group;
group = iommu_group_get_for_dev(dev);
-
- if (IS_ERR(group))
- return PTR_ERR(group);
-
- iommu_group_put(group);
- return 0;
+ if (!IS_ERR(group))
+ iommu_group_put(group);
}
static int __last_alias(struct pci_dev *pdev, u16 alias, void *data)
@@ -340,7 +336,6 @@ static int iommu_init_device(struct devi
struct pci_dev *pdev = to_pci_dev(dev);
struct iommu_dev_data *dev_data;
u16 alias;
- int ret;
if (dev->archdata.iommu)
return 0;
@@ -364,12 +359,6 @@ static int iommu_init_device(struct devi
dev_data->alias_data = alias_data;
}
- ret = init_iommu_group(dev);
- if (ret) {
- free_dev_data(dev_data);
- return ret;
- }
-
if (pci_iommuv2_capable(pdev)) {
struct amd_iommu *iommu;
@@ -455,6 +444,15 @@ int __init amd_iommu_init_devices(void)
goto out_free;
}
+ /*
+ * Initialize IOMMU groups only after iommu_init_device() has
+ * had a chance to populate any IVRS defined aliases.
+ */
+ for_each_pci_dev(pdev) {
+ if (check_device(&pdev->dev))
+ init_iommu_group(&pdev->dev);
+ }
+
return 0;
out_free:
@@ -2415,6 +2413,7 @@ static int device_change_notifier(struct
case BUS_NOTIFY_ADD_DEVICE:
iommu_init_device(dev);
+ init_iommu_group(dev);
/*
* dev_data is still NULL and
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 082/319] pstore: Fix duplicate {console,ftrace}-efi entries
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 081/319] iommu/amd: Split init_iommu_group() from iommu_init_device() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 083/319] selinux: fix inode security list corruption Greg Kroah-Hartman
` (221 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Valdis Kletnieks, Kees Cook, Tony Luck
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
commit d4bf205da618bbd0b038e404d646f14e76915718 upstream.
The pstore filesystem still creates duplicate filename/inode pairs for
some pstore types. Add the id to the filename to prevent that.
Before patch:
[/sys/fs/pstore] ls -li
total 0
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
1250 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi
After:
[/sys/fs/pstore] ls -li
total 0
1232 -r--r--r--. 1 root root 148 Sep 29 17:09 console-efi-141202499100000
1231 -r--r--r--. 1 root root 67 Sep 29 17:09 console-efi-141202499200000
1230 -r--r--r--. 1 root root 148 Sep 29 17:44 console-efi-141202705400000
1229 -r--r--r--. 1 root root 67 Sep 29 17:44 console-efi-141202705500000
1228 -r--r--r--. 1 root root 67 Sep 29 20:42 console-efi-141203772600000
1227 -r--r--r--. 1 root root 148 Sep 29 23:42 console-efi-141204854900000
1226 -r--r--r--. 1 root root 67 Sep 29 23:42 console-efi-141204855000000
1225 -r--r--r--. 1 root root 148 Sep 29 23:59 console-efi-141204954200000
1224 -r--r--r--. 1 root root 67 Sep 29 23:59 console-efi-141204954400000
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/pstore/inode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -320,10 +320,10 @@ int pstore_mkfile(enum pstore_type_id ty
compressed ? ".enc.z" : "");
break;
case PSTORE_TYPE_CONSOLE:
- sprintf(name, "console-%s", psname);
+ sprintf(name, "console-%s-%lld", psname, id);
break;
case PSTORE_TYPE_FTRACE:
- sprintf(name, "ftrace-%s", psname);
+ sprintf(name, "ftrace-%s-%lld", psname, id);
break;
case PSTORE_TYPE_MCE:
sprintf(name, "mce-%s-%lld", psname, id);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 083/319] selinux: fix inode security list corruption
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 082/319] pstore: Fix duplicate {console,ftrace}-efi entries Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 084/319] power: charger-manager: Fix NULL pointer exception with missing cm-fuel-gauge Greg Kroah-Hartman
` (220 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shivnandan Kumar, Stephen Smalley,
Paul Moore
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Smalley <sds@tycho.nsa.gov>
commit 923190d32de4428afbea5e5773be86bea60a9925 upstream.
sb_finish_set_opts() can race with inode_free_security()
when initializing inode security structures for inodes
created prior to initial policy load or by the filesystem
during ->mount(). This appears to have always been
a possible race, but commit 3dc91d4 ("SELinux: Fix possible
NULL pointer dereference in selinux_inode_permission()")
made it more evident by immediately reusing the unioned
list/rcu element of the inode security structure for call_rcu()
upon an inode_free_security(). But the underlying issue
was already present before that commit as a possible use-after-free
of isec.
Shivnandan Kumar reported the list corruption and proposed
a patch to split the list and rcu elements out of the union
as separate fields of the inode_security_struct so that setting
the rcu element would not affect the list element. However,
this would merely hide the issue and not truly fix the code.
This patch instead moves up the deletion of the list entry
prior to dropping the sbsec->isec_lock initially. Then,
if the inode is dropped subsequently, there will be no further
references to the isec.
Reported-by: Shivnandan Kumar <shivnandan.k@samsung.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/selinux/hooks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -481,6 +481,7 @@ next_inode:
list_entry(sbsec->isec_head.next,
struct inode_security_struct, list);
struct inode *inode = isec->inode;
+ list_del_init(&isec->list);
spin_unlock(&sbsec->isec_lock);
inode = igrab(inode);
if (inode) {
@@ -489,7 +490,6 @@ next_inode:
iput(inode);
}
spin_lock(&sbsec->isec_lock);
- list_del_init(&isec->list);
goto next_inode;
}
spin_unlock(&sbsec->isec_lock);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 084/319] power: charger-manager: Fix NULL pointer exception with missing cm-fuel-gauge
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 083/319] selinux: fix inode security list corruption Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 085/319] virtio_pci: fix virtio spec compliance on restore Greg Kroah-Hartman
` (219 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sebastian Reichel
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
commit 661a88860274e059fdb744dfaa98c045db7b5d1d upstream.
NULL pointer exception happens during charger-manager probe if
'cm-fuel-gauge' property is not present.
[ 2.448536] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 2.456572] pgd = c0004000
[ 2.459217] [00000000] *pgd=00000000
[ 2.462759] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 2.468047] Modules linked in:
[ 2.471089] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.17.0-rc6-00251-ge44cf96cd525-dirty #969
[ 2.479765] task: ea890000 ti: ea87a000 task.ti: ea87a000
[ 2.485161] PC is at strcmp+0x4/0x30
[ 2.488719] LR is at power_supply_match_device_by_name+0x10/0x1c
[ 2.494695] pc : [<c01f4220>] lr : [<c030fe38>] psr: a0000113
[ 2.494695] sp : ea87bde0 ip : 00000000 fp : eaa97010
[ 2.506150] r10: 00000004 r9 : ea97269c r8 : ea3bbfd0
[ 2.511360] r7 : eaa97000 r6 : c030fe28 r5 : 00000000 r4 : ea3b0000
[ 2.517869] r3 : 0000006d r2 : 00000000 r1 : 00000000 r0 : c057c195
[ 2.524381] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
[ 2.531671] Control: 10c5387d Table: 4000404a DAC: 00000015
[ 2.537399] Process swapper/0 (pid: 1, stack limit = 0xea87a240)
[ 2.543388] Stack: (0xea87bde0 to 0xea87c000)
[ 2.547733] bde0: ea3b0210 c026b1c8 eaa97010 eaa97000 eaa97010 eabb60a8 ea3b0210 00000000
[ 2.555891] be00: 00000008 ea2db210 ea1a3410 c030fee0 ea3bbf90 c03138fc c068969c c013526c
[ 2.564050] be20: eaa040c0 00000000 c068969c 00000000 eaa040c0 ea2da300 00000002 00000000
[ 2.572208] be40: 00000001 ea2da3c0 00000000 00000001 00000000 eaa97010 c068969c 00000000
[ 2.580367] be60: 00000000 c068969c 00000000 00000002 00000000 c026b71c c026b6f0 eaa97010
[ 2.588527] be80: c0e82530 c026a330 00000000 eaa97010 c068969c eaa97044 00000000 c061df50
[ 2.596686] bea0: ea87a000 c026a4dc 00000000 c068969c c026a448 c0268b5c ea8054a8 eaa8fd50
[ 2.604845] bec0: c068969c ea2db180 c06801f8 c0269b18 c0590f68 c068969c c0656c98 c068969c
[ 2.613004] bee0: c0656c98 ea3bbe40 c06988c0 c026aaf0 00000000 c0656c98 c0656c98 c00088a4
[ 2.621163] bf00: 00000000 c0055f48 00000000 00000004 00000000 ea890000 c05dbc54 c062c178
[ 2.629323] bf20: c0603518 c005f674 00000001 ea87a000 eb7ff83b c0476440 00000091 c003d41c
[ 2.637482] bf40: c05db344 00000007 eb7ff858 00000007 c065a76c c0647d24 00000007 c062c170
[ 2.645642] bf60: c06988c0 00000091 c062c178 c0603518 00000000 c0603cc4 00000007 00000007
[ 2.653801] bf80: c0603518 c0c0c0c0 00000000 c0453948 00000000 00000000 00000000 00000000
[ 2.661959] bfa0: 00000000 c0453950 00000000 c000e728 00000000 00000000 00000000 00000000
[ 2.670118] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 2.678277] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 c0c0c0c0 c0c0c0c0
[ 2.686454] [<c01f4220>] (strcmp) from [<c030fe38>] (power_supply_match_device_by_name+0x10/0x1c)
[ 2.695303] [<c030fe38>] (power_supply_match_device_by_name) from [<c026b1c8>] (class_find_device+0x54/0xac)
[ 2.705106] [<c026b1c8>] (class_find_device) from [<c030fee0>] (power_supply_get_by_name+0x1c/0x30)
[ 2.714137] [<c030fee0>] (power_supply_get_by_name) from [<c03138fc>] (charger_manager_probe+0x3d8/0xe58)
[ 2.723683] [<c03138fc>] (charger_manager_probe) from [<c026b71c>] (platform_drv_probe+0x2c/0x5c)
[ 2.732532] [<c026b71c>] (platform_drv_probe) from [<c026a330>] (driver_probe_device+0x10c/0x224)
[ 2.741384] [<c026a330>] (driver_probe_device) from [<c026a4dc>] (__driver_attach+0x94/0x98)
[ 2.749813] [<c026a4dc>] (__driver_attach) from [<c0268b5c>] (bus_for_each_dev+0x54/0x88)
[ 2.757969] [<c0268b5c>] (bus_for_each_dev) from [<c0269b18>] (bus_add_driver+0xd4/0x1d0)
[ 2.766123] [<c0269b18>] (bus_add_driver) from [<c026aaf0>] (driver_register+0x78/0xf4)
[ 2.774110] [<c026aaf0>] (driver_register) from [<c00088a4>] (do_one_initcall+0x80/0x1bc)
[ 2.782276] [<c00088a4>] (do_one_initcall) from [<c0603cc4>] (kernel_init_freeable+0x100/0x1cc)
[ 2.790952] [<c0603cc4>] (kernel_init_freeable) from [<c0453950>] (kernel_init+0x8/0xec)
[ 2.799029] [<c0453950>] (kernel_init) from [<c000e728>] (ret_from_fork+0x14/0x2c)
[ 2.806572] Code: e12fff1e e1a03000 eafffff7 e4d03001 (e4d12001)
[ 2.812832] ---[ end trace 7f12556111b9e7ef ]---
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 856ee6115e2d ("charger-manager: Support deivce tree in charger manager driver")
Signed-off-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/power/charger-manager.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/power/charger-manager.c
+++ b/drivers/power/charger-manager.c
@@ -1720,6 +1720,11 @@ static int charger_manager_probe(struct
return -EINVAL;
}
+ if (!desc->psy_fuel_gauge) {
+ dev_err(&pdev->dev, "No fuel gauge power supply defined\n");
+ return -EINVAL;
+ }
+
/* Counting index only */
while (desc->psy_charger_stat[i])
i++;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 085/319] virtio_pci: fix virtio spec compliance on restore
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 084/319] power: charger-manager: Fix NULL pointer exception with missing cm-fuel-gauge Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 086/319] xen/blkback: unmap all persistent grants when frontend gets disconnected Greg Kroah-Hartman
` (218 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amit Shah, Michael S. Tsirkin, Rusty Russell
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Michael S. Tsirkin" <mst@redhat.com>
commit 6fbc198cf623944ab60a1db6d306a4d55cdd820d upstream.
On restore, virtio pci does the following:
+ set features
+ init vqs etc - device can be used at this point!
+ set ACKNOWLEDGE,DRIVER and DRIVER_OK status bits
This is in violation of the virtio spec, which
requires the following order:
- ACKNOWLEDGE
- DRIVER
- init vqs
- DRIVER_OK
This behaviour will break with hypervisors that assume spec compliant
behaviour. It seems like a good idea to have this patch applied to
stable branches to reduce the support butden for the hypervisors.
Cc: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/virtio/virtio_pci.c | 33 ++++++++++++++++++++++++++++++---
1 file changed, 30 insertions(+), 3 deletions(-)
--- a/drivers/virtio/virtio_pci.c
+++ b/drivers/virtio/virtio_pci.c
@@ -789,6 +789,7 @@ static int virtio_pci_restore(struct dev
struct pci_dev *pci_dev = to_pci_dev(dev);
struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev);
struct virtio_driver *drv;
+ unsigned status = 0;
int ret;
drv = container_of(vp_dev->vdev.dev.driver,
@@ -799,14 +800,40 @@ static int virtio_pci_restore(struct dev
return ret;
pci_set_master(pci_dev);
+ /* We always start by resetting the device, in case a previous
+ * driver messed it up. */
+ vp_reset(&vp_dev->vdev);
+
+ /* Acknowledge that we've seen the device. */
+ status |= VIRTIO_CONFIG_S_ACKNOWLEDGE;
+ vp_set_status(&vp_dev->vdev, status);
+
+ /* Maybe driver failed before freeze.
+ * Restore the failed status, for debugging. */
+ status |= vp_dev->saved_status & VIRTIO_CONFIG_S_FAILED;
+ vp_set_status(&vp_dev->vdev, status);
+
+ if (!drv)
+ return 0;
+
+ /* We have a driver! */
+ status |= VIRTIO_CONFIG_S_DRIVER;
+ vp_set_status(&vp_dev->vdev, status);
+
vp_finalize_features(&vp_dev->vdev);
- if (drv && drv->restore)
+ if (drv->restore) {
ret = drv->restore(&vp_dev->vdev);
+ if (ret) {
+ status |= VIRTIO_CONFIG_S_FAILED;
+ vp_set_status(&vp_dev->vdev, status);
+ return ret;
+ }
+ }
/* Finally, tell the device we're all set */
- if (!ret)
- vp_set_status(&vp_dev->vdev, vp_dev->saved_status);
+ status |= VIRTIO_CONFIG_S_DRIVER_OK;
+ vp_set_status(&vp_dev->vdev, status);
return ret;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 086/319] xen/blkback: unmap all persistent grants when frontend gets disconnected
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 085/319] virtio_pci: fix virtio spec compliance on restore Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 088/319] drm/cirrus: bind also to qemu-xen-traditional Greg Kroah-Hartman
` (217 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vitaly Kuznetsov, Konrad Rzeszutek Wilk
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitaly Kuznetsov <vkuznets@redhat.com>
commit 12ea729645ace01e08f9654df155622898d3aae6 upstream.
blkback does not unmap persistent grants when frontend goes to Closed
state (e.g. when blkfront module is being removed). This leads to the
following in guest's dmesg:
[ 343.243825] xen:grant_table: WARNING: g.e. 0x445 still in use!
[ 343.243825] xen:grant_table: WARNING: g.e. 0x42a still in use!
...
When load module -> use device -> unload module sequence is performed multiple times
it is possible to hit BUG() condition in blkfront module:
[ 343.243825] kernel BUG at drivers/block/xen-blkfront.c:954!
[ 343.243825] invalid opcode: 0000 [#1] SMP
[ 343.243825] Modules linked in: xen_blkfront(-) ata_generic pata_acpi [last unloaded: xen_blkfront]
...
[ 343.243825] Call Trace:
[ 343.243825] [<ffffffff814111ef>] ? unregister_xenbus_watch+0x16f/0x1e0
[ 343.243825] [<ffffffffa0016fbf>] blkfront_remove+0x3f/0x140 [xen_blkfront]
...
[ 343.243825] RIP [<ffffffffa0016aae>] blkif_free+0x34e/0x360 [xen_blkfront]
[ 343.243825] RSP <ffff88001eb8fdc0>
We don't need to keep these grants if we're disconnecting as frontend might already
forgot about them. Solve the issue by moving xen_blkbk_free_caches() call from
xen_blkif_free() to xen_blkif_disconnect().
Now we can see the following:
[ 928.590893] xen:grant_table: WARNING: g.e. 0x587 still in use!
[ 928.591861] xen:grant_table: WARNING: g.e. 0x372 still in use!
...
[ 929.592146] xen:grant_table: freeing g.e. 0x587
[ 929.597174] xen:grant_table: freeing g.e. 0x372
...
Backend does not keep persistent grants any more, reconnect works fine.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/xen-blkback/xenbus.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/block/xen-blkback/xenbus.c
+++ b/drivers/block/xen-blkback/xenbus.c
@@ -270,6 +270,9 @@ static int xen_blkif_disconnect(struct x
blkif->blk_rings.common.sring = NULL;
}
+ /* Remove all persistent grants and the cache of ballooned pages. */
+ xen_blkbk_free_caches(blkif);
+
return 0;
}
@@ -281,9 +284,6 @@ static void xen_blkif_free(struct xen_bl
xen_blkif_disconnect(blkif);
xen_vbd_free(&blkif->vbd);
- /* Remove all persistent grants and the cache of ballooned pages. */
- xen_blkbk_free_caches(blkif);
-
/* Make sure everything is drained before shutting down */
BUG_ON(blkif->persistent_gnt_c != 0);
BUG_ON(atomic_read(&blkif->persistent_gnt_in_use) != 0);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 088/319] drm/cirrus: bind also to qemu-xen-traditional
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 086/319] xen/blkback: unmap all persistent grants when frontend gets disconnected Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 089/319] blk-mq: fix potential hang if rolling wakeup depth is too high Greg Kroah-Hartman
` (216 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Olaf Hering, Dave Airlie
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olaf Hering <olaf@aepfle.de>
commit c0c3e735fa7bae29c6623511127fd021b2d6d849 upstream.
qemu as used by xend/xm toolstack uses a different subvendor id.
Bind the drm driver also to this emulated card.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/cirrus/cirrus_drv.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/cirrus/cirrus_drv.c
+++ b/drivers/gpu/drm/cirrus/cirrus_drv.c
@@ -32,6 +32,8 @@ static struct drm_driver driver;
static const struct pci_device_id pciidlist[] = {
{ PCI_VENDOR_ID_CIRRUS, PCI_DEVICE_ID_CIRRUS_5446, 0x1af4, 0x1100, 0,
0, 0 },
+ { PCI_VENDOR_ID_CIRRUS, PCI_DEVICE_ID_CIRRUS_5446, PCI_VENDOR_ID_XEN,
+ 0x0001, 0, 0, 0 },
{0,}
};
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 089/319] blk-mq: fix potential hang if rolling wakeup depth is too high
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 088/319] drm/cirrus: bind also to qemu-xen-traditional Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 090/319] dm bufio: update last_accessed when relinking a buffer Greg Kroah-Hartman
` (215 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Jens Axboe
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@fb.com>
commit abab13b5c4fd1fec4f9a61622548012d93dc2831 upstream.
We currently divide the queue depth by 4 as our batch wakeup
count, but we split the wakeups over BT_WAIT_QUEUES number of
wait queues. This defaults to 8. If the product of the resulting
batch wake count and BT_WAIT_QUEUES is higher than the device
queue depth, we can get into a situation where a task goes to
sleep waiting for a request, but never gets woken up.
Reported-by: Bart Van Assche <bvanassche@acm.org>
Fixes: 4bb659b156996
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq-tag.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/block/blk-mq-tag.c
+++ b/block/blk-mq-tag.c
@@ -463,8 +463,8 @@ static void bt_update_count(struct blk_m
}
bt->wake_cnt = BT_WAIT_BATCH;
- if (bt->wake_cnt > depth / 4)
- bt->wake_cnt = max(1U, depth / 4);
+ if (bt->wake_cnt > depth / BT_WAIT_QUEUES)
+ bt->wake_cnt = max(1U, depth / BT_WAIT_QUEUES);
bt->depth = depth;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 090/319] dm bufio: update last_accessed when relinking a buffer
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 089/319] blk-mq: fix potential hang if rolling wakeup depth is too high Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 091/319] dm bufio: when done scanning return from __scan immediately Greg Kroah-Hartman
` (214 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Thornber, Mikulas Patocka, Mike Snitzer
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Thornber <ejt@redhat.com>
commit eb76faf53b1ff7a77ce3f78cc98ad392ac70c2a0 upstream.
The 'last_accessed' member of the dm_buffer structure was only set when
the the buffer was created. This led to each buffer being discarded
after dm_bufio_max_age time even if it was used recently. In practice
this resulted in all thinp metadata being evicted soon after being read
-- this is particularly problematic for metadata intensive workloads
like multithreaded small random IO.
'last_accessed' is now updated each time the buffer is moved to the head
of the LRU list, so the buffer is now properly discarded if it was not
used in dm_bufio_max_age time.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-bufio.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/md/dm-bufio.c
+++ b/drivers/md/dm-bufio.c
@@ -465,6 +465,7 @@ static void __relink_lru(struct dm_buffe
c->n_buffers[dirty]++;
b->list_mode = dirty;
list_move(&b->lru_list, &c->lru[dirty]);
+ b->last_accessed = jiffies;
}
/*----------------------------------------------------------------
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 091/319] dm bufio: when done scanning return from __scan immediately
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 090/319] dm bufio: update last_accessed when relinking a buffer Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 092/319] drbd: compute the end before rb_insert_augmented() Greg Kroah-Hartman
` (213 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Thornber, Mikulas Patocka, Mike Snitzer
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 0e825862f3c04cee40e25f55680333728a4ffa9b upstream.
When __scan frees the required number of buffer entries that the
shrinker requested (nr_to_scan becomes zero) it must return. Before
this fix the __scan code exited only the inner loop and continued in the
outer loop -- which could result in reduced performance due to extra
buffers being freed (e.g. unnecessarily evicted thinp metadata needing
to be synchronously re-read into bufio's cache).
Also, move dm_bufio_cond_resched to __scan's inner loop, so that
iterating the bufio client's lru lists doesn't result in scheduling
latency.
Reported-by: Joe Thornber <thornber@redhat.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-bufio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/md/dm-bufio.c
+++ b/drivers/md/dm-bufio.c
@@ -1473,9 +1473,9 @@ static long __scan(struct dm_bufio_clien
list_for_each_entry_safe_reverse(b, tmp, &c->lru[l], lru_list) {
freed += __cleanup_old_buffer(b, gfp_mask, 0);
if (!--nr_to_scan)
- break;
+ return freed;
+ dm_bufio_cond_resched();
}
- dm_bufio_cond_resched();
}
return freed;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 092/319] drbd: compute the end before rb_insert_augmented()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 091/319] dm bufio: when done scanning return from __scan immediately Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 093/319] block: fix alignment_offset math that assumes io_min is a power-of-2 Greg Kroah-Hartman
` (212 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michel Lespinasse, Lai Jiangshan,
Andreas Gruenbacher, Philipp Reisner, Jens Axboe
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lai Jiangshan <laijs@cn.fujitsu.com>
commit 82cfb90bc99d7b7e0ec62d0505b9d4f06805d5db upstream.
Commit 98683650 "Merge branch 'drbd-8.4_ed6' into
for-3.8-drivers-drbd-8.4_ed6" switches to the new augment API, but the
new API requires that the tree is augmented before rb_insert_augmented()
is called, which is missing.
So we add the augment-code to drbd_insert_interval() when it travels the
tree up to down before rb_insert_augmented(). See the example in
include/linux/interval_tree_generic.h or Documentation/rbtree.txt.
drbd_insert_interval() may cancel the insertion when traveling, in this
case, the just added augment-code does nothing before cancel since the
@this node is already in the subtrees in this case.
CC: Michel Lespinasse <walken@google.com>
Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Andreas Gruenbacher <agruen@linbit.com>
Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/drbd/drbd_interval.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/block/drbd/drbd_interval.c
+++ b/drivers/block/drbd/drbd_interval.c
@@ -79,6 +79,7 @@ bool
drbd_insert_interval(struct rb_root *root, struct drbd_interval *this)
{
struct rb_node **new = &root->rb_node, *parent = NULL;
+ sector_t this_end = this->sector + (this->size >> 9);
BUG_ON(!IS_ALIGNED(this->size, 512));
@@ -87,6 +88,8 @@ drbd_insert_interval(struct rb_root *roo
rb_entry(*new, struct drbd_interval, rb);
parent = *new;
+ if (here->end < this_end)
+ here->end = this_end;
if (this->sector < here->sector)
new = &(*new)->rb_left;
else if (this->sector > here->sector)
@@ -99,6 +102,7 @@ drbd_insert_interval(struct rb_root *roo
return false;
}
+ this->end = this_end;
rb_link_node(&this->rb, parent, new);
rb_insert_augmented(&this->rb, root, &augment_callbacks);
return true;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 093/319] block: fix alignment_offset math that assumes io_min is a power-of-2
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 092/319] drbd: compute the end before rb_insert_augmented() Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 094/319] Revert "block: all blk-mq requests are tagged" Greg Kroah-Hartman
` (211 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Snitzer, Martin K. Petersen, Jens Axboe
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Snitzer <snitzer@redhat.com>
commit b8839b8c55f3fdd60dc36abcda7e0266aff7985c upstream.
The math in both blk_stack_limits() and queue_limit_alignment_offset()
assume that a block device's io_min (aka minimum_io_size) is always a
power-of-2. Fix the math such that it works for non-power-of-2 io_min.
This issue (of alignment_offset != 0) became apparent when testing
dm-thinp with a thinp blocksize that matches a RAID6 stripesize of
1280K. Commit fdfb4c8c1 ("dm thin: set minimum_io_size to pool's data
block size") unlocked the potential for alignment_offset != 0 due to
the dm-thin-pool's io_min possibly being a non-power-of-2.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-settings.c | 4 ++--
include/linux/blkdev.h | 5 ++---
2 files changed, 4 insertions(+), 5 deletions(-)
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -574,7 +574,7 @@ int blk_stack_limits(struct queue_limits
bottom = max(b->physical_block_size, b->io_min) + alignment;
/* Verify that top and bottom intervals line up */
- if (max(top, bottom) & (min(top, bottom) - 1)) {
+ if (max(top, bottom) % min(top, bottom)) {
t->misaligned = 1;
ret = -1;
}
@@ -619,7 +619,7 @@ int blk_stack_limits(struct queue_limits
/* Find lowest common alignment_offset */
t->alignment_offset = lcm(t->alignment_offset, alignment)
- & (max(t->physical_block_size, t->io_min) - 1);
+ % max(t->physical_block_size, t->io_min);
/* Verify that new alignment_offset is on a logical block boundary */
if (t->alignment_offset & (t->logical_block_size - 1)) {
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1285,10 +1285,9 @@ static inline int queue_alignment_offset
static inline int queue_limit_alignment_offset(struct queue_limits *lim, sector_t sector)
{
unsigned int granularity = max(lim->physical_block_size, lim->io_min);
- unsigned int alignment = (sector << 9) & (granularity - 1);
+ unsigned int alignment = sector_div(sector, granularity >> 9) << 9;
- return (granularity + lim->alignment_offset - alignment)
- & (granularity - 1);
+ return (granularity + lim->alignment_offset - alignment) % granularity;
}
static inline int bdev_alignment_offset(struct block_device *bdev)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 094/319] Revert "block: all blk-mq requests are tagged"
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 093/319] block: fix alignment_offset math that assumes io_min is a power-of-2 Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 095/319] dm log userspace: fix memory leak in dm_ulog_tfr_init failure path Greg Kroah-Hartman
` (210 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig,
Martin K. Petersen, Jens Axboe, Meelis Roos
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit e999dbc254044e8d2a5818d92d205f65bae28f37 upstream.
This reverts commit fb3ccb5da71273e7f0d50b50bc879e50cedd60e7.
SCSI-2/SPI actually needs the tagged/untagged flag in the request to
work properly. Revert this patch and add a follow on to set it in
the right place.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Jens Axboe <axboe@kernel.dk>
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/blkdev.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1142,8 +1142,7 @@ static inline bool blk_needs_flush_plug(
/*
* tag stuff
*/
-#define blk_rq_tagged(rq) \
- ((rq)->mq_ctx || ((rq)->cmd_flags & REQ_QUEUED))
+#define blk_rq_tagged(rq) ((rq)->cmd_flags & REQ_QUEUED)
extern int blk_queue_start_tag(struct request_queue *, struct request *);
extern struct request *blk_queue_find_tag(struct request_queue *, int);
extern void blk_queue_end_tag(struct request_queue *, struct request *);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 095/319] dm log userspace: fix memory leak in dm_ulog_tfr_init failure path
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 094/319] Revert "block: all blk-mq requests are tagged" Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 096/319] modules, lock around setting of MODULE_STATE_UNFORMED Greg Kroah-Hartman
` (209 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Khoroshilov, Jonathan Brassow,
Mike Snitzer
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Khoroshilov <khoroshilov@ispras.ru>
commit 56ec16cb1e1ce46354de8511eef962a417c32c92 upstream.
If cn_add_callback() fails in dm_ulog_tfr_init(), it does not
deallocate prealloced memory but calls cn_del_callback().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Reviewed-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-log-userspace-transfer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-log-userspace-transfer.c
+++ b/drivers/md/dm-log-userspace-transfer.c
@@ -272,7 +272,7 @@ int dm_ulog_tfr_init(void)
r = cn_add_callback(&ulog_cn_id, "dmlogusr", cn_ulog_callback);
if (r) {
- cn_del_callback(&ulog_cn_id);
+ kfree(prealloced_cn_msg);
return r;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 096/319] modules, lock around setting of MODULE_STATE_UNFORMED
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 095/319] dm log userspace: fix memory leak in dm_ulog_tfr_init failure path Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 097/319] framebuffer: fix screen corruption when copying Greg Kroah-Hartman
` (208 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Prarit Bhargava, Oleg Nesterov,
Rusty Russell
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prarit Bhargava <prarit@redhat.com>
commit d3051b489aa81ca9ba62af366149ef42b8dae97c upstream.
A panic was seen in the following sitation.
There are two threads running on the system. The first thread is a system
monitoring thread that is reading /proc/modules. The second thread is
loading and unloading a module (in this example I'm using my simple
dummy-module.ko). Note, in the "real world" this occurred with the qlogic
driver module.
When doing this, the following panic occurred:
------------[ cut here ]------------
kernel BUG at kernel/module.c:3739!
invalid opcode: 0000 [#1] SMP
Modules linked in: binfmt_misc sg nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel lrw igb gf128mul glue_helper iTCO_wdt iTCO_vendor_support ablk_helper ptp sb_edac cryptd pps_core edac_core shpchp i2c_i801 pcspkr wmi lpc_ich ioatdma mfd_core dca ipmi_si nfsd ipmi_msghandler auth_rpcgss nfs_acl lockd sunrpc xfs libcrc32c sr_mod cdrom sd_mod crc_t10dif crct10dif_common mgag200 syscopyarea sysfillrect sysimgblt i2c_algo_bit drm_kms_helper ttm isci drm libsas ahci libahci scsi_transport_sas libata i2c_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: dummy_module]
CPU: 37 PID: 186343 Comm: cat Tainted: GF O-------------- 3.10.0+ #7
Hardware name: Intel Corporation S2600CP/S2600CP, BIOS RMLSDP.86I.00.29.D696.1311111329 11/11/2013
task: ffff8807fd2d8000 ti: ffff88080fa7c000 task.ti: ffff88080fa7c000
RIP: 0010:[<ffffffff810d64c5>] [<ffffffff810d64c5>] module_flags+0xb5/0xc0
RSP: 0018:ffff88080fa7fe18 EFLAGS: 00010246
RAX: 0000000000000003 RBX: ffffffffa03b5200 RCX: 0000000000000000
RDX: 0000000000001000 RSI: ffff88080fa7fe38 RDI: ffffffffa03b5000
RBP: ffff88080fa7fe28 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000000000f R12: ffffffffa03b5000
R13: ffffffffa03b5008 R14: ffffffffa03b5200 R15: ffffffffa03b5000
FS: 00007f6ae57ef740(0000) GS:ffff88101e7a0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000404f70 CR3: 0000000ffed48000 CR4: 00000000001407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Stack:
ffffffffa03b5200 ffff8810101e4800 ffff88080fa7fe70 ffffffff810d666c
ffff88081e807300 000000002e0f2fbf 0000000000000000 ffff88100f257b00
ffffffffa03b5008 ffff88080fa7ff48 ffff8810101e4800 ffff88080fa7fee0
Call Trace:
[<ffffffff810d666c>] m_show+0x19c/0x1e0
[<ffffffff811e4d7e>] seq_read+0x16e/0x3b0
[<ffffffff812281ed>] proc_reg_read+0x3d/0x80
[<ffffffff811c0f2c>] vfs_read+0x9c/0x170
[<ffffffff811c1a58>] SyS_read+0x58/0xb0
[<ffffffff81605829>] system_call_fastpath+0x16/0x1b
Code: 48 63 c2 83 c2 01 c6 04 03 29 48 63 d2 eb d9 0f 1f 80 00 00 00 00 48 63 d2 c6 04 13 2d 41 8b 0c 24 8d 50 02 83 f9 01 75 b2 eb cb <0f> 0b 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
RIP [<ffffffff810d64c5>] module_flags+0xb5/0xc0
RSP <ffff88080fa7fe18>
Consider the two processes running on the system.
CPU 0 (/proc/modules reader)
CPU 1 (loading/unloading module)
CPU 0 opens /proc/modules, and starts displaying data for each module by
traversing the modules list via fs/seq_file.c:seq_open() and
fs/seq_file.c:seq_read(). For each module in the modules list, seq_read
does
op->start() <-- this is a pointer to m_start()
op->show() <- this is a pointer to m_show()
op->stop() <-- this is a pointer to m_stop()
The m_start(), m_show(), and m_stop() module functions are defined in
kernel/module.c. The m_start() and m_stop() functions acquire and release
the module_mutex respectively.
ie) When reading /proc/modules, the module_mutex is acquired and released
for each module.
m_show() is called with the module_mutex held. It accesses the module
struct data and attempts to write out module data. It is in this code
path that the above BUG_ON() warning is encountered, specifically m_show()
calls
static char *module_flags(struct module *mod, char *buf)
{
int bx = 0;
BUG_ON(mod->state == MODULE_STATE_UNFORMED);
...
The other thread, CPU 1, in unloading the module calls the syscall
delete_module() defined in kernel/module.c. The module_mutex is acquired
for a short time, and then released. free_module() is called without the
module_mutex. free_module() then sets mod->state = MODULE_STATE_UNFORMED,
also without the module_mutex. Some additional code is called and then the
module_mutex is reacquired to remove the module from the modules list:
/* Now we can delete it from the lists */
mutex_lock(&module_mutex);
stop_machine(__unlink_module, mod, NULL);
mutex_unlock(&module_mutex);
This is the sequence of events that leads to the panic.
CPU 1 is removing dummy_module via delete_module(). It acquires the
module_mutex, and then releases it. CPU 1 has NOT set dummy_module->state to
MODULE_STATE_UNFORMED yet.
CPU 0, which is reading the /proc/modules, acquires the module_mutex and
acquires a pointer to the dummy_module which is still in the modules list.
CPU 0 calls m_show for dummy_module. The check in m_show() for
MODULE_STATE_UNFORMED passed for dummy_module even though it is being
torn down.
Meanwhile CPU 1, which has been continuing to remove dummy_module without
holding the module_mutex, now calls free_module() and sets
dummy_module->state to MODULE_STATE_UNFORMED.
CPU 0 now calls module_flags() with dummy_module and ...
static char *module_flags(struct module *mod, char *buf)
{
int bx = 0;
BUG_ON(mod->state == MODULE_STATE_UNFORMED);
and BOOM.
Acquire and release the module_mutex lock around the setting of
MODULE_STATE_UNFORMED in the teardown path, which should resolve the
problem.
Testing: In the unpatched kernel I can panic the system within 1 minute by
doing
while (true) do insmod dummy_module.ko; rmmod dummy_module.ko; done
and
while (true) do cat /proc/modules; done
in separate terminals.
In the patched kernel I was able to run just over one hour without seeing
any issues. I also verified the output of panic via sysrq-c and the output
of /proc/modules looks correct for all three states for the dummy_module.
dummy_module 12661 0 - Unloading 0xffffffffa03a5000 (OE-)
dummy_module 12661 0 - Live 0xffffffffa03bb000 (OE)
dummy_module 14015 1 - Loading 0xffffffffa03a5000 (OE+)
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/module.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1842,7 +1842,9 @@ static void free_module(struct module *m
/* We leave it in list to prevent duplicate loads, but make sure
* that noone uses it while it's being deconstructed. */
+ mutex_lock(&module_mutex);
mod->state = MODULE_STATE_UNFORMED;
+ mutex_unlock(&module_mutex);
/* Remove dynamic debug info */
ddebug_remove_module(mod->name);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 097/319] framebuffer: fix screen corruption when copying
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 096/319] modules, lock around setting of MODULE_STATE_UNFORMED Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 098/319] framebuffer: fix border color Greg Kroah-Hartman
` (207 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Tomi Valkeinen
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 5b789da8a7fc357661fc61faaf853e9161cc9700 upstream.
The function bitcpy_rev has a bug that may result in screen corruption.
The bug happens under these conditions:
* the end of the destination area of a copy operation is aligned on a long
word boundary
* the end of the source area is not aligned on a long word boundary
* we are copying more than one long word
In this case, the variable shift is non-zero and the variable first is
zero. The statements FB_WRITEL(comp(d0, FB_READL(dst), first), dst) reads
the last long word of the destination and writes it back unchanged
(because first is zero). Correctly, we should write the variable d0 to the
last word of the destination in this case.
This patch fixes the bug by introducing and extra test if first is zero.
The patch also removes the references to fb_memmove in the code that is
commented out because fb_memmove was removed from framebuffer subsystem.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/core/cfbcopyarea.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/drivers/video/fbdev/core/cfbcopyarea.c
+++ b/drivers/video/fbdev/core/cfbcopyarea.c
@@ -55,8 +55,8 @@ bitcpy(struct fb_info *p, unsigned long
* If you suspect bug in this function, compare it with this simple
* memmove implementation.
*/
- fb_memmove((char *)dst + ((dst_idx & (bits - 1))) / 8,
- (char *)src + ((src_idx & (bits - 1))) / 8, n / 8);
+ memmove((char *)dst + ((dst_idx & (bits - 1))) / 8,
+ (char *)src + ((src_idx & (bits - 1))) / 8, n / 8);
return;
#endif
@@ -221,8 +221,8 @@ bitcpy_rev(struct fb_info *p, unsigned l
* If you suspect bug in this function, compare it with this simple
* memmove implementation.
*/
- fb_memmove((char *)dst + ((dst_idx & (bits - 1))) / 8,
- (char *)src + ((src_idx & (bits - 1))) / 8, n / 8);
+ memmove((char *)dst + ((dst_idx & (bits - 1))) / 8,
+ (char *)src + ((src_idx & (bits - 1))) / 8, n / 8);
return;
#endif
@@ -324,7 +324,10 @@ bitcpy_rev(struct fb_info *p, unsigned l
d0 = d0 << left | d1 >> right;
}
d0 = fb_rev_pixels_in_long(d0, bswapmask);
- FB_WRITEL(comp(d0, FB_READL(dst), first), dst);
+ if (!first)
+ FB_WRITEL(d0, dst);
+ else
+ FB_WRITEL(comp(d0, FB_READL(dst), first), dst);
d0 = d1;
dst--;
n -= dst_idx+1;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 098/319] framebuffer: fix border color
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 097/319] framebuffer: fix screen corruption when copying Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 099/319] Input: synaptics - gate forcepad support by DMI check Greg Kroah-Hartman
` (206 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Tomi Valkeinen
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit f74a289b9480648a654e5afd8458c2263c03a1e1 upstream.
The framebuffer code uses the current background color to fill the border
when switching consoles, however, this results in inconsistent behavior.
For example:
- start Midnigh Commander
- the border is black
- switch to another console and switch back
- the border is cyan
- type something into the command line in mc
- the border is cyan
- switch to another console and switch back
- the border is black
- press F9 to go to menu
- the border is black
- switch to another console and switch back
- the border is dark blue
When switching to a console with Midnight Commander, the border is random
color that was left selected by the slang subsystem.
This patch fixes this inconsistency by always using black as the
background color when switching consoles.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/console/bitblit.c | 3 +--
drivers/video/console/fbcon_ccw.c | 3 +--
drivers/video/console/fbcon_cw.c | 3 +--
drivers/video/console/fbcon_ud.c | 3 +--
4 files changed, 4 insertions(+), 8 deletions(-)
--- a/drivers/video/console/bitblit.c
+++ b/drivers/video/console/bitblit.c
@@ -205,7 +205,6 @@ static void bit_putcs(struct vc_data *vc
static void bit_clear_margins(struct vc_data *vc, struct fb_info *info,
int bottom_only)
{
- int bgshift = (vc->vc_hi_font_mask) ? 13 : 12;
unsigned int cw = vc->vc_font.width;
unsigned int ch = vc->vc_font.height;
unsigned int rw = info->var.xres - (vc->vc_cols*cw);
@@ -214,7 +213,7 @@ static void bit_clear_margins(struct vc_
unsigned int bs = info->var.yres - bh;
struct fb_fillrect region;
- region.color = attr_bgcol_ec(bgshift, vc, info);
+ region.color = 0;
region.rop = ROP_COPY;
if (rw && !bottom_only) {
--- a/drivers/video/console/fbcon_ccw.c
+++ b/drivers/video/console/fbcon_ccw.c
@@ -197,9 +197,8 @@ static void ccw_clear_margins(struct vc_
unsigned int bh = info->var.xres - (vc->vc_rows*ch);
unsigned int bs = vc->vc_rows*ch;
struct fb_fillrect region;
- int bgshift = (vc->vc_hi_font_mask) ? 13 : 12;
- region.color = attr_bgcol_ec(bgshift,vc,info);
+ region.color = 0;
region.rop = ROP_COPY;
if (rw && !bottom_only) {
--- a/drivers/video/console/fbcon_cw.c
+++ b/drivers/video/console/fbcon_cw.c
@@ -180,9 +180,8 @@ static void cw_clear_margins(struct vc_d
unsigned int bh = info->var.xres - (vc->vc_rows*ch);
unsigned int rs = info->var.yres - rw;
struct fb_fillrect region;
- int bgshift = (vc->vc_hi_font_mask) ? 13 : 12;
- region.color = attr_bgcol_ec(bgshift,vc,info);
+ region.color = 0;
region.rop = ROP_COPY;
if (rw && !bottom_only) {
--- a/drivers/video/console/fbcon_ud.c
+++ b/drivers/video/console/fbcon_ud.c
@@ -227,9 +227,8 @@ static void ud_clear_margins(struct vc_d
unsigned int rw = info->var.xres - (vc->vc_cols*cw);
unsigned int bh = info->var.yres - (vc->vc_rows*ch);
struct fb_fillrect region;
- int bgshift = (vc->vc_hi_font_mask) ? 13 : 12;
- region.color = attr_bgcol_ec(bgshift,vc,info);
+ region.color = 0;
region.rop = ROP_COPY;
if (rw && !bottom_only) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 099/319] Input: synaptics - gate forcepad support by DMI check
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 098/319] framebuffer: fix border color Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 100/319] Input: i8042 - add noloop quirk for Asus X750LN Greg Kroah-Hartman
` (205 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nicole Faerber, Dmitry Torokhov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
commit aa972409951e0675e07918620427517cad5090e0 upstream.
Unfortunately, ForcePad capability is not actually exported over PS/2, so
we have to resort to DMI checks.
Reported-by: Nicole Faerber <nicole.faerber@kernelconcepts.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/synaptics.c | 22 +++++++++++++++++++++-
drivers/input/mouse/synaptics.h | 8 ++------
2 files changed, 23 insertions(+), 7 deletions(-)
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -618,6 +618,8 @@ static void synaptics_parse_agm(const un
priv->agm_pending = true;
}
+static bool is_forcepad;
+
static int synaptics_parse_hw_state(const unsigned char buf[],
struct synaptics_data *priv,
struct synaptics_hw_state *hw)
@@ -647,7 +649,7 @@ static int synaptics_parse_hw_state(cons
hw->left = (buf[0] & 0x01) ? 1 : 0;
hw->right = (buf[0] & 0x02) ? 1 : 0;
- if (SYN_CAP_FORCEPAD(priv->ext_cap_0c)) {
+ if (is_forcepad) {
/*
* ForcePads, like Clickpads, use middle button
* bits to report primary button clicks.
@@ -1678,11 +1680,29 @@ static const struct dmi_system_id __init
{ }
};
+static const struct dmi_system_id forcepad_dmi_table[] __initconst = {
+#if defined(CONFIG_DMI) && defined(CONFIG_X86)
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "HP EliteBook Folio 1040 G1"),
+ },
+ },
+#endif
+ { }
+};
+
void __init synaptics_module_init(void)
{
impaired_toshiba_kbc = dmi_check_system(toshiba_dmi_table);
broken_olpc_ec = dmi_check_system(olpc_dmi_table);
cr48_profile_sensor = dmi_check_system(cr48_dmi_table);
+
+ /*
+ * Unfortunately ForcePad capability is not exported over PS/2,
+ * so we have to resort to checking DMI.
+ */
+ is_forcepad = dmi_check_system(forcepad_dmi_table);
}
static int __synaptics_init(struct psmouse *psmouse, bool absolute_mode)
--- a/drivers/input/mouse/synaptics.h
+++ b/drivers/input/mouse/synaptics.h
@@ -77,12 +77,9 @@
* for noise.
* 2 0x08 image sensor image sensor tracks 5 fingers, but only
* reports 2.
+ * 2 0x01 uniform clickpad whole clickpad moves instead of being
+ * hinged at the top.
* 2 0x20 report min query 0x0f gives min coord reported
- * 2 0x80 forcepad forcepad is a variant of clickpad that
- * does not have physical buttons but rather
- * uses pressure above certain threshold to
- * report primary clicks. Forcepads also have
- * clickpad bit set.
*/
#define SYN_CAP_CLICKPAD(ex0c) ((ex0c) & 0x100000) /* 1-button ClickPad */
#define SYN_CAP_CLICKPAD2BTN(ex0c) ((ex0c) & 0x000100) /* 2-button ClickPad */
@@ -91,7 +88,6 @@
#define SYN_CAP_ADV_GESTURE(ex0c) ((ex0c) & 0x080000)
#define SYN_CAP_REDUCED_FILTERING(ex0c) ((ex0c) & 0x000400)
#define SYN_CAP_IMAGE_SENSOR(ex0c) ((ex0c) & 0x000800)
-#define SYN_CAP_FORCEPAD(ex0c) ((ex0c) & 0x008000)
/* synaptics modes query bits */
#define SYN_MODE_ABSOLUTE(m) ((m) & (1 << 7))
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 100/319] Input: i8042 - add noloop quirk for Asus X750LN
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 099/319] Input: synaptics - gate forcepad support by DMI check Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 101/319] Input: alps - fix v4 button press recognition Greg Kroah-Hartman
` (204 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Dmitry Torokhov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 9ff84a17302aeb8913ff244ecc0d8f9d219fecb5 upstream.
Without this the aux port does not get detected, and consequently the
touchpad will not work.
https://bugzilla.redhat.com/show_bug.cgi?id=1110011
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/serio/i8042-x86ia64io.h | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -101,6 +101,12 @@ static const struct dmi_system_id __init
},
{
.matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "X750LN"),
+ },
+ },
+ {
+ .matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Compaq"),
DMI_MATCH(DMI_PRODUCT_NAME , "ProLiant"),
DMI_MATCH(DMI_PRODUCT_VERSION, "8500"),
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 101/319] Input: alps - fix v4 button press recognition
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 100/319] Input: i8042 - add noloop quirk for Asus X750LN Greg Kroah-Hartman
@ 2014-11-12 1:13 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 102/319] Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544 Greg Kroah-Hartman
` (203 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andreas Bosch, Dmitry Torokhov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Bosch <linux@progandy.de>
commit b0cfb794a3dd1d699f3e453f9180bd06508fb8f0 upstream.
Since the change to struct input_mt_pos some variables are now bitfields
instead of integers. Automatic conversion from integer to bitfield entry
destroys information, therefore enforce boolean interpretation instead.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1114768
Fixes: 02d04254a5df ("Input: alps - use struct input_mt_pos to track coordinates")
Signed-off-by: Andreas Bosch <linux@progandy.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/alps.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/input/mouse/alps.c
+++ b/drivers/input/mouse/alps.c
@@ -835,8 +835,8 @@ static void alps_process_packet_v4(struc
f->fingers = alps_process_bitmap(priv, f);
}
- f->left = packet[4] & 0x01;
- f->right = packet[4] & 0x02;
+ f->left = !!(packet[4] & 0x01);
+ f->right = !!(packet[4] & 0x02);
f->st.x = ((packet[1] & 0x7f) << 4) | ((packet[3] & 0x30) >> 2) |
((packet[0] & 0x30) >> 4);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 102/319] Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2014-11-12 1:13 ` [PATCH 3.17 101/319] Input: alps - fix v4 button press recognition Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 103/319] HID: input: Fix TransducerSerialNumber implementation Greg Kroah-Hartman
` (202 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Dmitry Torokhov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 993b3a3f80a7842a48cd46c2b41e1b3ef6302468 upstream.
These models need i8042.notimeout, otherwise the touchpad will not work.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=69731
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1111138
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/serio/i8042-x86ia64io.h | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -629,6 +629,22 @@ static const struct dmi_system_id __init
},
},
{
+ /* Fujitsu A544 laptop */
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1111138 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK A544"),
+ },
+ },
+ {
+ /* Fujitsu AH544 laptop */
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=69731 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK AH544"),
+ },
+ },
+ {
/* Fujitsu U574 laptop */
/* https://bugzilla.kernel.org/show_bug.cgi?id=69731 */
.matches = {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 103/319] HID: input: Fix TransducerSerialNumber implementation
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 102/319] Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544 Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 104/319] drm/ast: Fix HW cursor image Greg Kroah-Hartman
` (201 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Benjamin Tissoires,
Ping Cheng, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gerecke <killertofu@gmail.com>
commit 5989a55a4c9aafba8b152c6bf52244510c2b88b9 upstream.
The commit which introduced TransducerSerialNumber (368c966) is missing
two crucial implementation details. Firstly, the commit does not set the
type/code/bit/max fields as expected later down the code which can cause
the driver to crash when a tablet with this usage is connected. Secondly,
the call to 'set_bit' causes MSC_PULSELED to be sent instead of the
expected MSC_SERIAL. This commit addreses both issues.
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Reviewed-by: Ping Cheng <pingc@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-input.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -689,7 +689,10 @@ static void hidinput_configure_usage(str
break;
case 0x5b: /* TransducerSerialNumber */
- set_bit(MSC_SERIAL, input->mscbit);
+ usage->type = EV_MSC;
+ usage->code = MSC_SERIAL;
+ bit = input->mscbit;
+ max = MSC_MAX;
break;
default: goto unknown;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 104/319] drm/ast: Fix HW cursor image
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 103/319] HID: input: Fix TransducerSerialNumber implementation Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 105/319] drm/nouveau/gpio: rename g92 class to g94 Greg Kroah-Hartman
` (200 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Herrenschmidt, Dave Airlie
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
commit 1e99cfa8de0f0879091e33cd65fd60418d006ad9 upstream.
The translation from the X driver to the KMS one typo'ed a couple
of array indices, causing the HW cursor to look weird (blocky with
leaking edge colors). This fixes it.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/ast/ast_mode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/ast/ast_mode.c
+++ b/drivers/gpu/drm/ast/ast_mode.c
@@ -1080,8 +1080,8 @@ static u32 copy_cursor_image(u8 *src, u8
srcdata32[1].ul = *((u32 *)(srcxor + 4)) & 0xf0f0f0f0;
data32.b[0] = srcdata32[0].b[1] | (srcdata32[0].b[0] >> 4);
data32.b[1] = srcdata32[0].b[3] | (srcdata32[0].b[2] >> 4);
- data32.b[2] = srcdata32[0].b[1] | (srcdata32[1].b[0] >> 4);
- data32.b[3] = srcdata32[0].b[3] | (srcdata32[1].b[2] >> 4);
+ data32.b[2] = srcdata32[1].b[1] | (srcdata32[1].b[0] >> 4);
+ data32.b[3] = srcdata32[1].b[3] | (srcdata32[1].b[2] >> 4);
writel(data32.ul, dstxor);
csum += data32.ul;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 105/319] drm/nouveau/gpio: rename g92 class to g94
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 104/319] drm/ast: Fix HW cursor image Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 106/319] drm/i915: Do not store the error pointer for a failed userptr registration Greg Kroah-Hartman
` (199 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Emil Velikov, Ben Skeggs
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emil Velikov <emil.l.velikov@gmail.com>
commit b485a7005faba38286bc02ab1d80e2cbf61c1002 upstream.
nv92 hardware has only 16 interrupt lines, while nv94 and later
has 32. Accessing 0xe0c{0,4} registers on nv92 can lead to incorrect
PDISP setup. This is a regression introduced with
commit 9d0f5ec9ee0fd5dc5fc1cc2cf559286431e406e3
Author: Ben Skeggs <bskeggs@redhat.com>
Date: Mon May 12 15:22:42 2014 +1000
gpio: split g92 class from nv50
Reported-by: estece on #nouveau
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/Makefile | 2
drivers/gpu/drm/nouveau/core/engine/device/nv50.c | 22 +++---
drivers/gpu/drm/nouveau/core/engine/device/nvc0.c | 14 +--
drivers/gpu/drm/nouveau/core/include/subdev/gpio.h | 2
drivers/gpu/drm/nouveau/core/subdev/gpio/nv92.c | 74 ---------------------
drivers/gpu/drm/nouveau/core/subdev/gpio/nv94.c | 74 +++++++++++++++++++++
drivers/gpu/drm/nouveau/core/subdev/gpio/nvd0.c | 4 -
drivers/gpu/drm/nouveau/core/subdev/gpio/priv.h | 4 -
8 files changed, 98 insertions(+), 98 deletions(-)
--- a/drivers/gpu/drm/nouveau/Makefile
+++ b/drivers/gpu/drm/nouveau/Makefile
@@ -129,7 +129,7 @@ nouveau-y += core/subdev/fb/gddr5.o
nouveau-y += core/subdev/gpio/base.o
nouveau-y += core/subdev/gpio/nv10.o
nouveau-y += core/subdev/gpio/nv50.o
-nouveau-y += core/subdev/gpio/nv92.o
+nouveau-y += core/subdev/gpio/nv94.o
nouveau-y += core/subdev/gpio/nvd0.o
nouveau-y += core/subdev/gpio/nve0.o
nouveau-y += core/subdev/i2c/base.o
--- a/drivers/gpu/drm/nouveau/core/engine/device/nv50.c
+++ b/drivers/gpu/drm/nouveau/core/engine/device/nv50.c
@@ -141,7 +141,7 @@ nv50_identify(struct nouveau_device *dev
case 0x92:
device->cname = "G92";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv50_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv50_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = nv84_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nv84_therm_oclass;
@@ -169,7 +169,7 @@ nv50_identify(struct nouveau_device *dev
case 0x94:
device->cname = "G94";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = nv84_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nv84_therm_oclass;
@@ -197,7 +197,7 @@ nv50_identify(struct nouveau_device *dev
case 0x96:
device->cname = "G96";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = nv84_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nv84_therm_oclass;
@@ -225,7 +225,7 @@ nv50_identify(struct nouveau_device *dev
case 0x98:
device->cname = "G98";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = nv84_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nv84_therm_oclass;
@@ -253,7 +253,7 @@ nv50_identify(struct nouveau_device *dev
case 0xa0:
device->cname = "G200";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv50_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = nv84_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nv84_therm_oclass;
@@ -281,7 +281,7 @@ nv50_identify(struct nouveau_device *dev
case 0xaa:
device->cname = "MCP77/MCP78";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = nvaa_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nv84_therm_oclass;
@@ -309,7 +309,7 @@ nv50_identify(struct nouveau_device *dev
case 0xac:
device->cname = "MCP79/MCP7A";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = nvaa_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nv84_therm_oclass;
@@ -337,7 +337,7 @@ nv50_identify(struct nouveau_device *dev
case 0xa3:
device->cname = "GT215";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nva3_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -367,7 +367,7 @@ nv50_identify(struct nouveau_device *dev
case 0xa5:
device->cname = "GT216";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nva3_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -396,7 +396,7 @@ nv50_identify(struct nouveau_device *dev
case 0xa8:
device->cname = "GT218";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nva3_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -425,7 +425,7 @@ nv50_identify(struct nouveau_device *dev
case 0xaf:
device->cname = "MCP89";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nva3_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
--- a/drivers/gpu/drm/nouveau/core/engine/device/nvc0.c
+++ b/drivers/gpu/drm/nouveau/core/engine/device/nvc0.c
@@ -60,7 +60,7 @@ nvc0_identify(struct nouveau_device *dev
case 0xc0:
device->cname = "GF100";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nvc0_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -92,7 +92,7 @@ nvc0_identify(struct nouveau_device *dev
case 0xc4:
device->cname = "GF104";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nvc0_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -124,7 +124,7 @@ nvc0_identify(struct nouveau_device *dev
case 0xc3:
device->cname = "GF106";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nvc0_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -155,7 +155,7 @@ nvc0_identify(struct nouveau_device *dev
case 0xce:
device->cname = "GF114";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nvc0_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -187,7 +187,7 @@ nvc0_identify(struct nouveau_device *dev
case 0xcf:
device->cname = "GF116";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nvc0_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -219,7 +219,7 @@ nvc0_identify(struct nouveau_device *dev
case 0xc1:
device->cname = "GF108";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nvc0_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
@@ -250,7 +250,7 @@ nvc0_identify(struct nouveau_device *dev
case 0xc8:
device->cname = "GF110";
device->oclass[NVDEV_SUBDEV_VBIOS ] = &nouveau_bios_oclass;
- device->oclass[NVDEV_SUBDEV_GPIO ] = nv92_gpio_oclass;
+ device->oclass[NVDEV_SUBDEV_GPIO ] = nv94_gpio_oclass;
device->oclass[NVDEV_SUBDEV_I2C ] = nv94_i2c_oclass;
device->oclass[NVDEV_SUBDEV_CLOCK ] = &nvc0_clock_oclass;
device->oclass[NVDEV_SUBDEV_THERM ] = &nva3_therm_oclass;
--- a/drivers/gpu/drm/nouveau/core/include/subdev/gpio.h
+++ b/drivers/gpu/drm/nouveau/core/include/subdev/gpio.h
@@ -40,7 +40,7 @@ nouveau_gpio(void *obj)
extern struct nouveau_oclass *nv10_gpio_oclass;
extern struct nouveau_oclass *nv50_gpio_oclass;
-extern struct nouveau_oclass *nv92_gpio_oclass;
+extern struct nouveau_oclass *nv94_gpio_oclass;
extern struct nouveau_oclass *nvd0_gpio_oclass;
extern struct nouveau_oclass *nve0_gpio_oclass;
--- a/drivers/gpu/drm/nouveau/core/subdev/gpio/nv92.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright 2012 Red Hat Inc.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
- * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
- * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- * OTHER DEALINGS IN THE SOFTWARE.
- *
- * Authors: Ben Skeggs
- */
-
-#include "priv.h"
-
-void
-nv92_gpio_intr_stat(struct nouveau_gpio *gpio, u32 *hi, u32 *lo)
-{
- u32 intr0 = nv_rd32(gpio, 0x00e054);
- u32 intr1 = nv_rd32(gpio, 0x00e074);
- u32 stat0 = nv_rd32(gpio, 0x00e050) & intr0;
- u32 stat1 = nv_rd32(gpio, 0x00e070) & intr1;
- *lo = (stat1 & 0xffff0000) | (stat0 >> 16);
- *hi = (stat1 << 16) | (stat0 & 0x0000ffff);
- nv_wr32(gpio, 0x00e054, intr0);
- nv_wr32(gpio, 0x00e074, intr1);
-}
-
-void
-nv92_gpio_intr_mask(struct nouveau_gpio *gpio, u32 type, u32 mask, u32 data)
-{
- u32 inte0 = nv_rd32(gpio, 0x00e050);
- u32 inte1 = nv_rd32(gpio, 0x00e070);
- if (type & NVKM_GPIO_LO)
- inte0 = (inte0 & ~(mask << 16)) | (data << 16);
- if (type & NVKM_GPIO_HI)
- inte0 = (inte0 & ~(mask & 0xffff)) | (data & 0xffff);
- mask >>= 16;
- data >>= 16;
- if (type & NVKM_GPIO_LO)
- inte1 = (inte1 & ~(mask << 16)) | (data << 16);
- if (type & NVKM_GPIO_HI)
- inte1 = (inte1 & ~mask) | data;
- nv_wr32(gpio, 0x00e050, inte0);
- nv_wr32(gpio, 0x00e070, inte1);
-}
-
-struct nouveau_oclass *
-nv92_gpio_oclass = &(struct nouveau_gpio_impl) {
- .base.handle = NV_SUBDEV(GPIO, 0x92),
- .base.ofuncs = &(struct nouveau_ofuncs) {
- .ctor = _nouveau_gpio_ctor,
- .dtor = _nouveau_gpio_dtor,
- .init = _nouveau_gpio_init,
- .fini = _nouveau_gpio_fini,
- },
- .lines = 32,
- .intr_stat = nv92_gpio_intr_stat,
- .intr_mask = nv92_gpio_intr_mask,
- .drive = nv50_gpio_drive,
- .sense = nv50_gpio_sense,
- .reset = nv50_gpio_reset,
-}.base;
--- /dev/null
+++ b/drivers/gpu/drm/nouveau/core/subdev/gpio/nv94.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2012 Red Hat Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Authors: Ben Skeggs
+ */
+
+#include "priv.h"
+
+void
+nv94_gpio_intr_stat(struct nouveau_gpio *gpio, u32 *hi, u32 *lo)
+{
+ u32 intr0 = nv_rd32(gpio, 0x00e054);
+ u32 intr1 = nv_rd32(gpio, 0x00e074);
+ u32 stat0 = nv_rd32(gpio, 0x00e050) & intr0;
+ u32 stat1 = nv_rd32(gpio, 0x00e070) & intr1;
+ *lo = (stat1 & 0xffff0000) | (stat0 >> 16);
+ *hi = (stat1 << 16) | (stat0 & 0x0000ffff);
+ nv_wr32(gpio, 0x00e054, intr0);
+ nv_wr32(gpio, 0x00e074, intr1);
+}
+
+void
+nv94_gpio_intr_mask(struct nouveau_gpio *gpio, u32 type, u32 mask, u32 data)
+{
+ u32 inte0 = nv_rd32(gpio, 0x00e050);
+ u32 inte1 = nv_rd32(gpio, 0x00e070);
+ if (type & NVKM_GPIO_LO)
+ inte0 = (inte0 & ~(mask << 16)) | (data << 16);
+ if (type & NVKM_GPIO_HI)
+ inte0 = (inte0 & ~(mask & 0xffff)) | (data & 0xffff);
+ mask >>= 16;
+ data >>= 16;
+ if (type & NVKM_GPIO_LO)
+ inte1 = (inte1 & ~(mask << 16)) | (data << 16);
+ if (type & NVKM_GPIO_HI)
+ inte1 = (inte1 & ~mask) | data;
+ nv_wr32(gpio, 0x00e050, inte0);
+ nv_wr32(gpio, 0x00e070, inte1);
+}
+
+struct nouveau_oclass *
+nv94_gpio_oclass = &(struct nouveau_gpio_impl) {
+ .base.handle = NV_SUBDEV(GPIO, 0x94),
+ .base.ofuncs = &(struct nouveau_ofuncs) {
+ .ctor = _nouveau_gpio_ctor,
+ .dtor = _nouveau_gpio_dtor,
+ .init = _nouveau_gpio_init,
+ .fini = _nouveau_gpio_fini,
+ },
+ .lines = 32,
+ .intr_stat = nv94_gpio_intr_stat,
+ .intr_mask = nv94_gpio_intr_mask,
+ .drive = nv50_gpio_drive,
+ .sense = nv50_gpio_sense,
+ .reset = nv50_gpio_reset,
+}.base;
--- a/drivers/gpu/drm/nouveau/core/subdev/gpio/nvd0.c
+++ b/drivers/gpu/drm/nouveau/core/subdev/gpio/nvd0.c
@@ -77,8 +77,8 @@ nvd0_gpio_oclass = &(struct nouveau_gpio
.fini = _nouveau_gpio_fini,
},
.lines = 32,
- .intr_stat = nv92_gpio_intr_stat,
- .intr_mask = nv92_gpio_intr_mask,
+ .intr_stat = nv94_gpio_intr_stat,
+ .intr_mask = nv94_gpio_intr_mask,
.drive = nvd0_gpio_drive,
.sense = nvd0_gpio_sense,
.reset = nvd0_gpio_reset,
--- a/drivers/gpu/drm/nouveau/core/subdev/gpio/priv.h
+++ b/drivers/gpu/drm/nouveau/core/subdev/gpio/priv.h
@@ -56,8 +56,8 @@ void nv50_gpio_reset(struct nouveau_gpio
int nv50_gpio_drive(struct nouveau_gpio *, int, int, int);
int nv50_gpio_sense(struct nouveau_gpio *, int);
-void nv92_gpio_intr_stat(struct nouveau_gpio *, u32 *, u32 *);
-void nv92_gpio_intr_mask(struct nouveau_gpio *, u32, u32, u32);
+void nv94_gpio_intr_stat(struct nouveau_gpio *, u32 *, u32 *);
+void nv94_gpio_intr_mask(struct nouveau_gpio *, u32, u32, u32);
void nvd0_gpio_reset(struct nouveau_gpio *, u8);
int nvd0_gpio_drive(struct nouveau_gpio *, int, int, int);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 106/319] drm/i915: Do not store the error pointer for a failed userptr registration
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 105/319] drm/nouveau/gpio: rename g92 class to g94 Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 107/319] drm/i915: Do not leak pages when freeing userptr objects Greg Kroah-Hartman
` (198 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Wilson, Jacek Danecki, Gong,
Zhipeng, Ursulin, Tvrtko, Daniel Vetter
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit e9681366ea9e76ab8f75e84351f2f3ca63ee542c upstream.
If we fail to create our mmu notification, we report the error back and
currently store the error inside the i915_mm_struct. This not only causes
subsequent registerations of the same mm to fail (an issue if the first
was interrupted by a signal and needed to be restarted) but also causes
us to eventually try and free the error pointer.
[ 73.419599] BUG: unable to handle kernel NULL pointer dereference at 000000000000004c
[ 73.419831] IP: [<ffffffff8114af33>] mmu_notifier_unregister+0x23/0x130
[ 73.420065] PGD 8650c067 PUD 870bb067 PMD 0
[ 73.420319] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 73.420580] CPU: 0 PID: 42 Comm: kworker/0:1 Tainted: G W 3.17.0-rc6+ #1561
[ 73.420837] Hardware name: Intel Corporation SandyBridge Platform/LosLunas CRB, BIOS ASNBCPT1.86C.0075.P00.1106281639 06/28/2011
[ 73.421405] Workqueue: events __i915_mm_struct_free__worker
[ 73.421724] task: ffff880088a81220 ti: ffff880088168000 task.ti: ffff880088168000
[ 73.422051] RIP: 0010:[<ffffffff8114af33>] [<ffffffff8114af33>] mmu_notifier_unregister+0x23/0x130
[ 73.422410] RSP: 0018:ffff88008816bd50 EFLAGS: 00010286
[ 73.422765] RAX: 0000000000000003 RBX: ffff880086485400 RCX: 0000000000000000
[ 73.423137] RDX: ffff88016d80ee90 RSI: ffff880086485400 RDI: 0000000000000044
[ 73.423513] RBP: ffff88008816bd70 R08: 0000000000000001 R09: 0000000000000000
[ 73.423895] R10: 0000000000000320 R11: 0000000000000001 R12: 0000000000000044
[ 73.424282] R13: ffff880166e5f008 R14: ffff88016d815200 R15: ffff880166e5f040
[ 73.424682] FS: 0000000000000000(0000) GS:ffff88016d800000(0000) knlGS:0000000000000000
[ 73.425099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 73.425537] CR2: 000000000000004c CR3: 0000000087f5f000 CR4: 00000000000407f0
[ 73.426157] Stack:
[ 73.426597] ffff880088a81248 ffff880166e5f038 fffffffffffffffc ffff880166e5f008
[ 73.427096] ffff88008816bd98 ffffffff814a75f2 ffff880166e5f038 ffff8800880f8a28
[ 73.427603] ffff88016d812ac0 ffff88008816be00 ffffffff8106321a ffffffff810631af
[ 73.428119] Call Trace:
[ 73.428606] [<ffffffff814a75f2>] __i915_mm_struct_free__worker+0x42/0x80
[ 73.429116] [<ffffffff8106321a>] process_one_work+0x1ba/0x610
[ 73.429632] [<ffffffff810631af>] ? process_one_work+0x14f/0x610
[ 73.430153] [<ffffffff810636db>] worker_thread+0x6b/0x4a0
[ 73.430671] [<ffffffff8108d67d>] ? trace_hardirqs_on+0xd/0x10
[ 73.431501] [<ffffffff81063670>] ? process_one_work+0x610/0x610
[ 73.432030] [<ffffffff8106a206>] kthread+0xf6/0x110
[ 73.432561] [<ffffffff8106a110>] ? __kthread_parkme+0x80/0x80
[ 73.433100] [<ffffffff8169c22c>] ret_from_fork+0x7c/0xb0
[ 73.433644] [<ffffffff8106a110>] ? __kthread_parkme+0x80/0x80
[ 73.434194] Code: 0f 1f 84 00 00 00 00 00 66 66 66 66 90 8b 46 4c 85 c0 0f 8e 10 01 00 00 55 48 89 e5 41 55 41 54 53 48 89 f3 49 89 fc 48 83 ec 08 <48> 83 7f 08 00 0f 84 b1 00 00 00 48 c7 c7 40 e6 ac 82 e8 26 65
[ 73.435942] RIP [<ffffffff8114af33>] mmu_notifier_unregister+0x23/0x130
[ 73.437017] RSP <ffff88008816bd50>
[ 73.437704] CR2: 000000000000004c
Fixes regression from commit ad46cb533d586fdb256855437af876617c6cf609
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Thu Aug 7 14:20:40 2014 +0100
drm/i915: Prevent recursive deadlock on releasing a busy userptr
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=84207
Testcase: igt/gem_render_copy_redux
Testcase: igt/gem_userptr_blits/create-destroy-sync
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Jacek Danecki <jacek.danecki@intel.com>
Cc: "Gong, Zhipeng" <zhipeng.gong@intel.com>
Cc: Jacek Danecki <jacek.danecki@intel.com>
Cc: "Ursulin, Tvrtko" <tvrtko.ursulin@intel.com>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/i915_gem_userptr.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/i915/i915_gem_userptr.c
+++ b/drivers/gpu/drm/i915/i915_gem_userptr.c
@@ -293,15 +293,23 @@ i915_gem_userptr_release__mmu_notifier(s
static struct i915_mmu_notifier *
i915_mmu_notifier_find(struct i915_mm_struct *mm)
{
- if (mm->mn == NULL) {
- down_write(&mm->mm->mmap_sem);
- mutex_lock(&to_i915(mm->dev)->mm_lock);
- if (mm->mn == NULL)
- mm->mn = i915_mmu_notifier_create(mm->mm);
- mutex_unlock(&to_i915(mm->dev)->mm_lock);
- up_write(&mm->mm->mmap_sem);
+ struct i915_mmu_notifier *mn = mm->mn;
+
+ mn = mm->mn;
+ if (mn)
+ return mn;
+
+ down_write(&mm->mm->mmap_sem);
+ mutex_lock(&to_i915(mm->dev)->mm_lock);
+ if ((mn = mm->mn) == NULL) {
+ mn = i915_mmu_notifier_create(mm->mm);
+ if (!IS_ERR(mn))
+ mm->mn = mn;
}
- return mm->mn;
+ mutex_unlock(&to_i915(mm->dev)->mm_lock);
+ up_write(&mm->mm->mmap_sem);
+
+ return mn;
}
static int
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 107/319] drm/i915: Do not leak pages when freeing userptr objects
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 106/319] drm/i915: Do not store the error pointer for a failed userptr registration Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 108/319] drm/vmwgfx: Fix drm.h include Greg Kroah-Hartman
` (197 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tvrtko Ursulin, Chris Wilson,
Barbalho, Rafael, Daniel Vetter
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
commit c479f4383ea8940dd6f88da61798ad31feb33e51 upstream.
sg_alloc_table_from_pages() can build us a table with coalesced ranges which
means we need to iterate over pages and not sg table entries when releasing
page references.
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: "Barbalho, Rafael" <rafael.barbalho@intel.com>
Tested-by: Rafael Barbalho <rafael.barbalho@intel.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
[danvet: Remove unused local variable sg.]
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/i915_gem_userptr.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/i915/i915_gem_userptr.c
+++ b/drivers/gpu/drm/i915/i915_gem_userptr.c
@@ -689,16 +689,15 @@ i915_gem_userptr_get_pages(struct drm_i9
static void
i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj)
{
- struct scatterlist *sg;
- int i;
+ struct sg_page_iter sg_iter;
BUG_ON(obj->userptr.work != NULL);
if (obj->madv != I915_MADV_WILLNEED)
obj->dirty = 0;
- for_each_sg(obj->pages->sgl, sg, obj->pages->nents, i) {
- struct page *page = sg_page(sg);
+ for_each_sg_page(obj->pages->sgl, &sg_iter, obj->pages->nents, 0) {
+ struct page *page = sg_page_iter_page(&sg_iter);
if (obj->dirty)
set_page_dirty(page);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 108/319] drm/vmwgfx: Fix drm.h include
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 107/319] drm/i915: Do not leak pages when freeing userptr objects Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 109/319] drm/tilcdc: Fix the error path in tilcdc_load() Greg Kroah-Hartman
` (196 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeffrey Bastian, Josh Boyer, Dave Airlie
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josh Boyer <jwboyer@fedoraproject.org>
commit e351943b081f4d9e6f692ce1a6117e8d2e71f478 upstream.
The userspace drm.h include doesn't prefix the drm directory. This can lead
to compile failures as /usr/include/drm/ isn't in the standard gcc include
paths. Fix it to be <drm/drm.h>, which matches the rest of the driver drm
header files that get installed into /usr/include/drm.
Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1138759
Fixes: 1d7a5cbf8f74e
Reported-by: Jeffrey Bastian <jbastian@redhat.com>
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/drm/vmwgfx_drm.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/uapi/drm/vmwgfx_drm.h
+++ b/include/uapi/drm/vmwgfx_drm.h
@@ -29,7 +29,7 @@
#define __VMWGFX_DRM_H__
#ifndef __KERNEL__
-#include <drm.h>
+#include <drm/drm.h>
#endif
#define DRM_VMW_MAX_SURFACE_FACES 6
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 109/319] drm/tilcdc: Fix the error path in tilcdc_load()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 108/319] drm/vmwgfx: Fix drm.h include Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 110/319] drm/nouveau/bios: memset dcb struct to zero before parsing Greg Kroah-Hartman
` (195 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darren Etheridge, Johannes Pointner,
Ezequiel Garcia, Dave Airlie, Matwey V. Kornilov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
commit b478e336b3e75505707a11e78ef8b964ef0a03af upstream.
The current error path calls tilcdc_unload() in case of an error to release
the resources. However, this is wrong because not all resources have been
allocated by the time an error occurs in tilcdc_load().
To fix it, this commit adds proper labels to bail out at the different
stages in the load function, and release only the resources actually allocated.
Tested-by: Darren Etheridge <detheridge@ti.com>
Tested-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Fixes: 3a49012224ca ("drm/tilcdc: panel: fix leak when unloading the module")
Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/tilcdc/tilcdc_drv.c | 60 ++++++++++++++++++++++++++++++------
1 file changed, 50 insertions(+), 10 deletions(-)
--- a/drivers/gpu/drm/tilcdc/tilcdc_drv.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.c
@@ -84,6 +84,7 @@ static int modeset_init(struct drm_devic
if ((priv->num_encoders == 0) || (priv->num_connectors == 0)) {
/* oh nos! */
dev_err(dev->dev, "no encoders/connectors found\n");
+ drm_mode_config_cleanup(dev);
return -ENXIO;
}
@@ -172,33 +173,37 @@ static int tilcdc_load(struct drm_device
dev->dev_private = priv;
priv->wq = alloc_ordered_workqueue("tilcdc", 0);
+ if (!priv->wq) {
+ ret = -ENOMEM;
+ goto fail_free_priv;
+ }
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
if (!res) {
dev_err(dev->dev, "failed to get memory resource\n");
ret = -EINVAL;
- goto fail;
+ goto fail_free_wq;
}
priv->mmio = ioremap_nocache(res->start, resource_size(res));
if (!priv->mmio) {
dev_err(dev->dev, "failed to ioremap\n");
ret = -ENOMEM;
- goto fail;
+ goto fail_free_wq;
}
priv->clk = clk_get(dev->dev, "fck");
if (IS_ERR(priv->clk)) {
dev_err(dev->dev, "failed to get functional clock\n");
ret = -ENODEV;
- goto fail;
+ goto fail_iounmap;
}
priv->disp_clk = clk_get(dev->dev, "dpll_disp_ck");
if (IS_ERR(priv->clk)) {
dev_err(dev->dev, "failed to get display clock\n");
ret = -ENODEV;
- goto fail;
+ goto fail_put_clk;
}
#ifdef CONFIG_CPU_FREQ
@@ -208,7 +213,7 @@ static int tilcdc_load(struct drm_device
CPUFREQ_TRANSITION_NOTIFIER);
if (ret) {
dev_err(dev->dev, "failed to register cpufreq notifier\n");
- goto fail;
+ goto fail_put_disp_clk;
}
#endif
@@ -253,13 +258,13 @@ static int tilcdc_load(struct drm_device
ret = modeset_init(dev);
if (ret < 0) {
dev_err(dev->dev, "failed to initialize mode setting\n");
- goto fail;
+ goto fail_cpufreq_unregister;
}
ret = drm_vblank_init(dev, 1);
if (ret < 0) {
dev_err(dev->dev, "failed to initialize vblank\n");
- goto fail;
+ goto fail_mode_config_cleanup;
}
pm_runtime_get_sync(dev->dev);
@@ -267,7 +272,7 @@ static int tilcdc_load(struct drm_device
pm_runtime_put_sync(dev->dev);
if (ret < 0) {
dev_err(dev->dev, "failed to install IRQ handler\n");
- goto fail;
+ goto fail_vblank_cleanup;
}
platform_set_drvdata(pdev, dev);
@@ -283,13 +288,48 @@ static int tilcdc_load(struct drm_device
priv->fbdev = drm_fbdev_cma_init(dev, bpp,
dev->mode_config.num_crtc,
dev->mode_config.num_connector);
+ if (IS_ERR(priv->fbdev)) {
+ ret = PTR_ERR(priv->fbdev);
+ goto fail_irq_uninstall;
+ }
drm_kms_helper_poll_init(dev);
return 0;
-fail:
- tilcdc_unload(dev);
+fail_irq_uninstall:
+ pm_runtime_get_sync(dev->dev);
+ drm_irq_uninstall(dev);
+ pm_runtime_put_sync(dev->dev);
+
+fail_vblank_cleanup:
+ drm_vblank_cleanup(dev);
+
+fail_mode_config_cleanup:
+ drm_mode_config_cleanup(dev);
+
+fail_cpufreq_unregister:
+ pm_runtime_disable(dev->dev);
+#ifdef CONFIG_CPU_FREQ
+ cpufreq_unregister_notifier(&priv->freq_transition,
+ CPUFREQ_TRANSITION_NOTIFIER);
+fail_put_disp_clk:
+ clk_put(priv->disp_clk);
+#endif
+
+fail_put_clk:
+ clk_put(priv->clk);
+
+fail_iounmap:
+ iounmap(priv->mmio);
+
+fail_free_wq:
+ flush_workqueue(priv->wq);
+ destroy_workqueue(priv->wq);
+
+fail_free_priv:
+ dev->dev_private = NULL;
+ kfree(priv);
return ret;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 110/319] drm/nouveau/bios: memset dcb struct to zero before parsing
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 109/319] drm/tilcdc: Fix the error path in tilcdc_load() Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 111/319] drm/gt214-/kms: fix hda eld regression Greg Kroah-Hartman
` (194 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Skeggs
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Skeggs <bskeggs@redhat.com>
commit 595d373f1e9c9ce0fc946457fdb488e8a58972cd upstream.
Fixes type/mask calculation being based on uninitialised data for VGA
outputs.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/core/subdev/bios/dcb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/nouveau/core/subdev/bios/dcb.c
+++ b/drivers/gpu/drm/nouveau/core/subdev/bios/dcb.c
@@ -124,6 +124,7 @@ dcb_outp_parse(struct nouveau_bios *bios
struct dcb_output *outp)
{
u16 dcb = dcb_outp(bios, idx, ver, len);
+ memset(outp, 0x00, sizeof(*outp));
if (dcb) {
if (*ver >= 0x20) {
u32 conn = nv_ro32(bios, dcb + 0x00);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 111/319] drm/gt214-/kms: fix hda eld regression
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 110/319] drm/nouveau/bios: memset dcb struct to zero before parsing Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 112/319] media: v4l2-common: fix overflow in v4l_bound_align_image() Greg Kroah-Hartman
` (193 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Skeggs
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Skeggs <bskeggs@redhat.com>
commit d889c52427d48c05f163f2f39b2cfc12e17e5266 upstream.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nv50_display.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/nouveau/nv50_display.c
+++ b/drivers/gpu/drm/nouveau/nv50_display.c
@@ -1653,15 +1653,17 @@ nv50_audio_mode_set(struct drm_encoder *
struct nouveau_encoder *nv_encoder = nouveau_encoder(encoder);
struct nouveau_connector *nv_connector;
struct nv50_disp *disp = nv50_disp(encoder->dev);
- struct {
- struct nv50_disp_mthd_v1 base;
- struct nv50_disp_sor_hda_eld_v0 eld;
+ struct __packed {
+ struct {
+ struct nv50_disp_mthd_v1 mthd;
+ struct nv50_disp_sor_hda_eld_v0 eld;
+ } base;
u8 data[sizeof(nv_connector->base.eld)];
} args = {
- .base.version = 1,
- .base.method = NV50_DISP_MTHD_V1_SOR_HDA_ELD,
- .base.hasht = nv_encoder->dcb->hasht,
- .base.hashm = nv_encoder->dcb->hashm,
+ .base.mthd.version = 1,
+ .base.mthd.method = NV50_DISP_MTHD_V1_SOR_HDA_ELD,
+ .base.mthd.hasht = nv_encoder->dcb->hasht,
+ .base.mthd.hashm = nv_encoder->dcb->hashm,
};
nv_connector = nouveau_encoder_connector_get(nv_encoder);
@@ -1671,7 +1673,7 @@ nv50_audio_mode_set(struct drm_encoder *
drm_edid_to_eld(&nv_connector->base, nv_connector->edid);
memcpy(args.data, nv_connector->base.eld, sizeof(args.data));
- nvif_mthd(disp->disp, 0, &args, sizeof(args));
+ nvif_mthd(disp->disp, 0, &args, sizeof(args.base) + args.data[2] * 4);
}
static void
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 112/319] media: v4l2-common: fix overflow in v4l_bound_align_image()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 111/319] drm/gt214-/kms: fix hda eld regression Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 113/319] media: usb: uvc: add a quirk for Dell XPS M1330 webcam Greg Kroah-Hartman
` (192 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej Matraszek, Sakari Ailus,
Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej Matraszek <m.matraszek@samsung.com>
commit 3bacc10cd4a85bc70bc0b6c001d3bf995c7fe04c upstream.
Fix clamp_align() used in v4l_bound_align_image() to prevent overflow
when passed large value like UINT32_MAX.
In the current implementation:
clamp_align(UINT32_MAX, 8, 8192, 3)
returns 8, because in line:
x = (x + (1 << (align - 1))) & mask;
x overflows to (-1 + 4) & 0x7 = 3, while expected value is 8192.
v4l_bound_align_image() is heavily used in VIDIOC_S_FMT and
VIDIOC_SUBDEV_S_FMT ioctls handlers, and documentation of the latter
explicitly states that:
"The modified format should be as close as possible to the original
request."
-- http://linuxtv.org/downloads/v4l-dvb-apis/vidioc-subdev-g-fmt.html
Thus one would expect, that passing UINT32_MAX as format width and
height will result in setting maximum possible resolution for the
device. Particularly, when the driver doesn't support
VIDIOC_ENUM_FRAMESIZES ioctl, which is common in the codebase.
Fixes changeset: b0d3159be9a3
Signed-off-by: Maciej Matraszek <m.matraszek@samsung.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/v4l2-core/v4l2-common.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--- a/drivers/media/v4l2-core/v4l2-common.c
+++ b/drivers/media/v4l2-core/v4l2-common.c
@@ -435,16 +435,13 @@ static unsigned int clamp_align(unsigned
/* Bits that must be zero to be aligned */
unsigned int mask = ~((1 << align) - 1);
+ /* Clamp to aligned min and max */
+ x = clamp(x, (min + ~mask) & mask, max & mask);
+
/* Round to nearest aligned value */
if (align)
x = (x + (1 << (align - 1))) & mask;
- /* Clamp to aligned value of min and max */
- if (x < min)
- x = (min + ~mask) & mask;
- else if (x > max)
- x = max & mask;
-
return x;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 113/319] media: usb: uvc: add a quirk for Dell XPS M1330 webcam
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 112/319] media: v4l2-common: fix overflow in v4l_bound_align_image() Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 115/319] media: siano: add support for PCTV 77e Greg Kroah-Hartman
` (191 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Fertser, Laurent Pinchart,
Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Fertser <fercerpav@gmail.com>
commit 62ea864f84fed6e04dd033d500d4c9183a83d590 upstream.
As reported on [1], this device needs this quirk to be able to
reliably initialise the webcam.
[1] http://ubuntuforums.org/showthread.php?t=2145996
Cc: stable@vger.kernel.org
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/uvc/uvc_driver.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/media/usb/uvc/uvc_driver.c
+++ b/drivers/media/usb/uvc/uvc_driver.c
@@ -2229,6 +2229,15 @@ static struct usb_device_id uvc_ids[] =
.bInterfaceSubClass = 1,
.bInterfaceProtocol = 0,
.driver_info = UVC_QUIRK_PROBE_DEF },
+ /* Dell XPS M1330 (OmniVision OV7670 webcam) */
+ { .match_flags = USB_DEVICE_ID_MATCH_DEVICE
+ | USB_DEVICE_ID_MATCH_INT_INFO,
+ .idVendor = 0x05a9,
+ .idProduct = 0x7670,
+ .bInterfaceClass = USB_CLASS_VIDEO,
+ .bInterfaceSubClass = 1,
+ .bInterfaceProtocol = 0,
+ .driver_info = UVC_QUIRK_PROBE_DEF },
/* Apple Built-In iSight */
{ .match_flags = USB_DEVICE_ID_MATCH_DEVICE
| USB_DEVICE_ID_MATCH_INT_INFO,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 115/319] media: siano: add support for PCTV 77e
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 113/319] media: usb: uvc: add a quirk for Dell XPS M1330 webcam Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 116/319] media: m88ts2022: fix 32bit overflow on filter calc Greg Kroah-Hartman
` (190 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <m.chehab@samsung.com>
commit 29bbb7bd0a65e01a0423e1df764676119b71ecb3 upstream.
Add support for PCTV microStick (77e) device that uses a sms1140
chipset.
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/common/siano/sms-cards.c | 6 ++++++
drivers/media/common/siano/sms-cards.h | 1 +
drivers/media/usb/siano/smsusb.c | 2 ++
3 files changed, 9 insertions(+)
--- a/drivers/media/common/siano/sms-cards.c
+++ b/drivers/media/common/siano/sms-cards.c
@@ -157,6 +157,12 @@ static struct sms_board sms_boards[] = {
.type = SMS_DENVER_2160,
.default_mode = DEVICE_MODE_DAB_TDMB,
},
+ [SMS1XXX_BOARD_PCTV_77E] = {
+ .name = "Hauppauge microStick 77e",
+ .type = SMS_NOVA_B0,
+ .fw[DEVICE_MODE_DVBT_BDA] = SMS_FW_DVB_NOVA_12MHZ_B0,
+ .default_mode = DEVICE_MODE_DVBT_BDA,
+ },
};
struct sms_board *sms_get_board(unsigned id)
--- a/drivers/media/common/siano/sms-cards.h
+++ b/drivers/media/common/siano/sms-cards.h
@@ -45,6 +45,7 @@
#define SMS1XXX_BOARD_SIANO_RIO 18
#define SMS1XXX_BOARD_SIANO_DENVER_1530 19
#define SMS1XXX_BOARD_SIANO_DENVER_2160 20
+#define SMS1XXX_BOARD_PCTV_77E 21
struct sms_board_gpio_cfg {
int lna_vhf_exist;
--- a/drivers/media/usb/siano/smsusb.c
+++ b/drivers/media/usb/siano/smsusb.c
@@ -655,6 +655,8 @@ static const struct usb_device_id smsusb
.driver_info = SMS1XXX_BOARD_ONDA_MDTV_DATA_CARD },
{ USB_DEVICE(0x3275, 0x0080),
.driver_info = SMS1XXX_BOARD_SIANO_RIO },
+ { USB_DEVICE(0x2013, 0x0257),
+ .driver_info = SMS1XXX_BOARD_PCTV_77E },
{ } /* Terminating entry */
};
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 116/319] media: m88ts2022: fix 32bit overflow on filter calc
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 115/319] media: siano: add support for PCTV 77e Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 119/319] media: imon: fix other RC type protocol support Greg Kroah-Hartman
` (189 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nibble Max, Antti Palosaari,
Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Antti Palosaari <crope@iki.fi>
commit f538e085138e519e25ae0828bd6c6e7492ce8ca4 upstream.
Maximum satellite symbol rate used is 45000000Sps which overflows
when multiplied by 135. As final calculation result is fraction,
we could use mult_frac macro in order to keep calculation inside
32 bit number limits and prevent overflow.
Original bug and fix was provided by Nibble Max. I decided to
implement it differently as it is now.
Reported-by: Nibble Max <nibble.max@gmail.com>
Tested-by: Nibble Max <nibble.max@gmail.com>
Signed-off-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/tuners/m88ts2022.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/tuners/m88ts2022.c
+++ b/drivers/media/tuners/m88ts2022.c
@@ -314,7 +314,7 @@ static int m88ts2022_set_params(struct d
div_min = gdiv28 * 78 / 100;
div_max = clamp_val(div_max, 0U, 63U);
- f_3db_hz = c->symbol_rate * 135UL / 200UL;
+ f_3db_hz = mult_frac(c->symbol_rate, 135, 200);
f_3db_hz += 2000000U + (frequency_offset_khz * 1000U);
f_3db_hz = clamp(f_3db_hz, 7000000U, 40000000U);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 119/319] media: imon: fix other RC type protocol support
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 116/319] media: m88ts2022: fix 32bit overflow on filter calc Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 120/319] media: ds3000: fix LNB supply voltage on Tevii S480 on initialization Greg Kroah-Hartman
` (188 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ulrich Eckhardt, Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulrich Eckhardt <uli-lirc@uli-eckhardt.de>
commit d358aefdc0cc92b16ced449f998dbad639db6809 upstream.
With kernel 3.17 the imon remote control for device 15c2:0034 does not
work anymore, which uses the OTHER protocol. Only the front panel
buttons which uses the RC6 protocol are working.
Adds the missing comparison for the RC_BIT_OTHER.
Signed-off-by: Ulrich Eckhardt <uli@uli-eckhardt.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/rc/imon.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/media/rc/imon.c
+++ b/drivers/media/rc/imon.c
@@ -1579,7 +1579,8 @@ static void imon_incoming_packet(struct
if (press_type == 0)
rc_keyup(ictx->rdev);
else {
- if (ictx->rc_type == RC_BIT_RC6_MCE)
+ if (ictx->rc_type == RC_BIT_RC6_MCE ||
+ ictx->rc_type == RC_BIT_OTHER)
rc_keydown(ictx->rdev,
ictx->rc_type == RC_BIT_RC6_MCE ? RC_TYPE_RC6_MCE : RC_TYPE_OTHER,
ictx->rc_scancode, ictx->rc_toggle);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 120/319] media: ds3000: fix LNB supply voltage on Tevii S480 on initialization
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 119/319] media: imon: fix other RC type protocol support Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 122/319] media: tda7432: Fix setting TDA7432_MUTE bit for TDA7432_RF register Greg Kroah-Hartman
` (187 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ulrich Eckhardt, Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulrich Eckhardt <uli-lirc@uli-eckhardt.de>
commit 8c5bcded11cb607b1bb5920de3b9c882136d27db upstream.
The Tevii S480 outputs 18V on startup for the LNB supply voltage and does not
automatically power down. This blocks other receivers connected
to a satellite channel router (EN50494), since the receivers can not send the
required DiSEqC sequences when the Tevii card is connected to a the same SCR.
This patch switches off the LNB supply voltage on initialization of the frontend.
[mchehab@osg.samsung.com: add a comment about why we're explicitly
turning off voltage at device init]
Signed-off-by: Ulrich Eckhardt <uli@uli-eckhardt.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-frontends/ds3000.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/media/dvb-frontends/ds3000.c
+++ b/drivers/media/dvb-frontends/ds3000.c
@@ -864,6 +864,13 @@ struct dvb_frontend *ds3000_attach(const
memcpy(&state->frontend.ops, &ds3000_ops,
sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
+
+ /*
+ * Some devices like T480 starts with voltage on. Be sure
+ * to turn voltage off during init, as this can otherwise
+ * interfere with Unicable SCR systems.
+ */
+ ds3000_set_voltage(&state->frontend, SEC_VOLTAGE_OFF);
return &state->frontend;
error3:
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 122/319] media: tda7432: Fix setting TDA7432_MUTE bit for TDA7432_RF register
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 120/319] media: ds3000: fix LNB supply voltage on Tevii S480 on initialization Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 123/319] media: vmalloc_sg: off by one in error handling Greg Kroah-Hartman
` (186 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Axel Lin, Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit 91ba0e59babdb3c7aca836a65f1095b3eaff7b06 upstream.
Fix a copy-paste bug when converting to the control framework.
Fixes: commit 5d478e0de871 ("[media] tda7432: convert to the control framework")
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/tda7432.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/i2c/tda7432.c
+++ b/drivers/media/i2c/tda7432.c
@@ -293,7 +293,7 @@ static int tda7432_s_ctrl(struct v4l2_ct
if (t->mute->val) {
lf |= TDA7432_MUTE;
lr |= TDA7432_MUTE;
- lf |= TDA7432_MUTE;
+ rf |= TDA7432_MUTE;
rr |= TDA7432_MUTE;
}
/* Mute & update balance*/
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 123/319] media: vmalloc_sg: off by one in error handling
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 122/319] media: tda7432: Fix setting TDA7432_MUTE bit for TDA7432_RF register Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 124/319] KVM: emulate: avoid accessing NULL ctxt->memopp Greg Kroah-Hartman
` (185 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans Verkuil,
Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 23d3090f8b44ab42162e99e8584445bc25b8922f upstream.
The "i--" needs to happen at the start of the loop or it will try to
release something bogus (probably it will crash) and it won't release
the first ->vaddr_page[].
Fixes: 7b4eeed174b7 ('[media] vmalloc_sg: make sure all pages in vmalloc area are really DMA-ready')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/v4l2-core/videobuf-dma-sg.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/media/v4l2-core/videobuf-dma-sg.c
+++ b/drivers/media/v4l2-core/videobuf-dma-sg.c
@@ -253,9 +253,11 @@ int videobuf_dma_init_kernel(struct vide
return 0;
out_free_pages:
while (i > 0) {
- void *addr = page_address(dma->vaddr_pages[i]);
- dma_free_coherent(dma->dev, PAGE_SIZE, addr, dma->dma_addr[i]);
+ void *addr;
+
i--;
+ addr = page_address(dma->vaddr_pages[i]);
+ dma_free_coherent(dma->dev, PAGE_SIZE, addr, dma->dma_addr[i]);
}
kfree(dma->dma_addr);
dma->dma_addr = NULL;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 124/319] KVM: emulate: avoid accessing NULL ctxt->memopp
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 123/319] media: vmalloc_sg: off by one in error handling Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 125/319] kvm: fix excessive pages un-pinning in kvm_iommu_map error path Greg Kroah-Hartman
` (184 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Lutomirski, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit a430c9166312e1aa3d80bce32374233bdbfeba32 upstream.
A failure to decode the instruction can cause a NULL pointer access.
This is fixed simply by moving the "done" label as close as possible
to the return.
This fixes CVE-2014-8481.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -4481,10 +4481,10 @@ done_prefixes:
/* Decode and fetch the destination operand: register or memory. */
rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
-done:
if (ctxt->rip_relative)
ctxt->memopp->addr.mem.ea += ctxt->_eip;
+done:
return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 125/319] kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 124/319] KVM: emulate: avoid accessing NULL ctxt->memopp Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 126/319] KVM: x86: Decoding guest instructions which cross page boundary may fail Greg Kroah-Hartman
` (183 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quentin Casasnovas, Vegard Nossum,
Jamie Iles, Sasha Levin, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
commit 3d32e4dbe71374a6780eaf51d719d76f9a9bf22f upstream.
The third parameter of kvm_unpin_pages() when called from
kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin
and not the page size.
This error was facilitated with an inconsistent API: kvm_pin_pages() takes
a size, but kvn_unpin_pages() takes a number of pages, so fix the problem
by matching the two.
This was introduced by commit 350b8bd ("kvm: iommu: fix the third parameter
of kvm_iommu_put_pages (CVE-2014-3601)"), which fixes the lack of
un-pinning for pages intended to be un-pinned (i.e. memory leak) but
unfortunately potentially aggravated the number of pages we un-pin that
should have stayed pinned. As far as I understand though, the same
practical mitigations apply.
This issue was found during review of Red Hat 6.6 patches to prepare
Ksplice rebootless updates.
Thanks to Vegard for his time on a late Friday evening to help me in
understanding this code.
Fixes: 350b8bd ("kvm: iommu: fix the third parameter of... (CVE-2014-3601)")
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/iommu.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct k
gfn_t base_gfn, unsigned long npages);
static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
- unsigned long size)
+ unsigned long npages)
{
gfn_t end_gfn;
pfn_t pfn;
pfn = gfn_to_pfn_memslot(slot, gfn);
- end_gfn = gfn + (size >> PAGE_SHIFT);
+ end_gfn = gfn + npages;
gfn += 1;
if (is_error_noslot_pfn(pfn))
@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm,
* Pin all pages we are about to map in memory. This is
* important because we unmap and unpin in 4kb steps later.
*/
- pfn = kvm_pin_pages(slot, gfn, page_size);
+ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT);
if (is_error_noslot_pfn(pfn)) {
gfn += 1;
continue;
@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm,
if (r) {
printk(KERN_ERR "kvm_iommu_map_address:"
"iommu failed to map pfn=%llx\n", pfn);
- kvm_unpin_pages(kvm, pfn, page_size);
+ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT);
goto unmap_pages;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 126/319] KVM: x86: Decoding guest instructions which cross page boundary may fail
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 125/319] kvm: fix excessive pages un-pinning in kvm_iommu_map error path Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 127/319] KVM: x86: Emulator does not decode clflush well Greg Kroah-Hartman
` (182 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nadav Amit, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit 08da44aedba0f493e10695fa334348a7a4f72eb3 upstream.
Once an instruction crosses a page boundary, the size read from the second page
disregards the common case that part of the operand resides on the first page.
As a result, fetch of long insturctions may fail, and thereby cause the
decoding to fail as well.
Fixes: 5cfc7e0f5e5e1adf998df94f8e36edaf5d30d38e
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -773,8 +773,10 @@ static int __do_insn_fetch_bytes(struct
static __always_inline int do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt,
unsigned size)
{
- if (unlikely(ctxt->fetch.end - ctxt->fetch.ptr < size))
- return __do_insn_fetch_bytes(ctxt, size);
+ unsigned done_size = ctxt->fetch.end - ctxt->fetch.ptr;
+
+ if (unlikely(done_size < size))
+ return __do_insn_fetch_bytes(ctxt, size - done_size);
else
return X86EMUL_CONTINUE;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 127/319] KVM: x86: Emulator does not decode clflush well
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 126/319] KVM: x86: Decoding guest instructions which cross page boundary may fail Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 128/319] KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag Greg Kroah-Hartman
` (181 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nadav Amit, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit 13e457e0eebf0a0c82c38ceb890d93eb826d62a6 upstream.
Currently, all group15 instructions are decoded as clflush (e.g., mfence,
xsave). In addition, the clflush instruction requires no prefix (66/f2/f3)
would exist. If prefix exists it may encode a different instruction (e.g.,
clflushopt).
Creating a group for clflush, and different group for each prefix.
This has been the case forever, but the next patch needs the cflush group
in order to fix a bug introduced in 3.17.
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3376,6 +3376,12 @@ static int em_bswap(struct x86_emulate_c
return X86EMUL_CONTINUE;
}
+static int em_clflush(struct x86_emulate_ctxt *ctxt)
+{
+ /* emulating clflush regardless of cpuid */
+ return X86EMUL_CONTINUE;
+}
+
static bool valid_cr(int nr)
{
switch (nr) {
@@ -3708,6 +3714,16 @@ static const struct opcode group11[] = {
X7(D(Undefined)),
};
+static const struct gprefix pfx_0f_ae_7 = {
+ I(0, em_clflush), N, N, N,
+};
+
+static const struct group_dual group15 = { {
+ N, N, N, N, N, N, N, GP(0, &pfx_0f_ae_7),
+}, {
+ N, N, N, N, N, N, N, N,
+} };
+
static const struct gprefix pfx_0f_6f_0f_7f = {
I(Mmx, em_mov), I(Sse | Aligned, em_mov), N, I(Sse | Unaligned, em_mov),
};
@@ -3967,7 +3983,7 @@ static const struct opcode twobyte_table
F(DstMem | SrcReg | ModRM | BitOp | Lock | PageTable, em_bts),
F(DstMem | SrcReg | Src2ImmByte | ModRM, em_shrd),
F(DstMem | SrcReg | Src2CL | ModRM, em_shrd),
- D(ModRM), F(DstReg | SrcMem | ModRM, em_imul),
+ GD(0, &group15), F(DstReg | SrcMem | ModRM, em_imul),
/* 0xB0 - 0xB7 */
I2bv(DstMem | SrcReg | ModRM | Lock | PageTable, em_cmpxchg),
I(DstReg | SrcMemFAddr | ModRM | Src2SS, em_lseg),
@@ -4894,8 +4910,6 @@ twobyte_insn:
case 0x90 ... 0x9f: /* setcc r/m8 */
ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags);
break;
- case 0xae: /* clflush */
- break;
case 0xb6 ... 0xb7: /* movzx */
ctxt->dst.bytes = ctxt->op_bytes;
ctxt->dst.val = (ctxt->src.bytes == 1) ? (u8) ctxt->src.val
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 128/319] KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 127/319] KVM: x86: Emulator does not decode clflush well Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 129/319] KVM: x86: Prevent host from panicking on shared MSR writes Greg Kroah-Hartman
` (180 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nadav Amit, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit 3f6f1480d86bf9fc16c160d803ab1d006e3058d5 upstream.
The decode phase of the x86 emulator assumes that every instruction with the
ModRM flag, and which can be used with RIP-relative addressing, has either
SrcMem or DstMem. This is not the case for several instructions - prefetch,
hint-nop and clflush.
Adding SrcMem|NoAccess for prefetch and hint-nop and SrcMem for clflush.
This fixes CVE-2014-8480.
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3715,7 +3715,7 @@ static const struct opcode group11[] = {
};
static const struct gprefix pfx_0f_ae_7 = {
- I(0, em_clflush), N, N, N,
+ I(SrcMem | ByteOp, em_clflush), N, N, N,
};
static const struct group_dual group15 = { {
@@ -3928,10 +3928,11 @@ static const struct opcode twobyte_table
N, I(ImplicitOps | EmulateOnUD, em_syscall),
II(ImplicitOps | Priv, em_clts, clts), N,
DI(ImplicitOps | Priv, invd), DI(ImplicitOps | Priv, wbinvd), N, N,
- N, D(ImplicitOps | ModRM), N, N,
+ N, D(ImplicitOps | ModRM | SrcMem | NoAccess), N, N,
/* 0x10 - 0x1F */
N, N, N, N, N, N, N, N,
- D(ImplicitOps | ModRM), N, N, N, N, N, N, D(ImplicitOps | ModRM),
+ D(ImplicitOps | ModRM | SrcMem | NoAccess),
+ N, N, N, N, N, N, D(ImplicitOps | ModRM | SrcMem | NoAccess),
/* 0x20 - 0x2F */
DIP(ModRM | DstMem | Priv | Op3264 | NoMod, cr_read, check_cr_read),
DIP(ModRM | DstMem | Priv | Op3264 | NoMod, dr_read, check_dr_read),
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 129/319] KVM: x86: Prevent host from panicking on shared MSR writes.
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 128/319] KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 130/319] KVM: x86: Improve thread safety in pit Greg Kroah-Hartman
` (179 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andrew Honig, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Honig <ahonig@google.com>
commit 8b3c3104c3f4f706e99365c3e0d2aa61b95f969f upstream.
The previous patch blocked invalid writes directly when the MSR
is written. As a precaution, prevent future similar mistakes by
gracefulling handle GPs caused by writes to shared MSRs.
Signed-off-by: Andrew Honig <ahonig@google.com>
[Remove parts obsoleted by Nadav's patch. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/vmx.c | 7 +++++--
arch/x86/kvm/x86.c | 11 ++++++++---
3 files changed, 14 insertions(+), 6 deletions(-)
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1049,7 +1049,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcp
void kvm_vcpu_reset(struct kvm_vcpu *vcpu);
void kvm_define_shared_msr(unsigned index, u32 msr);
-void kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
+int kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip);
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2632,12 +2632,15 @@ static int vmx_set_msr(struct kvm_vcpu *
default:
msr = find_msr_entry(vmx, msr_index);
if (msr) {
+ u64 old_msr_data = msr->data;
msr->data = data;
if (msr - vmx->guest_msrs < vmx->save_nmsrs) {
preempt_disable();
- kvm_set_shared_msr(msr->index, msr->data,
- msr->mask);
+ ret = kvm_set_shared_msr(msr->index, msr->data,
+ msr->mask);
preempt_enable();
+ if (ret)
+ msr->data = old_msr_data;
}
break;
}
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -229,20 +229,25 @@ static void kvm_shared_msr_cpu_online(vo
shared_msr_update(i, shared_msrs_global.msrs[i]);
}
-void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
+int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
{
unsigned int cpu = smp_processor_id();
struct kvm_shared_msrs *smsr = per_cpu_ptr(shared_msrs, cpu);
+ int err;
if (((value ^ smsr->values[slot].curr) & mask) == 0)
- return;
+ return 0;
smsr->values[slot].curr = value;
- wrmsrl(shared_msrs_global.msrs[slot], value);
+ err = wrmsrl_safe(shared_msrs_global.msrs[slot], value);
+ if (err)
+ return 1;
+
if (!smsr->registered) {
smsr->urn.on_user_return = kvm_on_user_return;
user_return_notifier_register(&smsr->urn);
smsr->registered = true;
}
+ return 0;
}
EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 130/319] KVM: x86: Improve thread safety in pit
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 129/319] KVM: x86: Prevent host from panicking on shared MSR writes Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 131/319] KVM: x86: Check non-canonical addresses upon WRMSR Greg Kroah-Hartman
` (178 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andrew Honig, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Honig <ahonig@google.com>
commit 2febc839133280d5a5e8e1179c94ea674489dae2 upstream.
There's a race condition in the PIT emulation code in KVM. In
__kvm_migrate_pit_timer the pit_timer object is accessed without
synchronization. If the race condition occurs at the wrong time this
can crash the host kernel.
This fixes CVE-2014-3611.
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/i8254.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -262,8 +262,10 @@ void __kvm_migrate_pit_timer(struct kvm_
return;
timer = &pit->pit_state.timer;
+ mutex_lock(&pit->pit_state.lock);
if (hrtimer_cancel(timer))
hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
+ mutex_unlock(&pit->pit_state.lock);
}
static void destroy_pit_timer(struct kvm_pit *pit)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 131/319] KVM: x86: Check non-canonical addresses upon WRMSR
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 130/319] KVM: x86: Improve thread safety in pit Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 132/319] kvm: x86: dont kill guest on unknown exit reason Greg Kroah-Hartman
` (177 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nadav Amit, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit 854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 upstream.
Upon WRMSR, the CPU should inject #GP if a non-canonical value (address) is
written to certain MSRs. The behavior is "almost" identical for AMD and Intel
(ignoring MSRs that are not implemented in either architecture since they would
anyhow #GP). However, IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
non-canonical address is written on Intel but not on AMD (which ignores the top
32-bits).
Accordingly, this patch injects a #GP on the MSRs which behave identically on
Intel and AMD. To eliminate the differences between the architecutres, the
value which is written to IA32_SYSENTER_ESP and IA32_SYSENTER_EIP is turned to
canonical value before writing instead of injecting a #GP.
Some references from Intel and AMD manuals:
According to Intel SDM description of WRMSR instruction #GP is expected on
WRMSR "If the source register contains a non-canonical address and ECX
specifies one of the following MSRs: IA32_DS_AREA, IA32_FS_BASE, IA32_GS_BASE,
IA32_KERNEL_GS_BASE, IA32_LSTAR, IA32_SYSENTER_EIP, IA32_SYSENTER_ESP."
According to AMD manual instruction manual:
LSTAR/CSTAR (SYSCALL): "The WRMSR instruction loads the target RIP into the
LSTAR and CSTAR registers. If an RIP written by WRMSR is not in canonical
form, a general-protection exception (#GP) occurs."
IA32_GS_BASE and IA32_FS_BASE (WRFSBASE/WRGSBASE): "The address written to the
base field must be in canonical form or a #GP fault will occur."
IA32_KERNEL_GS_BASE (SWAPGS): "The address stored in the KernelGSbase MSR must
be in canonical form."
This patch fixes CVE-2014-3610.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/kvm_host.h | 14 ++++++++++++++
arch/x86/kvm/svm.c | 2 +-
arch/x86/kvm/vmx.c | 2 +-
arch/x86/kvm/x86.c | 27 ++++++++++++++++++++++++++-
4 files changed, 42 insertions(+), 3 deletions(-)
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -991,6 +991,20 @@ static inline void kvm_inject_gp(struct
kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
}
+static inline u64 get_canonical(u64 la)
+{
+ return ((int64_t)la << 16) >> 16;
+}
+
+static inline bool is_noncanonical_address(u64 la)
+{
+#ifdef CONFIG_X86_64
+ return get_canonical(la) != la;
+#else
+ return false;
+#endif
+}
+
#define TSS_IOPB_BASE_OFFSET 0x66
#define TSS_BASE_SIZE 0x68
#define TSS_IOPB_SIZE (65536 / 8)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3234,7 +3234,7 @@ static int wrmsr_interception(struct vcp
msr.host_initiated = false;
svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
- if (svm_set_msr(&svm->vcpu, &msr)) {
+ if (kvm_set_msr(&svm->vcpu, &msr)) {
trace_kvm_msr_write_ex(ecx, data);
kvm_inject_gp(&svm->vcpu, 0);
} else {
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5266,7 +5266,7 @@ static int handle_wrmsr(struct kvm_vcpu
msr.data = data;
msr.index = ecx;
msr.host_initiated = false;
- if (vmx_set_msr(vcpu, &msr) != 0) {
+ if (kvm_set_msr(vcpu, &msr) != 0) {
trace_kvm_msr_write_ex(ecx, data);
kvm_inject_gp(vcpu, 0);
return 1;
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -989,7 +989,6 @@ void kvm_enable_efer_bits(u64 mask)
}
EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
-
/*
* Writes msr value into into the appropriate "register".
* Returns 0 on success, non-0 otherwise.
@@ -997,8 +996,34 @@ EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
*/
int kvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
{
+ switch (msr->index) {
+ case MSR_FS_BASE:
+ case MSR_GS_BASE:
+ case MSR_KERNEL_GS_BASE:
+ case MSR_CSTAR:
+ case MSR_LSTAR:
+ if (is_noncanonical_address(msr->data))
+ return 1;
+ break;
+ case MSR_IA32_SYSENTER_EIP:
+ case MSR_IA32_SYSENTER_ESP:
+ /*
+ * IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
+ * non-canonical address is written on Intel but not on
+ * AMD (which ignores the top 32-bits, because it does
+ * not implement 64-bit SYSENTER).
+ *
+ * 64-bit code should hence be able to write a non-canonical
+ * value on AMD. Making the address canonical ensures that
+ * vmentry does not fail on Intel after writing a non-canonical
+ * value, and that something deterministic happens if the guest
+ * invokes 64-bit SYSENTER.
+ */
+ msr->data = get_canonical(msr->data);
+ }
return kvm_x86_ops->set_msr(vcpu, msr);
}
+EXPORT_SYMBOL_GPL(kvm_set_msr);
/*
* Adapt set_msr() to msr_io()'s calling convention
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 132/319] kvm: x86: dont kill guest on unknown exit reason
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 131/319] KVM: x86: Check non-canonical addresses upon WRMSR Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 133/319] KVM: x86: Fix wrong masking on relative jump/call Greg Kroah-Hartman
` (176 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael S. Tsirkin, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Michael S. Tsirkin" <mst@redhat.com>
commit 2bc19dc3754fc066c43799659f0d848631c44cfe upstream.
KVM_EXIT_UNKNOWN is a kvm bug, we don't really know whether it was
triggered by a priveledged application. Let's not kill the guest: WARN
and inject #UD instead.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 6 +++---
arch/x86/kvm/vmx.c | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3534,9 +3534,9 @@ static int handle_exit(struct kvm_vcpu *
if (exit_code >= ARRAY_SIZE(svm_exit_handlers)
|| !svm_exit_handlers[exit_code]) {
- kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
- kvm_run->hw.hardware_exit_reason = exit_code;
- return 0;
+ WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_code);
+ kvm_queue_exception(vcpu, UD_VECTOR);
+ return 1;
}
return svm_exit_handlers[exit_code](svm);
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -7058,10 +7058,10 @@ static int vmx_handle_exit(struct kvm_vc
&& kvm_vmx_exit_handlers[exit_reason])
return kvm_vmx_exit_handlers[exit_reason](vcpu);
else {
- vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
- vcpu->run->hw.hardware_exit_reason = exit_reason;
+ WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_reason);
+ kvm_queue_exception(vcpu, UD_VECTOR);
+ return 1;
}
- return 0;
}
static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 133/319] KVM: x86: Fix wrong masking on relative jump/call
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 132/319] kvm: x86: dont kill guest on unknown exit reason Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 134/319] KVM: x86: Emulator fixes for eip canonical checks on near branches Greg Kroah-Hartman
` (175 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nadav Amit, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit 05c83ec9b73c8124555b706f6af777b10adf0862 upstream.
Relative jumps and calls do the masking according to the operand size, and not
according to the address size as the KVM emulator does today.
This patch fixes KVM behavior.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -504,11 +504,6 @@ static void rsp_increment(struct x86_emu
masked_increment(reg_rmw(ctxt, VCPU_REGS_RSP), stack_mask(ctxt), inc);
}
-static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
-{
- register_address_increment(ctxt, &ctxt->_eip, rel);
-}
-
static u32 desc_limit_scaled(struct desc_struct *desc)
{
u32 limit = get_desc_limit(desc);
@@ -568,6 +563,28 @@ static int emulate_nm(struct x86_emulate
return emulate_exception(ctxt, NM_VECTOR, 0, false);
}
+static inline void assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
+{
+ switch (ctxt->op_bytes) {
+ case 2:
+ ctxt->_eip = (u16)dst;
+ break;
+ case 4:
+ ctxt->_eip = (u32)dst;
+ break;
+ case 8:
+ ctxt->_eip = dst;
+ break;
+ default:
+ WARN(1, "unsupported eip assignment size\n");
+ }
+}
+
+static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
+{
+ assign_eip_near(ctxt, ctxt->_eip + rel);
+}
+
static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg)
{
u16 selector;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 134/319] KVM: x86: Emulator fixes for eip canonical checks on near branches
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 133/319] KVM: x86: Fix wrong masking on relative jump/call Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 135/319] KVM: x86: Handle errors when RIP is set during far jumps Greg Kroah-Hartman
` (174 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nadav Amit, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit 234f3ce485d54017f15cf5e0699cff4100121601 upstream.
Before changing rip (during jmp, call, ret, etc.) the target should be asserted
to be canonical one, as real CPUs do. During sysret, both target rsp and rip
should be canonical. If any of these values is noncanonical, a #GP exception
should occur. The exception to this rule are syscall and sysenter instructions
in which the assigned rip is checked during the assignment to the relevant
MSRs.
This patch fixes the emulator to behave as real CPUs do for near branches.
Far branches are handled by the next patch.
This fixes CVE-2014-3647.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 78 +++++++++++++++++++++++++++++++++----------------
1 file changed, 54 insertions(+), 24 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -563,7 +563,8 @@ static int emulate_nm(struct x86_emulate
return emulate_exception(ctxt, NM_VECTOR, 0, false);
}
-static inline void assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
+static inline int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst,
+ int cs_l)
{
switch (ctxt->op_bytes) {
case 2:
@@ -573,16 +574,25 @@ static inline void assign_eip_near(struc
ctxt->_eip = (u32)dst;
break;
case 8:
+ if ((cs_l && is_noncanonical_address(dst)) ||
+ (!cs_l && (dst & ~(u32)-1)))
+ return emulate_gp(ctxt, 0);
ctxt->_eip = dst;
break;
default:
WARN(1, "unsupported eip assignment size\n");
}
+ return X86EMUL_CONTINUE;
+}
+
+static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
+{
+ return assign_eip_far(ctxt, dst, ctxt->mode == X86EMUL_MODE_PROT64);
}
-static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
+static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
{
- assign_eip_near(ctxt, ctxt->_eip + rel);
+ return assign_eip_near(ctxt, ctxt->_eip + rel);
}
static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg)
@@ -2014,13 +2024,15 @@ static int em_grp45(struct x86_emulate_c
case 2: /* call near abs */ {
long int old_eip;
old_eip = ctxt->_eip;
- ctxt->_eip = ctxt->src.val;
+ rc = assign_eip_near(ctxt, ctxt->src.val);
+ if (rc != X86EMUL_CONTINUE)
+ break;
ctxt->src.val = old_eip;
rc = em_push(ctxt);
break;
}
case 4: /* jmp abs */
- ctxt->_eip = ctxt->src.val;
+ rc = assign_eip_near(ctxt, ctxt->src.val);
break;
case 5: /* jmp far */
rc = em_jmp_far(ctxt);
@@ -2055,10 +2067,14 @@ static int em_cmpxchg8b(struct x86_emula
static int em_ret(struct x86_emulate_ctxt *ctxt)
{
- ctxt->dst.type = OP_REG;
- ctxt->dst.addr.reg = &ctxt->_eip;
- ctxt->dst.bytes = ctxt->op_bytes;
- return em_pop(ctxt);
+ int rc;
+ unsigned long eip;
+
+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
+ if (rc != X86EMUL_CONTINUE)
+ return rc;
+
+ return assign_eip_near(ctxt, eip);
}
static int em_ret_far(struct x86_emulate_ctxt *ctxt)
@@ -2339,7 +2355,7 @@ static int em_sysexit(struct x86_emulate
{
const struct x86_emulate_ops *ops = ctxt->ops;
struct desc_struct cs, ss;
- u64 msr_data;
+ u64 msr_data, rcx, rdx;
int usermode;
u16 cs_sel = 0, ss_sel = 0;
@@ -2355,6 +2371,9 @@ static int em_sysexit(struct x86_emulate
else
usermode = X86EMUL_MODE_PROT32;
+ rcx = reg_read(ctxt, VCPU_REGS_RCX);
+ rdx = reg_read(ctxt, VCPU_REGS_RDX);
+
cs.dpl = 3;
ss.dpl = 3;
ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
@@ -2372,6 +2391,9 @@ static int em_sysexit(struct x86_emulate
ss_sel = cs_sel + 8;
cs.d = 0;
cs.l = 1;
+ if (is_noncanonical_address(rcx) ||
+ is_noncanonical_address(rdx))
+ return emulate_gp(ctxt, 0);
break;
}
cs_sel |= SELECTOR_RPL_MASK;
@@ -2380,8 +2402,8 @@ static int em_sysexit(struct x86_emulate
ops->set_segment(ctxt, cs_sel, &cs, 0, VCPU_SREG_CS);
ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
- ctxt->_eip = reg_read(ctxt, VCPU_REGS_RDX);
- *reg_write(ctxt, VCPU_REGS_RSP) = reg_read(ctxt, VCPU_REGS_RCX);
+ ctxt->_eip = rdx;
+ *reg_write(ctxt, VCPU_REGS_RSP) = rcx;
return X86EMUL_CONTINUE;
}
@@ -2922,10 +2944,13 @@ static int em_aad(struct x86_emulate_ctx
static int em_call(struct x86_emulate_ctxt *ctxt)
{
+ int rc;
long rel = ctxt->src.val;
ctxt->src.val = (unsigned long)ctxt->_eip;
- jmp_rel(ctxt, rel);
+ rc = jmp_rel(ctxt, rel);
+ if (rc != X86EMUL_CONTINUE)
+ return rc;
return em_push(ctxt);
}
@@ -2957,11 +2982,12 @@ static int em_call_far(struct x86_emulat
static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt)
{
int rc;
+ unsigned long eip;
- ctxt->dst.type = OP_REG;
- ctxt->dst.addr.reg = &ctxt->_eip;
- ctxt->dst.bytes = ctxt->op_bytes;
- rc = emulate_pop(ctxt, &ctxt->dst.val, ctxt->op_bytes);
+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
+ if (rc != X86EMUL_CONTINUE)
+ return rc;
+ rc = assign_eip_near(ctxt, eip);
if (rc != X86EMUL_CONTINUE)
return rc;
rsp_increment(ctxt, ctxt->src.val);
@@ -3292,20 +3318,24 @@ static int em_lmsw(struct x86_emulate_ct
static int em_loop(struct x86_emulate_ctxt *ctxt)
{
+ int rc = X86EMUL_CONTINUE;
+
register_address_increment(ctxt, reg_rmw(ctxt, VCPU_REGS_RCX), -1);
if ((address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) != 0) &&
(ctxt->b == 0xe2 || test_cc(ctxt->b ^ 0x5, ctxt->eflags)))
- jmp_rel(ctxt, ctxt->src.val);
+ rc = jmp_rel(ctxt, ctxt->src.val);
- return X86EMUL_CONTINUE;
+ return rc;
}
static int em_jcxz(struct x86_emulate_ctxt *ctxt)
{
+ int rc = X86EMUL_CONTINUE;
+
if (address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) == 0)
- jmp_rel(ctxt, ctxt->src.val);
+ rc = jmp_rel(ctxt, ctxt->src.val);
- return X86EMUL_CONTINUE;
+ return rc;
}
static int em_in(struct x86_emulate_ctxt *ctxt)
@@ -4770,7 +4800,7 @@ special_insn:
break;
case 0x70 ... 0x7f: /* jcc (short) */
if (test_cc(ctxt->b, ctxt->eflags))
- jmp_rel(ctxt, ctxt->src.val);
+ rc = jmp_rel(ctxt, ctxt->src.val);
break;
case 0x8d: /* lea r16/r32, m */
ctxt->dst.val = ctxt->src.addr.mem.ea;
@@ -4800,7 +4830,7 @@ special_insn:
break;
case 0xe9: /* jmp rel */
case 0xeb: /* jmp rel short */
- jmp_rel(ctxt, ctxt->src.val);
+ rc = jmp_rel(ctxt, ctxt->src.val);
ctxt->dst.type = OP_NONE; /* Disable writeback. */
break;
case 0xf4: /* hlt */
@@ -4923,7 +4953,7 @@ twobyte_insn:
break;
case 0x80 ... 0x8f: /* jnz rel, etc*/
if (test_cc(ctxt->b, ctxt->eflags))
- jmp_rel(ctxt, ctxt->src.val);
+ rc = jmp_rel(ctxt, ctxt->src.val);
break;
case 0x90 ... 0x9f: /* setcc r/m8 */
ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 135/319] KVM: x86: Handle errors when RIP is set during far jumps
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 134/319] KVM: x86: Emulator fixes for eip canonical checks on near branches Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 136/319] kvm: vmx: handle invvpid vm exit gracefully Greg Kroah-Hartman
` (173 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nadav Amit, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit d1442d85cc30ea75f7d399474ca738e0bc96f715 upstream.
Far jmp/call/ret may fault while loading a new RIP. Currently KVM does not
handle this case, and may result in failed vm-entry once the assignment is
done. The tricky part of doing so is that loading the new CS affects the
VMCS/VMCB state, so if we fail during loading the new RIP, we are left in
unconsistent state. Therefore, this patch saves on 64-bit the old CS
descriptor and restores it if loading RIP failed.
This fixes CVE-2014-3647.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 118 ++++++++++++++++++++++++++++++++++++-------------
1 file changed, 88 insertions(+), 30 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1467,7 +1467,9 @@ static int write_segment_descriptor(stru
/* Does not support long mode */
static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- u16 selector, int seg, u8 cpl, bool in_task_switch)
+ u16 selector, int seg, u8 cpl,
+ bool in_task_switch,
+ struct desc_struct *desc)
{
struct desc_struct seg_desc, old_desc;
u8 dpl, rpl;
@@ -1599,6 +1601,8 @@ static int __load_segment_descriptor(str
}
load:
ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg);
+ if (desc)
+ *desc = seg_desc;
return X86EMUL_CONTINUE;
exception:
emulate_exception(ctxt, err_vec, err_code, true);
@@ -1609,7 +1613,7 @@ static int load_segment_descriptor(struc
u16 selector, int seg)
{
u8 cpl = ctxt->ops->cpl(ctxt);
- return __load_segment_descriptor(ctxt, selector, seg, cpl, false);
+ return __load_segment_descriptor(ctxt, selector, seg, cpl, false, NULL);
}
static void write_register_operand(struct operand *op)
@@ -2003,17 +2007,31 @@ static int em_iret(struct x86_emulate_ct
static int em_jmp_far(struct x86_emulate_ctxt *ctxt)
{
int rc;
- unsigned short sel;
+ unsigned short sel, old_sel;
+ struct desc_struct old_desc, new_desc;
+ const struct x86_emulate_ops *ops = ctxt->ops;
+ u8 cpl = ctxt->ops->cpl(ctxt);
+
+ /* Assignment of RIP may only fail in 64-bit mode */
+ if (ctxt->mode == X86EMUL_MODE_PROT64)
+ ops->get_segment(ctxt, &old_sel, &old_desc, NULL,
+ VCPU_SREG_CS);
memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
- rc = load_segment_descriptor(ctxt, sel, VCPU_SREG_CS);
+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
+ &new_desc);
if (rc != X86EMUL_CONTINUE)
return rc;
- ctxt->_eip = 0;
- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
- return X86EMUL_CONTINUE;
+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
+ if (rc != X86EMUL_CONTINUE) {
+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
+ /* assigning eip failed; restore the old cs */
+ ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS);
+ return rc;
+ }
+ return rc;
}
static int em_grp45(struct x86_emulate_ctxt *ctxt)
@@ -2080,21 +2098,34 @@ static int em_ret(struct x86_emulate_ctx
static int em_ret_far(struct x86_emulate_ctxt *ctxt)
{
int rc;
- unsigned long cs;
+ unsigned long eip, cs;
+ u16 old_cs;
int cpl = ctxt->ops->cpl(ctxt);
+ struct desc_struct old_desc, new_desc;
+ const struct x86_emulate_ops *ops = ctxt->ops;
+
+ if (ctxt->mode == X86EMUL_MODE_PROT64)
+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL,
+ VCPU_SREG_CS);
- rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes);
+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
if (rc != X86EMUL_CONTINUE)
return rc;
- if (ctxt->op_bytes == 4)
- ctxt->_eip = (u32)ctxt->_eip;
rc = emulate_pop(ctxt, &cs, ctxt->op_bytes);
if (rc != X86EMUL_CONTINUE)
return rc;
/* Outer-privilege level return is not implemented */
if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
return X86EMUL_UNHANDLEABLE;
- rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS);
+ rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false,
+ &new_desc);
+ if (rc != X86EMUL_CONTINUE)
+ return rc;
+ rc = assign_eip_far(ctxt, eip, new_desc.l);
+ if (rc != X86EMUL_CONTINUE) {
+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
+ }
return rc;
}
@@ -2521,19 +2552,24 @@ static int load_state_from_tss16(struct
* Now load segment descriptors. If fault happens at this stage
* it is handled in a context of new task
*/
- ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
@@ -2658,25 +2694,32 @@ static int load_state_from_tss32(struct
* Now load segment descriptors. If fault happenes at this stage
* it is handled in a context of new task
*/
- ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR,
+ cpl, true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
- ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, true);
+ ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl,
+ true, NULL);
if (ret != X86EMUL_CONTINUE)
return ret;
@@ -2959,24 +3002,39 @@ static int em_call_far(struct x86_emulat
u16 sel, old_cs;
ulong old_eip;
int rc;
+ struct desc_struct old_desc, new_desc;
+ const struct x86_emulate_ops *ops = ctxt->ops;
+ int cpl = ctxt->ops->cpl(ctxt);
- old_cs = get_segment_selector(ctxt, VCPU_SREG_CS);
old_eip = ctxt->_eip;
+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL, VCPU_SREG_CS);
memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
- if (load_segment_descriptor(ctxt, sel, VCPU_SREG_CS))
+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
+ &new_desc);
+ if (rc != X86EMUL_CONTINUE)
return X86EMUL_CONTINUE;
- ctxt->_eip = 0;
- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
+ if (rc != X86EMUL_CONTINUE)
+ goto fail;
ctxt->src.val = old_cs;
rc = em_push(ctxt);
if (rc != X86EMUL_CONTINUE)
- return rc;
+ goto fail;
ctxt->src.val = old_eip;
- return em_push(ctxt);
+ rc = em_push(ctxt);
+ /* If we failed, we tainted the memory, but the very least we should
+ restore cs */
+ if (rc != X86EMUL_CONTINUE)
+ goto fail;
+ return rc;
+fail:
+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
+ return rc;
+
}
static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 136/319] kvm: vmx: handle invvpid vm exit gracefully
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 135/319] KVM: x86: Handle errors when RIP is set during far jumps Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 137/319] ARC: [nsimosci] Allow "headless" models to boot Greg Kroah-Hartman
` (172 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Petr Matousek, Paolo Bonzini
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Petr Matousek <pmatouse@redhat.com>
commit a642fc305053cc1c6e47e4f4df327895747ab485 upstream.
On systems with invvpid instruction support (corresponding bit in
IA32_VMX_EPT_VPID_CAP MSR is set) guest invocation of invvpid
causes vm exit, which is currently not handled and results in
propagation of unknown exit to userspace.
Fix this by installing an invvpid vm exit handler.
This is CVE-2014-3646.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/uapi/asm/vmx.h | 2 ++
arch/x86/kvm/vmx.c | 9 ++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
--- a/arch/x86/include/uapi/asm/vmx.h
+++ b/arch/x86/include/uapi/asm/vmx.h
@@ -67,6 +67,7 @@
#define EXIT_REASON_EPT_MISCONFIG 49
#define EXIT_REASON_INVEPT 50
#define EXIT_REASON_PREEMPTION_TIMER 52
+#define EXIT_REASON_INVVPID 53
#define EXIT_REASON_WBINVD 54
#define EXIT_REASON_XSETBV 55
#define EXIT_REASON_APIC_WRITE 56
@@ -114,6 +115,7 @@
{ EXIT_REASON_EOI_INDUCED, "EOI_INDUCED" }, \
{ EXIT_REASON_INVALID_STATE, "INVALID_STATE" }, \
{ EXIT_REASON_INVD, "INVD" }, \
+ { EXIT_REASON_INVVPID, "INVVPID" }, \
{ EXIT_REASON_INVPCID, "INVPCID" }
#endif /* _UAPIVMX_H */
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6639,6 +6639,12 @@ static int handle_invept(struct kvm_vcpu
return 1;
}
+static int handle_invvpid(struct kvm_vcpu *vcpu)
+{
+ kvm_queue_exception(vcpu, UD_VECTOR);
+ return 1;
+}
+
/*
* The exit handlers return 1 if the exit was handled fully and guest execution
* may resume. Otherwise they set the kvm_run parameter to indicate what needs
@@ -6684,6 +6690,7 @@ static int (*const kvm_vmx_exit_handlers
[EXIT_REASON_MWAIT_INSTRUCTION] = handle_mwait,
[EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor,
[EXIT_REASON_INVEPT] = handle_invept,
+ [EXIT_REASON_INVVPID] = handle_invvpid,
};
static const int kvm_vmx_max_exit_handlers =
@@ -6917,7 +6924,7 @@ static bool nested_vmx_exit_handled(stru
case EXIT_REASON_VMPTRST: case EXIT_REASON_VMREAD:
case EXIT_REASON_VMRESUME: case EXIT_REASON_VMWRITE:
case EXIT_REASON_VMOFF: case EXIT_REASON_VMON:
- case EXIT_REASON_INVEPT:
+ case EXIT_REASON_INVEPT: case EXIT_REASON_INVVPID:
/*
* VMX instructions trap unconditionally. This allows L1 to
* emulate them for its L2 guest, i.e., allows 3-level nesting!
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 137/319] ARC: [nsimosci] Allow "headless" models to boot
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 136/319] kvm: vmx: handle invvpid vm exit gracefully Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 138/319] ARC: Update order of registers in KGDB to match GDB 7.5 Greg Kroah-Hartman
` (171 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Anton Kolesov, Vineet Gupta
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 5c05483e2db91890faa9a7be0a831701a3f442d6 upstream.
There are certain test configuration of virtual platform which don't
have any real console device (uart/pgu). So add tty0 as a fallback console
device to allow system to boot and be accessible via telnet
Otherwise with ttyS0 as only console, but 8250 disabled in kernel build,
init chokes.
Reported-by: Anton Kolesov <akolesov@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/boot/dts/nsimosci.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arc/boot/dts/nsimosci.dts
+++ b/arch/arc/boot/dts/nsimosci.dts
@@ -20,7 +20,7 @@
/* this is for console on PGU */
/* bootargs = "console=tty0 consoleblank=0"; */
/* this is for console on serial */
- bootargs = "earlycon=uart8250,mmio32,0xc0000000,115200n8 console=ttyS0,115200n8 consoleblank=0 debug";
+ bootargs = "earlycon=uart8250,mmio32,0xc0000000,115200n8 console=tty0 console=ttyS0,115200n8 consoleblank=0 debug";
};
aliases {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 138/319] ARC: Update order of registers in KGDB to match GDB 7.5
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 137/319] ARC: [nsimosci] Allow "headless" models to boot Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 139/319] ARC: unbork FPU save/restore Greg Kroah-Hartman
` (170 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Anton Kolesov, Vineet Gupta
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anton Kolesov <Anton.Kolesov@synopsys.com>
commit ebc0c74e76cec9c4dd860eb0ca1c0b39dc63c482 upstream.
Order of registers has changed in GDB moving from 6.8 to 7.5. This patch
updates KGDB to work properly with GDB 7.5, though makes it incompatible
with 6.8.
Signed-off-by: Anton Kolesov <Anton.Kolesov@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/include/asm/kgdb.h | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
--- a/arch/arc/include/asm/kgdb.h
+++ b/arch/arc/include/asm/kgdb.h
@@ -19,7 +19,7 @@
* register API yet */
#undef DBG_MAX_REG_NUM
-#define GDB_MAX_REGS 39
+#define GDB_MAX_REGS 87
#define BREAK_INSTR_SIZE 2
#define CACHE_FLUSH_IS_SAFE 1
@@ -33,23 +33,27 @@ static inline void arch_kgdb_breakpoint(
extern void kgdb_trap(struct pt_regs *regs);
-enum arc700_linux_regnums {
+/* This is the numbering of registers according to the GDB. See GDB's
+ * arc-tdep.h for details.
+ *
+ * Registers are ordered for GDB 7.5. It is incompatible with GDB 6.8. */
+enum arc_linux_regnums {
_R0 = 0,
_R1, _R2, _R3, _R4, _R5, _R6, _R7, _R8, _R9, _R10, _R11, _R12, _R13,
_R14, _R15, _R16, _R17, _R18, _R19, _R20, _R21, _R22, _R23, _R24,
_R25, _R26,
- _BTA = 27,
- _LP_START = 28,
- _LP_END = 29,
- _LP_COUNT = 30,
- _STATUS32 = 31,
- _BLINK = 32,
- _FP = 33,
- __SP = 34,
- _EFA = 35,
- _RET = 36,
- _ORIG_R8 = 37,
- _STOP_PC = 38
+ _FP = 27,
+ __SP = 28,
+ _R30 = 30,
+ _BLINK = 31,
+ _LP_COUNT = 60,
+ _STOP_PC = 64,
+ _RET = 64,
+ _LP_START = 65,
+ _LP_END = 66,
+ _STATUS32 = 67,
+ _ECR = 76,
+ _BTA = 82,
};
#else
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 139/319] ARC: unbork FPU save/restore
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 138/319] ARC: Update order of registers in KGDB to match GDB 7.5 Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 140/319] qla_target: dont delete changed nacls Greg Kroah-Hartman
` (169 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vineet Gupta
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 52e9bae93802bd29c33be11e9e758ad7daac805f upstream.
Fixes: 2ab402dfd65d15a4b2 "ARC: make start_thread() out-of-line"
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/include/asm/arcregs.h | 8 --------
arch/arc/include/asm/processor.h | 9 +++++++++
2 files changed, 9 insertions(+), 8 deletions(-)
--- a/arch/arc/include/asm/arcregs.h
+++ b/arch/arc/include/asm/arcregs.h
@@ -191,14 +191,6 @@
#define PAGES_TO_KB(n_pages) ((n_pages) << (PAGE_SHIFT - 10))
#define PAGES_TO_MB(n_pages) (PAGES_TO_KB(n_pages) >> 10)
-#ifdef CONFIG_ARC_FPU_SAVE_RESTORE
-/* These DPFP regs need to be saved/restored across ctx-sw */
-struct arc_fpu {
- struct {
- unsigned int l, h;
- } aux_dpfp[2];
-};
-#endif
/*
***************************************************************
--- a/arch/arc/include/asm/processor.h
+++ b/arch/arc/include/asm/processor.h
@@ -20,6 +20,15 @@
#include <asm/ptrace.h>
+#ifdef CONFIG_ARC_FPU_SAVE_RESTORE
+/* These DPFP regs need to be saved/restored across ctx-sw */
+struct arc_fpu {
+ struct {
+ unsigned int l, h;
+ } aux_dpfp[2];
+};
+#endif
+
/* Arch specific stuff which needs to be saved per task.
* However these items are not so important so as to earn a place in
* struct thread_info
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 140/319] qla_target: dont delete changed nacls
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 139/319] ARC: unbork FPU save/restore Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 141/319] iser-target: Disable TX completion interrupt coalescing Greg Kroah-Hartman
` (168 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Joern Engel, Nicholas Bellinger
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joern Engel <joern@logfs.org>
commit f4c24db1b7ad0ce84409e15744d26c6f86a96840 upstream.
The code is currently riddled with "drop the hardware_lock to avoid a
deadlock" bugs that expose races. One of those races seems to expose a
valid warning in tcm_qla2xxx_clear_nacl_from_fcport_map. Add some
bandaid to it.
Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/tcm_qla2xxx.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c
+++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
@@ -757,7 +757,16 @@ static void tcm_qla2xxx_clear_nacl_from_
pr_debug("fc_rport domain: port_id 0x%06x\n", nacl->nport_id);
node = btree_remove32(&lport->lport_fcport_map, nacl->nport_id);
- WARN_ON(node && (node != se_nacl));
+ if (WARN_ON(node && (node != se_nacl))) {
+ /*
+ * The nacl no longer matches what we think it should be.
+ * Most likely a new dynamic acl has been added while
+ * someone dropped the hardware lock. It clearly is a
+ * bug elsewhere, but this bit can't make things worse.
+ */
+ btree_insert32(&lport->lport_fcport_map, nacl->nport_id,
+ node, GFP_ATOMIC);
+ }
pr_debug("Removed from fcport_map: %p for WWNN: 0x%016LX, port_id: 0x%06x\n",
se_nacl, nacl->nport_wwnn, nacl->nport_id);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 141/319] iser-target: Disable TX completion interrupt coalescing
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 140/319] qla_target: dont delete changed nacls Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 142/319] target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE Greg Kroah-Hartman
` (167 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moussa Ba, Sagi Grimberg, Nicholas Bellinger
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 0d0f660d882c1c02748ced13966a2413aa5d6cc2 upstream.
This patch explicitly disables TX completion interrupt coalescing logic
in isert_put_response() and isert_put_datain() that was originally added
as an efficiency optimization in commit 95b60f07.
It has been reported that this change can trigger ABORT_TASK timeouts
under certain small block workloads, where disabling coalescing was
required for stability. According to Sagi, this doesn't impact
overall performance, so go ahead and disable it for now.
Reported-by: Moussa Ba <moussaba@micron.com>
Reported-by: Sagi Grimberg <sagig@dev.mellanox.co.il>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -2185,7 +2185,7 @@ isert_put_response(struct iscsi_conn *co
isert_cmd->tx_desc.num_sge = 2;
}
- isert_init_send_wr(isert_conn, isert_cmd, send_wr, true);
+ isert_init_send_wr(isert_conn, isert_cmd, send_wr, false);
pr_debug("Posting SCSI Response IB_WR_SEND >>>>>>>>>>>>>>>>>>>>>>\n");
@@ -2884,7 +2884,7 @@ isert_put_datain(struct iscsi_conn *conn
&isert_cmd->tx_desc.iscsi_header);
isert_init_tx_hdrs(isert_conn, &isert_cmd->tx_desc);
isert_init_send_wr(isert_conn, isert_cmd,
- &isert_cmd->tx_desc.send_wr, true);
+ &isert_cmd->tx_desc.send_wr, false);
isert_cmd->rdma_wr.s_send_wr.next = &isert_cmd->tx_desc.send_wr;
wr->send_wr_num += 1;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 142/319] target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 141/319] iser-target: Disable TX completion interrupt coalescing Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 143/319] target: Fix APTPL metadata handling for dynamic MappedLUNs Greg Kroah-Hartman
` (166 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quinn Tran, Saurav Kashyap,
Nicholas Bellinger
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <quinn.tran@qlogic.com>
commit 082f58ac4a48d3f5cb4597232cb2ac6823a96f43 upstream.
During temporary resource starvation at lower transport layer, command
is placed on queue full retry path, which expose this problem. The TCM
queue full handling of SCF_TRANSPORT_TASK_SENSE currently sends the same
cmd twice to lower layer. The 1st time led to cmd normal free path.
The 2nd time cause Null pointer access.
This regression bug was originally introduced v3.1-rc code in the
following commit:
commit e057f53308a5f071556ee80586b99ee755bf07f5
Author: Christoph Hellwig <hch@infradead.org>
Date: Mon Oct 17 13:56:41 2011 -0400
target: remove the transport_qf_callback se_cmd callback
Signed-off-by: Quinn Tran <quinn.tran@qlogic.com>
Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/target_core_transport.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1877,8 +1877,7 @@ static void transport_complete_qf(struct
if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) {
trace_target_cmd_complete(cmd);
ret = cmd->se_tfo->queue_status(cmd);
- if (ret)
- goto out;
+ goto out;
}
switch (cmd->data_direction) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 143/319] target: Fix APTPL metadata handling for dynamic MappedLUNs
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 142/319] target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 144/319] MIPS: ptrace.h: Add a missing include Greg Kroah-Hartman
` (165 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Christie, Nicholas Bellinger
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit e24805637d2d270d7975502e9024d473de86afdb upstream.
This patch fixes a bug in handling of SPC-3 PR Activate Persistence
across Target Power Loss (APTPL) logic where re-creation of state for
MappedLUNs from dynamically generated NodeACLs did not occur during
I_T Nexus establishment.
It adds the missing core_scsi3_check_aptpl_registration() call during
core_tpg_check_initiator_node_acl() -> core_tpg_add_node_to_devs() in
order to replay any pre-loaded APTPL metadata state associated with
the newly connected SCSI Initiator Port.
Cc: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/target_core_device.c | 3 ++-
drivers/target/target_core_pr.c | 6 +++---
drivers/target/target_core_pr.h | 2 +-
drivers/target/target_core_tpg.c | 8 ++++++++
4 files changed, 14 insertions(+), 5 deletions(-)
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -1409,7 +1409,8 @@ int core_dev_add_initiator_node_lun_acl(
* Check to see if there are any existing persistent reservation APTPL
* pre-registrations that need to be enabled for this LUN ACL..
*/
- core_scsi3_check_aptpl_registration(lun->lun_se_dev, tpg, lun, lacl);
+ core_scsi3_check_aptpl_registration(lun->lun_se_dev, tpg, lun, nacl,
+ lacl->mapped_lun);
return 0;
}
--- a/drivers/target/target_core_pr.c
+++ b/drivers/target/target_core_pr.c
@@ -944,10 +944,10 @@ int core_scsi3_check_aptpl_registration(
struct se_device *dev,
struct se_portal_group *tpg,
struct se_lun *lun,
- struct se_lun_acl *lun_acl)
+ struct se_node_acl *nacl,
+ u32 mapped_lun)
{
- struct se_node_acl *nacl = lun_acl->se_lun_nacl;
- struct se_dev_entry *deve = nacl->device_list[lun_acl->mapped_lun];
+ struct se_dev_entry *deve = nacl->device_list[mapped_lun];
if (dev->dev_reservation_flags & DRF_SPC2_RESERVATIONS)
return 0;
--- a/drivers/target/target_core_pr.h
+++ b/drivers/target/target_core_pr.h
@@ -60,7 +60,7 @@ extern int core_scsi3_alloc_aptpl_regist
unsigned char *, u16, u32, int, int, u8);
extern int core_scsi3_check_aptpl_registration(struct se_device *,
struct se_portal_group *, struct se_lun *,
- struct se_lun_acl *);
+ struct se_node_acl *, u32);
extern void core_scsi3_free_pr_reg_from_nacl(struct se_device *,
struct se_node_acl *);
extern void core_scsi3_free_all_registrations(struct se_device *);
--- a/drivers/target/target_core_tpg.c
+++ b/drivers/target/target_core_tpg.c
@@ -40,6 +40,7 @@
#include <target/target_core_fabric.h>
#include "target_core_internal.h"
+#include "target_core_pr.h"
extern struct se_device *g_lun0_dev;
@@ -166,6 +167,13 @@ void core_tpg_add_node_to_devs(
core_enable_device_list_for_node(lun, NULL, lun->unpacked_lun,
lun_access, acl, tpg);
+ /*
+ * Check to see if there are any existing persistent reservation
+ * APTPL pre-registrations that need to be enabled for this dynamic
+ * LUN ACL now..
+ */
+ core_scsi3_check_aptpl_registration(dev, tpg, lun, acl,
+ lun->unpacked_lun);
spin_lock(&tpg->tpg_lun_lock);
}
spin_unlock(&tpg->tpg_lun_lock);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 144/319] MIPS: ptrace.h: Add a missing include
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 143/319] target: Fix APTPL metadata handling for dynamic MappedLUNs Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 145/319] MIPS: loongson2_cpufreq: Fix CPU clock rate setting mismerge Greg Kroah-Hartman
` (164 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aaro Koskinen, Alex Smith,
linux-mips, Ralf Baechle
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaro Koskinen <aaro.koskinen@iki.fi>
commit cdb685ad44996e9a113a10002cb42d40ff29db99 upstream.
Commit a79ebea62010 (MIPS: ptrace: Fix user pt_regs definition,
use in ptrace_{get, set}regs()) converted struct pt_regs to use __u64.
Some userspace applications (e.g. GDB) include this file directly,
and fail to see this type. Fix by including <linux/types.h>.
The patch fixes the following build failure with GDB 7.8 when using
GLIBC headers created against Linux 3.17:
In file included from /home/aaro/los/work/shared/gdb-7.8/gdb/mips-linux-nat.c:37:0:
/home/aaro/los/work/mips/rootfs/mips-linux-gnu/usr/include/asm/ptrace.h:32:2: error: unknown type name '__u64'
__u64 regs[32];
^
/home/aaro/los/work/mips/rootfs/mips-linux-gnu/usr/include/asm/ptrace.h:35:2: error: unknown type name '__u64'
__u64 lo;
^
/home/aaro/los/work/mips/rootfs/mips-linux-gnu/usr/include/asm/ptrace.h:36:2: error: unknown type name '__u64'
__u64 hi;
^
Fixes: a79ebea62010 ("MIPS: ptrace: Fix user pt_regs definition, use in ptrace_{get, set}regs()")
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Alex Smith <alex@alex-smith.me.uk>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8067/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/uapi/asm/ptrace.h | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/mips/include/uapi/asm/ptrace.h
+++ b/arch/mips/include/uapi/asm/ptrace.h
@@ -9,6 +9,8 @@
#ifndef _UAPI_ASM_PTRACE_H
#define _UAPI_ASM_PTRACE_H
+#include <linux/types.h>
+
/* 0 - 31 are integer registers, 32 - 63 are fp registers. */
#define FPR_BASE 32
#define PC 64
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 145/319] MIPS: loongson2_cpufreq: Fix CPU clock rate setting mismerge
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 144/319] MIPS: ptrace.h: Add a missing include Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 146/319] MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions Greg Kroah-Hartman
` (163 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aaro Koskinen, Rafael J. Wysocki,
linux-mips, Ralf Baechle
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaro Koskinen <aaro.koskinen@iki.fi>
commit aa08ed55442ac6f9810c055e1474be34e785e556 upstream.
During 3.16 merge window, parts of the commit 8e8acb32960f
(MIPS/loongson2_cpufreq: Fix CPU clock rate setting) seem to have
been deleted probably due to a mismerge, and as a result cpufreq
is broken again on Loongson2 boards in 3.16 and newer kernels.
Fix by repeating the fix.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/7835/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/loongson/lemote-2f/clock.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/mips/loongson/lemote-2f/clock.c
+++ b/arch/mips/loongson/lemote-2f/clock.c
@@ -91,6 +91,7 @@ EXPORT_SYMBOL(clk_put);
int clk_set_rate(struct clk *clk, unsigned long rate)
{
+ unsigned int rate_khz = rate / 1000;
struct cpufreq_frequency_table *pos;
int ret = 0;
int regval;
@@ -107,9 +108,9 @@ int clk_set_rate(struct clk *clk, unsign
propagate_rate(clk);
cpufreq_for_each_valid_entry(pos, loongson2_clockmod_table)
- if (rate == pos->frequency)
+ if (rate_khz == pos->frequency)
break;
- if (rate != pos->frequency)
+ if (rate_khz != pos->frequency)
return -ENOTSUPP;
clk->rate = rate;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 146/319] MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 145/319] MIPS: loongson2_cpufreq: Fix CPU clock rate setting mismerge Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 147/319] MIPS: ftrace: Fix a microMIPS build problem Greg Kroah-Hartman
` (162 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markos Chandras, linux-mips,
Paul Burton, James Hogan, Ralf Baechle
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markos Chandras <markos.chandras@imgtec.com>
commit a5466d7bba9af83a82cc7c081b2a7d557cde3204 upstream.
Commit 08a07904e1828 ("MIPS: math-emu: Remove most ifdefery") removed
the #ifdef ISA conditions and switched to runtime detection. However,
according to the instruction set manual, the cop1x_op instructions are
available in >=MIPS32r2 as well. This fixes a problem on MIPS32r2
with the ntpd package which failed to execute with a SIGILL exit code due
to the fact that a madd.d instruction was not being emulated.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Fixes: 08a07904e1828 ("MIPS: math-emu: Remove most ifdefery")
Cc: linux-mips@linux-mips.org
Reviewed-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: James Hogan <james.hogan@imgtec.com>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Patchwork: https://patchwork.linux-mips.org/patch/8173/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/math-emu/cp1emu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/mips/math-emu/cp1emu.c
+++ b/arch/mips/math-emu/cp1emu.c
@@ -1023,7 +1023,7 @@ emul:
goto emul;
case cop1x_op:
- if (cpu_has_mips_4_5 || cpu_has_mips64)
+ if (cpu_has_mips_4_5 || cpu_has_mips64 || cpu_has_mips32r2)
/* its one of ours */
goto emul;
@@ -1068,7 +1068,7 @@ emul:
break;
case cop1x_op:
- if (!cpu_has_mips_4_5 && !cpu_has_mips64)
+ if (!cpu_has_mips_4_5 && !cpu_has_mips64 && !cpu_has_mips32r2)
return SIGILL;
sig = fpux_emu(xcp, ctx, ir, fault_addr);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 147/319] MIPS: ftrace: Fix a microMIPS build problem
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 146/319] MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 148/319] MIPS: tlbex: Properly fix HUGE TLB Refill exception handler Greg Kroah-Hartman
` (161 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markos Chandras, linux-mips, Ralf Baechle
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markos Chandras <markos.chandras@imgtec.com>
commit aedd153f5bb5b1f1d6d9142014f521ae2ec294cc upstream.
Code before the .fixup section needs to have the .insn directive.
This has no side effects on MIPS32/64 but it affects the way microMIPS
loads the address for the return label.
Fixes the following build problem:
mips-linux-gnu-ld: arch/mips/built-in.o: .fixup+0x4a0: Unsupported jump between
ISA modes; consider recompiling with interlinking enabled.
mips-linux-gnu-ld: final link failed: Bad value
Makefile:819: recipe for target 'vmlinux' failed
The fix is similar to 1658f914ff91c3bf ("MIPS: microMIPS:
Disable LL/SC and fix linker bug.")
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8117/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/ftrace.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/mips/include/asm/ftrace.h
+++ b/arch/mips/include/asm/ftrace.h
@@ -24,7 +24,7 @@ do { \
asm volatile ( \
"1: " load " %[tmp_dst], 0(%[tmp_src])\n" \
" li %[tmp_err], 0\n" \
- "2:\n" \
+ "2: .insn\n" \
\
".section .fixup, \"ax\"\n" \
"3: li %[tmp_err], 1\n" \
@@ -46,7 +46,7 @@ do { \
asm volatile ( \
"1: " store " %[tmp_src], 0(%[tmp_dst])\n"\
" li %[tmp_err], 0\n" \
- "2:\n" \
+ "2: .insn\n" \
\
".section .fixup, \"ax\"\n" \
"3: li %[tmp_err], 1\n" \
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 148/319] MIPS: tlbex: Properly fix HUGE TLB Refill exception handler
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 147/319] MIPS: ftrace: Fix a microMIPS build problem Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 150/319] jbd2: free bh when descriptor block checksum fails Greg Kroah-Hartman
` (160 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Daney, Huacai Chen,
Fuxin Zhang, Zhangjin Wu, linux-mips, Ralf Baechle
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Daney <david.daney@cavium.com>
commit 9e0f162a36914937a937358fcb45e0609ef2bfc4 upstream.
In commit 8393c524a25609 (MIPS: tlbex: Fix a missing statement for
HUGETLB), the TLB Refill handler was fixed so that non-OCTEON targets
would work properly with huge pages. The change was incorrect in that
it broke the OCTEON case.
The problem is shown here:
xxx0: df7a0000 ld k0,0(k1)
.
.
.
xxxc0: df610000 ld at,0(k1)
xxxc4: 335a0ff0 andi k0,k0,0xff0
xxxc8: e825ffcd bbit1 at,0x5,0x0
xxxcc: 003ad82d daddu k1,at,k0
.
.
.
In the non-octeon case there is a destructive test for the huge PTE
bit, and then at 0, $k0 is reloaded (that is what the 8393c524a25609
patch added).
In the octeon case, we modify k1 in the branch delay slot, but we
never need k0 again, so the new load is not needed, but since k1 is
modified, if we do the load, we load from a garbage location and then
get a nested TLB Refill, which is seen in userspace as either SIGBUS
or SIGSEGV (depending on the garbage).
The real fix is to only do this reloading if it is needed, and never
where it is harmful.
Signed-off-by: David Daney <david.daney@cavium.com>
Cc: Huacai Chen <chenhc@lemote.com>
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8151/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/mm/tlbex.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/arch/mips/mm/tlbex.c
+++ b/arch/mips/mm/tlbex.c
@@ -1062,6 +1062,7 @@ static void build_update_entries(u32 **p
struct mips_huge_tlb_info {
int huge_pte;
int restore_scratch;
+ bool need_reload_pte;
};
static struct mips_huge_tlb_info
@@ -1076,6 +1077,7 @@ build_fast_tlb_refill_handler (u32 **p,
rv.huge_pte = scratch;
rv.restore_scratch = 0;
+ rv.need_reload_pte = false;
if (check_for_high_segbits) {
UASM_i_MFC0(p, tmp, C0_BADVADDR);
@@ -1264,6 +1266,7 @@ static void build_r4000_tlb_refill_handl
} else {
htlb_info.huge_pte = K0;
htlb_info.restore_scratch = 0;
+ htlb_info.need_reload_pte = true;
vmalloc_mode = refill_noscratch;
/*
* create the plain linear handler
@@ -1300,7 +1303,8 @@ static void build_r4000_tlb_refill_handl
}
#ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
uasm_l_tlb_huge_update(&l, p);
- UASM_i_LW(&p, K0, 0, K1);
+ if (htlb_info.need_reload_pte)
+ UASM_i_LW(&p, htlb_info.huge_pte, 0, K1);
build_huge_update_entries(&p, htlb_info.huge_pte, K1);
build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random,
htlb_info.restore_scratch);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 150/319] jbd2: free bh when descriptor block checksum fails
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 148/319] MIPS: tlbex: Properly fix HUGE TLB Refill exception handler Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 151/319] ext4: check EA value offset when loading Greg Kroah-Hartman
` (159 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Theodore Tso, Eric Sandeen
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit 064d83892e9ba547f7d4eae22cbca066d95210ce upstream.
Free the buffer head if the journal descriptor block fails checksum
verification.
This is the jbd2 port of the e2fsprogs patch "e2fsck: free bh on csum
verify error in do_one_pass".
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/recovery.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/jbd2/recovery.c
+++ b/fs/jbd2/recovery.c
@@ -525,6 +525,7 @@ static int do_one_pass(journal_t *journa
!jbd2_descr_block_csum_verify(journal,
bh->b_data)) {
err = -EIO;
+ brelse(bh);
goto failed;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 151/319] ext4: check EA value offset when loading
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 150/319] jbd2: free bh when descriptor block checksum fails Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 152/319] ext4: dont check quota format when there are no quota files Greg Kroah-Hartman
` (158 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit a0626e75954078cfacddb00a4545dde821170bc5 upstream.
When loading extended attributes, check each entry's value offset to
make sure it doesn't collide with the entries.
Without this check it is easy to crash the kernel by mounting a
malicious FS containing a file with an EA wherein e_value_offs = 0 and
e_value_size > 0 and then deleting the EA, which corrupts the name
list.
(See the f_ea_value_crash test's FS image in e2fsprogs for an example.)
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.c | 32 ++++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -190,14 +190,28 @@ ext4_listxattr(struct dentry *dentry, ch
}
static int
-ext4_xattr_check_names(struct ext4_xattr_entry *entry, void *end)
+ext4_xattr_check_names(struct ext4_xattr_entry *entry, void *end,
+ void *value_start)
{
- while (!IS_LAST_ENTRY(entry)) {
- struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(entry);
+ struct ext4_xattr_entry *e = entry;
+
+ while (!IS_LAST_ENTRY(e)) {
+ struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e);
if ((void *)next >= end)
return -EIO;
- entry = next;
+ e = next;
}
+
+ while (!IS_LAST_ENTRY(entry)) {
+ if (entry->e_value_size != 0 &&
+ (value_start + le16_to_cpu(entry->e_value_offs) <
+ (void *)e + sizeof(__u32) ||
+ value_start + le16_to_cpu(entry->e_value_offs) +
+ le32_to_cpu(entry->e_value_size) > end))
+ return -EIO;
+ entry = EXT4_XATTR_NEXT(entry);
+ }
+
return 0;
}
@@ -214,7 +228,8 @@ ext4_xattr_check_block(struct inode *ino
return -EIO;
if (!ext4_xattr_block_csum_verify(inode, bh->b_blocknr, BHDR(bh)))
return -EIO;
- error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size);
+ error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size,
+ bh->b_data);
if (!error)
set_buffer_verified(bh);
return error;
@@ -331,7 +346,7 @@ ext4_xattr_ibody_get(struct inode *inode
header = IHDR(inode, raw_inode);
entry = IFIRST(header);
end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
- error = ext4_xattr_check_names(entry, end);
+ error = ext4_xattr_check_names(entry, end, entry);
if (error)
goto cleanup;
error = ext4_xattr_find_entry(&entry, name_index, name,
@@ -463,7 +478,7 @@ ext4_xattr_ibody_list(struct dentry *den
raw_inode = ext4_raw_inode(&iloc);
header = IHDR(inode, raw_inode);
end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
- error = ext4_xattr_check_names(IFIRST(header), end);
+ error = ext4_xattr_check_names(IFIRST(header), end, IFIRST(header));
if (error)
goto cleanup;
error = ext4_xattr_list_entries(dentry, IFIRST(header),
@@ -986,7 +1001,8 @@ int ext4_xattr_ibody_find(struct inode *
is->s.here = is->s.first;
is->s.end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
if (ext4_test_inode_state(inode, EXT4_STATE_XATTR)) {
- error = ext4_xattr_check_names(IFIRST(header), is->s.end);
+ error = ext4_xattr_check_names(IFIRST(header), is->s.end,
+ IFIRST(header));
if (error)
return error;
/* Find the named attribute. */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 152/319] ext4: dont check quota format when there are no quota files
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 151/319] ext4: check EA value offset when loading Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 153/319] ext4: fix mmap data corruption when blocksize < pagesize Greg Kroah-Hartman
` (157 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 279bf6d390933d5353ab298fcc306c391a961469 upstream.
The check whether quota format is set even though there are no
quota files with journalled quota is pointless and it actually
makes it impossible to turn off journalled quotas (as there's
no way to unset journalled quota format). Just remove the check.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 7 -------
1 file changed, 7 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1712,13 +1712,6 @@ static int parse_options(char *options,
"not specified");
return 0;
}
- } else {
- if (sbi->s_jquota_fmt) {
- ext4_msg(sb, KERN_ERR, "journaled quota format "
- "specified with no journaling "
- "enabled");
- return 0;
- }
}
#endif
if (test_opt(sb, DIOREAD_NOLOCK)) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 153/319] ext4: fix mmap data corruption when blocksize < pagesize
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 152/319] ext4: dont check quota format when there are no quota files Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 154/319] ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
` (156 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit d6320cbfc92910a3e5f10c42d98c231c98db4f60 upstream.
Use truncate_isize_extended() when hole is being created in a file so that
->page_mkwrite() will get called for the partial tail page if it is
mmaped (see the first patch in the series for details).
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4536,8 +4536,12 @@ int ext4_setattr(struct dentry *dentry,
ext4_orphan_del(NULL, inode);
goto err_out;
}
- } else
+ } else {
+ loff_t oldsize = inode->i_size;
+
i_size_write(inode, attr->ia_size);
+ pagecache_isize_extended(inode, oldsize, inode->i_size);
+ }
/*
* Blocks are going to be removed from the inode. Wait
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 154/319] ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 153/319] ext4: fix mmap data corruption when blocksize < pagesize Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 155/319] ext4: add ext4_iget_normal() which is to be used for dir tree lookups Greg Kroah-Hartman
` (155 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Dmitry Monakhov, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Monakhov <dmonakhov@openvz.org>
commit 3e67cfad22230ebed85c56cbe413876f33fea82b upstream.
Otherwise this provokes complain like follows:
WARNING: CPU: 12 PID: 5795 at fs/ext4/ext4_jbd2.c:48 ext4_journal_check_start+0x4e/0xa0()
Modules linked in: brd iTCO_wdt lpc_ich mfd_core igb ptp dm_mirror dm_region_hash dm_log dm_mod
CPU: 12 PID: 5795 Comm: python Not tainted 3.17.0-rc2-00175-gae5344f #158
Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.99.99.x028.061320111235 06/13/2011
0000000000000030 ffff8808116cfd28 ffffffff815c7dfc 0000000000000030
0000000000000000 ffff8808116cfd68 ffffffff8106ce8c ffff8808116cfdc8
ffff880813b16000 ffff880806ad6ae8 ffffffff81202008 0000000000000000
Call Trace:
[<ffffffff815c7dfc>] dump_stack+0x51/0x6d
[<ffffffff8106ce8c>] warn_slowpath_common+0x8c/0xc0
[<ffffffff81202008>] ? ext4_ioctl+0x9e8/0xeb0
[<ffffffff8106ceda>] warn_slowpath_null+0x1a/0x20
[<ffffffff8122867e>] ext4_journal_check_start+0x4e/0xa0
[<ffffffff81228c10>] __ext4_journal_start_sb+0x90/0x110
[<ffffffff81202008>] ext4_ioctl+0x9e8/0xeb0
[<ffffffff8107b0bd>] ? ptrace_stop+0x24d/0x2f0
[<ffffffff81088530>] ? alloc_pid+0x480/0x480
[<ffffffff8107b1f2>] ? ptrace_do_notify+0x92/0xb0
[<ffffffff81186545>] do_vfs_ioctl+0x4e5/0x550
[<ffffffff815cdbcb>] ? _raw_spin_unlock_irq+0x2b/0x40
[<ffffffff81186603>] SyS_ioctl+0x53/0x80
[<ffffffff815ce2ce>] tracesys+0xd0/0xd5
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ioctl.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -532,9 +532,17 @@ group_add_out:
}
case EXT4_IOC_SWAP_BOOT:
+ {
+ int err;
if (!(filp->f_mode & FMODE_WRITE))
return -EBADF;
- return swap_inode_boot_loader(sb, inode);
+ err = mnt_want_write_file(filp);
+ if (err)
+ return err;
+ err = swap_inode_boot_loader(sb, inode);
+ mnt_drop_write_file(filp);
+ return err;
+ }
case EXT4_IOC_RESIZE_FS: {
ext4_fsblk_t n_blocks_count;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 155/319] ext4: add ext4_iget_normal() which is to be used for dir tree lookups
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 154/319] ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 156/319] ext4: dont orphan or truncate the boot loader inode Greg Kroah-Hartman
` (154 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sami Liedes, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit f4bb2981024fc91b23b4d09a8817c415396dbabb upstream.
If there is a corrupted file system which has directory entries that
point at reserved, metadata inodes, prohibit them from being used by
treating them the same way we treat Boot Loader inodes --- that is,
mark them to be bad inodes. This prohibits them from being opened,
deleted, or modified via chmod, chown, utimes, etc.
In particular, this prevents a corrupted file system which has a
directory entry which points at the journal inode from being deleted
and its blocks released, after which point Much Hilarity Ensues.
Reported-by: Sami Liedes <sami.liedes@iki.fi>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ext4.h | 1 +
fs/ext4/inode.c | 7 +++++++
fs/ext4/namei.c | 4 ++--
fs/ext4/super.c | 2 +-
4 files changed, 11 insertions(+), 3 deletions(-)
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -2109,6 +2109,7 @@ int do_journal_get_write_access(handle_t
#define CONVERT_INLINE_DATA 2
extern struct inode *ext4_iget(struct super_block *, unsigned long);
+extern struct inode *ext4_iget_normal(struct super_block *, unsigned long);
extern int ext4_write_inode(struct inode *, struct writeback_control *);
extern int ext4_setattr(struct dentry *, struct iattr *);
extern int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry,
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4127,6 +4127,13 @@ bad_inode:
return ERR_PTR(ret);
}
+struct inode *ext4_iget_normal(struct super_block *sb, unsigned long ino)
+{
+ if (ino < EXT4_FIRST_INO(sb) && ino != EXT4_ROOT_INO)
+ return ERR_PTR(-EIO);
+ return ext4_iget(sb, ino);
+}
+
static int ext4_inode_blocks_set(handle_t *handle,
struct ext4_inode *raw_inode,
struct ext4_inode_info *ei)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1441,7 +1441,7 @@ static struct dentry *ext4_lookup(struct
dentry);
return ERR_PTR(-EIO);
}
- inode = ext4_iget(dir->i_sb, ino);
+ inode = ext4_iget_normal(dir->i_sb, ino);
if (inode == ERR_PTR(-ESTALE)) {
EXT4_ERROR_INODE(dir,
"deleted inode referenced: %u",
@@ -1474,7 +1474,7 @@ struct dentry *ext4_get_parent(struct de
return ERR_PTR(-EIO);
}
- return d_obtain_alias(ext4_iget(child->d_inode->i_sb, ino));
+ return d_obtain_alias(ext4_iget_normal(child->d_inode->i_sb, ino));
}
/*
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1002,7 +1002,7 @@ static struct inode *ext4_nfs_get_inode(
* Currently we don't know the generation for parent directory, so
* a generation of 0 means "accept any"
*/
- inode = ext4_iget(sb, ino);
+ inode = ext4_iget_normal(sb, ino);
if (IS_ERR(inode))
return ERR_CAST(inode);
if (generation && inode->i_generation != generation) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 156/319] ext4: dont orphan or truncate the boot loader inode
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 155/319] ext4: add ext4_iget_normal() which is to be used for dir tree lookups Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 157/319] ext4: fix reservation overflow in ext4_da_write_begin Greg Kroah-Hartman
` (153 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sami Liedes, Jan Kara, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit e2bfb088fac03c0f621886a04cffc7faa2b49b1d upstream.
The boot loader inode (inode #5) should never be visible in the
directory hierarchy, but it's possible if the file system is corrupted
that there will be a directory entry that points at inode #5. In
order to avoid accidentally trashing it, when such a directory inode
is opened, the inode will be marked as a bad inode, so that it's not
possible to modify (or read) the inode from userspace.
Unfortunately, when we unlink this (invalid/illegal) directory entry,
we will put the bad inode on the ophan list, and then when try to
unlink the directory, we don't actually remove the bad inode from the
orphan list before freeing in-memory inode structure. This means the
in-memory orphan list is corrupted, leading to a kernel oops.
In addition, avoid truncating a bad inode in ext4_destroy_inode(),
since truncating the boot loader inode is not a smart thing to do.
Reported-by: Sami Liedes <sami.liedes@iki.fi>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 7 +++----
fs/ext4/namei.c | 2 +-
2 files changed, 4 insertions(+), 5 deletions(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -224,16 +224,15 @@ void ext4_evict_inode(struct inode *inod
goto no_delete;
}
- if (!is_bad_inode(inode))
- dquot_initialize(inode);
+ if (is_bad_inode(inode))
+ goto no_delete;
+ dquot_initialize(inode);
if (ext4_should_order_data(inode))
ext4_begin_ordered_truncate(inode, 0);
truncate_inode_pages_final(&inode->i_data);
WARN_ON(atomic_read(&EXT4_I(inode)->i_ioend_count));
- if (is_bad_inode(inode))
- goto no_delete;
/*
* Protect us against freezing - iput() caller didn't have to have any
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2573,7 +2573,7 @@ int ext4_orphan_add(handle_t *handle, st
int err = 0, rc;
bool dirty = false;
- if (!sbi->s_journal)
+ if (!sbi->s_journal || is_bad_inode(inode))
return 0;
WARN_ON_ONCE(!(inode->i_state & (I_NEW | I_FREEING)) &&
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 157/319] ext4: fix reservation overflow in ext4_da_write_begin
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 156/319] ext4: dont orphan or truncate the boot loader inode Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 158/319] ext4: Replace open coded mdata csum feature to helper function Greg Kroah-Hartman
` (152 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Sandeen, Theodore Tso, Andreas Dilger
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Sandeen <sandeen@redhat.com>
commit 0ff8947fc5f700172b37cbca811a38eb9cb81e08 upstream.
Delalloc write journal reservations only reserve 1 credit,
to update the inode if necessary. However, it may happen
once in a filesystem's lifetime that a file will cross
the 2G threshold, and require the LARGE_FILE feature to
be set in the superblock as well, if it was not set already.
This overruns the transaction reservation, and can be
demonstrated simply on any ext4 filesystem without the LARGE_FILE
feature already set:
dd if=/dev/zero of=testfile bs=1 seek=2147483646 count=1 \
conv=notrunc of=testfile
sync
dd if=/dev/zero of=testfile bs=1 seek=2147483647 count=1 \
conv=notrunc of=testfile
leads to:
EXT4-fs: ext4_do_update_inode:4296: aborting transaction: error 28 in __ext4_handle_dirty_super
EXT4-fs error (device loop0) in ext4_do_update_inode:4301: error 28
EXT4-fs error (device loop0) in ext4_reserve_inode_write:4757: Readonly filesystem
EXT4-fs error (device loop0) in ext4_dirty_inode:4876: error 28
EXT4-fs error (device loop0) in ext4_da_write_end:2685: error 28
Adjust the number of credits based on whether the flag is
already set, and whether the current write may extend past the
LARGE_FILE limit.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -2514,6 +2514,20 @@ static int ext4_nonda_switch(struct supe
return 0;
}
+/* We always reserve for an inode update; the superblock could be there too */
+static int ext4_da_write_credits(struct inode *inode, loff_t pos, unsigned len)
+{
+ if (likely(EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
+ EXT4_FEATURE_RO_COMPAT_LARGE_FILE)))
+ return 1;
+
+ if (pos + len <= 0x7fffffffULL)
+ return 1;
+
+ /* We might need to update the superblock to set LARGE_FILE */
+ return 2;
+}
+
static int ext4_da_write_begin(struct file *file, struct address_space *mapping,
loff_t pos, unsigned len, unsigned flags,
struct page **pagep, void **fsdata)
@@ -2564,7 +2578,8 @@ retry_grab:
* of file which has an already mapped buffer.
*/
retry_journal:
- handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE, 1);
+ handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE,
+ ext4_da_write_credits(inode, pos, len));
if (IS_ERR(handle)) {
page_cache_release(page);
return PTR_ERR(handle);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 158/319] ext4: Replace open coded mdata csum feature to helper function
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 157/319] ext4: fix reservation overflow in ext4_da_write_begin Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 159/319] ext4: move error report out of atomic context in ext4_init_block_bitmap() Greg Kroah-Hartman
` (151 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Monakhov, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Monakhov <dmonakhov@openvz.org>
commit 9aa5d32ba269bec0e7eaba2697a986a7b0bc8528 upstream.
Besides the fact that this replacement improves code readability
it also protects from errors caused direct EXT4_S(sb)->s_es manipulation
which may result attempt to use uninitialized csum machinery.
#Testcase_BEGIN
IMG=/dev/ram0
MNT=/mnt
mkfs.ext4 $IMG
mount $IMG $MNT
#Enable feature directly on disk, on mounted fs
tune2fs -O metadata_csum $IMG
# Provoke metadata update, likey result in OOPS
touch $MNT/test
umount $MNT
#Testcase_END
# Replacement script
@@
expression E;
@@
- EXT4_HAS_RO_COMPAT_FEATURE(E, EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)
+ ext4_has_metadata_csum(E)
https://bugzilla.kernel.org/show_bug.cgi?id=82201
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/bitmap.c | 12 ++++--------
fs/ext4/ext4.h | 8 ++++++++
fs/ext4/extents.c | 6 ++----
fs/ext4/ialloc.c | 3 +--
fs/ext4/inline.c | 3 +--
fs/ext4/inode.c | 9 +++------
fs/ext4/ioctl.c | 3 +--
fs/ext4/mmp.c | 6 ++----
fs/ext4/namei.c | 39 +++++++++++++--------------------------
fs/ext4/resize.c | 3 +--
fs/ext4/super.c | 15 +++++----------
fs/ext4/xattr.c | 6 ++----
12 files changed, 43 insertions(+), 70 deletions(-)
--- a/fs/ext4/bitmap.c
+++ b/fs/ext4/bitmap.c
@@ -24,8 +24,7 @@ int ext4_inode_bitmap_csum_verify(struct
__u32 provided, calculated;
struct ext4_sb_info *sbi = EXT4_SB(sb);
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return 1;
provided = le16_to_cpu(gdp->bg_inode_bitmap_csum_lo);
@@ -46,8 +45,7 @@ void ext4_inode_bitmap_csum_set(struct s
__u32 csum;
struct ext4_sb_info *sbi = EXT4_SB(sb);
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return;
csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)bh->b_data, sz);
@@ -65,8 +63,7 @@ int ext4_block_bitmap_csum_verify(struct
struct ext4_sb_info *sbi = EXT4_SB(sb);
int sz = EXT4_CLUSTERS_PER_GROUP(sb) / 8;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return 1;
provided = le16_to_cpu(gdp->bg_block_bitmap_csum_lo);
@@ -91,8 +88,7 @@ void ext4_block_bitmap_csum_set(struct s
__u32 csum;
struct ext4_sb_info *sbi = EXT4_SB(sb);
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return;
csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)bh->b_data, sz);
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -2337,6 +2337,14 @@ static inline int ext4_has_group_desc_cs
EXT4_FEATURE_RO_COMPAT_METADATA_CSUM);
}
+static inline int ext4_has_metadata_csum(struct super_block *sb)
+{
+ WARN_ON_ONCE(EXT4_HAS_RO_COMPAT_FEATURE(sb,
+ EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) &&
+ !EXT4_SB(sb)->s_chksum_driver);
+
+ return (EXT4_SB(sb)->s_chksum_driver != NULL);
+}
static inline ext4_fsblk_t ext4_blocks_count(struct ext4_super_block *es)
{
return ((ext4_fsblk_t)le32_to_cpu(es->s_blocks_count_hi) << 32) |
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -73,8 +73,7 @@ static int ext4_extent_block_csum_verify
{
struct ext4_extent_tail *et;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(inode->i_sb))
return 1;
et = find_ext4_extent_tail(eh);
@@ -88,8 +87,7 @@ static void ext4_extent_block_csum_set(s
{
struct ext4_extent_tail *et;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(inode->i_sb))
return;
et = find_ext4_extent_tail(eh);
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -1011,8 +1011,7 @@ got:
spin_unlock(&sbi->s_next_gen_lock);
/* Precompute checksum seed for inode metadata */
- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
+ if (ext4_has_metadata_csum(sb)) {
__u32 csum;
__le32 inum = cpu_to_le32(inode->i_ino);
__le32 gen = cpu_to_le32(inode->i_generation);
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -1126,8 +1126,7 @@ static int ext4_finish_convert_inline_di
memcpy((void *)de, buf + EXT4_INLINE_DOTDOT_SIZE,
inline_size - EXT4_INLINE_DOTDOT_SIZE);
- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(inode->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
inode->i_size = inode->i_sb->s_blocksize;
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -83,8 +83,7 @@ static int ext4_inode_csum_verify(struct
if (EXT4_SB(inode->i_sb)->s_es->s_creator_os !=
cpu_to_le32(EXT4_OS_LINUX) ||
- !EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ !ext4_has_metadata_csum(inode->i_sb))
return 1;
provided = le16_to_cpu(raw->i_checksum_lo);
@@ -105,8 +104,7 @@ static void ext4_inode_csum_set(struct i
if (EXT4_SB(inode->i_sb)->s_es->s_creator_os !=
cpu_to_le32(EXT4_OS_LINUX) ||
- !EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ !ext4_has_metadata_csum(inode->i_sb))
return;
csum = ext4_inode_csum(inode, raw, ei);
@@ -3950,8 +3948,7 @@ struct inode *ext4_iget(struct super_blo
ei->i_extra_isize = 0;
/* Precompute checksum seed for inode metadata */
- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
+ if (ext4_has_metadata_csum(sb)) {
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
__u32 csum;
__le32 inum = cpu_to_le32(inode->i_ino);
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -331,8 +331,7 @@ flags_out:
if (!inode_owner_or_capable(inode))
return -EPERM;
- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
+ if (ext4_has_metadata_csum(inode->i_sb)) {
ext4_warning(sb, "Setting inode version is not "
"supported with metadata_csum enabled.");
return -ENOTTY;
--- a/fs/ext4/mmp.c
+++ b/fs/ext4/mmp.c
@@ -20,8 +20,7 @@ static __le32 ext4_mmp_csum(struct super
static int ext4_mmp_csum_verify(struct super_block *sb, struct mmp_struct *mmp)
{
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return 1;
return mmp->mmp_checksum == ext4_mmp_csum(sb, mmp);
@@ -29,8 +28,7 @@ static int ext4_mmp_csum_verify(struct s
static void ext4_mmp_csum_set(struct super_block *sb, struct mmp_struct *mmp)
{
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return;
mmp->mmp_checksum = ext4_mmp_csum(sb, mmp);
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -124,8 +124,7 @@ static struct buffer_head *__ext4_read_d
"directory leaf block found instead of index block");
return ERR_PTR(-EIO);
}
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) ||
+ if (!ext4_has_metadata_csum(inode->i_sb) ||
buffer_verified(bh))
return bh;
@@ -340,8 +339,7 @@ int ext4_dirent_csum_verify(struct inode
{
struct ext4_dir_entry_tail *t;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(inode->i_sb))
return 1;
t = get_dirent_tail(inode, dirent);
@@ -362,8 +360,7 @@ static void ext4_dirent_csum_set(struct
{
struct ext4_dir_entry_tail *t;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(inode->i_sb))
return;
t = get_dirent_tail(inode, dirent);
@@ -438,8 +435,7 @@ static int ext4_dx_csum_verify(struct in
struct dx_tail *t;
int count_offset, limit, count;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(inode->i_sb))
return 1;
c = get_dx_countlimit(inode, dirent, &count_offset);
@@ -468,8 +464,7 @@ static void ext4_dx_csum_set(struct inod
struct dx_tail *t;
int count_offset, limit, count;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(inode->i_sb))
return;
c = get_dx_countlimit(inode, dirent, &count_offset);
@@ -557,8 +552,7 @@ static inline unsigned dx_root_limit(str
unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(1) -
EXT4_DIR_REC_LEN(2) - infosize;
- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(dir->i_sb))
entry_space -= sizeof(struct dx_tail);
return entry_space / sizeof(struct dx_entry);
}
@@ -567,8 +561,7 @@ static inline unsigned dx_node_limit(str
{
unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(0);
- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(dir->i_sb))
entry_space -= sizeof(struct dx_tail);
return entry_space / sizeof(struct dx_entry);
}
@@ -1548,8 +1541,7 @@ static struct ext4_dir_entry_2 *do_split
int csum_size = 0;
int err = 0, i;
- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(dir->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
bh2 = ext4_append(handle, dir, &newblock);
@@ -1718,8 +1710,7 @@ static int add_dirent_to_buf(handle_t *h
int csum_size = 0;
int err;
- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(inode->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
if (!de) {
@@ -1786,8 +1777,7 @@ static int make_indexed_dir(handle_t *ha
struct fake_dirent *fde;
int csum_size = 0;
- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(inode->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
blocksize = dir->i_sb->s_blocksize;
@@ -1904,8 +1894,7 @@ static int ext4_add_entry(handle_t *hand
ext4_lblk_t block, blocks;
int csum_size = 0;
- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(inode->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
sb = dir->i_sb;
@@ -2167,8 +2156,7 @@ static int ext4_delete_entry(handle_t *h
return err;
}
- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(dir->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
BUFFER_TRACE(bh, "get_write_access");
@@ -2387,8 +2375,7 @@ static int ext4_init_new_dir(handle_t *h
int csum_size = 0;
int err;
- if (EXT4_HAS_RO_COMPAT_FEATURE(dir->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(dir->i_sb))
csum_size = sizeof(struct ext4_dir_entry_tail);
if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1212,8 +1212,7 @@ static int ext4_set_bitmap_checksums(str
{
struct buffer_head *bh;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return 0;
bh = ext4_get_bitmap(sb, group_data->inode_bitmap);
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -141,8 +141,7 @@ static __le32 ext4_superblock_csum(struc
static int ext4_superblock_csum_verify(struct super_block *sb,
struct ext4_super_block *es)
{
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return 1;
return es->s_checksum == ext4_superblock_csum(sb, es);
@@ -152,8 +151,7 @@ void ext4_superblock_csum_set(struct sup
{
struct ext4_super_block *es = EXT4_SB(sb)->s_es;
- if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(sb))
return;
es->s_checksum = ext4_superblock_csum(sb, es);
@@ -2009,8 +2007,7 @@ static __le16 ext4_group_desc_csum(struc
__u16 crc = 0;
__le32 le_group = cpu_to_le32(block_group);
- if ((sbi->s_es->s_feature_ro_compat &
- cpu_to_le32(EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))) {
+ if (ext4_has_metadata_csum(sbi->s_sb)) {
/* Use new metadata_csum algorithm */
__le16 save_csum;
__u32 csum32;
@@ -3172,8 +3169,7 @@ static int set_journal_csum_feature_set(
int compat, incompat;
struct ext4_sb_info *sbi = EXT4_SB(sb);
- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
+ if (ext4_has_metadata_csum(sb)) {
/* journal checksum v3 */
compat = 0;
incompat = JBD2_FEATURE_INCOMPAT_CSUM_V3;
@@ -3480,8 +3476,7 @@ static int ext4_fill_super(struct super_
}
/* Precompute checksum seed for all metadata */
- if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (ext4_has_metadata_csum(sb))
sbi->s_csum_seed = ext4_chksum(sbi, ~0, es->s_uuid,
sizeof(es->s_uuid));
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -142,8 +142,7 @@ static int ext4_xattr_block_csum_verify(
sector_t block_nr,
struct ext4_xattr_header *hdr)
{
- if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) &&
+ if (ext4_has_metadata_csum(inode->i_sb) &&
(hdr->h_checksum != ext4_xattr_block_csum(inode, block_nr, hdr)))
return 0;
return 1;
@@ -153,8 +152,7 @@ static void ext4_xattr_block_csum_set(st
sector_t block_nr,
struct ext4_xattr_header *hdr)
{
- if (!EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM))
+ if (!ext4_has_metadata_csum(inode->i_sb))
return;
hdr->h_checksum = ext4_xattr_block_csum(inode, block_nr, hdr);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 159/319] ext4: move error report out of atomic context in ext4_init_block_bitmap()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 158/319] ext4: Replace open coded mdata csum feature to helper function Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 160/319] ext4: check s_chksum_driver when looking for bg csum presence Greg Kroah-Hartman
` (150 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Monakhov, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Monakhov <dmonakhov@openvz.org>
commit aef4885ae14f1df75b58395c5314d71f613d26d9 upstream.
Error report likely result in IO so it is bad idea to do it from
atomic context.
This patch should fix following issue:
BUG: sleeping function called from invalid context at include/linux/buffer_head.h:349
in_atomic(): 1, irqs_disabled(): 0, pid: 137, name: kworker/u128:1
5 locks held by kworker/u128:1/137:
#0: ("writeback"){......}, at: [<ffffffff81085618>] process_one_work+0x228/0x4d0
#1: ((&(&wb->dwork)->work)){......}, at: [<ffffffff81085618>] process_one_work+0x228/0x4d0
#2: (jbd2_handle){......}, at: [<ffffffff81242622>] start_this_handle+0x712/0x7b0
#3: (&ei->i_data_sem){......}, at: [<ffffffff811fa387>] ext4_map_blocks+0x297/0x430
#4: (&(&bgl->locks[i].lock)->rlock){......}, at: [<ffffffff811f3180>] ext4_read_block_bitmap_nowait+0x5d0/0x630
CPU: 3 PID: 137 Comm: kworker/u128:1 Not tainted 3.17.0-rc2-00184-g82752e4 #165
Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.99.99.x028.061320111235 06/13/2011
Workqueue: writeback bdi_writeback_workfn (flush-1:0)
0000000000000411 ffff880813777288 ffffffff815c7fdc ffff880813777288
ffff880813a8bba0 ffff8808137772a8 ffffffff8108fb30 ffff880803e01e38
ffff880803e01e38 ffff8808137772c8 ffffffff811a8d53 ffff88080ecc6000
Call Trace:
[<ffffffff815c7fdc>] dump_stack+0x51/0x6d
[<ffffffff8108fb30>] __might_sleep+0xf0/0x100
[<ffffffff811a8d53>] __sync_dirty_buffer+0x43/0xe0
[<ffffffff811a8e03>] sync_dirty_buffer+0x13/0x20
[<ffffffff8120f581>] ext4_commit_super+0x1d1/0x230
[<ffffffff8120fa03>] save_error_info+0x23/0x30
[<ffffffff8120fd06>] __ext4_error+0xb6/0xd0
[<ffffffff8120f260>] ? ext4_group_desc_csum+0x140/0x190
[<ffffffff811f2d8c>] ext4_read_block_bitmap_nowait+0x1dc/0x630
[<ffffffff8122e23a>] ext4_mb_init_cache+0x21a/0x8f0
[<ffffffff8113ae95>] ? lru_cache_add+0x55/0x60
[<ffffffff8112e16c>] ? add_to_page_cache_lru+0x6c/0x80
[<ffffffff8122eaa0>] ext4_mb_init_group+0x190/0x280
[<ffffffff8122ec51>] ext4_mb_good_group+0xc1/0x190
[<ffffffff8123309a>] ext4_mb_regular_allocator+0x17a/0x410
[<ffffffff8122c821>] ? ext4_mb_use_preallocated+0x31/0x380
[<ffffffff81233535>] ? ext4_mb_new_blocks+0x205/0x8e0
[<ffffffff8116ed5c>] ? kmem_cache_alloc+0xfc/0x180
[<ffffffff812335b0>] ext4_mb_new_blocks+0x280/0x8e0
[<ffffffff8116f2c4>] ? __kmalloc+0x144/0x1c0
[<ffffffff81221797>] ? ext4_find_extent+0x97/0x320
[<ffffffff812257f4>] ext4_ext_map_blocks+0xbc4/0x1050
[<ffffffff811fa387>] ? ext4_map_blocks+0x297/0x430
[<ffffffff811fa3ab>] ext4_map_blocks+0x2bb/0x430
[<ffffffff81200e43>] ? ext4_init_io_end+0x23/0x50
[<ffffffff811feb44>] ext4_writepages+0x564/0xaf0
[<ffffffff815cde3b>] ? _raw_spin_unlock+0x2b/0x40
[<ffffffff810ac7bd>] ? lock_release_non_nested+0x2fd/0x3c0
[<ffffffff811a009e>] ? writeback_sb_inodes+0x10e/0x490
[<ffffffff811a009e>] ? writeback_sb_inodes+0x10e/0x490
[<ffffffff811377e3>] do_writepages+0x23/0x40
[<ffffffff8119c8ce>] __writeback_single_inode+0x9e/0x280
[<ffffffff811a026b>] writeback_sb_inodes+0x2db/0x490
[<ffffffff811a0664>] wb_writeback+0x174/0x2d0
[<ffffffff810ac359>] ? lock_release_holdtime+0x29/0x190
[<ffffffff811a0863>] wb_do_writeback+0xa3/0x200
[<ffffffff811a0a40>] bdi_writeback_workfn+0x80/0x230
[<ffffffff81085618>] ? process_one_work+0x228/0x4d0
[<ffffffff810856cd>] process_one_work+0x2dd/0x4d0
[<ffffffff81085618>] ? process_one_work+0x228/0x4d0
[<ffffffff81085c1d>] worker_thread+0x35d/0x460
[<ffffffff810858c0>] ? process_one_work+0x4d0/0x4d0
[<ffffffff810858c0>] ? process_one_work+0x4d0/0x4d0
[<ffffffff8108a885>] kthread+0xf5/0x100
[<ffffffff810990e5>] ? local_clock+0x25/0x30
[<ffffffff8108a790>] ? __init_kthread_worker+0x70/0x70
[<ffffffff815ce2ac>] ret_from_fork+0x7c/0xb0
[<ffffffff8108a790>] ? __init_kthread_work
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/balloc.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -176,7 +176,7 @@ static unsigned int num_clusters_in_grou
}
/* Initializes an uninitialized block bitmap */
-static void ext4_init_block_bitmap(struct super_block *sb,
+static int ext4_init_block_bitmap(struct super_block *sb,
struct buffer_head *bh,
ext4_group_t block_group,
struct ext4_group_desc *gdp)
@@ -192,7 +192,6 @@ static void ext4_init_block_bitmap(struc
/* If checksum is bad mark all blocks used to prevent allocation
* essentially implementing a per-group read-only flag. */
if (!ext4_group_desc_csum_verify(sb, block_group, gdp)) {
- ext4_error(sb, "Checksum bad for group %u", block_group);
grp = ext4_get_group_info(sb, block_group);
if (!EXT4_MB_GRP_BBITMAP_CORRUPT(grp))
percpu_counter_sub(&sbi->s_freeclusters_counter,
@@ -205,7 +204,7 @@ static void ext4_init_block_bitmap(struc
count);
}
set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, &grp->bb_state);
- return;
+ return -EIO;
}
memset(bh->b_data, 0, sb->s_blocksize);
@@ -243,6 +242,7 @@ static void ext4_init_block_bitmap(struc
sb->s_blocksize * 8, bh->b_data);
ext4_block_bitmap_csum_set(sb, block_group, gdp, bh);
ext4_group_desc_csum_set(sb, block_group, gdp);
+ return 0;
}
/* Return the number of free blocks in a block group. It is used when
@@ -438,11 +438,15 @@ ext4_read_block_bitmap_nowait(struct sup
}
ext4_lock_group(sb, block_group);
if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
- ext4_init_block_bitmap(sb, bh, block_group, desc);
+ int err;
+
+ err = ext4_init_block_bitmap(sb, bh, block_group, desc);
set_bitmap_uptodate(bh);
set_buffer_uptodate(bh);
ext4_unlock_group(sb, block_group);
unlock_buffer(bh);
+ if (err)
+ ext4_error(sb, "Checksum bad for grp %u", block_group);
return bh;
}
ext4_unlock_group(sb, block_group);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 160/319] ext4: check s_chksum_driver when looking for bg csum presence
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (152 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 159/319] ext4: move error report out of atomic context in ext4_init_block_bitmap() Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 161/319] ext4: fix oops when loading block bitmap failed Greg Kroah-Hartman
` (149 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Theodore Tso,
Dmitry Monakhov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit 813d32f91333e4c33d5a19b67167c4bae42dae75 upstream.
Convert the ext4_has_group_desc_csum predicate to look for a checksum
driver instead of the metadata_csum flag and change the bg checksum
calculation function to look for GDT_CSUM before taking the crc16
path.
Without this patch, if we mount with ^uninit_bg,^metadata_csum and
later metadata_csum gets turned on by accident, the block group
checksum functions will incorrectly assume that checksumming is
enabled (metadata_csum) but that crc16 should be used
(!s_chksum_driver). This is totally wrong, so fix the predicate
and the checksum formula selection.
(Granted, if the metadata_csum feature bit gets enabled on a live FS
then something underhanded is going on, but we could at least avoid
writing garbage into the on-disk fields.)
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ext4.h | 4 ++--
fs/ext4/super.c | 4 ++++
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -2333,8 +2333,8 @@ extern int ext4_register_li_request(stru
static inline int ext4_has_group_desc_csum(struct super_block *sb)
{
return EXT4_HAS_RO_COMPAT_FEATURE(sb,
- EXT4_FEATURE_RO_COMPAT_GDT_CSUM |
- EXT4_FEATURE_RO_COMPAT_METADATA_CSUM);
+ EXT4_FEATURE_RO_COMPAT_GDT_CSUM) ||
+ (EXT4_SB(sb)->s_chksum_driver != NULL);
}
static inline int ext4_has_metadata_csum(struct super_block *sb)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2025,6 +2025,10 @@ static __le16 ext4_group_desc_csum(struc
}
/* old crc16 code */
+ if (!(sbi->s_es->s_feature_ro_compat &
+ cpu_to_le32(EXT4_FEATURE_RO_COMPAT_GDT_CSUM)))
+ return 0;
+
offset = offsetof(struct ext4_group_desc, bg_checksum);
crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid));
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 161/319] ext4: fix oops when loading block bitmap failed
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (153 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 160/319] ext4: check s_chksum_driver when looking for bg csum presence Greg Kroah-Hartman
@ 2014-11-12 1:14 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 162/319] ext4: fix overflow when updating superblock backups after resize Greg Kroah-Hartman
` (148 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 599a9b77ab289d85c2d5c8607624efbe1f552b0f upstream.
When we fail to load block bitmap in __ext4_new_inode() we will
dereference NULL pointer in ext4_journal_get_write_access(). So check
for error from ext4_read_block_bitmap().
Coverity-id: 989065
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ialloc.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -887,6 +887,10 @@ got:
struct buffer_head *block_bitmap_bh;
block_bitmap_bh = ext4_read_block_bitmap(sb, group);
+ if (!block_bitmap_bh) {
+ err = -EIO;
+ goto out;
+ }
BUFFER_TRACE(block_bitmap_bh, "get block bitmap access");
err = ext4_journal_get_write_access(handle, block_bitmap_bh);
if (err) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 162/319] ext4: fix overflow when updating superblock backups after resize
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (154 preceding siblings ...)
2014-11-12 1:14 ` [PATCH 3.17 161/319] ext4: fix oops when loading block bitmap failed Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 163/319] ext4: enable journal checksum when metadata checksum feature enabled Greg Kroah-Hartman
` (147 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso, Lukas Czerner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 9378c6768e4fca48971e7b6a9075bc006eda981d upstream.
When there are no meta block groups update_backups() will compute the
backup block in 32-bit arithmetics thus possibly overflowing the block
number and corrupting the filesystem. OTOH filesystems without meta
block groups larger than 16 TB should be rare. Fix the problem by doing
the counting in 64-bit arithmetics.
Coverity-id: 741252
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/resize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1081,7 +1081,7 @@ static void update_backups(struct super_
break;
if (meta_bg == 0)
- backup_block = group * bpg + blk_off;
+ backup_block = ((ext4_fsblk_t)group) * bpg + blk_off;
else
backup_block = (ext4_group_first_block_no(sb, group) +
ext4_bg_has_super(sb, group));
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 163/319] ext4: enable journal checksum when metadata checksum feature enabled
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (155 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 162/319] ext4: fix overflow when updating superblock backups after resize Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 164/319] ext4: prevent bugon on race between write/fcntl Greg Kroah-Hartman
` (146 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Theodore Tso
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit 98c1a7593fa355fda7f5a5940c8bf5326ca964ba upstream.
If metadata checksumming is turned on for the FS, we need to tell the
journal to use checksumming too.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3498,6 +3498,10 @@ static int ext4_fill_super(struct super_
#ifdef CONFIG_EXT4_FS_POSIX_ACL
set_opt(sb, POSIX_ACL);
#endif
+ /* don't forget to enable journal_csum when metadata_csum is enabled. */
+ if (ext4_has_metadata_csum(sb))
+ set_opt(sb, JOURNAL_CHECKSUM);
+
if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA)
set_opt(sb, JOURNAL_DATA);
else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 164/319] ext4: prevent bugon on race between write/fcntl
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (156 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 163/319] ext4: enable journal checksum when metadata checksum feature enabled Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 165/319] futex: Fix a race condition between REQUEUE_PI and task death Greg Kroah-Hartman
` (145 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sasha Levin, Theodore Tso, Dmitry Monakhov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Monakhov <dmonakhov@openvz.org>
commit a41537e69b4aa43f0fea02498c2595a81267383b upstream.
O_DIRECT flags can be toggeled via fcntl(F_SETFL). But this value checked
twice inside ext4_file_write_iter() and __generic_file_write() which
result in BUG_ON inside ext4_direct_IO.
Let's initialize iocb->private unconditionally.
TESTCASE: xfstest:generic/036 https://patchwork.ozlabs.org/patch/402445/
#TYPICAL STACK TRACE:
kernel BUG at fs/ext4/inode.c:2960!
invalid opcode: 0000 [#1] SMP
Modules linked in: brd iTCO_wdt lpc_ich mfd_core igb ptp dm_mirror dm_region_hash dm_log dm_mod
CPU: 6 PID: 5505 Comm: aio-dio-fcntl-r Not tainted 3.17.0-rc2-00176-gff5c017 #161
Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.99.99.x028.061320111235 06/13/2011
task: ffff88080e95a7c0 ti: ffff88080f908000 task.ti: ffff88080f908000
RIP: 0010:[<ffffffff811fabf2>] [<ffffffff811fabf2>] ext4_direct_IO+0x162/0x3d0
RSP: 0018:ffff88080f90bb58 EFLAGS: 00010246
RAX: 0000000000000400 RBX: ffff88080fdb2a28 RCX: 00000000a802c818
RDX: 0000040000080000 RSI: ffff88080d8aeb80 RDI: 0000000000000001
RBP: ffff88080f90bbc8 R08: 0000000000000000 R09: 0000000000001581
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88080d8aeb80
R13: ffff88080f90bbf8 R14: ffff88080fdb28c8 R15: ffff88080fdb2a28
FS: 00007f23b2055700(0000) GS:ffff880818400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f23b2045000 CR3: 000000080cedf000 CR4: 00000000000407e0
Stack:
ffff88080f90bb98 0000000000000000 7ffffffffffffffe ffff88080fdb2c30
0000000000000200 0000000000000200 0000000000000001 0000000000000200
ffff88080f90bbc8 ffff88080fdb2c30 ffff88080f90be08 0000000000000200
Call Trace:
[<ffffffff8112ca9d>] generic_file_direct_write+0xed/0x180
[<ffffffff8112f2b2>] __generic_file_write_iter+0x222/0x370
[<ffffffff811f495b>] ext4_file_write_iter+0x34b/0x400
[<ffffffff811bd709>] ? aio_run_iocb+0x239/0x410
[<ffffffff811bd709>] ? aio_run_iocb+0x239/0x410
[<ffffffff810990e5>] ? local_clock+0x25/0x30
[<ffffffff810abd94>] ? __lock_acquire+0x274/0x700
[<ffffffff811f4610>] ? ext4_unwritten_wait+0xb0/0xb0
[<ffffffff811bd756>] aio_run_iocb+0x286/0x410
[<ffffffff810990e5>] ? local_clock+0x25/0x30
[<ffffffff810ac359>] ? lock_release_holdtime+0x29/0x190
[<ffffffff811bc05b>] ? lookup_ioctx+0x4b/0xf0
[<ffffffff811bde3b>] do_io_submit+0x55b/0x740
[<ffffffff811bdcaa>] ? do_io_submit+0x3ca/0x740
[<ffffffff811be030>] SyS_io_submit+0x10/0x20
[<ffffffff815ce192>] system_call_fastpath+0x16/0x1b
Code: 01 48 8b 80 f0 01 00 00 48 8b 18 49 8b 45 10 0f 85 f1 01 00 00 48 03 45 c8 48 3b 43 48 0f 8f e3 01 00 00 49 83 7c
24 18 00 75 04 <0f> 0b eb fe f0 ff 83 ec 01 00 00 49 8b 44 24 18 8b 00 85 c0 89
RIP [<ffffffff811fabf2>] ext4_direct_IO+0x162/0x3d0
RSP <ffff88080f90bb58>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -137,10 +137,10 @@ ext4_file_write_iter(struct kiocb *iocb,
iov_iter_truncate(from, sbi->s_bitmap_maxbytes - pos);
}
+ iocb->private = &overwrite;
if (o_direct) {
blk_start_plug(&plug);
- iocb->private = &overwrite;
/* check whether we do a DIO overwrite or not */
if (ext4_should_dioread_nolock(inode) && !aio_mutex &&
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 165/319] futex: Fix a race condition between REQUEUE_PI and task death
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (157 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 164/319] ext4: prevent bugon on race between write/fcntl Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 166/319] drm/nouveau: fix regression on agp boards Greg Kroah-Hartman
` (144 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Silverman, austin.linux,
darren, peterz, Thomas Gleixner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Brian Silverman <bsilver16384@gmail.com>
commit 30a6b8031fe14031ab27c1fa3483cb9780e7f63c upstream.
free_pi_state and exit_pi_state_list both clean up futex_pi_state's.
exit_pi_state_list takes the hb lock first, and most callers of
free_pi_state do too. requeue_pi doesn't, which means free_pi_state
can free the pi_state out from under exit_pi_state_list. For example:
task A | task B
exit_pi_state_list |
pi_state = |
curr->pi_state_list->next |
| futex_requeue(requeue_pi=1)
| // pi_state is the same as
| // the one in task A
| free_pi_state(pi_state)
| list_del_init(&pi_state->list)
| kfree(pi_state)
list_del_init(&pi_state->list) |
Move the free_pi_state calls in requeue_pi to before it drops the hb
locks which it's already holding.
[ tglx: Removed a pointless free_pi_state() call and the hb->lock held
debugging. The latter comes via a seperate patch ]
Signed-off-by: Brian Silverman <bsilver16384@gmail.com>
Cc: austin.linux@gmail.com
Cc: darren@dvhart.com
Cc: peterz@infradead.org
Link: http://lkml.kernel.org/r/1414282837-23092-1-git-send-email-bsilver16384@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/futex.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -641,8 +641,14 @@ static struct futex_pi_state * alloc_pi_
return pi_state;
}
+/*
+ * Must be called with the hb lock held.
+ */
static void free_pi_state(struct futex_pi_state *pi_state)
{
+ if (!pi_state)
+ return;
+
if (!atomic_dec_and_test(&pi_state->refcount))
return;
@@ -1521,15 +1527,6 @@ static int futex_requeue(u32 __user *uad
}
retry:
- if (pi_state != NULL) {
- /*
- * We will have to lookup the pi_state again, so free this one
- * to keep the accounting correct.
- */
- free_pi_state(pi_state);
- pi_state = NULL;
- }
-
ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1, VERIFY_READ);
if (unlikely(ret != 0))
goto out;
@@ -1619,6 +1616,8 @@ retry_private:
case 0:
break;
case -EFAULT:
+ free_pi_state(pi_state);
+ pi_state = NULL;
double_unlock_hb(hb1, hb2);
hb_waiters_dec(hb2);
put_futex_key(&key2);
@@ -1634,6 +1633,8 @@ retry_private:
* exit to complete.
* - The user space value changed.
*/
+ free_pi_state(pi_state);
+ pi_state = NULL;
double_unlock_hb(hb1, hb2);
hb_waiters_dec(hb2);
put_futex_key(&key2);
@@ -1710,6 +1711,7 @@ retry_private:
}
out_unlock:
+ free_pi_state(pi_state);
double_unlock_hb(hb1, hb2);
hb_waiters_dec(hb2);
@@ -1727,8 +1729,6 @@ out_put_keys:
out_put_key1:
put_futex_key(&key1);
out:
- if (pi_state != NULL)
- free_pi_state(pi_state);
return ret ? ret : task_count;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 166/319] drm/nouveau: fix regression on agp boards
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (158 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 165/319] futex: Fix a race condition between REQUEUE_PI and task death Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 167/319] drm/i915: intel_backlight scale() math WA Greg Kroah-Hartman
` (143 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Skeggs
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Skeggs <bskeggs@redhat.com>
commit 67e26e41ff8aa514826dae79f0b10169b5ba93b4 upstream.
Extends the fix in f2f9a2cbaf019481feefe231f996d3602612fa99 to also
workaround permission issues noticed by people using AGP systems.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_chan.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/nouveau/nouveau_chan.c
+++ b/drivers/gpu/drm/nouveau/nouveau_chan.c
@@ -400,15 +400,20 @@ nouveau_channel_new(struct nouveau_drm *
struct nouveau_channel **pchan)
{
struct nouveau_cli *cli = (void *)nvif_client(&device->base);
+ bool super;
int ret;
+ /* hack until fencenv50 is fixed, and agp access relaxed */
+ super = cli->base.super;
+ cli->base.super = true;
+
ret = nouveau_channel_ind(drm, device, handle, arg0, pchan);
if (ret) {
NV_PRINTK(debug, cli, "ib channel create, %d\n", ret);
ret = nouveau_channel_dma(drm, device, handle, pchan);
if (ret) {
NV_PRINTK(debug, cli, "dma channel create, %d\n", ret);
- return ret;
+ goto done;
}
}
@@ -416,8 +421,9 @@ nouveau_channel_new(struct nouveau_drm *
if (ret) {
NV_PRINTK(error, cli, "channel failed to initialise, %d\n", ret);
nouveau_channel_del(pchan);
- return ret;
}
- return 0;
+done:
+ cli->base.super = super;
+ return ret;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 167/319] drm/i915: intel_backlight scale() math WA
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (159 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 166/319] drm/nouveau: fix regression on agp boards Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 169/319] drm/radeon: fix speaker allocation setup Greg Kroah-Hartman
` (142 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, U. Artie Eoff, Joe Konno, Daniel Vetter
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "U. Artie Eoff" <ullysses.a.eoff@intel.com>
commit 673e7bbdb3920b62cfc6c710bea626b0a9b0f43a upstream.
Improper truncated integer division in the scale() function causes
actual_brightness != brightness. This (partial) work-around should be
sufficient for a majority of use-cases, but it is by no means a complete
solution.
TODO: Determine how best to scale "user" values to "hw" values, and
vice-versa, when the ranges are of different sizes. That would be a
buggy scenario even with this work-around.
The issue was introduced in the following (v3.17-rc1) commit:
6dda730 drm/i915: respect the VBT minimum backlight brightness
Note that for easier backporting this commit adds a duplicated macro.
A follow-up cleanup patch rectifies this for 3.18+
v2: (thanks to Chris Wilson) clarify commit message, use rounded division
macro
v3: -DIV_ROUND_CLOSEST() fails to build with CONFIG_X86_32=y. (Jani)
-Use DIV_ROUND_CLOSEST_ULL() instead. (Damien)
-v1 and v2 originally authored by Joe Konno.
Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
Reviewed-By: Joe Konno <joe.konno@intel.com>
[danvet: Add backporting note.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_panel.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/i915/intel_panel.c
+++ b/drivers/gpu/drm/i915/intel_panel.c
@@ -398,6 +398,9 @@ intel_panel_detect(struct drm_device *de
}
}
+#define DIV_ROUND_CLOSEST_ULL(ll, d) \
+({ unsigned long long _tmp = (ll)+(d)/2; do_div(_tmp, d); _tmp; })
+
/**
* scale - scale values from one range to another
*
@@ -419,9 +422,8 @@ static uint32_t scale(uint32_t source_va
source_val = clamp(source_val, source_min, source_max);
/* avoid overflows */
- target_val = (uint64_t)(source_val - source_min) *
- (target_max - target_min);
- do_div(target_val, source_max - source_min);
+ target_val = DIV_ROUND_CLOSEST_ULL((uint64_t)(source_val - source_min) *
+ (target_max - target_min), source_max - source_min);
target_val += target_min;
return target_val;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 169/319] drm/radeon: fix speaker allocation setup
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (160 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 167/319] drm/i915: intel_backlight scale() math WA Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 170/319] drm/radeon: use gart memory for DMA ring tests Greg Kroah-Hartman
` (141 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 4910403836ded89803fab201d4b5caaa85de3a89 upstream.
If the sad_count is 0, set the hw to stereo and change
the error message to a warn. A lot of monitors don't
set the speaker allocation block.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/dce3_1_afmt.c | 4 ++--
drivers/gpu/drm/radeon/dce6_afmt.c | 6 +++---
drivers/gpu/drm/radeon/evergreen_hdmi.c | 6 +++---
3 files changed, 8 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/radeon/dce3_1_afmt.c
+++ b/drivers/gpu/drm/radeon/dce3_1_afmt.c
@@ -49,8 +49,8 @@ static void dce3_2_afmt_write_speaker_al
sad_count = drm_edid_to_speaker_allocation(radeon_connector->edid, &sadb);
if (sad_count < 0) {
- DRM_ERROR("Couldn't read Speaker Allocation Data Block: %d\n", sad_count);
- return;
+ DRM_DEBUG("Couldn't read Speaker Allocation Data Block: %d\n", sad_count);
+ sad_count = 0;
}
/* program the speaker allocation */
--- a/drivers/gpu/drm/radeon/dce6_afmt.c
+++ b/drivers/gpu/drm/radeon/dce6_afmt.c
@@ -176,9 +176,9 @@ void dce6_afmt_write_speaker_allocation(
}
sad_count = drm_edid_to_speaker_allocation(radeon_connector_edid(connector), &sadb);
- if (sad_count <= 0) {
- DRM_ERROR("Couldn't read Speaker Allocation Data Block: %d\n", sad_count);
- return;
+ if (sad_count < 0) {
+ DRM_DEBUG("Couldn't read Speaker Allocation Data Block: %d\n", sad_count);
+ sad_count = 0;
}
/* program the speaker allocation */
--- a/drivers/gpu/drm/radeon/evergreen_hdmi.c
+++ b/drivers/gpu/drm/radeon/evergreen_hdmi.c
@@ -118,9 +118,9 @@ static void dce4_afmt_write_speaker_allo
}
sad_count = drm_edid_to_speaker_allocation(radeon_connector_edid(connector), &sadb);
- if (sad_count <= 0) {
- DRM_ERROR("Couldn't read Speaker Allocation Data Block: %d\n", sad_count);
- return;
+ if (sad_count < 0) {
+ DRM_DEBUG("Couldn't read Speaker Allocation Data Block: %d\n", sad_count);
+ sad_count = 0;
}
/* program the speaker allocation */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 170/319] drm/radeon: use gart memory for DMA ring tests
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (161 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 169/319] drm/radeon: fix speaker allocation setup Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 171/319] drm/radeon: fix vm page table block size calculation Greg Kroah-Hartman
` (140 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher, Alexander Fyodorov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit adfed2b0587289013f8143c54913ddfd44ac1fd3 upstream.
Avoids HDP cache flush issues when using vram which can
cause ring test failures on certain boards.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: Alexander Fyodorov <halcy@yandex.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/cik_sdma.c | 21 ++++++++++++---------
drivers/gpu/drm/radeon/r600_dma.c | 21 ++++++++++++---------
drivers/gpu/drm/radeon/radeon.h | 2 ++
3 files changed, 26 insertions(+), 18 deletions(-)
--- a/drivers/gpu/drm/radeon/cik_sdma.c
+++ b/drivers/gpu/drm/radeon/cik_sdma.c
@@ -610,16 +610,19 @@ int cik_sdma_ring_test(struct radeon_dev
{
unsigned i;
int r;
- void __iomem *ptr = (void *)rdev->vram_scratch.ptr;
+ unsigned index;
u32 tmp;
+ u64 gpu_addr;
- if (!ptr) {
- DRM_ERROR("invalid vram scratch pointer\n");
- return -EINVAL;
- }
+ if (ring->idx == R600_RING_TYPE_DMA_INDEX)
+ index = R600_WB_DMA_RING_TEST_OFFSET;
+ else
+ index = CAYMAN_WB_DMA1_RING_TEST_OFFSET;
+
+ gpu_addr = rdev->wb.gpu_addr + index;
tmp = 0xCAFEDEAD;
- writel(tmp, ptr);
+ rdev->wb.wb[index/4] = cpu_to_le32(tmp);
r = radeon_ring_lock(rdev, ring, 5);
if (r) {
@@ -627,14 +630,14 @@ int cik_sdma_ring_test(struct radeon_dev
return r;
}
radeon_ring_write(ring, SDMA_PACKET(SDMA_OPCODE_WRITE, SDMA_WRITE_SUB_OPCODE_LINEAR, 0));
- radeon_ring_write(ring, rdev->vram_scratch.gpu_addr & 0xfffffffc);
- radeon_ring_write(ring, upper_32_bits(rdev->vram_scratch.gpu_addr));
+ radeon_ring_write(ring, lower_32_bits(gpu_addr));
+ radeon_ring_write(ring, upper_32_bits(gpu_addr));
radeon_ring_write(ring, 1); /* number of DWs to follow */
radeon_ring_write(ring, 0xDEADBEEF);
radeon_ring_unlock_commit(rdev, ring, false);
for (i = 0; i < rdev->usec_timeout; i++) {
- tmp = readl(ptr);
+ tmp = le32_to_cpu(rdev->wb.wb[index/4]);
if (tmp == 0xDEADBEEF)
break;
DRM_UDELAY(1);
--- a/drivers/gpu/drm/radeon/r600_dma.c
+++ b/drivers/gpu/drm/radeon/r600_dma.c
@@ -232,16 +232,19 @@ int r600_dma_ring_test(struct radeon_dev
{
unsigned i;
int r;
- void __iomem *ptr = (void *)rdev->vram_scratch.ptr;
+ unsigned index;
u32 tmp;
+ u64 gpu_addr;
- if (!ptr) {
- DRM_ERROR("invalid vram scratch pointer\n");
- return -EINVAL;
- }
+ if (ring->idx == R600_RING_TYPE_DMA_INDEX)
+ index = R600_WB_DMA_RING_TEST_OFFSET;
+ else
+ index = CAYMAN_WB_DMA1_RING_TEST_OFFSET;
+
+ gpu_addr = rdev->wb.gpu_addr + index;
tmp = 0xCAFEDEAD;
- writel(tmp, ptr);
+ rdev->wb.wb[index/4] = cpu_to_le32(tmp);
r = radeon_ring_lock(rdev, ring, 4);
if (r) {
@@ -249,13 +252,13 @@ int r600_dma_ring_test(struct radeon_dev
return r;
}
radeon_ring_write(ring, DMA_PACKET(DMA_PACKET_WRITE, 0, 0, 1));
- radeon_ring_write(ring, rdev->vram_scratch.gpu_addr & 0xfffffffc);
- radeon_ring_write(ring, upper_32_bits(rdev->vram_scratch.gpu_addr) & 0xff);
+ radeon_ring_write(ring, lower_32_bits(gpu_addr));
+ radeon_ring_write(ring, upper_32_bits(gpu_addr) & 0xff);
radeon_ring_write(ring, 0xDEADBEEF);
radeon_ring_unlock_commit(rdev, ring, false);
for (i = 0; i < rdev->usec_timeout; i++) {
- tmp = readl(ptr);
+ tmp = le32_to_cpu(rdev->wb.wb[index/4]);
if (tmp == 0xDEADBEEF)
break;
DRM_UDELAY(1);
--- a/drivers/gpu/drm/radeon/radeon.h
+++ b/drivers/gpu/drm/radeon/radeon.h
@@ -1120,6 +1120,8 @@ struct radeon_wb {
#define R600_WB_EVENT_OFFSET 3072
#define CIK_WB_CP1_WPTR_OFFSET 3328
#define CIK_WB_CP2_WPTR_OFFSET 3584
+#define R600_WB_DMA_RING_TEST_OFFSET 3588
+#define CAYMAN_WB_DMA1_RING_TEST_OFFSET 3592
/**
* struct radeon_pm - power management datas
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 171/319] drm/radeon: fix vm page table block size calculation
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (162 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 170/319] drm/radeon: use gart memory for DMA ring tests Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 172/319] cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers Greg Kroah-Hartman
` (139 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 8e66e134e20b936179ea1535dd4ed19ec4f99dba upstream.
The page offset is 12 bits. For example if we have an
8 GB VM, we'd need 33 bits. The number of bits needed
for PD + PT is 21 (33 - 12 or log2(8) + 18), not 20
(log2(8) + 17).
Noticed by Alexey during code review.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/radeon_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -1130,7 +1130,7 @@ static void radeon_check_arguments(struc
if (radeon_vm_block_size == -1) {
/* Total bits covered by PD + PTs */
- unsigned bits = ilog2(radeon_vm_size) + 17;
+ unsigned bits = ilog2(radeon_vm_size) + 18;
/* Make sure the PD is 4K in size up to 8GB address space.
Above that split equal between PD and PTs */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 172/319] cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (163 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 171/319] drm/radeon: fix vm page table block size calculation Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 173/319] cpufreq: intel_pstate: Reflect current no_turbo state correctly Greg Kroah-Hartman
` (138 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dirk Brandewie, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dirk Brandewie <dirk.j.brandewie@intel.com>
commit c034b02e213d271b98c45c4a7b54af8f69aaac1e upstream.
Currently the core does not expose scaling_cur_freq for set_policy()
drivers this breaks some userspace monitoring tools.
Change the core to expose this file for all drivers and if the
set_policy() driver supports the get() callback use it to retrieve the
current frequency.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=73741
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/cpufreq.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -512,7 +512,18 @@ show_one(cpuinfo_max_freq, cpuinfo.max_f
show_one(cpuinfo_transition_latency, cpuinfo.transition_latency);
show_one(scaling_min_freq, min);
show_one(scaling_max_freq, max);
-show_one(scaling_cur_freq, cur);
+
+static ssize_t show_scaling_cur_freq(
+ struct cpufreq_policy *policy, char *buf)
+{
+ ssize_t ret;
+
+ if (cpufreq_driver && cpufreq_driver->setpolicy && cpufreq_driver->get)
+ ret = sprintf(buf, "%u\n", cpufreq_driver->get(policy->cpu));
+ else
+ ret = sprintf(buf, "%u\n", policy->cur);
+ return ret;
+}
static int cpufreq_set_policy(struct cpufreq_policy *policy,
struct cpufreq_policy *new_policy);
@@ -906,11 +917,11 @@ static int cpufreq_add_dev_interface(str
if (ret)
goto err_out_kobj_put;
}
- if (has_target()) {
- ret = sysfs_create_file(&policy->kobj, &scaling_cur_freq.attr);
- if (ret)
- goto err_out_kobj_put;
- }
+
+ ret = sysfs_create_file(&policy->kobj, &scaling_cur_freq.attr);
+ if (ret)
+ goto err_out_kobj_put;
+
if (cpufreq_driver->bios_limit) {
ret = sysfs_create_file(&policy->kobj, &bios_limit.attr);
if (ret)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 173/319] cpufreq: intel_pstate: Reflect current no_turbo state correctly
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (164 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 172/319] cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 175/319] x86/platform/intel/iosf: Add Braswell PCI ID Greg Kroah-Hartman
` (137 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gabriele Mazzotta, Dirk Brandewie,
Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabriele Mazzotta <gabriele.mzt@gmail.com>
commit 4521e1a0ce173daa23dfef8312d09051e057ff8e upstream.
Some BIOSes modify the state of MSR_IA32_MISC_ENABLE_TURBO_DISABLE
based on the current power source for the system battery AC vs
battery. Reflect the correct current state and ability to modify the
no_turbo sysfs file based on current state of
MSR_IA32_MISC_ENABLE_TURBO_DISABLE.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=83151
Signed-off-by: Gabriele Mazzotta <gabriele.mzt@gmail.com>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/intel_pstate.c | 48 ++++++++++++++++++++++++++++++-----------
1 file changed, 36 insertions(+), 12 deletions(-)
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -138,6 +138,7 @@ struct perf_limits {
static struct perf_limits limits = {
.no_turbo = 0,
+ .turbo_disabled = 0,
.max_perf_pct = 100,
.max_perf = int_tofp(1),
.min_perf_pct = 0,
@@ -218,6 +219,18 @@ static inline void intel_pstate_reset_al
}
}
+static inline void update_turbo_state(void)
+{
+ u64 misc_en;
+ struct cpudata *cpu;
+
+ cpu = all_cpu_data[0];
+ rdmsrl(MSR_IA32_MISC_ENABLE, misc_en);
+ limits.turbo_disabled =
+ (misc_en & MSR_IA32_MISC_ENABLE_TURBO_DISABLE ||
+ cpu->pstate.max_pstate == cpu->pstate.turbo_pstate);
+}
+
/************************** debugfs begin ************************/
static int pid_param_set(void *data, u64 val)
{
@@ -274,6 +287,20 @@ static void __init intel_pstate_debug_ex
return sprintf(buf, "%u\n", limits.object); \
}
+static ssize_t show_no_turbo(struct kobject *kobj,
+ struct attribute *attr, char *buf)
+{
+ ssize_t ret;
+
+ update_turbo_state();
+ if (limits.turbo_disabled)
+ ret = sprintf(buf, "%u\n", limits.turbo_disabled);
+ else
+ ret = sprintf(buf, "%u\n", limits.no_turbo);
+
+ return ret;
+}
+
static ssize_t store_no_turbo(struct kobject *a, struct attribute *b,
const char *buf, size_t count)
{
@@ -283,11 +310,14 @@ static ssize_t store_no_turbo(struct kob
ret = sscanf(buf, "%u", &input);
if (ret != 1)
return -EINVAL;
- limits.no_turbo = clamp_t(int, input, 0 , 1);
+
+ update_turbo_state();
if (limits.turbo_disabled) {
pr_warn("Turbo disabled by BIOS or unavailable on processor\n");
- limits.no_turbo = limits.turbo_disabled;
+ return -EPERM;
}
+ limits.no_turbo = clamp_t(int, input, 0, 1);
+
return count;
}
@@ -323,7 +353,6 @@ static ssize_t store_min_perf_pct(struct
return count;
}
-show_one(no_turbo, no_turbo);
show_one(max_perf_pct, max_perf_pct);
show_one(min_perf_pct, min_perf_pct);
@@ -501,7 +530,7 @@ static void intel_pstate_get_min_max(str
int max_perf_adj;
int min_perf;
- if (limits.no_turbo)
+ if (limits.no_turbo || limits.turbo_disabled)
max_perf = cpu->pstate.max_pstate;
max_perf_adj = fp_toint(mul_fp(int_tofp(max_perf), limits.max_perf));
@@ -516,6 +545,8 @@ static void intel_pstate_set_pstate(stru
{
int max_perf, min_perf;
+ update_turbo_state();
+
intel_pstate_get_min_max(cpu, &min_perf, &max_perf);
pstate = clamp_t(int, pstate, min_perf, max_perf);
@@ -716,7 +747,7 @@ static int intel_pstate_set_policy(struc
limits.min_perf = int_tofp(1);
limits.max_perf_pct = 100;
limits.max_perf = int_tofp(1);
- limits.no_turbo = limits.turbo_disabled;
+ limits.no_turbo = 0;
return 0;
}
limits.min_perf_pct = (policy->min * 100) / policy->cpuinfo.max_freq;
@@ -759,7 +790,6 @@ static int intel_pstate_cpu_init(struct
{
struct cpudata *cpu;
int rc;
- u64 misc_en;
rc = intel_pstate_init_cpu(policy->cpu);
if (rc)
@@ -767,12 +797,6 @@ static int intel_pstate_cpu_init(struct
cpu = all_cpu_data[policy->cpu];
- rdmsrl(MSR_IA32_MISC_ENABLE, misc_en);
- if (misc_en & MSR_IA32_MISC_ENABLE_TURBO_DISABLE ||
- cpu->pstate.max_pstate == cpu->pstate.turbo_pstate) {
- limits.turbo_disabled = 1;
- limits.no_turbo = 1;
- }
if (limits.min_perf_pct == 100 && limits.max_perf_pct == 100)
policy->policy = CPUFREQ_POLICY_PERFORMANCE;
else
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 175/319] x86/platform/intel/iosf: Add Braswell PCI ID
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (165 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 173/319] cpufreq: intel_pstate: Reflect current no_turbo state correctly Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 176/319] x86: Add cpu_detect_cache_sizes to init_intel() add Quark legacy_cache() Greg Kroah-Hartman
` (136 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David E. Box, Ingo Molnar,
Chang Rebecca Swee Fun
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "David E. Box" <david.e.box@linux.intel.com>
commit 849f5d894383d25c49132437aa289c9a9c98d5df upstream.
Add Braswell PCI ID to list of supported ID's for the IOSF driver.
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Link: http://lkml.kernel.org/r/1411017231-20807-2-git-send-email-david.e.box@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/iosf_mbi.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/x86/kernel/iosf_mbi.c
+++ b/arch/x86/kernel/iosf_mbi.c
@@ -26,6 +26,7 @@
#include <asm/iosf_mbi.h>
#define PCI_DEVICE_ID_BAYTRAIL 0x0F00
+#define PCI_DEVICE_ID_BRASWELL 0x2280
#define PCI_DEVICE_ID_QUARK_X1000 0x0958
static DEFINE_SPINLOCK(iosf_mbi_lock);
@@ -204,6 +205,7 @@ static int iosf_mbi_probe(struct pci_dev
static const struct pci_device_id iosf_mbi_pci_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_BAYTRAIL) },
+ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_BRASWELL) },
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_QUARK_X1000) },
{ 0, },
};
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 176/319] x86: Add cpu_detect_cache_sizes to init_intel() add Quark legacy_cache()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (166 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 175/319] x86/platform/intel/iosf: Add Braswell PCI ID Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 177/319] rtc: Disable EFI rtc for x86 Greg Kroah-Hartman
` (135 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, davej, hmh,
Thomas Gleixner, Chang Rebecca Swee Fun
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bryan O'Donoghue <pure.logic@nexus-software.ie>
commit aece118e487a744eafcdd0c77fe32b55ee2092a1 upstream.
Intel processors which don't report cache information via cpuid(2)
or cpuid(4) need quirk code in the legacy_cache_size callback to
report this data. For Intel that callback is is intel_size_cache().
This patch enables calling of cpu_detect_cache_sizes() inside of
init_intel() and hence the calling of the legacy_cache callback in
intel_size_cache(). Adding this call will ensure that PIII Tualatin
currently in intel_size_cache() and Quark SoC X1000 being added to
intel_size_cache() in this patch will report their respective cache
sizes.
This model of calling cpu_detect_cache_sizes() is consistent with
AMD/Via/Cirix/Transmeta and Centaur.
Also added is a string to idenitfy the Quark as Quark SoC X1000
giving better and more descriptive output via /proc/cpuinfo
Adding cpu_detect_cache_sizes to init_intel() will enable calling
of intel_size_cache() on Intel processors which currently no code
can reach. Therefore this patch will also re-enable reporting
of PIII Tualatin cache size information as well as add
Quark SoC X1000 support.
Comment text and cache flow logic suggested by Thomas Gleixner
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Cc: davej@redhat.com
Cc: hmh@hmh.eng.br
Link: http://lkml.kernel.org/r/1412641189-12415-3-git-send-email-pure.logic@nexus-software.ie
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/intel.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -397,6 +397,13 @@ static void init_intel(struct cpuinfo_x8
}
l2 = init_intel_cacheinfo(c);
+
+ /* Detect legacy cache sizes if init_intel_cacheinfo did not */
+ if (l2 == 0) {
+ cpu_detect_cache_sizes(c);
+ l2 = c->x86_cache_size;
+ }
+
if (c->cpuid_level > 9) {
unsigned eax = cpuid_eax(10);
/* Check for version and the number of counters */
@@ -500,6 +507,13 @@ static unsigned int intel_size_cache(str
*/
if ((c->x86 == 6) && (c->x86_model == 11) && (size == 0))
size = 256;
+
+ /*
+ * Intel Quark SoC X1000 contains a 4-way set associative
+ * 16K cache with a 16 byte cache line and 256 lines per tag
+ */
+ if ((c->x86 == 5) && (c->x86_model == 9))
+ size = 16;
return size;
}
#endif
@@ -701,7 +715,8 @@ static const struct cpu_dev intel_cpu_de
[3] = "OverDrive PODP5V83",
[4] = "Pentium MMX",
[7] = "Mobile Pentium 75 - 200",
- [8] = "Mobile Pentium MMX"
+ [8] = "Mobile Pentium MMX",
+ [9] = "Quark SoC X1000",
}
},
{ .family = 6, .model_names =
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 177/319] rtc: Disable EFI rtc for x86
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (167 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 176/319] x86: Add cpu_detect_cache_sizes to init_intel() add Quark legacy_cache() Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 178/319] intel_pstate: Dont lose sysfs settings during cpu offline Greg Kroah-Hartman
` (134 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Salter, Dave Young,
Alessandro Zummo, Matt Fleming
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Fleming <matt.fleming@intel.com>
commit 7efe665903d0d963b0ebf4cab25cc3ae32c62600 upstream.
commit da167ad7638759 ("rtc: ia64: allow other architectures to use EFI
RTC") inadvertently introduced a regression for x86 because we've been
careful not to enable the EFI rtc driver due to the generally buggy
implementations of the time-related EFI runtime services.
In fact, since the above commit was merged we've seen reports of crashes
on 32-bit tablets,
https://bugzilla.kernel.org/show_bug.cgi?id=84241#c21
Disable it explicitly for x86 so that we don't give users false hope
that this driver will work - it won't, and your machine is likely to
crash.
Acked-by: Mark Salter <msalter@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/rtc/Kconfig
+++ b/drivers/rtc/Kconfig
@@ -806,7 +806,7 @@ config RTC_DRV_DA9063
config RTC_DRV_EFI
tristate "EFI RTC"
- depends on EFI
+ depends on EFI && !X86
help
If you say yes here you will get support for the EFI
Real Time Clock.
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 178/319] intel_pstate: Dont lose sysfs settings during cpu offline
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (168 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 177/319] rtc: Disable EFI rtc for x86 Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 179/319] intel_pstate: Fix BYT frequency reporting Greg Kroah-Hartman
` (133 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Jakobi, Dirk Brandewie,
Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dirk Brandewie <dirk.j.brandewie@intel.com>
commit c034871712730a33e0267095f48b62eae958499c upstream.
The user may have custom settings don't destroy them during suspend.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=80651
Reported-by: Tobias Jakobi <liquid.acid@gmx.net>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/intel_pstate.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -702,7 +702,9 @@ static int intel_pstate_init_cpu(unsigne
{
struct cpudata *cpu;
- all_cpu_data[cpunum] = kzalloc(sizeof(struct cpudata), GFP_KERNEL);
+ if (!all_cpu_data[cpunum])
+ all_cpu_data[cpunum] = kzalloc(sizeof(struct cpudata),
+ GFP_KERNEL);
if (!all_cpu_data[cpunum])
return -ENOMEM;
@@ -783,8 +785,6 @@ static void intel_pstate_stop_cpu(struct
del_timer_sync(&all_cpu_data[cpu_num]->timer);
intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
- kfree(all_cpu_data[cpu_num]);
- all_cpu_data[cpu_num] = NULL;
}
static int intel_pstate_cpu_init(struct cpufreq_policy *policy)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 179/319] intel_pstate: Fix BYT frequency reporting
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (169 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 178/319] intel_pstate: Dont lose sysfs settings during cpu offline Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 180/319] intel_pstate: Correct BYT VID values Greg Kroah-Hartman
` (132 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dirk Brandewie, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dirk Brandewie <dirk.j.brandewie@intel.com>
commit b27580b05e6f5253228debc60b8ff4a786ff573a upstream.
BYT has a different conversion from P state to frequency than the core
processors. This causes the min/max and current frequency to be
misreported on some BYT SKUs. Tested on BYT N2820, Ivybridge and
Haswell processors.
Link: https://bugzilla.yoctoproject.org/show_bug.cgi?id=6663
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/intel_pstate.c | 42 +++++++++++++++++++++++++++++++++++------
1 file changed, 36 insertions(+), 6 deletions(-)
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -64,6 +64,7 @@ struct pstate_data {
int current_pstate;
int min_pstate;
int max_pstate;
+ int scaling;
int turbo_pstate;
};
@@ -113,6 +114,7 @@ struct pstate_funcs {
int (*get_max)(void);
int (*get_min)(void);
int (*get_turbo)(void);
+ int (*get_scaling)(void);
void (*set)(struct cpudata*, int pstate);
void (*get_vid)(struct cpudata *);
};
@@ -433,6 +435,22 @@ static void byt_set_pstate(struct cpudat
wrmsrl(MSR_IA32_PERF_CTL, val);
}
+#define BYT_BCLK_FREQS 5
+static int byt_freq_table[BYT_BCLK_FREQS] = { 833, 1000, 1333, 1167, 800};
+
+static int byt_get_scaling(void)
+{
+ u64 value;
+ int i;
+
+ rdmsrl(MSR_FSB_FREQ, value);
+ i = value & 0x3;
+
+ BUG_ON(i > BYT_BCLK_FREQS);
+
+ return byt_freq_table[i] * 100;
+}
+
static void byt_get_vid(struct cpudata *cpudata)
{
u64 value;
@@ -478,6 +496,11 @@ static int core_get_turbo_pstate(void)
return ret;
}
+static inline int core_get_scaling(void)
+{
+ return 100000;
+}
+
static void core_set_pstate(struct cpudata *cpudata, int pstate)
{
u64 val;
@@ -502,6 +525,7 @@ static struct cpu_defaults core_params =
.get_max = core_get_max_pstate,
.get_min = core_get_min_pstate,
.get_turbo = core_get_turbo_pstate,
+ .get_scaling = core_get_scaling,
.set = core_set_pstate,
},
};
@@ -520,6 +544,7 @@ static struct cpu_defaults byt_params =
.get_min = byt_get_min_pstate,
.get_turbo = byt_get_turbo_pstate,
.set = byt_set_pstate,
+ .get_scaling = byt_get_scaling,
.get_vid = byt_get_vid,
},
};
@@ -554,7 +579,7 @@ static void intel_pstate_set_pstate(stru
if (pstate == cpu->pstate.current_pstate)
return;
- trace_cpu_frequency(pstate * 100000, cpu->cpu);
+ trace_cpu_frequency(pstate * cpu->pstate.scaling, cpu->cpu);
cpu->pstate.current_pstate = pstate;
@@ -566,6 +591,7 @@ static void intel_pstate_get_cpu_pstates
cpu->pstate.min_pstate = pstate_funcs.get_min();
cpu->pstate.max_pstate = pstate_funcs.get_max();
cpu->pstate.turbo_pstate = pstate_funcs.get_turbo();
+ cpu->pstate.scaling = pstate_funcs.get_scaling();
if (pstate_funcs.get_vid)
pstate_funcs.get_vid(cpu);
@@ -581,7 +607,9 @@ static inline void intel_pstate_calc_bus
core_pct = div64_u64(core_pct, int_tofp(sample->mperf));
sample->freq = fp_toint(
- mul_fp(int_tofp(cpu->pstate.max_pstate * 1000), core_pct));
+ mul_fp(int_tofp(
+ cpu->pstate.max_pstate * cpu->pstate.scaling / 100),
+ core_pct));
sample->core_pct_busy = (int32_t)core_pct;
}
@@ -803,12 +831,13 @@ static int intel_pstate_cpu_init(struct
else
policy->policy = CPUFREQ_POLICY_POWERSAVE;
- policy->min = cpu->pstate.min_pstate * 100000;
- policy->max = cpu->pstate.turbo_pstate * 100000;
+ policy->min = cpu->pstate.min_pstate * cpu->pstate.scaling;
+ policy->max = cpu->pstate.turbo_pstate * cpu->pstate.scaling;
/* cpuinfo and default policy values */
- policy->cpuinfo.min_freq = cpu->pstate.min_pstate * 100000;
- policy->cpuinfo.max_freq = cpu->pstate.turbo_pstate * 100000;
+ policy->cpuinfo.min_freq = cpu->pstate.min_pstate * cpu->pstate.scaling;
+ policy->cpuinfo.max_freq =
+ cpu->pstate.turbo_pstate * cpu->pstate.scaling;
policy->cpuinfo.transition_latency = CPUFREQ_ETERNAL;
cpumask_set_cpu(policy->cpu, policy->cpus);
@@ -866,6 +895,7 @@ static void copy_cpu_funcs(struct pstate
pstate_funcs.get_max = funcs->get_max;
pstate_funcs.get_min = funcs->get_min;
pstate_funcs.get_turbo = funcs->get_turbo;
+ pstate_funcs.get_scaling = funcs->get_scaling;
pstate_funcs.set = funcs->set;
pstate_funcs.get_vid = funcs->get_vid;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 180/319] intel_pstate: Correct BYT VID values.
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (170 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 179/319] intel_pstate: Fix BYT frequency reporting Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 181/319] freezer: Do not freeze tasks killed by OOM killer Greg Kroah-Hartman
` (131 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dirk Brandewie, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dirk Brandewie <dirk.j.brandewie@intel.com>
commit d022a65ed2473fac4a600e3424503dc571160a3e upstream.
Using a VID value that is not high enough for the requested P state can
cause machine checks. Add a ceiling function to ensure calulated VIDs
with fractional values are set to the next highest integer VID value.
The algorythm for calculating the non-trubo VID from the BIOS writers
guide is:
vid_ratio = (vid_max - vid_min) / (max_pstate - min_pstate)
vid = ceiling(vid_min + (req_pstate - min_pstate) * vid_ratio)
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/intel_pstate.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -52,6 +52,17 @@ static inline int32_t div_fp(int32_t x,
return div_s64((int64_t)x << FRAC_BITS, y);
}
+static inline int ceiling_fp(int32_t x)
+{
+ int mask, ret;
+
+ ret = fp_toint(x);
+ mask = (1 << FRAC_BITS) - 1;
+ if (x & mask)
+ ret += 1;
+ return ret;
+}
+
struct sample {
int32_t core_pct_busy;
u64 aperf;
@@ -425,7 +436,7 @@ static void byt_set_pstate(struct cpudat
cpudata->vid.ratio);
vid_fp = clamp_t(int32_t, vid_fp, cpudata->vid.min, cpudata->vid.max);
- vid = fp_toint(vid_fp);
+ vid = ceiling_fp(vid_fp);
if (pstate > cpudata->pstate.max_pstate)
vid = cpudata->vid.turbo;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 181/319] freezer: Do not freeze tasks killed by OOM killer
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (171 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 180/319] intel_pstate: Correct BYT VID values Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 182/319] fix inode leaks on d_splice_alias() failure exits Greg Kroah-Hartman
` (130 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cong Wang, Michal Hocko,
Oleg Nesterov, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cong Wang <xiyou.wangcong@gmail.com>
commit 51fae6da640edf9d266c94f36bc806c63c301991 upstream.
Since f660daac474c6f (oom: thaw threads if oom killed thread is frozen
before deferring) OOM killer relies on being able to thaw a frozen task
to handle OOM situation but a3201227f803 (freezer: make freezing() test
freeze conditions in effect instead of TIF_FREEZE) has reorganized the
code and stopped clearing freeze flag in __thaw_task. This means that
the target task only wakes up and goes into the fridge again because the
freezing condition hasn't changed for it. This reintroduces the bug
fixed by f660daac474c6f.
Fix the issue by checking for TIF_MEMDIE thread flag in
freezing_slow_path and exclude the task from freezing completely. If a
task was already frozen it would get woken by __thaw_task from OOM killer
and get out of freezer after rechecking freezing().
Changes since v1
- put TIF_MEMDIE check into freezing_slowpath rather than in __refrigerator
as per Oleg
- return __thaw_task into oom_scan_process_thread because
oom_kill_process will not wake task in the fridge because it is
sleeping uninterruptible
[mhocko@suse.cz: rewrote the changelog]
Fixes: a3201227f803 (freezer: make freezing() test freeze conditions in effect instead of TIF_FREEZE)
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/freezer.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/freezer.c
+++ b/kernel/freezer.c
@@ -42,6 +42,9 @@ bool freezing_slow_path(struct task_stru
if (p->flags & (PF_NOFREEZE | PF_SUSPEND_TASK))
return false;
+ if (test_thread_flag(TIF_MEMDIE))
+ return false;
+
if (pm_nosig_freezing || cgroup_freezing(p))
return true;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 182/319] fix inode leaks on d_splice_alias() failure exits
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (172 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 181/319] freezer: Do not freeze tasks killed by OOM killer Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 183/319] ACPI: invoke acpi_device_wakeup() with correct parameters Greg Kroah-Hartman
` (129 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 51486b900ee92856b977eacfc5bfbe6565028070 upstream.
d_splice_alias() callers expect it to either stash the inode reference
into a new alias, or drop the inode reference. That makes it possible
to just return d_splice_alias() result from ->lookup() instance, without
any extra housekeeping required.
Unfortunately, that should include the failure exits. If d_splice_alias()
returns an error, it leaves the dentry it has been given negative and
thus it *must* drop the inode reference. Easily fixed, but it goes way
back and will need backporting.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2675,11 +2675,13 @@ struct dentry *d_splice_alias(struct ino
if (!IS_ROOT(new)) {
spin_unlock(&inode->i_lock);
dput(new);
+ iput(inode);
return ERR_PTR(-EIO);
}
if (d_ancestor(new, dentry)) {
spin_unlock(&inode->i_lock);
dput(new);
+ iput(inode);
return ERR_PTR(-EIO);
}
write_seqlock(&rename_lock);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 183/319] ACPI: invoke acpi_device_wakeup() with correct parameters
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (173 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 182/319] fix inode leaks on d_splice_alias() failure exits Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 184/319] x86: ACPI: Do not translate GSI number if IOAPIC is disabled Greg Kroah-Hartman
` (128 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhang Rui, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
commit 67598a1d3140a66f57aa6bcb8d22c4c2b7e910f5 upstream.
Fix a bug that invokes acpi_device_wakeup() with wrong parameters.
Fixes: f35cec255557 (ACPI / PM: Always enable wakeup GPEs when enabling device wakeup)
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/device_pm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/acpi/device_pm.c
+++ b/drivers/acpi/device_pm.c
@@ -710,7 +710,7 @@ int acpi_pm_device_run_wake(struct devic
return -ENODEV;
}
- return acpi_device_wakeup(adev, enable, ACPI_STATE_S0);
+ return acpi_device_wakeup(adev, ACPI_STATE_S0, enable);
}
EXPORT_SYMBOL(acpi_pm_device_run_wake);
#endif /* CONFIG_PM_RUNTIME */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 184/319] x86: ACPI: Do not translate GSI number if IOAPIC is disabled
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (174 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 183/319] ACPI: invoke acpi_device_wakeup() with correct parameters Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 185/319] ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi() Greg Kroah-Hartman
` (127 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiang Liu, Tony Luck, Thomas Richter,
rui.zhang, Rafael J. Wysocki, Bjorn Helgaas, Thomas Gleixner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiang Liu <jiang.liu@linux.intel.com>
commit 961b6a7003acec4f9d70dabc1a253b783cb74272 upstream.
When IOAPIC is disabled, acpi_gsi_to_irq() should return gsi directly
instead of calling mp_map_gsi_to_irq() to translate gsi to IRQ by IOAPIC.
It fixes https://bugzilla.kernel.org/show_bug.cgi?id=84381.
This regression was introduced with commit 6b9fb7082409 "x86, ACPI,
irq: Consolidate algorithm of mapping (ioapic, pin) to IRQ number"
Reported-and-Tested-by: Thomas Richter <thor@math.tu-berlin.de>
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Thomas Richter <thor@math.tu-berlin.de>
Cc: rui.zhang@intel.com
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Link: http://lkml.kernel.org/r/1413816327-12850-1-git-send-email-jiang.liu@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/acpi/boot.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -604,14 +604,18 @@ void __init acpi_pic_sci_set_trigger(uns
int acpi_gsi_to_irq(u32 gsi, unsigned int *irqp)
{
- int irq = mp_map_gsi_to_irq(gsi, IOAPIC_MAP_ALLOC | IOAPIC_MAP_CHECK);
+ int irq;
- if (irq >= 0) {
+ if (acpi_irq_model == ACPI_IRQ_MODEL_PIC) {
+ *irqp = gsi;
+ } else {
+ irq = mp_map_gsi_to_irq(gsi,
+ IOAPIC_MAP_ALLOC | IOAPIC_MAP_CHECK);
+ if (irq < 0)
+ return -1;
*irqp = irq;
- return 0;
}
-
- return -1;
+ return 0;
}
EXPORT_SYMBOL_GPL(acpi_gsi_to_irq);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 185/319] ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (175 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 184/319] x86: ACPI: Do not translate GSI number if IOAPIC is disabled Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 187/319] OOM, PM: OOM killed task shouldnt escape PM suspend Greg Kroah-Hartman
` (126 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiang Liu, Konrad Rzeszutek Wilk,
Tony Luck, Joerg Roedel, Benjamin Herrenschmidt,
Rafael J. Wysocki, Bjorn Helgaas, Randy Dunlap, Yinghai Lu,
Borislav Petkov, Len Brown, Pavel Machek, Thomas Gleixner,
Ingo Molnar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiang Liu <jiang.liu@linux.intel.com>
commit b77e8f435337baa1cd15852fb9db3f6d26cd8eb7 upstream.
Function mp_register_gsi() returns blindly the GSI number for the ACPI
SCI interrupt. That causes a regression when the GSI for ACPI SCI is
shared with other devices.
The regression was caused by commit 84245af7297ced9e8fe "x86, irq, ACPI:
Change __acpi_register_gsi to return IRQ number instead of GSI" and
exposed on a SuperMicro system, which shares one GSI between ACPI SCI
and PCI device, with following failure:
http://sourceforge.net/p/linux1394/mailman/linux1394-user/?viewmonth=201410
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 20 low
level)
[ 2.699224] firewire_ohci 0000:06:00.0: failed to allocate interrupt
20
Return mp_map_gsi_to_irq(gsi, 0) instead of the GSI number.
Reported-and-Tested-by: Daniel Robbins <drobbins@funtoo.org>
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Len Brown <len.brown@intel.com>
Cc: Pavel Machek <pavel@ucw.cz>
Link: http://lkml.kernel.org/r/1414387308-27148-4-git-send-email-jiang.liu@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/acpi/boot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -397,7 +397,7 @@ static int mp_register_gsi(struct device
/* Don't set up the ACPI SCI because it's already set up */
if (acpi_gbl_FADT.sci_interrupt == gsi)
- return gsi;
+ return mp_map_gsi_to_irq(gsi, IOAPIC_MAP_ALLOC);
trigger = trigger == ACPI_EDGE_SENSITIVE ? 0 : 1;
polarity = polarity == ACPI_ACTIVE_HIGH ? 0 : 1;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 187/319] OOM, PM: OOM killed task shouldnt escape PM suspend
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (176 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 185/319] ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi() Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 188/319] iio: st_sensors: Fix buffer copy Greg Kroah-Hartman
` (125 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michal Hocko, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Hocko <mhocko@suse.cz>
commit 5695be142e203167e3cb515ef86a88424f3524eb upstream.
PM freezer relies on having all tasks frozen by the time devices are
getting frozen so that no task will touch them while they are getting
frozen. But OOM killer is allowed to kill an already frozen task in
order to handle OOM situtation. In order to protect from late wake ups
OOM killer is disabled after all tasks are frozen. This, however, still
keeps a window open when a killed task didn't manage to die by the time
freeze_processes finishes.
Reduce the race window by checking all tasks after OOM killer has been
disabled. This is still not race free completely unfortunately because
oom_killer_disable cannot stop an already ongoing OOM killer so a task
might still wake up from the fridge and get killed without
freeze_processes noticing. Full synchronization of OOM and freezer is,
however, too heavy weight for this highly unlikely case.
Introduce and check oom_kills counter which gets incremented early when
the allocator enters __alloc_pages_may_oom path and only check all the
tasks if the counter changes during the freezing attempt. The counter
is updated so early to reduce the race window since allocator checked
oom_killer_disabled which is set by PM-freezing code. A false positive
will push the PM-freezer into a slow path but that is not a big deal.
Changes since v1
- push the re-check loop out of freeze_processes into
check_frozen_processes and invert the condition to make the code more
readable as per Rafael
Fixes: f660daac474c6f (oom: thaw threads if oom killed thread is frozen before deferring)
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/oom.h | 3 +++
kernel/power/process.c | 40 +++++++++++++++++++++++++++++++++++++++-
mm/oom_kill.c | 17 +++++++++++++++++
mm/page_alloc.c | 8 ++++++++
4 files changed, 67 insertions(+), 1 deletion(-)
--- a/include/linux/oom.h
+++ b/include/linux/oom.h
@@ -50,6 +50,9 @@ static inline bool oom_task_origin(const
extern unsigned long oom_badness(struct task_struct *p,
struct mem_cgroup *memcg, const nodemask_t *nodemask,
unsigned long totalpages);
+
+extern int oom_kills_count(void);
+extern void note_oom_kill(void);
extern void oom_kill_process(struct task_struct *p, gfp_t gfp_mask, int order,
unsigned int points, unsigned long totalpages,
struct mem_cgroup *memcg, nodemask_t *nodemask,
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
@@ -108,6 +108,28 @@ static int try_to_freeze_tasks(bool user
return todo ? -EBUSY : 0;
}
+/*
+ * Returns true if all freezable tasks (except for current) are frozen already
+ */
+static bool check_frozen_processes(void)
+{
+ struct task_struct *g, *p;
+ bool ret = true;
+
+ read_lock(&tasklist_lock);
+ for_each_process_thread(g, p) {
+ if (p != current && !freezer_should_skip(p) &&
+ !frozen(p)) {
+ ret = false;
+ goto done;
+ }
+ }
+done:
+ read_unlock(&tasklist_lock);
+
+ return ret;
+}
+
/**
* freeze_processes - Signal user space processes to enter the refrigerator.
* The current thread will not be frozen. The same process that calls
@@ -118,6 +140,7 @@ static int try_to_freeze_tasks(bool user
int freeze_processes(void)
{
int error;
+ int oom_kills_saved;
error = __usermodehelper_disable(UMH_FREEZING);
if (error)
@@ -131,12 +154,27 @@ int freeze_processes(void)
printk("Freezing user space processes ... ");
pm_freezing = true;
+ oom_kills_saved = oom_kills_count();
error = try_to_freeze_tasks(true);
if (!error) {
- printk("done.");
__usermodehelper_set_disable_depth(UMH_DISABLED);
oom_killer_disable();
+
+ /*
+ * There might have been an OOM kill while we were
+ * freezing tasks and the killed task might be still
+ * on the way out so we have to double check for race.
+ */
+ if (oom_kills_count() != oom_kills_saved &&
+ !check_frozen_processes()) {
+ __usermodehelper_set_disable_depth(UMH_ENABLED);
+ printk("OOM in progress.");
+ error = -EBUSY;
+ goto done;
+ }
+ printk("done.");
}
+done:
printk("\n");
BUG_ON(in_atomic());
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -404,6 +404,23 @@ static void dump_header(struct task_stru
dump_tasks(memcg, nodemask);
}
+/*
+ * Number of OOM killer invocations (including memcg OOM killer).
+ * Primarily used by PM freezer to check for potential races with
+ * OOM killed frozen task.
+ */
+static atomic_t oom_kills = ATOMIC_INIT(0);
+
+int oom_kills_count(void)
+{
+ return atomic_read(&oom_kills);
+}
+
+void note_oom_kill(void)
+{
+ atomic_inc(&oom_kills);
+}
+
#define K(x) ((x) << (PAGE_SHIFT-10))
/*
* Must be called while holding a reference to p, which will be released upon
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -2253,6 +2253,14 @@ __alloc_pages_may_oom(gfp_t gfp_mask, un
}
/*
+ * PM-freezer should be notified that there might be an OOM killer on
+ * its way to kill and wake somebody up. This is too early and we might
+ * end up not killing anything but false positives are acceptable.
+ * See freeze_processes.
+ */
+ note_oom_kill();
+
+ /*
* Go through the zonelist yet one more time, keep very high watermark
* here, this is only to catch a parallel oom killing, we must fail if
* we're still under heavy pressure.
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 188/319] iio: st_sensors: Fix buffer copy
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (177 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 187/319] OOM, PM: OOM killed task shouldnt escape PM suspend Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 189/319] iio: adc: mxs-lradc: Disable the clock on probe failure Greg Kroah-Hartman
` (124 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robin van der Gracht, Denis Ciocca,
Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robin van der Gracht <robin@protonic.nl>
commit 4250c90b30b8bf2a1a21122ba0484f8f351f152d upstream.
Use byte_for_channel as iterator to properly initialize the buffer.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Acked-by: Denis Ciocca <denis.ciocca@st.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/common/st_sensors/st_sensors_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/common/st_sensors/st_sensors_buffer.c
+++ b/drivers/iio/common/st_sensors/st_sensors_buffer.c
@@ -71,7 +71,7 @@ int st_sensors_get_buffer_element(struct
goto st_sensors_free_memory;
}
- for (i = 0; i < n * num_data_channels; i++) {
+ for (i = 0; i < n * byte_for_channel; i++) {
if (i < n)
buf[i] = rx_array[i];
else
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 189/319] iio: adc: mxs-lradc: Disable the clock on probe failure
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (178 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 188/319] iio: st_sensors: Fix buffer copy Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 190/319] staging:iio:ad5933: Fix NULL pointer deref when enabling buffer Greg Kroah-Hartman
` (123 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Marek Vasut, Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fabio Estevam <fabio.estevam@freescale.com>
commit 75d7ed3b9e7cb79a3b0e1f417fb674d54b4fc668 upstream.
We should disable lradc->clk in the case of errors in the probe function.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/adc/mxs-lradc.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/drivers/staging/iio/adc/mxs-lradc.c
+++ b/drivers/staging/iio/adc/mxs-lradc.c
@@ -1565,14 +1565,16 @@ static int mxs_lradc_probe(struct platfo
/* Grab all IRQ sources */
for (i = 0; i < of_cfg->irq_count; i++) {
lradc->irq[i] = platform_get_irq(pdev, i);
- if (lradc->irq[i] < 0)
- return lradc->irq[i];
+ if (lradc->irq[i] < 0) {
+ ret = lradc->irq[i];
+ goto err_clk;
+ }
ret = devm_request_irq(dev, lradc->irq[i],
mxs_lradc_handle_irq, 0,
of_cfg->irq_name[i], iio);
if (ret)
- return ret;
+ goto err_clk;
}
lradc->vref_mv = of_cfg->vref_mv;
@@ -1594,7 +1596,7 @@ static int mxs_lradc_probe(struct platfo
&mxs_lradc_trigger_handler,
&mxs_lradc_buffer_ops);
if (ret)
- return ret;
+ goto err_clk;
ret = mxs_lradc_trigger_init(iio);
if (ret)
@@ -1649,6 +1651,8 @@ err_dev:
mxs_lradc_trigger_remove(iio);
err_trig:
iio_triggered_buffer_cleanup(iio);
+err_clk:
+ clk_disable_unprepare(lradc->clk);
return ret;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 190/319] staging:iio:ad5933: Fix NULL pointer deref when enabling buffer
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (179 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 189/319] iio: adc: mxs-lradc: Disable the clock on probe failure Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 191/319] staging:iio:ad5933: Drop "raw" from channel names Greg Kroah-Hartman
` (122 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen, Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 824269c5868d2a7a26417e5ef3841a27d42c6139 upstream.
In older versions of the IIO framework it was possible to pass a
completely different set of channels to iio_buffer_register() as the one
that is assigned to the IIO device. Commit 959d2952d124 ("staging:iio: make
iio_sw_buffer_preenable much more general.") introduced a restriction that
requires that the set of channels that is passed to iio_buffer_register() is
a subset of the channels assigned to the IIO device as the IIO core will use
the list of channels that is assigned to the device to lookup a channel by
scan index in iio_compute_scan_bytes(). If it can not find the channel the
function will crash. This patch fixes the issue by making sure that the same
set of channels is assigned to the IIO device and passed to
iio_buffer_register().
Fixes the follow NULL pointer derefernce kernel crash:
Unable to handle kernel NULL pointer dereference at virtual address 00000016
pgd = d53d0000
[00000016] *pgd=1534e831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 1626 Comm: bash Not tainted 3.15.0-19969-g2a180eb-dirty #9545
task: d6c124c0 ti: d539a000 task.ti: d539a000
PC is at iio_compute_scan_bytes+0x34/0xa8
LR is at iio_compute_scan_bytes+0x34/0xa8
pc : [<c03052e4>] lr : [<c03052e4>] psr: 60070013
sp : d539beb8 ip : 00000001 fp : 00000000
r10: 00000002 r9 : 00000000 r8 : 00000001
r7 : 00000000 r6 : d6dc8800 r5 : d7571000 r4 : 00000002
r3 : d7571000 r2 : 00000044 r1 : 00000001 r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 18c5387d Table: 153d004a DAC: 00000015
Process bash (pid: 1626, stack limit = 0xd539a240)
Stack: (0xd539beb8 to 0xd539c000)
bea0: c02fc0e4 d7571000
bec0: d76c1640 d6dc8800 d757117c 00000000 d757112c c0305b04 d76c1690 d76c1640
bee0: d7571188 00000002 00000000 d7571000 d539a000 00000000 000dd1c8 c0305d54
bf00: d7571010 0160b868 00000002 c69d3900 d7573278 d7573308 c69d3900 c01ece90
bf20: 00000002 c0103fac c0103f6c d539bf88 00000002 c69d3b00 c69d3b0c c0103468
bf40: 00000000 00000000 d7694a00 00000002 000af408 d539bf88 c000dd84 c00b2f94
bf60: d7694a00 000af408 00000002 d7694a00 d7694a00 00000002 000af408 c000dd84
bf80: 00000000 c00b32d0 00000000 00000000 00000002 b6f1aa78 00000002 000af408
bfa0: 00000004 c000dc00 b6f1aa78 00000002 00000001 000af408 00000002 00000000
bfc0: b6f1aa78 00000002 000af408 00000004 be806a4c 000a6094 00000000 000dd1c8
bfe0: 00000000 be8069cc b6e8ab77 b6ec125c 40070010 00000001 22940489 154a5007
[<c03052e4>] (iio_compute_scan_bytes) from [<c0305b04>] (__iio_update_buffers+0x248/0x438)
[<c0305b04>] (__iio_update_buffers) from [<c0305d54>] (iio_buffer_store_enable+0x60/0x7c)
[<c0305d54>] (iio_buffer_store_enable) from [<c01ece90>] (dev_attr_store+0x18/0x24)
[<c01ece90>] (dev_attr_store) from [<c0103fac>] (sysfs_kf_write+0x40/0x4c)
[<c0103fac>] (sysfs_kf_write) from [<c0103468>] (kernfs_fop_write+0x110/0x154)
[<c0103468>] (kernfs_fop_write) from [<c00b2f94>] (vfs_write+0xd0/0x160)
[<c00b2f94>] (vfs_write) from [<c00b32d0>] (SyS_write+0x40/0x78)
[<c00b32d0>] (SyS_write) from [<c000dc00>] (ret_fast_syscall+0x0/0x30)
Code: ea00000e e1a01008 e1a00005 ebfff6fc (e5d0a016)
Fixes: 959d2952d124 ("staging:iio: make iio_sw_buffer_preenable much more general.")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/impedance-analyzer/ad5933.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
--- a/drivers/staging/iio/impedance-analyzer/ad5933.c
+++ b/drivers/staging/iio/impedance-analyzer/ad5933.c
@@ -115,6 +115,7 @@ static const struct iio_chan_spec ad5933
.channel = 0,
.info_mask_separate = BIT(IIO_CHAN_INFO_PROCESSED),
.address = AD5933_REG_TEMP_DATA,
+ .scan_index = -1,
.scan_type = {
.sign = 's',
.realbits = 14,
@@ -125,8 +126,6 @@ static const struct iio_chan_spec ad5933
.indexed = 1,
.channel = 0,
.extend_name = "real_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW) |
- BIT(IIO_CHAN_INFO_SCALE),
.address = AD5933_REG_REAL_DATA,
.scan_index = 0,
.scan_type = {
@@ -139,8 +138,6 @@ static const struct iio_chan_spec ad5933
.indexed = 1,
.channel = 0,
.extend_name = "imag_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW) |
- BIT(IIO_CHAN_INFO_SCALE),
.address = AD5933_REG_IMAG_DATA,
.scan_index = 1,
.scan_type = {
@@ -748,14 +745,14 @@ static int ad5933_probe(struct i2c_clien
indio_dev->name = id->name;
indio_dev->modes = INDIO_DIRECT_MODE;
indio_dev->channels = ad5933_channels;
- indio_dev->num_channels = 1; /* only register temp0_input */
+ indio_dev->num_channels = ARRAY_SIZE(ad5933_channels);
ret = ad5933_register_ring_funcs_and_init(indio_dev);
if (ret)
goto error_disable_reg;
- /* skip temp0_input, register in0_(real|imag)_raw */
- ret = iio_buffer_register(indio_dev, &ad5933_channels[1], 2);
+ ret = iio_buffer_register(indio_dev, ad5933_channels,
+ ARRAY_SIZE(ad5933_channels));
if (ret)
goto error_unreg_ring;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 191/319] staging:iio:ad5933: Drop "raw" from channel names
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (180 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 190/319] staging:iio:ad5933: Fix NULL pointer deref when enabling buffer Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 192/319] iio: as3935: allocate correct iio_device size Greg Kroah-Hartman
` (121 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen, Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 6822ee34ad57b29a3b44df2c2829910f03c34fa4 upstream.
"raw" is the name of a channel property, but should not be part of the
channel name itself.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/impedance-analyzer/ad5933.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/staging/iio/impedance-analyzer/ad5933.c
+++ b/drivers/staging/iio/impedance-analyzer/ad5933.c
@@ -125,7 +125,7 @@ static const struct iio_chan_spec ad5933
.type = IIO_VOLTAGE,
.indexed = 1,
.channel = 0,
- .extend_name = "real_raw",
+ .extend_name = "real",
.address = AD5933_REG_REAL_DATA,
.scan_index = 0,
.scan_type = {
@@ -137,7 +137,7 @@ static const struct iio_chan_spec ad5933
.type = IIO_VOLTAGE,
.indexed = 1,
.channel = 0,
- .extend_name = "imag_raw",
+ .extend_name = "imag",
.address = AD5933_REG_IMAG_DATA,
.scan_index = 1,
.scan_type = {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 192/319] iio: as3935: allocate correct iio_device size
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (181 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 191/319] staging:iio:ad5933: Drop "raw" from channel names Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 193/319] staging:iio:ade7758: Fix NULL pointer deref when enabling buffer Greg Kroah-Hartman
` (120 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, George McCollister, Hartmut Knaack,
Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: George McCollister <george.mccollister@gmail.com>
commit f73cde600d410ad4b31362a9c348016e40a146ea upstream.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Acked-by: Hartmut Knaack <knaack.h@gmx.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/proximity/as3935.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/proximity/as3935.c
+++ b/drivers/iio/proximity/as3935.c
@@ -330,7 +330,7 @@ static int as3935_probe(struct spi_devic
return -EINVAL;
}
- indio_dev = devm_iio_device_alloc(&spi->dev, sizeof(st));
+ indio_dev = devm_iio_device_alloc(&spi->dev, sizeof(*st));
if (!indio_dev)
return -ENOMEM;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 193/319] staging:iio:ade7758: Fix NULL pointer deref when enabling buffer
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (182 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 192/319] iio: as3935: allocate correct iio_device size Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 194/319] staging:iio:ade7758: Fix check if channels are enabled in prenable Greg Kroah-Hartman
` (119 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen, Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit e10554738cab4224e097c2f9d975ea781a4fcde4 upstream.
In older versions of the IIO framework it was possible to pass a completely
different set of channels to iio_buffer_register() as the one that is
assigned to the IIO device. Commit 959d2952d124 ("staging:iio: make
iio_sw_buffer_preenable much more general.") introduced a restriction that
requires that the set of channels that is passed to iio_buffer_register() is
a subset of the channels assigned to the IIO device as the IIO core will use
the list of channels that is assigned to the device to lookup a channel by
scan index in iio_compute_scan_bytes(). If it can not find the channel the
function will crash. This patch fixes the issue by making sure that the same
set of channels is assigned to the IIO device and passed to
iio_buffer_register().
Note that we need to remove the IIO_CHAN_INFO_RAW and IIO_CHAN_INFO_SCALE
info attributes from the channels since we don't actually want those to be
registered.
Fixes the following crash:
Unable to handle kernel NULL pointer dereference at virtual address 00000016
pgd = d2094000
[00000016] *pgd=16e39831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 1695 Comm: bash Not tainted 3.17.0-06329-g29461ee #9686
task: d7768040 ti: d5bd4000 task.ti: d5bd4000
PC is at iio_compute_scan_bytes+0x38/0xc0
LR is at iio_compute_scan_bytes+0x34/0xc0
pc : [<c0316de8>] lr : [<c0316de4>] psr: 60070013
sp : d5bd5ec0 ip : 00000000 fp : 00000000
r10: d769f934 r9 : 00000000 r8 : 00000001
r7 : 00000000 r6 : c8fc6240 r5 : d769f800 r4 : 00000000
r3 : d769f800 r2 : 00000000 r1 : ffffffff r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 18c5387d Table: 1209404a DAC: 00000015
Process bash (pid: 1695, stack limit = 0xd5bd4240)
Stack: (0xd5bd5ec0 to 0xd5bd6000)
5ec0: d769f800 d7435640 c8fc6240 d769f984 00000000 c03175a4 d7435690 d7435640
5ee0: d769f990 00000002 00000000 d769f800 d5bd4000 00000000 000b43a8 c03177f4
5f00: d769f810 0162b8c8 00000002 c8fc7e00 d77f1d08 d77f1da8 c8fc7e00 c01faf1c
5f20: 00000002 c010694c c010690c d5bd5f88 00000002 c8fc6840 c8fc684c c0105e08
5f40: 00000000 00000000 d20d1580 00000002 000af408 d5bd5f88 c000de84 c00b76d4
5f60: d20d1580 000af408 00000002 d20d1580 d20d1580 00000002 000af408 c000de84
5f80: 00000000 c00b7a44 00000000 00000000 00000002 b6ebea78 00000002 000af408
5fa0: 00000004 c000dd00 b6ebea78 00000002 00000001 000af408 00000002 00000000
5fc0: b6ebea78 00000002 000af408 00000004 bee96a4c 000a6094 00000000 000b43a8
5fe0: 00000000 bee969cc b6e2eb77 b6e6525c 40070010 00000001 00000000 00000000
[<c0316de8>] (iio_compute_scan_bytes) from [<c03175a4>] (__iio_update_buffers+0x248/0x438)
[<c03175a4>] (__iio_update_buffers) from [<c03177f4>] (iio_buffer_store_enable+0x60/0x7c)
[<c03177f4>] (iio_buffer_store_enable) from [<c01faf1c>] (dev_attr_store+0x18/0x24)
[<c01faf1c>] (dev_attr_store) from [<c010694c>] (sysfs_kf_write+0x40/0x4c)
[<c010694c>] (sysfs_kf_write) from [<c0105e08>] (kernfs_fop_write+0x110/0x154)
[<c0105e08>] (kernfs_fop_write) from [<c00b76d4>] (vfs_write+0xbc/0x170)
[<c00b76d4>] (vfs_write) from [<c00b7a44>] (SyS_write+0x40/0x78)
[<c00b7a44>] (SyS_write) from [<c000dd00>] (ret_fast_syscall+0x0/0x30)
Fixes: 959d2952d124 ("staging:iio: make iio_sw_buffer_preenable much more general.")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/meter/ade7758.h | 1
drivers/staging/iio/meter/ade7758_core.c | 33 +------------------------------
drivers/staging/iio/meter/ade7758_ring.c | 3 --
3 files changed, 3 insertions(+), 34 deletions(-)
--- a/drivers/staging/iio/meter/ade7758.h
+++ b/drivers/staging/iio/meter/ade7758.h
@@ -119,7 +119,6 @@ struct ade7758_state {
u8 *tx;
u8 *rx;
struct mutex buf_lock;
- const struct iio_chan_spec *ade7758_ring_channels;
struct spi_transfer ring_xfer[4];
struct spi_message ring_msg;
/*
--- a/drivers/staging/iio/meter/ade7758_core.c
+++ b/drivers/staging/iio/meter/ade7758_core.c
@@ -631,8 +631,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 0,
.extend_name = "raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_A, AD7758_VOLTAGE),
.scan_index = 0,
.scan_type = {
@@ -645,8 +643,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 0,
.extend_name = "raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_A, AD7758_CURRENT),
.scan_index = 1,
.scan_type = {
@@ -659,8 +655,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 0,
.extend_name = "apparent_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_A, AD7758_APP_PWR),
.scan_index = 2,
.scan_type = {
@@ -673,8 +667,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 0,
.extend_name = "active_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_A, AD7758_ACT_PWR),
.scan_index = 3,
.scan_type = {
@@ -687,8 +679,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 0,
.extend_name = "reactive_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_A, AD7758_REACT_PWR),
.scan_index = 4,
.scan_type = {
@@ -701,8 +691,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 1,
.extend_name = "raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_B, AD7758_VOLTAGE),
.scan_index = 5,
.scan_type = {
@@ -715,8 +703,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 1,
.extend_name = "raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_B, AD7758_CURRENT),
.scan_index = 6,
.scan_type = {
@@ -729,8 +715,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 1,
.extend_name = "apparent_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_B, AD7758_APP_PWR),
.scan_index = 7,
.scan_type = {
@@ -743,8 +727,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 1,
.extend_name = "active_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_B, AD7758_ACT_PWR),
.scan_index = 8,
.scan_type = {
@@ -757,8 +739,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 1,
.extend_name = "reactive_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_B, AD7758_REACT_PWR),
.scan_index = 9,
.scan_type = {
@@ -771,8 +751,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 2,
.extend_name = "raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_C, AD7758_VOLTAGE),
.scan_index = 10,
.scan_type = {
@@ -785,8 +763,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 2,
.extend_name = "raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_C, AD7758_CURRENT),
.scan_index = 11,
.scan_type = {
@@ -799,8 +775,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 2,
.extend_name = "apparent_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_C, AD7758_APP_PWR),
.scan_index = 12,
.scan_type = {
@@ -813,8 +787,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 2,
.extend_name = "active_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_C, AD7758_ACT_PWR),
.scan_index = 13,
.scan_type = {
@@ -827,8 +799,6 @@ static const struct iio_chan_spec ade775
.indexed = 1,
.channel = 2,
.extend_name = "reactive_raw",
- .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
- .info_mask_shared_by_type = BIT(IIO_CHAN_INFO_SCALE),
.address = AD7758_WT(AD7758_PHASE_C, AD7758_REACT_PWR),
.scan_index = 14,
.scan_type = {
@@ -869,13 +839,14 @@ static int ade7758_probe(struct spi_devi
goto error_free_rx;
}
st->us = spi;
- st->ade7758_ring_channels = &ade7758_channels[0];
mutex_init(&st->buf_lock);
indio_dev->name = spi->dev.driver->name;
indio_dev->dev.parent = &spi->dev;
indio_dev->info = &ade7758_info;
indio_dev->modes = INDIO_DIRECT_MODE;
+ indio_dev->channels = ade7758_channels;
+ indio_dev->num_channels = ARRAY_SIZE(ade7758_channels);
ret = ade7758_configure_ring(indio_dev);
if (ret)
--- a/drivers/staging/iio/meter/ade7758_ring.c
+++ b/drivers/staging/iio/meter/ade7758_ring.c
@@ -85,7 +85,6 @@ static irqreturn_t ade7758_trigger_handl
**/
static int ade7758_ring_preenable(struct iio_dev *indio_dev)
{
- struct ade7758_state *st = iio_priv(indio_dev);
unsigned channel;
if (!bitmap_empty(indio_dev->active_scan_mask, indio_dev->masklength))
@@ -95,7 +94,7 @@ static int ade7758_ring_preenable(struct
indio_dev->masklength);
ade7758_write_waveform_type(&indio_dev->dev,
- st->ade7758_ring_channels[channel].address);
+ indio_dev->channels[channel].address);
return 0;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 194/319] staging:iio:ade7758: Fix check if channels are enabled in prenable
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (183 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 193/319] staging:iio:ade7758: Fix NULL pointer deref when enabling buffer Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 195/319] staging:iio:ade7758: Remove "raw" from channel name Greg Kroah-Hartman
` (118 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen, Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 79fa64eb2ee8ccb4bcad7f54caa2699730b10b22 upstream.
We should check if a channel is enabled, not if no channels are enabled.
Fixes: 550268ca1111 ("staging:iio: scrap scan_count and ensure all drivers use active_scan_mask")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/meter/ade7758_ring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/iio/meter/ade7758_ring.c
+++ b/drivers/staging/iio/meter/ade7758_ring.c
@@ -87,7 +87,7 @@ static int ade7758_ring_preenable(struct
{
unsigned channel;
- if (!bitmap_empty(indio_dev->active_scan_mask, indio_dev->masklength))
+ if (bitmap_empty(indio_dev->active_scan_mask, indio_dev->masklength))
return -EINVAL;
channel = find_first_bit(indio_dev->active_scan_mask,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 195/319] staging:iio:ade7758: Remove "raw" from channel name
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (184 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 194/319] staging:iio:ade7758: Fix check if channels are enabled in prenable Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 196/319] serial: msm_serial: Fix kgdb continue Greg Kroah-Hartman
` (117 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen, Jonathan Cameron
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit b598aacc29331e7e638cd509108600e916c6331b upstream.
"raw" is a property of a channel, but should not be part of the name of
channel.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/meter/ade7758_core.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
--- a/drivers/staging/iio/meter/ade7758_core.c
+++ b/drivers/staging/iio/meter/ade7758_core.c
@@ -630,7 +630,6 @@ static const struct iio_chan_spec ade775
.type = IIO_VOLTAGE,
.indexed = 1,
.channel = 0,
- .extend_name = "raw",
.address = AD7758_WT(AD7758_PHASE_A, AD7758_VOLTAGE),
.scan_index = 0,
.scan_type = {
@@ -642,7 +641,6 @@ static const struct iio_chan_spec ade775
.type = IIO_CURRENT,
.indexed = 1,
.channel = 0,
- .extend_name = "raw",
.address = AD7758_WT(AD7758_PHASE_A, AD7758_CURRENT),
.scan_index = 1,
.scan_type = {
@@ -654,7 +652,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 0,
- .extend_name = "apparent_raw",
+ .extend_name = "apparent",
.address = AD7758_WT(AD7758_PHASE_A, AD7758_APP_PWR),
.scan_index = 2,
.scan_type = {
@@ -666,7 +664,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 0,
- .extend_name = "active_raw",
+ .extend_name = "active",
.address = AD7758_WT(AD7758_PHASE_A, AD7758_ACT_PWR),
.scan_index = 3,
.scan_type = {
@@ -678,7 +676,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 0,
- .extend_name = "reactive_raw",
+ .extend_name = "reactive",
.address = AD7758_WT(AD7758_PHASE_A, AD7758_REACT_PWR),
.scan_index = 4,
.scan_type = {
@@ -690,7 +688,6 @@ static const struct iio_chan_spec ade775
.type = IIO_VOLTAGE,
.indexed = 1,
.channel = 1,
- .extend_name = "raw",
.address = AD7758_WT(AD7758_PHASE_B, AD7758_VOLTAGE),
.scan_index = 5,
.scan_type = {
@@ -702,7 +699,6 @@ static const struct iio_chan_spec ade775
.type = IIO_CURRENT,
.indexed = 1,
.channel = 1,
- .extend_name = "raw",
.address = AD7758_WT(AD7758_PHASE_B, AD7758_CURRENT),
.scan_index = 6,
.scan_type = {
@@ -714,7 +710,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 1,
- .extend_name = "apparent_raw",
+ .extend_name = "apparent",
.address = AD7758_WT(AD7758_PHASE_B, AD7758_APP_PWR),
.scan_index = 7,
.scan_type = {
@@ -726,7 +722,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 1,
- .extend_name = "active_raw",
+ .extend_name = "active",
.address = AD7758_WT(AD7758_PHASE_B, AD7758_ACT_PWR),
.scan_index = 8,
.scan_type = {
@@ -738,7 +734,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 1,
- .extend_name = "reactive_raw",
+ .extend_name = "reactive",
.address = AD7758_WT(AD7758_PHASE_B, AD7758_REACT_PWR),
.scan_index = 9,
.scan_type = {
@@ -750,7 +746,6 @@ static const struct iio_chan_spec ade775
.type = IIO_VOLTAGE,
.indexed = 1,
.channel = 2,
- .extend_name = "raw",
.address = AD7758_WT(AD7758_PHASE_C, AD7758_VOLTAGE),
.scan_index = 10,
.scan_type = {
@@ -762,7 +757,6 @@ static const struct iio_chan_spec ade775
.type = IIO_CURRENT,
.indexed = 1,
.channel = 2,
- .extend_name = "raw",
.address = AD7758_WT(AD7758_PHASE_C, AD7758_CURRENT),
.scan_index = 11,
.scan_type = {
@@ -774,7 +768,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 2,
- .extend_name = "apparent_raw",
+ .extend_name = "apparent",
.address = AD7758_WT(AD7758_PHASE_C, AD7758_APP_PWR),
.scan_index = 12,
.scan_type = {
@@ -786,7 +780,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 2,
- .extend_name = "active_raw",
+ .extend_name = "active",
.address = AD7758_WT(AD7758_PHASE_C, AD7758_ACT_PWR),
.scan_index = 13,
.scan_type = {
@@ -798,7 +792,7 @@ static const struct iio_chan_spec ade775
.type = IIO_POWER,
.indexed = 1,
.channel = 2,
- .extend_name = "reactive_raw",
+ .extend_name = "reactive",
.address = AD7758_WT(AD7758_PHASE_C, AD7758_REACT_PWR),
.scan_index = 14,
.scan_type = {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 196/319] serial: msm_serial: Fix kgdb continue
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (185 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 195/319] staging:iio:ade7758: Remove "raw" from channel name Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 198/319] USB: serial: cp210x: add Silicon Labs 358x VID and PID Greg Kroah-Hartman
` (116 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Frank Rowand, Stephen Boyd
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Boyd <sboyd@codeaurora.org>
commit 8b374399468da1c25db5b5d436b167aafc10fbdc upstream.
Frank reports that after continuing in kgdb the RX stale event
doesn't occur until after the RX fifo is filled up with exactly
the amount of characters programmed for the RX watermark (in this
case it's 48). To read a single character from the uartdm
hardware we force a stale event so that any characters in the RX
packing buffer are flushed into the RX fifo immediately instead
of waiting for a stale timeout or for the fifo to fill. Forcing
that stale event asserts the stale interrupt but we never clear
that interrupt via UART_CR_CMD_RESET_STALE_INT in the polling
functions. So when kgdb continues the stale interrupt is left
pending in the hardware and we don't timeout with a stale event,
like we usually would if a user typed one character on the
console, until the reset stale interrupt and stale event commands
are sent. Frank could get things working again by running
handle_rx_dm(). By putting enough characters into the fifo he
could trigger a watermark interrupt, and thus cause
handle_rx_dm() to run finally resetting the stale interrupt
and enabling the stale event so that single characters would
cause timeouts again.
The fix is to just do what the interrupt routine was doing all
along and clear the stale interrupt and enable the event again.
Doing this also smooths over any differences in the fifo behavior
between v1.3 and v1.4 hardware allowing us to skip forcing the
uart into single character mode.
Reviewed-by: Frank Rowand <frank.rowand@sonymobile.com>
Tested-by: Frank Rowand <frank.rowand@sonymobile.com>
Fixes: f7e54d7ad743 "msm_serial: Add support for poll_{get,put}_char()"
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/msm_serial.c | 22 +++++++---------------
1 file changed, 7 insertions(+), 15 deletions(-)
--- a/drivers/tty/serial/msm_serial.c
+++ b/drivers/tty/serial/msm_serial.c
@@ -683,17 +683,6 @@ static void msm_power(struct uart_port *
}
#ifdef CONFIG_CONSOLE_POLL
-static int msm_poll_init(struct uart_port *port)
-{
- struct msm_port *msm_port = UART_TO_MSM(port);
-
- /* Enable single character mode on RX FIFO */
- if (msm_port->is_uartdm >= UARTDM_1P4)
- msm_write(port, UARTDM_DMEN_RX_SC_ENABLE, UARTDM_DMEN);
-
- return 0;
-}
-
static int msm_poll_get_char_single(struct uart_port *port)
{
struct msm_port *msm_port = UART_TO_MSM(port);
@@ -705,7 +694,7 @@ static int msm_poll_get_char_single(stru
return msm_read(port, rf_reg) & 0xff;
}
-static int msm_poll_get_char_dm_1p3(struct uart_port *port)
+static int msm_poll_get_char_dm(struct uart_port *port)
{
int c;
static u32 slop;
@@ -729,6 +718,10 @@ static int msm_poll_get_char_dm_1p3(stru
slop = msm_read(port, UARTDM_RF);
c = sp[0];
count--;
+ msm_write(port, UART_CR_CMD_RESET_STALE_INT, UART_CR);
+ msm_write(port, 0xFFFFFF, UARTDM_DMRX);
+ msm_write(port, UART_CR_CMD_STALE_EVENT_ENABLE,
+ UART_CR);
} else {
c = NO_POLL_CHAR;
}
@@ -752,8 +745,8 @@ static int msm_poll_get_char(struct uart
imr = msm_read(port, UART_IMR);
msm_write(port, 0, UART_IMR);
- if (msm_port->is_uartdm == UARTDM_1P3)
- c = msm_poll_get_char_dm_1p3(port);
+ if (msm_port->is_uartdm)
+ c = msm_poll_get_char_dm(port);
else
c = msm_poll_get_char_single(port);
@@ -812,7 +805,6 @@ static struct uart_ops msm_uart_pops = {
.verify_port = msm_verify_port,
.pm = msm_power,
#ifdef CONFIG_CONSOLE_POLL
- .poll_init = msm_poll_init,
.poll_get_char = msm_poll_get_char,
.poll_put_char = msm_poll_put_char,
#endif
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 198/319] USB: serial: cp210x: add Silicon Labs 358x VID and PID
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (186 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 196/319] serial: msm_serial: Fix kgdb continue Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 199/319] usb: serial: ftdi_sio: add Awinda Station and Dongle products Greg Kroah-Hartman
` (115 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nathaniel Ting, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathaniel Ting <nathaniel.ting@silabs.com>
commit 35cc83eab097e5720a9cc0ec12bdc3a726f58381 upstream.
Enable Silicon Labs Ember VID chips to enumerate with the cp210x usb serial
driver. EM358x devices operating with the Ember Z-Net 5.1.2 stack may now
connect to host PCs over a USB serial link.
Signed-off-by: Nathaniel Ting <nathaniel.ting@silabs.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/cp210x.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -155,6 +155,7 @@ static const struct usb_device_id id_tab
{ USB_DEVICE(0x18EF, 0xE00F) }, /* ELV USB-I2C-Interface */
{ USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
{ USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
+ { USB_DEVICE(0x1BA4, 0x0002) }, /* Silicon Labs 358x factory default */
{ USB_DEVICE(0x1BE3, 0x07A6) }, /* WAGO 750-923 USB Service Cable */
{ USB_DEVICE(0x1D6F, 0x0010) }, /* Seluxit ApS RF Dongle */
{ USB_DEVICE(0x1E29, 0x0102) }, /* Festo CPX-USB */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 199/319] usb: serial: ftdi_sio: add Awinda Station and Dongle products
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (187 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 198/319] USB: serial: cp210x: add Silicon Labs 358x VID and PID Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 200/319] usb: serial: ftdi_sio: add "bricked" FTDI device PID Greg Kroah-Hartman
` (114 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Frans Klaver, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frans Klaver <frans.klaver@xsens.com>
commit edd74ffab1f6909eee400c7de8ce621870aacac9 upstream.
Add new IDs for the Xsens Awinda Station and Awinda Dongle.
While at it, order the definitions by PID and add a logical separation
between devices using Xsens' VID and those using FTDI's VID.
Signed-off-by: Frans Klaver <frans.klaver@xsens.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/ftdi_sio.c | 2 ++
drivers/usb/serial/ftdi_sio_ids.h | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -661,6 +661,8 @@ static const struct usb_device_id id_tab
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_5_PID) },
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_6_PID) },
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_7_PID) },
+ { USB_DEVICE(XSENS_VID, XSENS_AWINDA_DONGLE_PID) },
+ { USB_DEVICE(XSENS_VID, XSENS_AWINDA_STATION_PID) },
{ USB_DEVICE(XSENS_VID, XSENS_CONVERTER_PID) },
{ USB_DEVICE(XSENS_VID, XSENS_MTW_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_OMNI1509) },
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -143,8 +143,12 @@
* Xsens Technologies BV products (http://www.xsens.com).
*/
#define XSENS_VID 0x2639
-#define XSENS_CONVERTER_PID 0xD00D /* Xsens USB-serial converter */
+#define XSENS_AWINDA_STATION_PID 0x0101
+#define XSENS_AWINDA_DONGLE_PID 0x0102
#define XSENS_MTW_PID 0x0200 /* Xsens MTw */
+#define XSENS_CONVERTER_PID 0xD00D /* Xsens USB-serial converter */
+
+/* Xsens devices using FTDI VID */
#define XSENS_CONVERTER_0_PID 0xD388 /* Xsens USB converter */
#define XSENS_CONVERTER_1_PID 0xD389 /* Xsens Wireless Receiver */
#define XSENS_CONVERTER_2_PID 0xD38A
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 200/319] usb: serial: ftdi_sio: add "bricked" FTDI device PID
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (188 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 199/319] usb: serial: ftdi_sio: add Awinda Station and Dongle products Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 201/319] USB: cdc-acm: add device id for GW Instek AFG-2225 Greg Kroah-Hartman
` (113 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Perry Hung, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Perry Hung <iperry@gmail.com>
commit 7f2719f0003da1ad13124ef00f48d7514c79e30d upstream.
An official recent Windows driver from FTDI detects counterfeit devices
and reprograms the internal EEPROM containing the USB PID to 0, effectively
bricking the device.
Add support for this VID/PID pair to correctly bind the driver on these
devices.
See:
http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/
Signed-off-by: Perry Hung <iperry@gmail.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++
2 files changed, 7 insertions(+)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -140,6 +140,7 @@ static struct ftdi_sio_quirk ftdi_8u2232
* /sys/bus/usb-serial/drivers/ftdi_sio/new_id and send a patch or report.
*/
static const struct usb_device_id id_table_combined[] = {
+ { USB_DEVICE(FTDI_VID, FTDI_BRICK_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_ZEITCONTROL_TAGTRACE_MIFARE_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_CTI_MINI_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_CTI_NANO_PID) },
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -30,6 +30,12 @@
/*** third-party PIDs (using FTDI_VID) ***/
+/*
+ * Certain versions of the official Windows FTDI driver reprogrammed
+ * counterfeit FTDI devices to PID 0. Support these devices anyway.
+ */
+#define FTDI_BRICK_PID 0x0000
+
#define FTDI_LUMEL_PD12_PID 0x6002
/*
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 201/319] USB: cdc-acm: add device id for GW Instek AFG-2225
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (189 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 200/319] usb: serial: ftdi_sio: add "bricked" FTDI device PID Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 202/319] USB: cdc-acm: only raise DTR on transitions from B0 Greg Kroah-Hartman
` (112 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Karl Palsson, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit cf84a691a61606a2e7269907d3727e2d9fa148ee upstream.
Add device-id entry for GW Instek AFG-2225, which has a byte swapped
bInterfaceSubClass (0x20).
Reported-by: Karl Palsson <karlp@tweak.net.au>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1681,6 +1681,7 @@ static const struct usb_device_id acm_id
{ USB_DEVICE(0x0572, 0x1328), /* Shiro / Aztech USB MODEM UM-3100 */
.driver_info = NO_UNION_NORMAL, /* has no union descriptor */
},
+ { USB_DEVICE(0x2184, 0x001c) }, /* GW Instek AFG-2225 */
{ USB_DEVICE(0x22b8, 0x6425), /* Motorola MOTOMAGX phones */
},
/* Motorola H24 HSPA module: */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 202/319] USB: cdc-acm: only raise DTR on transitions from B0
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (190 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 201/319] USB: cdc-acm: add device id for GW Instek AFG-2225 Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 203/319] USB: cdc-acm: add quirk for control-line state requests Greg Kroah-Hartman
` (111 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 4473d054ceb572557954f9536731d39b20937b0c upstream.
Make sure to only raise DTR on transitions from B0 in set_termios.
Also allow set_termios to be called from open with a termios_old of
NULL. Note that DTR will not be raised prematurely in this case.
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -980,11 +980,12 @@ static void acm_tty_set_termios(struct t
/* FIXME: Needs to clear unsupported bits in the termios */
acm->clocal = ((termios->c_cflag & CLOCAL) != 0);
- if (!newline.dwDTERate) {
+ if (C_BAUD(tty) == B0) {
newline.dwDTERate = acm->line.dwDTERate;
newctrl &= ~ACM_CTRL_DTR;
- } else
+ } else if (termios_old && (termios_old->c_cflag & CBAUD) == B0) {
newctrl |= ACM_CTRL_DTR;
+ }
if (newctrl != acm->ctrlout)
acm_set_control(acm, acm->ctrlout = newctrl);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 203/319] USB: cdc-acm: add quirk for control-line state requests
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (191 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 202/319] USB: cdc-acm: only raise DTR on transitions from B0 Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 204/319] phy: omap-usb2: Enable runtime PM of omap-usb2 phy properly Greg Kroah-Hartman
` (110 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nix, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 2a8cdfde9237c4e1bd7c2e68c415b006491d23cc upstream.
Add new quirk for devices that cannot handle control-line state
requests.
Note that we currently send these requests to all devices, regardless of
whether they claim to support it, but that errors are only logged if
support is claimed.
Since commit 0943d8ead30e ("USB: cdc-acm: use tty-port dtr_rts"), which
only changed the timings for these requests slightly, this has been
reported to cause occasional firmware crashes on Simtec Electronics
Entropy Key devices after re-enumeration. Enable the quirk for this
device.
Reported-by: Nix <nix@esperi.org.uk>
Tested-by: Nix <nix@esperi.org.uk>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 14 ++++++++++++--
drivers/usb/class/cdc-acm.h | 2 ++
2 files changed, 14 insertions(+), 2 deletions(-)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -145,8 +145,15 @@ static int acm_ctrl_msg(struct acm *acm,
/* devices aren't required to support these requests.
* the cdc acm descriptor tells whether they do...
*/
-#define acm_set_control(acm, control) \
- acm_ctrl_msg(acm, USB_CDC_REQ_SET_CONTROL_LINE_STATE, control, NULL, 0)
+static inline int acm_set_control(struct acm *acm, int control)
+{
+ if (acm->quirks & QUIRK_CONTROL_LINE_STATE)
+ return -EOPNOTSUPP;
+
+ return acm_ctrl_msg(acm, USB_CDC_REQ_SET_CONTROL_LINE_STATE,
+ control, NULL, 0);
+}
+
#define acm_set_line(acm, line) \
acm_ctrl_msg(acm, USB_CDC_REQ_SET_LINE_CODING, 0, line, sizeof *(line))
#define acm_send_break(acm, ms) \
@@ -1315,6 +1322,7 @@ made_compressed_probe:
tty_port_init(&acm->port);
acm->port.ops = &acm_port_ops;
init_usb_anchor(&acm->delayed);
+ acm->quirks = quirks;
buf = usb_alloc_coherent(usb_dev, ctrlsize, GFP_KERNEL, &acm->ctrl_dma);
if (!buf) {
@@ -1682,6 +1690,8 @@ static const struct usb_device_id acm_id
{ USB_DEVICE(0x0572, 0x1328), /* Shiro / Aztech USB MODEM UM-3100 */
.driver_info = NO_UNION_NORMAL, /* has no union descriptor */
},
+ { USB_DEVICE(0x20df, 0x0001), /* Simtec Electronics Entropy Key */
+ .driver_info = QUIRK_CONTROL_LINE_STATE, },
{ USB_DEVICE(0x2184, 0x001c) }, /* GW Instek AFG-2225 */
{ USB_DEVICE(0x22b8, 0x6425), /* Motorola MOTOMAGX phones */
},
--- a/drivers/usb/class/cdc-acm.h
+++ b/drivers/usb/class/cdc-acm.h
@@ -121,6 +121,7 @@ struct acm {
unsigned int throttle_req:1; /* throttle requested */
u8 bInterval;
struct usb_anchor delayed; /* writes queued for a device about to be woken */
+ unsigned long quirks;
};
#define CDC_DATA_INTERFACE_TYPE 0x0a
@@ -132,3 +133,4 @@ struct acm {
#define NOT_A_MODEM BIT(3)
#define NO_DATA_INTERFACE BIT(4)
#define IGNORE_DEVICE BIT(5)
+#define QUIRK_CONTROL_LINE_STATE BIT(6)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 204/319] phy: omap-usb2: Enable runtime PM of omap-usb2 phy properly
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (192 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 203/319] USB: cdc-acm: add quirk for control-line state requests Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 205/319] usb: option: add support for Telit LE910 Greg Kroah-Hartman
` (109 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oussama Ghorbel, Rabin Vincent,
Kishon Vijay Abraham I
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oussama Ghorbel <ghorbel@pivasoftware.com>
commit f20531a9aae0c7378d9fa75b4b5d99b7eecab066 upstream.
The USB OTG port does not work since v3.16 on omap platform.
This is a regression introduced by the commit
eb82a3d846fa (phy: omap-usb2: Balance pm_runtime_enable() on probe failure
and remove).
This because the call to pm_runtime_enable() function is moved after the
call to devm_phy_create() function, which has side effect since later in
the subsequent calls of devm_phy_create() there is a check with
pm_runtime_enabled() to configure few things.
Fixes: eb82a3d846fa
Signed-off-by: Oussama Ghorbel <ghorbel@pivasoftware.com>
Tested-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/phy/phy-omap-usb2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/phy/phy-omap-usb2.c
+++ b/drivers/phy/phy-omap-usb2.c
@@ -262,14 +262,16 @@ static int omap_usb2_probe(struct platfo
otg->phy = &phy->phy;
platform_set_drvdata(pdev, phy);
+ pm_runtime_enable(phy->dev);
generic_phy = devm_phy_create(phy->dev, NULL, &ops, NULL);
- if (IS_ERR(generic_phy))
+ if (IS_ERR(generic_phy)) {
+ pm_runtime_disable(phy->dev);
return PTR_ERR(generic_phy);
+ }
phy_set_drvdata(generic_phy, phy);
- pm_runtime_enable(phy->dev);
phy_provider = devm_of_phy_provider_register(phy->dev,
of_phy_simple_xlate);
if (IS_ERR(phy_provider)) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 205/319] usb: option: add support for Telit LE910
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (193 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 204/319] phy: omap-usb2: Enable runtime PM of omap-usb2 phy properly Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 206/319] USB: option: add Haier CE81B CDMA modem Greg Kroah-Hartman
` (108 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniele Palmas, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniele Palmas <dnlplm@gmail.com>
commit 2d0eb862dd477c3c4f32b201254ca0b40e6f465c upstream.
Add VID/PID for Telit LE910 modem. Interfaces description is almost the
same than LE920, except that the qmi interface is number 2 (instead than
5).
Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -269,6 +269,7 @@ static void option_instat_callback(struc
#define TELIT_PRODUCT_DE910_DUAL 0x1010
#define TELIT_PRODUCT_UE910_V2 0x1012
#define TELIT_PRODUCT_LE920 0x1200
+#define TELIT_PRODUCT_LE910 0x1201
/* ZTE PRODUCTS */
#define ZTE_VENDOR_ID 0x19d2
@@ -588,6 +589,11 @@ static const struct option_blacklist_inf
.reserved = BIT(3) | BIT(4),
};
+static const struct option_blacklist_info telit_le910_blacklist = {
+ .sendsetup = BIT(0),
+ .reserved = BIT(1) | BIT(2),
+};
+
static const struct option_blacklist_info telit_le920_blacklist = {
.sendsetup = BIT(0),
.reserved = BIT(1) | BIT(5),
@@ -1137,6 +1143,8 @@ static const struct usb_device_id option
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) },
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) },
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_UE910_V2) },
+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910),
+ .driver_info = (kernel_ulong_t)&telit_le910_blacklist },
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),
.driver_info = (kernel_ulong_t)&telit_le920_blacklist },
{ USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622, 0xff, 0xff, 0xff) }, /* ZTE WCDMA products */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 206/319] USB: option: add Haier CE81B CDMA modem
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (194 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 205/319] usb: option: add support for Telit LE910 Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 208/319] wireless: rt2x00: add new rt2800usb device Greg Kroah-Hartman
` (107 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Williams, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Williams <dcbw@redhat.com>
commit 012eee1522318b5ccd64d277d50ac32f7e9974fe upstream.
Port layout:
0: QCDM/DIAG
1: NMEA
2: AT
3: AT/PPP
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -362,6 +362,7 @@ static void option_instat_callback(struc
/* Haier products */
#define HAIER_VENDOR_ID 0x201e
+#define HAIER_PRODUCT_CE81B 0x10f8
#define HAIER_PRODUCT_CE100 0x2009
/* Cinterion (formerly Siemens) products */
@@ -1620,6 +1621,7 @@ static const struct usb_device_id option
{ USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) },
{ USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) },
{ USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) },
+ { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) },
/* Pirelli */
{ USB_DEVICE_INTERFACE_CLASS(PIRELLI_VENDOR_ID, PIRELLI_PRODUCT_C100_1, 0xff) },
{ USB_DEVICE_INTERFACE_CLASS(PIRELLI_VENDOR_ID, PIRELLI_PRODUCT_C100_2, 0xff) },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 208/319] wireless: rt2x00: add new rt2800usb device
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (195 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 206/319] USB: option: add Haier CE81B CDMA modem Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 209/319] Revert "usb: dwc3: dwc3-omap: Disable/Enable only wrapper interrupts in prepare/complete" Greg Kroah-Hartman
` (106 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Mokrejs, Cyril Brulebois,
Stanislaw Gruszka, John W. Linville
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cyril Brulebois <kibi@debian.org>
commit 664d6a792785cc677c2091038ce10322c8d04ae1 upstream.
0x1b75 0xa200 AirLive WN-200USB wireless 11b/g/n dongle
References: https://bugs.debian.org/766802
Reported-by: Martin Mokrejs <mmokrejs@fold.natur.cuni.cz>
Signed-off-by: Cyril Brulebois <kibi@debian.org>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/rt2x00/rt2800usb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/rt2x00/rt2800usb.c
+++ b/drivers/net/wireless/rt2x00/rt2800usb.c
@@ -1111,6 +1111,7 @@ static struct usb_device_id rt2800usb_de
/* Ovislink */
{ USB_DEVICE(0x1b75, 0x3071) },
{ USB_DEVICE(0x1b75, 0x3072) },
+ { USB_DEVICE(0x1b75, 0xa200) },
/* Para */
{ USB_DEVICE(0x20b8, 0x8888) },
/* Pegatron */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 209/319] Revert "usb: dwc3: dwc3-omap: Disable/Enable only wrapper interrupts in prepare/complete"
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (196 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 208/319] wireless: rt2x00: add new rt2800usb device Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 210/319] usb: dwc3: gadget: Properly initialize LINK TRB Greg Kroah-Hartman
` (105 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, George Cherian, Roger Quadros, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@ti.com>
commit b01ff5cb2fc99d45e4edc97077b6e17186570a16 upstream.
This reverts commit 02dae36aa649a66c5c6181157ddd806e7b4913fc.
That commit is bogus in two ways:
1) There's no way dwc3-omap's ->suspend() can cause any effect
on xhci's ->suspend(). Linux device driver model guarantees
that a parent's ->suspend() will only be called after all
children are suspended. dwc3-omap is the parent of the
parent of xhci.
2) When implementing Deep Sleep states where context is lost,
USBOTGSS_IRQ0 register, well, looses context so we
_must_ rewrite it otherwise core IRQs will never be
reenabled and USB will appear to be dead.
Fixes: 02dae36 (usb: dwc3: dwc3-omap: Disable/Enable only
wrapper interrupts in prepare/complete)
Cc: George Cherian <george.cherian@ti.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-omap.c | 15 ++-------------
1 file changed, 2 insertions(+), 13 deletions(-)
--- a/drivers/usb/dwc3/dwc3-omap.c
+++ b/drivers/usb/dwc3/dwc3-omap.c
@@ -599,7 +599,7 @@ static int dwc3_omap_prepare(struct devi
{
struct dwc3_omap *omap = dev_get_drvdata(dev);
- dwc3_omap_write_irqmisc_set(omap, 0x00);
+ dwc3_omap_disable_irqs(omap);
return 0;
}
@@ -607,19 +607,8 @@ static int dwc3_omap_prepare(struct devi
static void dwc3_omap_complete(struct device *dev)
{
struct dwc3_omap *omap = dev_get_drvdata(dev);
- u32 reg;
- reg = (USBOTGSS_IRQMISC_OEVT |
- USBOTGSS_IRQMISC_DRVVBUS_RISE |
- USBOTGSS_IRQMISC_CHRGVBUS_RISE |
- USBOTGSS_IRQMISC_DISCHRGVBUS_RISE |
- USBOTGSS_IRQMISC_IDPULLUP_RISE |
- USBOTGSS_IRQMISC_DRVVBUS_FALL |
- USBOTGSS_IRQMISC_CHRGVBUS_FALL |
- USBOTGSS_IRQMISC_DISCHRGVBUS_FALL |
- USBOTGSS_IRQMISC_IDPULLUP_FALL);
-
- dwc3_omap_write_irqmisc_set(omap, reg);
+ dwc3_omap_enable_irqs(omap);
}
static int dwc3_omap_suspend(struct device *dev)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 210/319] usb: dwc3: gadget: Properly initialize LINK TRB
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (197 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 209/319] Revert "usb: dwc3: dwc3-omap: Disable/Enable only wrapper interrupts in prepare/complete" Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 211/319] spi: pl022: Fix incorrect dma_unmap_sg Greg Kroah-Hartman
` (104 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jack Pham, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jack Pham <jackp@codeaurora.org>
commit 1200a82a59b6aa65758ccc92c3447b98c53cd7a2 upstream.
On ISOC endpoints the last trb_pool entry used as a
LINK TRB is not getting zeroed out correctly due to
memset being called incorrectly and in the wrong place.
If pool allocated from DMA was not zero-initialized
to begin with this will result in the size and ctrl
values being random garbage. Call memset correctly after
assignment of the trb_link pointer.
Fixes: f6bafc6a1c ("usb: dwc3: convert TRBs into bitshifts")
Signed-off-by: Jack Pham <jackp@codeaurora.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -615,12 +615,11 @@ static int __dwc3_gadget_ep_enable(struc
if (!usb_endpoint_xfer_isoc(desc))
return 0;
- memset(&trb_link, 0, sizeof(trb_link));
-
/* Link TRB for ISOC. The HWO bit is never reset */
trb_st_hw = &dep->trb_pool[0];
trb_link = &dep->trb_pool[DWC3_TRB_NUM - 1];
+ memset(trb_link, 0, sizeof(*trb_link));
trb_link->bpl = lower_32_bits(dwc3_trb_dma_offset(dep, trb_st_hw));
trb_link->bph = upper_32_bits(dwc3_trb_dma_offset(dep, trb_st_hw));
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 211/319] spi: pl022: Fix incorrect dma_unmap_sg
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (198 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 210/319] usb: dwc3: gadget: Properly initialize LINK TRB Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 212/319] spi: fsl-dspi: Fix CTAR selection Greg Kroah-Hartman
` (103 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ray Jui, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ray Jui <rjui@broadcom.com>
commit 3ffa6158f002e096d28ede71be4e0ee8ab20baa2 upstream.
When mapped RX DMA entries are unmapped in an error condition when DMA
is firstly configured in the driver, the number of TX DMA entries was
passed in, which is incorrect
Signed-off-by: Ray Jui <rjui@broadcom.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-pl022.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/spi/spi-pl022.c
+++ b/drivers/spi/spi-pl022.c
@@ -1074,7 +1074,7 @@ err_rxdesc:
pl022->sgt_tx.nents, DMA_TO_DEVICE);
err_tx_sgmap:
dma_unmap_sg(rxchan->device->dev, pl022->sgt_rx.sgl,
- pl022->sgt_tx.nents, DMA_FROM_DEVICE);
+ pl022->sgt_rx.nents, DMA_FROM_DEVICE);
err_rx_sgmap:
sg_free_table(&pl022->sgt_tx);
err_alloc_tx_sg:
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 212/319] spi: fsl-dspi: Fix CTAR selection
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (199 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 211/319] spi: pl022: Fix incorrect dma_unmap_sg Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 213/319] spi: pxa2xx: toggle clocks on suspend if not disabled by runtime PM Greg Kroah-Hartman
` (102 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Stein, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Stein <alexander.stein@systec-electronic.com>
commit 5cc7b04740effa5cc0af53f434134b5859d58b73 upstream.
There are only 4 CTAR registers (CTAR0 - CTAR3) so we can only use the
lower 2 bits of the chip select to select a CTAR register.
SPI_PUSHR_CTAS used the lower 3 bits which would result in wrong bit values
if the chip selects 4/5 are used. For those chip selects SPI_CTAR even
calculated offsets of non-existing registers.
Signed-off-by: Alexander Stein <alexander.stein@systec-electronic.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-fsl-dspi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/spi/spi-fsl-dspi.c
+++ b/drivers/spi/spi-fsl-dspi.c
@@ -46,7 +46,7 @@
#define SPI_TCR 0x08
-#define SPI_CTAR(x) (0x0c + (x * 4))
+#define SPI_CTAR(x) (0x0c + (((x) & 0x3) * 4))
#define SPI_CTAR_FMSZ(x) (((x) & 0x0000000f) << 27)
#define SPI_CTAR_CPOL(x) ((x) << 26)
#define SPI_CTAR_CPHA(x) ((x) << 25)
@@ -70,7 +70,7 @@
#define SPI_PUSHR 0x34
#define SPI_PUSHR_CONT (1 << 31)
-#define SPI_PUSHR_CTAS(x) (((x) & 0x00000007) << 28)
+#define SPI_PUSHR_CTAS(x) (((x) & 0x00000003) << 28)
#define SPI_PUSHR_EOQ (1 << 27)
#define SPI_PUSHR_CTCNT (1 << 26)
#define SPI_PUSHR_PCS(x) (((1 << x) & 0x0000003f) << 16)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 213/319] spi: pxa2xx: toggle clocks on suspend if not disabled by runtime PM
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (200 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 212/319] spi: fsl-dspi: Fix CTAR selection Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 214/319] uas: Add NO_ATA_1X for VIA VL711 devices Greg Kroah-Hartman
` (101 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Eremin-Solenikov,
Andrea Adami, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
commit 2b9375b91bef65b837bed61a05fb387159b38ddf upstream.
If PM_RUNTIME is enabled, it is easy to trigger the following backtrace
on pxa2xx hosts:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at /home/lumag/linux/arch/arm/mach-pxa/clock.c:35 clk_disable+0xa0/0xa8()
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 3.17.0-00007-g1b3d2ee-dirty #104
[<c000de68>] (unwind_backtrace) from [<c000c078>] (show_stack+0x10/0x14)
[<c000c078>] (show_stack) from [<c001d75c>] (warn_slowpath_common+0x6c/0x8c)
[<c001d75c>] (warn_slowpath_common) from [<c001d818>] (warn_slowpath_null+0x1c/0x24)
[<c001d818>] (warn_slowpath_null) from [<c0015e80>] (clk_disable+0xa0/0xa8)
[<c0015e80>] (clk_disable) from [<c02507f8>] (pxa2xx_spi_suspend+0x2c/0x34)
[<c02507f8>] (pxa2xx_spi_suspend) from [<c0200360>] (platform_pm_suspend+0x2c/0x54)
[<c0200360>] (platform_pm_suspend) from [<c0207fec>] (dpm_run_callback.isra.14+0x2c/0x74)
[<c0207fec>] (dpm_run_callback.isra.14) from [<c0209254>] (__device_suspend+0x120/0x2f8)
[<c0209254>] (__device_suspend) from [<c0209a94>] (dpm_suspend+0x50/0x208)
[<c0209a94>] (dpm_suspend) from [<c00455ac>] (suspend_devices_and_enter+0x8c/0x3a0)
[<c00455ac>] (suspend_devices_and_enter) from [<c0045ad4>] (pm_suspend+0x214/0x2a8)
[<c0045ad4>] (pm_suspend) from [<c04b5c34>] (test_suspend+0x14c/0x1dc)
[<c04b5c34>] (test_suspend) from [<c000880c>] (do_one_initcall+0x8c/0x1fc)
[<c000880c>] (do_one_initcall) from [<c04aecfc>] (kernel_init_freeable+0xf4/0x1b4)
[<c04aecfc>] (kernel_init_freeable) from [<c0378078>] (kernel_init+0x8/0xec)
[<c0378078>] (kernel_init) from [<c0009590>] (ret_from_fork+0x14/0x24)
---[ end trace 46524156d8faa4f6 ]---
This happens because suspend function tries to disable a clock that is
already disabled by runtime_suspend callback. Add if
(!pm_runtime_suspended()) checks to suspend/resume path.
Fixes: 7d94a505858 (spi/pxa2xx: add support for runtime PM)
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Reported-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-pxa2xx.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -1276,7 +1276,9 @@ static int pxa2xx_spi_suspend(struct dev
if (status != 0)
return status;
write_SSCR0(0, drv_data->ioaddr);
- clk_disable_unprepare(ssp->clk);
+
+ if (!pm_runtime_suspended(dev))
+ clk_disable_unprepare(ssp->clk);
return 0;
}
@@ -1290,7 +1292,8 @@ static int pxa2xx_spi_resume(struct devi
pxa2xx_spi_dma_resume(drv_data);
/* Enable the SSP clock */
- clk_prepare_enable(ssp->clk);
+ if (!pm_runtime_suspended(dev))
+ clk_prepare_enable(ssp->clk);
/* Restore LPSS private register bits */
lpss_ssp_setup(drv_data);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 214/319] uas: Add NO_ATA_1X for VIA VL711 devices
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (201 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 213/319] spi: pxa2xx: toggle clocks on suspend if not disabled by runtime PM Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 215/319] uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models Greg Kroah-Hartman
` (100 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 673029fe9c16c95600bdaca4760673527af32edf upstream.
Just like some Seagate enclosures, these devices do not seem to grok ata
pass through commands.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/unusual_uas.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/usb/storage/unusual_uas.h
+++ b/drivers/usb/storage/unusual_uas.h
@@ -75,3 +75,10 @@ UNUSUAL_DEV(0x174c, 0x5106, 0x0000, 0x99
"ASM1051",
USB_SC_DEVICE, USB_PR_DEVICE, NULL,
US_FL_IGNORE_UAS),
+
+/* Reported-by: Hans de Goede <hdegoede@redhat.com> */
+UNUSUAL_DEV(0x2109, 0x0711, 0x0000, 0x9999,
+ "VIA",
+ "VL711",
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+ US_FL_NO_ATA_1X),
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 215/319] uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (202 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 214/319] uas: Add NO_ATA_1X for VIA VL711 devices Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 216/319] uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model Greg Kroah-Hartman
` (99 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit d1d9548256fbdf2e049d6413a5266c41e73658ee upstream.
These drives hang when receiving ATA12 commands, so set the US_FL_NO_ATA_1X
quirk to filter these out.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/unusual_uas.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/drivers/usb/storage/unusual_uas.h
+++ b/drivers/usb/storage/unusual_uas.h
@@ -54,6 +54,20 @@ UNUSUAL_DEV(0x0bc2, 0x3312, 0x0000, 0x99
USB_SC_DEVICE, USB_PR_DEVICE, NULL,
US_FL_NO_ATA_1X),
+/* Reported-by: Hans de Goede <hdegoede@redhat.com> */
+UNUSUAL_DEV(0x0bc2, 0x3320, 0x0000, 0x9999,
+ "Seagate",
+ "Expansion Desk",
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+ US_FL_NO_ATA_1X),
+
+/* Reported-by: Bogdan Mihalcea <bogdan.mihalcea@infim.ro> */
+UNUSUAL_DEV(0x0bc2, 0xa003, 0x0000, 0x9999,
+ "Seagate",
+ "Backup Plus",
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+ US_FL_NO_ATA_1X),
+
/* https://bbs.archlinux.org/viewtopic.php?id=183190 */
UNUSUAL_DEV(0x0bc2, 0xab20, 0x0000, 0x9999,
"Seagate",
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 216/319] uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (203 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 215/319] uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 217/319] usb: musb: cppi41: restart hrtimer only if not yet done Greg Kroah-Hartman
` (98 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit aee0ce3ae73c566ace9958302e001d3cbbb0a623 upstream.
These drives hang when receiving ATA12 commands, so set the US_FL_NO_ATA_1X
quirk to filter these out.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/unusual_uas.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/usb/storage/unusual_uas.h
+++ b/drivers/usb/storage/unusual_uas.h
@@ -75,6 +75,13 @@ UNUSUAL_DEV(0x0bc2, 0xab20, 0x0000, 0x99
USB_SC_DEVICE, USB_PR_DEVICE, NULL,
US_FL_NO_ATA_1X),
+/* https://bbs.archlinux.org/viewtopic.php?id=183190 */
+UNUSUAL_DEV(0x0bc2, 0xab21, 0x0000, 0x9999,
+ "Seagate",
+ "Backup+ BK",
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+ US_FL_NO_ATA_1X),
+
/* Reported-by: Claudio Bizzarri <claudio.bizzarri@gmail.com> */
UNUSUAL_DEV(0x152d, 0x0567, 0x0000, 0x9999,
"JMicron",
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 217/319] usb: musb: cppi41: restart hrtimer only if not yet done
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (204 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 216/319] uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 218/319] usb: musb: dsps: start OTG timer on resume again Greg Kroah-Hartman
` (97 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Torben Hohn, Thomas Gleixner,
Sebastian Andrzej Siewior, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit d2e6d62c9cbbc2da4211f672dbeea08960e29a80 upstream.
commit c58d80f52 ("usb: musb: Ensure that cppi41 timer gets armed on
premature DMA TX irq") fixed hrtimer scheduling bug. There is one left
which does not trigger that often.
The following scenario is still possible:
lock(&x->lock);
hrtimer_start(&x->t);
unlock(&x->lock);
expires:
t->function();
lock(&x->lock);
lock(&x->lock); if (!hrtimer_queued(&x->t))
hrtimer_start(&x->t);
unlock(&x->lock);
if (!list_empty(x->early_tx_list))
ret = HRTIMER_RESTART;
-> hrtimer_forward_now(...)
} else
ret = HRTIMER_NORESTART;
unlock(&x->lock);
and the timer callback returns HRTIMER_RESTART for an armed timer. This
is wrong and we run into the BUG_ON() in __run_hrtimer().
This can happens on SMP or PREEMPT-RT.
The patch fixes the problem by only starting the timer if the timer is
not yet queued.
Reported-by: Torben Hohn <torbenh@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[bigeasy: collected information and created a patch + description based
on it]
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_cppi41.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/musb/musb_cppi41.c
+++ b/drivers/usb/musb/musb_cppi41.c
@@ -209,7 +209,8 @@ static enum hrtimer_restart cppi41_reche
}
}
- if (!list_empty(&controller->early_tx_list)) {
+ if (!list_empty(&controller->early_tx_list) &&
+ !hrtimer_is_queued(&controller->early_tx)) {
ret = HRTIMER_RESTART;
hrtimer_forward_now(&controller->early_tx,
ktime_set(0, 50 * NSEC_PER_USEC));
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 218/319] usb: musb: dsps: start OTG timer on resume again
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (205 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 217/319] usb: musb: cppi41: restart hrtimer only if not yet done Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 219/319] usb: gadget: f_fs: remove redundant ffs_data_get() Greg Kroah-Hartman
` (96 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
commit 53185b3a441a6cc9bb3f57e924342d249138dcd6 upstream.
Commit 468bcc2a2ca ("usb: musb: dsps: kill OTG timer on suspend") stopped
the timer in suspend path but forgot the re-enable it in the resume
path. This patch fixes the behaviour.
Fixes 468bcc2a2ca "usb: musb: dsps: kill OTG timer on suspend"
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_dsps.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/usb/musb/musb_dsps.c
+++ b/drivers/usb/musb/musb_dsps.c
@@ -896,7 +896,9 @@ static int dsps_resume(struct device *de
dsps_writel(mbase, wrp->mode, glue->context.mode);
dsps_writel(mbase, wrp->tx_mode, glue->context.tx_mode);
dsps_writel(mbase, wrp->rx_mode, glue->context.rx_mode);
- setup_timer(&glue->timer, otg_timer, (unsigned long) musb);
+ if (musb->xceiv->state == OTG_STATE_B_IDLE &&
+ musb->port_mode == MUSB_PORT_MODE_DUAL_ROLE)
+ mod_timer(&glue->timer, jiffies + wrp->poll_seconds * HZ);
return 0;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 219/319] usb: gadget: f_fs: remove redundant ffs_data_get()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (206 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 218/319] usb: musb: dsps: start OTG timer on resume again Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 220/319] usb: ffs: fix regression when quirk_ep_out_aligned_size flag is set Greg Kroah-Hartman
` (95 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Baldyga, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robert Baldyga <r.baldyga@samsung.com>
commit a3058a5d82e296daaca07411c3738a9ddd79f302 upstream.
During FunctionFS bind, ffs_data_get() function was called twice
(in functionfs_bind() and in ffs_do_functionfs_bind()), while on unbind
ffs_data_put() was called once (in functionfs_unbind() function).
In result refcount never reached value 0, and ffs memory resources has
been never released.
Since ffs_data_get() call in ffs_do_functionfs_bind() is redundant
and not neccessary, we remove it to have equal number of gets ans puts,
and free allocated memory after refcount reach 0.
Fixes: 5920cda (usb: gadget: FunctionFS: convert to new function
interface with backward compatibility)
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -2626,8 +2626,6 @@ static inline struct f_fs_opts *ffs_do_f
func->conf = c;
func->gadget = c->cdev->gadget;
- ffs_data_get(func->ffs);
-
/*
* in drivers/usb/gadget/configfs.c:configfs_composite_bind()
* configurations are bound in sequence with list_for_each_entry,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 220/319] usb: ffs: fix regression when quirk_ep_out_aligned_size flag is set
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (207 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 219/319] usb: gadget: f_fs: remove redundant ffs_data_get() Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 221/319] usb: chipidea: Fix oops when removing the ci_hdrc module Greg Kroah-Hartman
` (94 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Cohen, Qiuxu Zhuo,
Michal Nazarewicz, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Cohen <david.a.cohen@linux.intel.com>
commit c0d31b3c3d9a025b8d5a57c35671e60c5f388bf7 upstream.
The commit '2e4c7553cd usb: gadget: f_fs: add aio support' broke the
quirk implemented to align buffer size to maxpacketsize on out endpoint.
As result, functionfs does not work on Intel platforms using dwc3 driver
(i.e. Bay Trail and Merrifield). This patch fixes the issue.
This code is based on a previous Qiuxu's patch.
Fixes: 2e4c7553cd (usb: gadget: f_fs: add aio support)
Signed-off-by: David Cohen <david.a.cohen@linux.intel.com>
Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 40 +++++++++++++++++++++++++++++++------
1 file changed, 34 insertions(+), 6 deletions(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -648,15 +648,26 @@ static void ffs_user_copy_worker(struct
if (io_data->read && ret > 0) {
int i;
size_t pos = 0;
+
+ /*
+ * Since req->length may be bigger than io_data->len (after
+ * being rounded up to maxpacketsize), we may end up with more
+ * data then user space has space for.
+ */
+ ret = min_t(int, ret, io_data->len);
+
use_mm(io_data->mm);
for (i = 0; i < io_data->nr_segs; i++) {
+ size_t len = min_t(size_t, ret - pos,
+ io_data->iovec[i].iov_len);
+ if (!len)
+ break;
if (unlikely(copy_to_user(io_data->iovec[i].iov_base,
- &io_data->buf[pos],
- io_data->iovec[i].iov_len))) {
+ &io_data->buf[pos], len))) {
ret = -EFAULT;
break;
}
- pos += io_data->iovec[i].iov_len;
+ pos += len;
}
unuse_mm(io_data->mm);
}
@@ -688,7 +699,7 @@ static ssize_t ffs_epfile_io(struct file
struct ffs_epfile *epfile = file->private_data;
struct ffs_ep *ep;
char *data = NULL;
- ssize_t ret, data_len;
+ ssize_t ret, data_len = -EINVAL;
int halt;
/* Are we still active? */
@@ -788,13 +799,30 @@ static ssize_t ffs_epfile_io(struct file
/* Fire the request */
struct usb_request *req;
+ /*
+ * Sanity Check: even though data_len can't be used
+ * uninitialized at the time I write this comment, some
+ * compilers complain about this situation.
+ * In order to keep the code clean from warnings, data_len is
+ * being initialized to -EINVAL during its declaration, which
+ * means we can't rely on compiler anymore to warn no future
+ * changes won't result in data_len being used uninitialized.
+ * For such reason, we're adding this redundant sanity check
+ * here.
+ */
+ if (unlikely(data_len == -EINVAL)) {
+ WARN(1, "%s: data_len == -EINVAL\n", __func__);
+ ret = -EINVAL;
+ goto error_lock;
+ }
+
if (io_data->aio) {
req = usb_ep_alloc_request(ep->ep, GFP_KERNEL);
if (unlikely(!req))
goto error_lock;
req->buf = data;
- req->length = io_data->len;
+ req->length = data_len;
io_data->buf = data;
io_data->ep = ep->ep;
@@ -816,7 +844,7 @@ static ssize_t ffs_epfile_io(struct file
req = ep->req;
req->buf = data;
- req->length = io_data->len;
+ req->length = data_len;
req->context = &done;
req->complete = ffs_epfile_io_complete;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 221/319] usb: chipidea: Fix oops when removing the ci_hdrc module
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (208 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 220/319] usb: ffs: fix regression when quirk_ep_out_aligned_size flag is set Greg Kroah-Hartman
@ 2014-11-12 1:15 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 223/319] USB: quirks: enable device-qualifier quirk for Elan Touchscreen Greg Kroah-Hartman
` (93 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:15 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Torsten Fleischer, Peter Chen
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Torsten Fleischer <to-fleischer@t-online.de>
commit 9680b60ed79edaf52f84b65cbb20859bbb26cb68 upstream.
The call of 'kfree(ci->hw_bank.regmap)' in ci_hdrc_remove() sometimes causes
a kernel oops when removing the ci_hdrc module.
Since there is no separate memory allocated for the ci->hw_bank.regmap array,
there is no need to free it.
Signed-off-by: Torsten Fleischer <to-fleischer@t-online.de>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/chipidea/core.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/usb/chipidea/core.c
+++ b/drivers/usb/chipidea/core.c
@@ -732,7 +732,6 @@ static int ci_hdrc_remove(struct platfor
ci_role_destroy(ci);
ci_hdrc_enter_lpm(ci, true);
usb_phy_shutdown(ci->transceiver);
- kfree(ci->hw_bank.regmap);
return 0;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 223/319] USB: quirks: enable device-qualifier quirk for Elan Touchscreen
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (209 preceding siblings ...)
2014-11-12 1:15 ` [PATCH 3.17 221/319] usb: chipidea: Fix oops when removing the ci_hdrc module Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 224/319] USB: quirks: enable device-qualifier quirk for another Elan touchscreen Greg Kroah-Hartman
` (92 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Drew Von Spreecken, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit c68929f75dfcb6354918862b91b5778585de1fa5 upstream.
Enable device-qualifier quirk for Elan Touchscreen, which often fails to
handle requests for the device_descriptor.
Note that the device sometimes do respond properly with a Request Error
(three times as USB core retries), but usually fails to respond at all.
When this happens any further descriptor requests also fails, for
example:
[ 1528.688934] usb 2-7: new full-speed USB device number 4 using xhci_hcd
[ 1530.945588] usb 2-7: unable to read config index 0 descriptor/start: -71
[ 1530.945592] usb 2-7: can't read configurations, error -71
This has been observed repeating for over a minute before eventual
successful enumeration.
Reported-by: Drew Von Spreecken <drewvs@gmail.com>
Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -93,6 +93,10 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x04e8, 0x6601), .driver_info =
USB_QUIRK_CONFIG_INTF_STRINGS },
+ /* Elan Touchscreen */
+ { USB_DEVICE(0x04f3, 0x0089), .driver_info =
+ USB_QUIRK_DEVICE_QUALIFIER },
+
/* Roland SC-8820 */
{ USB_DEVICE(0x0582, 0x0007), .driver_info = USB_QUIRK_RESET_RESUME },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 224/319] USB: quirks: enable device-qualifier quirk for another Elan touchscreen
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (210 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 223/319] USB: quirks: enable device-qualifier quirk for Elan Touchscreen Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 225/319] USB: quirks: enable device-qualifier quirk for yet " Greg Kroah-Hartman
` (91 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adel Gadllah
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adel Gadllah <adel.gadllah@gmail.com>
commit 876af5d454548be40327ba9efea4bc92a8575019 upstream.
Currently this quirk is enabled for the model with the device id 0x0089, it
is needed for the 0x009b model, which is found on the Fujitsu Lifebook u904
as well.
Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -97,6 +97,9 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x04f3, 0x0089), .driver_info =
USB_QUIRK_DEVICE_QUALIFIER },
+ { USB_DEVICE(0x04f3, 0x009b), .driver_info =
+ USB_QUIRK_DEVICE_QUALIFIER },
+
/* Roland SC-8820 */
{ USB_DEVICE(0x0582, 0x0007), .driver_info = USB_QUIRK_RESET_RESUME },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 225/319] USB: quirks: enable device-qualifier quirk for yet another Elan touchscreen
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (211 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 224/319] USB: quirks: enable device-qualifier quirk for another Elan touchscreen Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 226/319] HID: usbhid: add always-poll quirk Greg Kroah-Hartman
` (90 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kevin Fenzi, Adel Gadllah
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adel Gadllah <adel.gadllah@gmail.com>
commit d749947561af5996ccc076b2ffcc5f48b1be5d74 upstream.
Yet another device affected by this.
Tested-by: Kevin Fenzi <kevin@scrye.com>
Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -100,6 +100,9 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x04f3, 0x009b), .driver_info =
USB_QUIRK_DEVICE_QUALIFIER },
+ { USB_DEVICE(0x04f3, 0x016f), .driver_info =
+ USB_QUIRK_DEVICE_QUALIFIER },
+
/* Roland SC-8820 */
{ USB_DEVICE(0x0582, 0x0007), .driver_info = USB_QUIRK_RESET_RESUME },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 226/319] HID: usbhid: add always-poll quirk
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (212 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 225/319] USB: quirks: enable device-qualifier quirk for yet " Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 227/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen Greg Kroah-Hartman
` (89 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 0b750b3baa2d64f1b77aecc10f20deeb28efe60d upstream.
Add quirk to make sure that a device is always polled for input events
even if it hasn't been opened.
This is needed for devices that disconnects from the bus unless the
interrupt endpoint has been polled at least once or when not responding
to an input event (e.g. after having shut down X).
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/usbhid/hid-core.c | 26 +++++++++++++++++++++++---
include/linux/hid.h | 1 +
2 files changed, 24 insertions(+), 3 deletions(-)
--- a/drivers/hid/usbhid/hid-core.c
+++ b/drivers/hid/usbhid/hid-core.c
@@ -82,7 +82,7 @@ static int hid_start_in(struct hid_devic
struct usbhid_device *usbhid = hid->driver_data;
spin_lock_irqsave(&usbhid->lock, flags);
- if (hid->open > 0 &&
+ if ((hid->open > 0 || hid->quirks & HID_QUIRK_ALWAYS_POLL) &&
!test_bit(HID_DISCONNECTED, &usbhid->iofl) &&
!test_bit(HID_SUSPENDED, &usbhid->iofl) &&
!test_and_set_bit(HID_IN_RUNNING, &usbhid->iofl)) {
@@ -292,6 +292,8 @@ static void hid_irq_in(struct urb *urb)
case 0: /* success */
usbhid_mark_busy(usbhid);
usbhid->retry_delay = 0;
+ if ((hid->quirks & HID_QUIRK_ALWAYS_POLL) && !hid->open)
+ break;
hid_input_report(urb->context, HID_INPUT_REPORT,
urb->transfer_buffer,
urb->actual_length, 1);
@@ -735,8 +737,10 @@ void usbhid_close(struct hid_device *hid
if (!--hid->open) {
spin_unlock_irq(&usbhid->lock);
hid_cancel_delayed_stuff(usbhid);
- usb_kill_urb(usbhid->urbin);
- usbhid->intf->needs_remote_wakeup = 0;
+ if (!(hid->quirks & HID_QUIRK_ALWAYS_POLL)) {
+ usb_kill_urb(usbhid->urbin);
+ usbhid->intf->needs_remote_wakeup = 0;
+ }
} else {
spin_unlock_irq(&usbhid->lock);
}
@@ -1134,6 +1138,19 @@ static int usbhid_start(struct hid_devic
set_bit(HID_STARTED, &usbhid->iofl);
+ if (hid->quirks & HID_QUIRK_ALWAYS_POLL) {
+ ret = usb_autopm_get_interface(usbhid->intf);
+ if (ret)
+ goto fail;
+ usbhid->intf->needs_remote_wakeup = 1;
+ ret = hid_start_in(hid);
+ if (ret) {
+ dev_err(&hid->dev,
+ "failed to start in urb: %d\n", ret);
+ }
+ usb_autopm_put_interface(usbhid->intf);
+ }
+
/* Some keyboards don't work until their LEDs have been set.
* Since BIOSes do set the LEDs, it must be safe for any device
* that supports the keyboard boot protocol.
@@ -1166,6 +1183,9 @@ static void usbhid_stop(struct hid_devic
if (WARN_ON(!usbhid))
return;
+ if (hid->quirks & HID_QUIRK_ALWAYS_POLL)
+ usbhid->intf->needs_remote_wakeup = 0;
+
clear_bit(HID_STARTED, &usbhid->iofl);
spin_lock_irq(&usbhid->lock); /* Sync with error and led handlers */
set_bit(HID_DISCONNECTED, &usbhid->iofl);
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
@@ -287,6 +287,7 @@ struct hid_item {
#define HID_QUIRK_HIDINPUT_FORCE 0x00000080
#define HID_QUIRK_NO_EMPTY_INPUT 0x00000100
#define HID_QUIRK_NO_INIT_INPUT_REPORTS 0x00000200
+#define HID_QUIRK_ALWAYS_POLL 0x00000400
#define HID_QUIRK_SKIP_OUTPUT_REPORTS 0x00010000
#define HID_QUIRK_SKIP_OUTPUT_REPORT_ID 0x00020000
#define HID_QUIRK_NO_OUTPUT_REPORTS_ON_INTR_EP 0x00040000
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 227/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (213 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 226/319] HID: usbhid: add always-poll quirk Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 228/319] HID: usbhid: fix PIXART optical mouse Greg Kroah-Hartman
` (88 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit bfe3c873e978d78b542a5852575dd74f4d1a5838 upstream.
Enable the always-poll quirk for Elan Touchscreens found on some recent
Samsung laptops.
Without this quirk the device keeps disconnecting from the bus (and is
re-enumerated) unless opened (and kept open, should an input event
occur).
Note that while the device can be run-time suspended, the autosuspend
timeout must be high enough to allow the device to be polled at least
once before being suspended. Specifically, using autosuspend_delay_ms=0
will still cause the device to disconnect on input events.
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-ids.h | 3 +++
drivers/hid/usbhid/hid-quirks.c | 1 +
2 files changed, 4 insertions(+)
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -296,6 +296,9 @@
#define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_73F7 0x73f7
#define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_A001 0xa001
+#define USB_VENDOR_ID_ELAN 0x04f3
+#define USB_DEVICE_ID_ELAN_TOUCHSCREEN 0x0089
+
#define USB_VENDOR_ID_ELECOM 0x056e
#define USB_DEVICE_ID_ELECOM_BM084 0x0061
--- a/drivers/hid/usbhid/hid-quirks.c
+++ b/drivers/hid/usbhid/hid-quirks.c
@@ -70,6 +70,7 @@ static const struct hid_blacklist {
{ USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_3AXIS_5BUTTON_STICK, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_AXIS_295, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_DMI, USB_DEVICE_ID_DMI_ENC, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_ELAN, USB_DEVICE_ID_ELAN_TOUCHSCREEN, HID_QUIRK_ALWAYS_POLL },
{ USB_VENDOR_ID_ELO, USB_DEVICE_ID_ELO_TS2700, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 228/319] HID: usbhid: fix PIXART optical mouse
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (214 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 227/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 229/319] HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL Greg Kroah-Hartman
` (87 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oliver Neukum, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.de>
commit 4980f95755e2966b30ac70d1841f4db66d1a8a22 upstream.
This mouse keeps disconnecting in runlevel 3. It needs the ALWAYS_POLL quirk.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-ids.h | 1 +
drivers/hid/usbhid/hid-quirks.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -736,6 +736,7 @@
#define USB_DEVICE_ID_PI_ENGINEERING_VEC_USB_FOOTPEDAL 0xff
#define USB_VENDOR_ID_PIXART 0x093a
+#define USB_DEVICE_ID_PIXART_USB_OPTICAL_MOUSE 0x2510
#define USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN 0x8001
#define USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN1 0x8002
#define USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN2 0x8003
--- a/drivers/hid/usbhid/hid-quirks.c
+++ b/drivers/hid/usbhid/hid-quirks.c
@@ -80,6 +80,7 @@ static const struct hid_blacklist {
{ USB_VENDOR_ID_NOVATEK, USB_DEVICE_ID_NOVATEK_MOUSE, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_PENMOUNT, USB_DEVICE_ID_PENMOUNT_1610, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_PENMOUNT, USB_DEVICE_ID_PENMOUNT_1640, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_USB_OPTICAL_MOUSE, HID_QUIRK_ALWAYS_POLL },
{ USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN1, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN2, HID_QUIRK_NO_INIT_REPORTS },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 229/319] HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (215 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 228/319] HID: usbhid: fix PIXART optical mouse Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 230/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b Greg Kroah-Hartman
` (86 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oliver Neukum, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.de>
commit 5235166fbc332c8b5dcf49e3a498a8b510a77449 upstream.
There is a second mouse sharing the same vendor strings but different IDs.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-ids.h | 1 +
drivers/hid/usbhid/hid-quirks.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -736,6 +736,7 @@
#define USB_DEVICE_ID_PI_ENGINEERING_VEC_USB_FOOTPEDAL 0xff
#define USB_VENDOR_ID_PIXART 0x093a
+#define USB_DEVICE_ID_PIXART_USB_OPTICAL_MOUSE_ID2 0x0137
#define USB_DEVICE_ID_PIXART_USB_OPTICAL_MOUSE 0x2510
#define USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN 0x8001
#define USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN1 0x8002
--- a/drivers/hid/usbhid/hid-quirks.c
+++ b/drivers/hid/usbhid/hid-quirks.c
@@ -81,6 +81,7 @@ static const struct hid_blacklist {
{ USB_VENDOR_ID_PENMOUNT, USB_DEVICE_ID_PENMOUNT_1610, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_PENMOUNT, USB_DEVICE_ID_PENMOUNT_1640, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_USB_OPTICAL_MOUSE, HID_QUIRK_ALWAYS_POLL },
+ { USB_VENDOR_ID_KYE, USB_DEVICE_ID_PIXART_USB_OPTICAL_MOUSE_ID2, HID_QUIRK_ALWAYS_POLL },
{ USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN1, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN2, HID_QUIRK_NO_INIT_REPORTS },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 230/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (216 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 229/319] HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 231/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f Greg Kroah-Hartman
` (85 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adel Gadllah, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adel Gadllah <adel.gadllah@gmail.com>
commit 29d05c2ecf396161ef2938a0635707ef5685ef58 upstream.
This device needs the quirk as well.
Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-ids.h | 1 +
drivers/hid/usbhid/hid-quirks.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -298,6 +298,7 @@
#define USB_VENDOR_ID_ELAN 0x04f3
#define USB_DEVICE_ID_ELAN_TOUCHSCREEN 0x0089
+#define USB_DEVICE_ID_ELAN_TOUCHSCREEN_009B 0x009b
#define USB_VENDOR_ID_ELECOM 0x056e
#define USB_DEVICE_ID_ELECOM_BM084 0x0061
--- a/drivers/hid/usbhid/hid-quirks.c
+++ b/drivers/hid/usbhid/hid-quirks.c
@@ -71,6 +71,7 @@ static const struct hid_blacklist {
{ USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_AXIS_295, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_DMI, USB_DEVICE_ID_DMI_ENC, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_ELAN, USB_DEVICE_ID_ELAN_TOUCHSCREEN, HID_QUIRK_ALWAYS_POLL },
+ { USB_VENDOR_ID_ELAN, USB_DEVICE_ID_ELAN_TOUCHSCREEN_009B, HID_QUIRK_ALWAYS_POLL },
{ USB_VENDOR_ID_ELO, USB_DEVICE_ID_ELO_TS2700, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 231/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (217 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 230/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 232/319] usb: gadget: udc: core: fix kernel oops with soft-connect Greg Kroah-Hartman
` (84 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Fenzi, Adel Gadllah, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adel Gadllah <adel.gadllah@gmail.com>
commit 1af39588f84c7c18f8c6d88342f36513a4ce383c upstream.
This device needs the quirk as well.
Tested-by: Kevin Fenzi <kevin@scrye.com>
Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-ids.h | 1 +
drivers/hid/usbhid/hid-quirks.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -299,6 +299,7 @@
#define USB_VENDOR_ID_ELAN 0x04f3
#define USB_DEVICE_ID_ELAN_TOUCHSCREEN 0x0089
#define USB_DEVICE_ID_ELAN_TOUCHSCREEN_009B 0x009b
+#define USB_DEVICE_ID_ELAN_TOUCHSCREEN_016F 0x016f
#define USB_VENDOR_ID_ELECOM 0x056e
#define USB_DEVICE_ID_ELECOM_BM084 0x0061
--- a/drivers/hid/usbhid/hid-quirks.c
+++ b/drivers/hid/usbhid/hid-quirks.c
@@ -72,6 +72,7 @@ static const struct hid_blacklist {
{ USB_VENDOR_ID_DMI, USB_DEVICE_ID_DMI_ENC, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_ELAN, USB_DEVICE_ID_ELAN_TOUCHSCREEN, HID_QUIRK_ALWAYS_POLL },
{ USB_VENDOR_ID_ELAN, USB_DEVICE_ID_ELAN_TOUCHSCREEN_009B, HID_QUIRK_ALWAYS_POLL },
+ { USB_VENDOR_ID_ELAN, USB_DEVICE_ID_ELAN_TOUCHSCREEN_016F, HID_QUIRK_ALWAYS_POLL },
{ USB_VENDOR_ID_ELO, USB_DEVICE_ID_ELO_TS2700, HID_QUIRK_NOGET },
{ USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS },
{ USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET },
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 232/319] usb: gadget: udc: core: fix kernel oops with soft-connect
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (218 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 231/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 233/319] ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect Greg Kroah-Hartman
` (83 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felipe Balbi <balbi@ti.com>
commit bfa6b18c680450c17512c741ed1d818695747621 upstream.
Currently, there's no guarantee that udc->driver
will be valid when using soft_connect sysfs
interface. In fact, we can very easily trigger
a NULL pointer dereference by trying to disconnect
when a gadget driver isn't loaded.
Fix this bug:
~# echo disconnect > soft_connect
[ 33.685743] Unable to handle kernel NULL pointer dereference at virtual address 00000014
[ 33.694221] pgd = ed0cc000
[ 33.697174] [00000014] *pgd=ae351831, *pte=00000000, *ppte=00000000
[ 33.703766] Internal error: Oops: 17 [#1] SMP ARM
[ 33.708697] Modules linked in: xhci_plat_hcd xhci_hcd snd_soc_davinci_mcasp snd_soc_tlv320aic3x snd_soc_edma snd_soc_omap snd_soc_evm snd_soc_core dwc3 snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd lis3lv02d_i2c matrix_keypad lis3lv02d dwc3_omap input_polldev soundcore
[ 33.734372] CPU: 0 PID: 1457 Comm: bash Not tainted 3.17.0-09740-ga93416e-dirty #345
[ 33.742457] task: ee71ce00 ti: ee68a000 task.ti: ee68a000
[ 33.748116] PC is at usb_udc_softconn_store+0xa4/0xec
[ 33.753416] LR is at mark_held_locks+0x78/0x90
[ 33.758057] pc : [<c04df128>] lr : [<c00896a4>] psr: 20000013
[ 33.758057] sp : ee68bec8 ip : c0c00008 fp : ee68bee4
[ 33.770050] r10: ee6b394c r9 : ee68bf80 r8 : ee6062c0
[ 33.775508] r7 : 00000000 r6 : ee6062c0 r5 : 0000000b r4 : ee739408
[ 33.782346] r3 : 00000000 r2 : 00000000 r1 : ee71d390 r0 : ee664170
[ 33.789168] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 33.796636] Control: 10c5387d Table: ad0cc059 DAC: 00000015
[ 33.802638] Process bash (pid: 1457, stack limit = 0xee68a248)
[ 33.808740] Stack: (0xee68bec8 to 0xee68c000)
[ 33.813299] bec0: 0000000b c0411284 ee6062c0 00000000 ee68bef4 ee68bee8
[ 33.821862] bee0: c04112ac c04df090 ee68bf14 ee68bef8 c01c2868 c0411290 0000000b ee6b3940
[ 33.830419] bf00: 00000000 00000000 ee68bf4c ee68bf18 c01c1a24 c01c2818 00000000 00000000
[ 33.838990] bf20: ee61b940 ee2f47c0 0000000b 000ce408 ee68bf80 c000f304 ee68a000 00000000
[ 33.847544] bf40: ee68bf7c ee68bf50 c0152dd8 c01c1960 ee68bf7c c0170af8 ee68bf7c ee2f47c0
[ 33.856099] bf60: ee2f47c0 000ce408 0000000b c000f304 ee68bfa4 ee68bf80 c0153330 c0152d34
[ 33.864653] bf80: 00000000 00000000 0000000b 000ce408 b6e7fb50 00000004 00000000 ee68bfa8
[ 33.873204] bfa0: c000f080 c01532e8 0000000b 000ce408 00000001 000ce408 0000000b 00000000
[ 33.881763] bfc0: 0000000b 000ce408 b6e7fb50 00000004 0000000b 00000000 000c5758 00000000
[ 33.890319] bfe0: 00000000 bec2c924 b6de422d b6e1d226 40000030 00000001 75716d2f 00657565
[ 33.898890] [<c04df128>] (usb_udc_softconn_store) from [<c04112ac>] (dev_attr_store+0x28/0x34)
[ 33.907920] [<c04112ac>] (dev_attr_store) from [<c01c2868>] (sysfs_kf_write+0x5c/0x60)
[ 33.916200] [<c01c2868>] (sysfs_kf_write) from [<c01c1a24>] (kernfs_fop_write+0xd0/0x194)
[ 33.924773] [<c01c1a24>] (kernfs_fop_write) from [<c0152dd8>] (vfs_write+0xb0/0x1bc)
[ 33.932874] [<c0152dd8>] (vfs_write) from [<c0153330>] (SyS_write+0x54/0xb0)
[ 33.940247] [<c0153330>] (SyS_write) from [<c000f080>] (ret_fast_syscall+0x0/0x48)
[ 33.948160] Code: e1a01007 e12fff33 e5140004 e5143008 (e5933014)
[ 33.954625] ---[ end trace f849bead94eab7ea ]---
Fixes: 2ccea03 (usb: gadget: introduce UDC Class)
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/udc-core.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/usb/gadget/udc/udc-core.c
+++ b/drivers/usb/gadget/udc/udc-core.c
@@ -458,6 +458,11 @@ static ssize_t usb_udc_softconn_store(st
{
struct usb_udc *udc = container_of(dev, struct usb_udc, dev);
+ if (!udc->driver) {
+ dev_err(dev, "soft-connect without a gadget driver\n");
+ return -EOPNOTSUPP;
+ }
+
if (sysfs_streq(buf, "connect")) {
usb_gadget_udc_start(udc->gadget, udc->driver);
usb_gadget_connect(udc->gadget);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 233/319] ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (219 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 232/319] usb: gadget: udc: core: fix kernel oops with soft-connect Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 234/319] usb-storage: handle a skipped data phase Greg Kroah-Hartman
` (82 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 0725dda207e95ff25f1aa01432250323e0ec49d6 upstream.
Some USB-audio devices show weird sysfs warnings at disconnecting the
devices, e.g.
usb 1-3: USB disconnect, device number 3
------------[ cut here ]------------
WARNING: CPU: 0 PID: 973 at fs/sysfs/group.c:216 device_del+0x39/0x180()
sysfs group ffffffff8183df40 not found for kobject 'midiC1D0'
Call Trace:
[<ffffffff814a3e38>] ? dump_stack+0x49/0x71
[<ffffffff8103cb72>] ? warn_slowpath_common+0x82/0xb0
[<ffffffff8103cc55>] ? warn_slowpath_fmt+0x45/0x50
[<ffffffff813521e9>] ? device_del+0x39/0x180
[<ffffffff81352339>] ? device_unregister+0x9/0x20
[<ffffffff81352384>] ? device_destroy+0x34/0x40
[<ffffffffa00ba29f>] ? snd_unregister_device+0x7f/0xd0 [snd]
[<ffffffffa025124e>] ? snd_rawmidi_dev_disconnect+0xce/0x100 [snd_rawmidi]
[<ffffffffa00c0192>] ? snd_device_disconnect+0x62/0x90 [snd]
[<ffffffffa00c025c>] ? snd_device_disconnect_all+0x3c/0x60 [snd]
[<ffffffffa00bb574>] ? snd_card_disconnect+0x124/0x1a0 [snd]
[<ffffffffa02e54e8>] ? usb_audio_disconnect+0x88/0x1c0 [snd_usb_audio]
[<ffffffffa015260e>] ? usb_unbind_interface+0x5e/0x1b0 [usbcore]
[<ffffffff813553e9>] ? __device_release_driver+0x79/0xf0
[<ffffffff81355485>] ? device_release_driver+0x25/0x40
[<ffffffff81354e11>] ? bus_remove_device+0xf1/0x130
[<ffffffff813522b9>] ? device_del+0x109/0x180
[<ffffffffa01501d5>] ? usb_disable_device+0x95/0x1f0 [usbcore]
[<ffffffffa014634f>] ? usb_disconnect+0x8f/0x190 [usbcore]
[<ffffffffa0149179>] ? hub_thread+0x539/0x13a0 [usbcore]
[<ffffffff810669f5>] ? sched_clock_local+0x15/0x80
[<ffffffff81066c98>] ? sched_clock_cpu+0xb8/0xd0
[<ffffffff81070730>] ? bit_waitqueue+0xb0/0xb0
[<ffffffffa0148c40>] ? usb_port_resume+0x430/0x430 [usbcore]
[<ffffffffa0148c40>] ? usb_port_resume+0x430/0x430 [usbcore]
[<ffffffff8105973e>] ? kthread+0xce/0xf0
[<ffffffff81059670>] ? kthread_create_on_node+0x1c0/0x1c0
[<ffffffff814a8b7c>] ? ret_from_fork+0x7c/0xb0
[<ffffffff81059670>] ? kthread_create_on_node+0x1c0/0x1c0
---[ end trace 40b1928d1136b91e ]---
This comes from the fact that usb-audio driver may receive the
disconnect callback multiple times, per each usb interface. When a
device has both audio and midi interfaces, it gets called twice, and
currently the driver tries to release resources at the last call.
At this point, the first parent interface has been already deleted,
thus deleting a child of the first parent hits such a warning.
For fixing this problem, we need to call snd_card_disconnect() and
cancel pending operations at the very first disconnect while the
release of the whole objects waits until the last disconnect call.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=80931
Reported-and-tested-by: Tomas Gayoso <tgayoso@gmail.com>
Reported-and-tested-by: Chris J Arges <chris.j.arges@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/card.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -591,18 +591,19 @@ static void snd_usb_audio_disconnect(str
{
struct snd_card *card;
struct list_head *p;
+ bool was_shutdown;
if (chip == (void *)-1L)
return;
card = chip->card;
down_write(&chip->shutdown_rwsem);
+ was_shutdown = chip->shutdown;
chip->shutdown = 1;
up_write(&chip->shutdown_rwsem);
mutex_lock(®ister_mutex);
- chip->num_interfaces--;
- if (chip->num_interfaces <= 0) {
+ if (!was_shutdown) {
struct snd_usb_endpoint *ep;
snd_card_disconnect(card);
@@ -622,6 +623,10 @@ static void snd_usb_audio_disconnect(str
list_for_each(p, &chip->mixer_list) {
snd_usb_mixer_disconnect(p);
}
+ }
+
+ chip->num_interfaces--;
+ if (chip->num_interfaces <= 0) {
usb_chip[chip->index] = NULL;
mutex_unlock(®ister_mutex);
snd_card_free_when_closed(card);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 234/319] usb-storage: handle a skipped data phase
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (220 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 233/319] ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 235/319] USB: opticon: fix non-atomic allocation in write path Greg Kroah-Hartman
` (81 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Matthew Dharm, Paul Osmialowski
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 93c9bf4d1838d5851a18ca398b0ad66397f05056 upstream.
Sometimes mass-storage devices using the Bulk-only transport will
mistakenly skip the data phase of a command. Rather than sending the
data expected by the host or sending a zero-length packet, they go
directly to the status phase and send the CSW.
This causes problems for usb-storage, for obvious reasons. The driver
will interpret the CSW as a short data transfer and will wait to
receive a CSW. The device won't have anything left to send, so the
command eventually times out.
The SCSI layer doesn't retry commands after they time out (this is a
relatively recent change). Therefore we should do our best to detect
a skipped data phase and handle it promptly.
This patch adds code to do that. If usb-storage receives a short
13-byte data transfer from the device, and if the first four bytes of
the data match the CSW signature, the driver will set the residue to
the full transfer length and interpret the data as a CSW.
This fixes Bugzilla #86611.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Matthew Dharm <mdharm-usb@one-eyed-alien.net>
Tested-by: Paul Osmialowski <newchief@king.net.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/transport.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
--- a/drivers/usb/storage/transport.c
+++ b/drivers/usb/storage/transport.c
@@ -1118,6 +1118,31 @@ int usb_stor_Bulk_transport(struct scsi_
*/
if (result == USB_STOR_XFER_LONG)
fake_sense = 1;
+
+ /*
+ * Sometimes a device will mistakenly skip the data phase
+ * and go directly to the status phase without sending a
+ * zero-length packet. If we get a 13-byte response here,
+ * check whether it really is a CSW.
+ */
+ if (result == USB_STOR_XFER_SHORT &&
+ srb->sc_data_direction == DMA_FROM_DEVICE &&
+ transfer_length - scsi_get_resid(srb) ==
+ US_BULK_CS_WRAP_LEN) {
+ struct scatterlist *sg = NULL;
+ unsigned int offset = 0;
+
+ if (usb_stor_access_xfer_buf((unsigned char *) bcs,
+ US_BULK_CS_WRAP_LEN, srb, &sg,
+ &offset, FROM_XFER_BUF) ==
+ US_BULK_CS_WRAP_LEN &&
+ bcs->Signature ==
+ cpu_to_le32(US_BULK_CS_SIGN)) {
+ usb_stor_dbg(us, "Device skipped data phase\n");
+ scsi_set_resid(srb, transfer_length);
+ goto skipped_data_phase;
+ }
+ }
}
/* See flow chart on pg 15 of the Bulk Only Transport spec for
@@ -1153,6 +1178,7 @@ int usb_stor_Bulk_transport(struct scsi_
if (result != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_ERROR;
+ skipped_data_phase:
/* check bulk status */
residue = le32_to_cpu(bcs->Residue);
usb_stor_dbg(us, "Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n",
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 235/319] USB: opticon: fix non-atomic allocation in write path
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (221 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 234/319] usb-storage: handle a skipped data phase Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 236/319] usb: Do not allow usb_alloc_streams on unconfigured devices Greg Kroah-Hartman
` (80 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit e681286de221af78fc85db9222b6a203148c005a upstream.
Write may be called from interrupt context so make sure to use
GFP_ATOMIC for all allocations in write.
Fixes: 0d930e51cfe6 ("USB: opticon: Add Opticon OPN2001 write support")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/opticon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/serial/opticon.c
+++ b/drivers/usb/serial/opticon.c
@@ -215,7 +215,7 @@ static int opticon_write(struct tty_stru
/* The connected devices do not have a bulk write endpoint,
* to transmit data to de barcode device the control endpoint is used */
- dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_NOIO);
+ dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_ATOMIC);
if (!dr) {
count = -ENOMEM;
goto error_no_dr;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 236/319] usb: Do not allow usb_alloc_streams on unconfigured devices
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (222 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 235/319] USB: opticon: fix non-atomic allocation in write path Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 237/319] USB: kobil_sct: fix non-atomic allocation in write path Greg Kroah-Hartman
` (79 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Alan Stern
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 90a646c770c50cc206ceba0d7b50453c46c13c36 upstream.
This commit fixes the following oops:
[10238.622067] scsi host3: uas_eh_bus_reset_handler start
[10240.766164] usb 3-4: reset SuperSpeed USB device number 3 using xhci_hcd
[10245.779365] usb 3-4: device descriptor read/8, error -110
[10245.883331] usb 3-4: reset SuperSpeed USB device number 3 using xhci_hcd
[10250.897603] usb 3-4: device descriptor read/8, error -110
[10251.058200] BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
[10251.058244] IP: [<ffffffff815ac6e1>] xhci_check_streams_endpoint+0x91/0x140
<snip>
[10251.059473] Call Trace:
[10251.059487] [<ffffffff815aca6c>] xhci_calculate_streams_and_bitmask+0xbc/0x130
[10251.059520] [<ffffffff815aeb5f>] xhci_alloc_streams+0x10f/0x5a0
[10251.059548] [<ffffffff810a4685>] ? check_preempt_curr+0x75/0xa0
[10251.059575] [<ffffffff810a46dc>] ? ttwu_do_wakeup+0x2c/0x100
[10251.059601] [<ffffffff810a49e6>] ? ttwu_do_activate.constprop.111+0x66/0x70
[10251.059635] [<ffffffff815779ab>] usb_alloc_streams+0xab/0xf0
[10251.059662] [<ffffffffc0616b48>] uas_configure_endpoints+0x128/0x150 [uas]
[10251.059694] [<ffffffffc0616bac>] uas_post_reset+0x3c/0xb0 [uas]
[10251.059722] [<ffffffff815727d9>] usb_reset_device+0x1b9/0x2a0
[10251.059749] [<ffffffffc0616f42>] uas_eh_bus_reset_handler+0xb2/0x190 [uas]
[10251.059781] [<ffffffff81514293>] scsi_try_bus_reset+0x53/0x110
[10251.059808] [<ffffffff815163b7>] scsi_eh_bus_reset+0xf7/0x270
<snip>
The problem is the following call sequence (simplified):
1) usb_reset_device
2) usb_reset_and_verify_device
2) hub_port_init
3) hub_port_finish_reset
3) xhci_discover_or_reset_device
This frees xhci->devs[slot_id]->eps[ep_index].ring for all eps but 0
4) usb_get_device_descriptor
This fails
5) hub_port_init fails
6) usb_reset_and_verify_device fails, does not restore device config
7) uas_post_reset
8) xhci_alloc_streams
NULL deref on the free-ed ring
This commit fixes this by not allowing usb_alloc_streams to continue if
the device is not configured.
Note that we do allow usb_free_streams to continue after a (logical)
disconnect, as it is necessary to explicitly free the streams at the xhci
controller level.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hcd.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -2057,6 +2057,8 @@ int usb_alloc_streams(struct usb_interfa
return -EINVAL;
if (dev->speed != USB_SPEED_SUPER)
return -EINVAL;
+ if (dev->state < USB_STATE_CONFIGURED)
+ return -ENODEV;
for (i = 0; i < num_eps; i++) {
/* Streams only apply to bulk endpoints. */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 237/319] USB: kobil_sct: fix non-atomic allocation in write path
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (223 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 236/319] usb: Do not allow usb_alloc_streams on unconfigured devices Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 238/319] usb: Remove references to non-existent PLAT_S5P symbol Greg Kroah-Hartman
` (78 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 191252837626fca0de694c18bb2aa64c118eda89 upstream.
Write may be called from interrupt context so make sure to use
GFP_ATOMIC for all allocations in write.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/kobil_sct.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/usb/serial/kobil_sct.c
+++ b/drivers/usb/serial/kobil_sct.c
@@ -335,7 +335,8 @@ static int kobil_write(struct tty_struct
port->interrupt_out_urb->transfer_buffer_length = length;
priv->cur_pos = priv->cur_pos + length;
- result = usb_submit_urb(port->interrupt_out_urb, GFP_NOIO);
+ result = usb_submit_urb(port->interrupt_out_urb,
+ GFP_ATOMIC);
dev_dbg(&port->dev, "%s - Send write URB returns: %i\n", __func__, result);
todo = priv->filled - priv->cur_pos;
@@ -350,7 +351,7 @@ static int kobil_write(struct tty_struct
if (priv->device_type == KOBIL_ADAPTER_B_PRODUCT_ID ||
priv->device_type == KOBIL_ADAPTER_K_PRODUCT_ID) {
result = usb_submit_urb(port->interrupt_in_urb,
- GFP_NOIO);
+ GFP_ATOMIC);
dev_dbg(&port->dev, "%s - Send read URB returns: %i\n", __func__, result);
}
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 238/319] usb: Remove references to non-existent PLAT_S5P symbol
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (224 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 237/319] USB: kobil_sct: fix non-atomic allocation in write path Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 239/319] ima: check xattr value length and type in the ima_inode_setxattr() Greg Kroah-Hartman
` (77 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Bolle, Jingoo Han, Sylwester Nawrocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
commit cd6e245a2d061a8367e37aaece32cf3fc922de80 upstream.
The PLAT_S5P Kconfig symbol was removed in commit d78c16ccde96
("ARM: SAMSUNG: Remove remaining legacy code"). There are still
some references left, fix that by replacing them with ARCH_S5PV210.
Fixes: d78c16ccde96 ("ARM: SAMSUNG: Remove remaining legacy code")
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Acked-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/host/Kconfig
+++ b/drivers/usb/host/Kconfig
@@ -220,7 +220,7 @@ config USB_EHCI_SH
config USB_EHCI_EXYNOS
tristate "EHCI support for Samsung S5P/EXYNOS SoC Series"
- depends on PLAT_S5P || ARCH_EXYNOS
+ depends on ARCH_S5PV210 || ARCH_EXYNOS
help
Enable support for the Samsung Exynos SOC's on-chip EHCI controller.
@@ -527,7 +527,7 @@ config USB_OHCI_SH
config USB_OHCI_EXYNOS
tristate "OHCI support for Samsung S5P/EXYNOS SoC Series"
- depends on PLAT_S5P || ARCH_EXYNOS
+ depends on ARCH_S5PV210 || ARCH_EXYNOS
help
Enable support for the Samsung Exynos SOC's on-chip OHCI controller.
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 239/319] ima: check xattr value length and type in the ima_inode_setxattr()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (225 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 238/319] usb: Remove references to non-existent PLAT_S5P symbol Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 240/319] sh: fix sh770x SCIF memory regions Greg Kroah-Hartman
` (76 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Dmitry Kasatkin, Mimi Zohar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
commit a48fda9de94500a3152a56b723d0a64ae236547c upstream.
ima_inode_setxattr() can be called with no value. Function does not
check the length so that following command can be used to produce
kernel oops: setfattr -n security.ima FOO. This patch fixes it.
Changes in v3:
* for stable reverted "allow setting hash only in fix or log mode"
It will be a separate patch.
Changes in v2:
* testing validity of xattr type
* allow setting hash only in fix or log mode (Mimi)
[ 261.562522] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 261.564109] IP: [<ffffffff812af272>] ima_inode_setxattr+0x3e/0x5a
[ 261.564109] PGD 3112f067 PUD 42965067 PMD 0
[ 261.564109] Oops: 0000 [#1] SMP
[ 261.564109] Modules linked in: bridge stp llc evdev serio_raw i2c_piix4 button fuse
[ 261.564109] CPU: 0 PID: 3299 Comm: setxattr Not tainted 3.16.0-kds+ #2924
[ 261.564109] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 261.564109] task: ffff8800428c2430 ti: ffff880042be0000 task.ti: ffff880042be0000
[ 261.564109] RIP: 0010:[<ffffffff812af272>] [<ffffffff812af272>] ima_inode_setxattr+0x3e/0x5a
[ 261.564109] RSP: 0018:ffff880042be3d50 EFLAGS: 00010246
[ 261.564109] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000015
[ 261.564109] RDX: 0000001500000000 RSI: 0000000000000000 RDI: ffff8800375cc600
[ 261.564109] RBP: ffff880042be3d68 R08: 0000000000000000 R09: 00000000004d6256
[ 261.564109] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88002149ba00
[ 261.564109] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 261.564109] FS: 00007f6c1e219740(0000) GS:ffff88005da00000(0000) knlGS:0000000000000000
[ 261.564109] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 261.564109] CR2: 0000000000000000 CR3: 000000003b35a000 CR4: 00000000000006f0
[ 261.564109] Stack:
[ 261.564109] ffff88002149ba00 ffff880042be3df8 0000000000000000 ffff880042be3d98
[ 261.564109] ffffffff812a101b ffff88002149ba00 ffff880042be3df8 0000000000000000
[ 261.564109] 0000000000000000 ffff880042be3de0 ffffffff8116d08a ffff880042be3dc8
[ 261.564109] Call Trace:
[ 261.564109] [<ffffffff812a101b>] security_inode_setxattr+0x48/0x6a
[ 261.564109] [<ffffffff8116d08a>] vfs_setxattr+0x6b/0x9f
[ 261.564109] [<ffffffff8116d1e0>] setxattr+0x122/0x16c
[ 261.564109] [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
[ 261.564109] [<ffffffff8114d011>] ? __sb_start_write+0x10f/0x143
[ 261.564109] [<ffffffff811687e8>] ? mnt_want_write+0x21/0x45
[ 261.564109] [<ffffffff811687c0>] ? __mnt_want_write+0x48/0x4f
[ 261.564109] [<ffffffff8116d3e6>] SyS_setxattr+0x6e/0xb0
[ 261.564109] [<ffffffff81529da9>] system_call_fastpath+0x16/0x1b
[ 261.564109] Code: 48 89 f7 48 c7 c6 58 36 81 81 53 31 db e8 73 27 04 00 85 c0 75 28 bf 15 00 00 00 e8 8a a5 d9 ff 84 c0 75 05 83 cb ff eb 15 31 f6 <41> 80 7d 00 03 49 8b 7c 24 68 40 0f 94 c6 e8 e1 f9 ff ff 89 d8
[ 261.564109] RIP [<ffffffff812af272>] ima_inode_setxattr+0x3e/0x5a
[ 261.564109] RSP <ffff880042be3d50>
[ 261.564109] CR2: 0000000000000000
[ 261.599998] ---[ end trace 39a89a3fc267e652 ]---
Reported-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/ima_appraise.c | 2 ++
security/integrity/integrity.h | 1 +
2 files changed, 3 insertions(+)
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -378,6 +378,8 @@ int ima_inode_setxattr(struct dentry *de
result = ima_protect_xattr(dentry, xattr_name, xattr_value,
xattr_value_len);
if (result == 1) {
+ if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
+ return -EINVAL;
ima_reset_appraise_flags(dentry->d_inode,
(xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);
result = 0;
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -61,6 +61,7 @@ enum evm_ima_xattr_type {
EVM_XATTR_HMAC,
EVM_IMA_XATTR_DIGSIG,
IMA_XATTR_DIGEST_NG,
+ IMA_XATTR_LAST
};
struct evm_ima_xattr_data {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 240/319] sh: fix sh770x SCIF memory regions
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (226 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 239/319] ima: check xattr value length and type in the ima_inode_setxattr() Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 241/319] mm: free compound page with correct order Greg Kroah-Hartman
` (75 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andriy Skulysh, Laurent Pinchart,
Geert Uytterhoeven, Andrew Morton, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andriy Skulysh <askulysh@gmail.com>
commit 5417421b270229bfce0795ccc99a4b481e4954ca upstream.
Resources scif1_resources & scif2_resources overlap. Actual SCIF region
size is 0x10.
This is regression from commit d850acf975be ("sh: Declare SCIF register
base and IRQ as resources")
Signed-off-by: Andriy Skulysh <askulysh@gmail.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/sh/kernel/cpu/sh3/setup-sh770x.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/sh/kernel/cpu/sh3/setup-sh770x.c
+++ b/arch/sh/kernel/cpu/sh3/setup-sh770x.c
@@ -118,7 +118,7 @@ static struct plat_sci_port scif0_platfo
};
static struct resource scif0_resources[] = {
- DEFINE_RES_MEM(0xfffffe80, 0x100),
+ DEFINE_RES_MEM(0xfffffe80, 0x10),
DEFINE_RES_IRQ(evt2irq(0x4e0)),
};
@@ -143,7 +143,7 @@ static struct plat_sci_port scif1_platfo
};
static struct resource scif1_resources[] = {
- DEFINE_RES_MEM(0xa4000150, 0x100),
+ DEFINE_RES_MEM(0xa4000150, 0x10),
DEFINE_RES_IRQ(evt2irq(0x900)),
};
@@ -169,7 +169,7 @@ static struct plat_sci_port scif2_platfo
};
static struct resource scif2_resources[] = {
- DEFINE_RES_MEM(0xa4000140, 0x100),
+ DEFINE_RES_MEM(0xa4000140, 0x10),
DEFINE_RES_IRQ(evt2irq(0x880)),
};
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 241/319] mm: free compound page with correct order
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (227 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 240/319] sh: fix sh770x SCIF memory regions Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 242/319] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations Greg Kroah-Hartman
` (74 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Zhao, Kirill A. Shutemov,
Andrea Arcangeli, Mel Gorman, David Rientjes, Bob Liu,
Andrew Morton, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Zhao <yuzhao@google.com>
commit 5ddacbe92b806cd5b4f8f154e8e46ac267fff55c upstream.
Compound page should be freed by put_page() or free_pages() with correct
order. Not doing so will cause tail pages leaked.
The compound order can be obtained by compound_order() or use
HPAGE_PMD_ORDER in our case. Some people would argue the latter is
faster but I prefer the former which is more general.
This bug was observed not just on our servers (the worst case we saw is
11G leaked on a 48G machine) but also on our workstations running Ubuntu
based distro.
$ cat /proc/vmstat | grep thp_zero_page_alloc
thp_zero_page_alloc 55
thp_zero_page_alloc_failed 0
This means there is (thp_zero_page_alloc - 1) * (2M - 4K) memory leaked.
Fixes: 97ae17497e99 ("thp: implement refcounting for huge zero page")
Signed-off-by: Yu Zhao <yuzhao@google.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: David Rientjes <rientjes@google.com>
Cc: Bob Liu <lliubbo@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/huge_memory.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -200,7 +200,7 @@ retry:
preempt_disable();
if (cmpxchg(&huge_zero_page, NULL, zero_page)) {
preempt_enable();
- __free_page(zero_page);
+ __free_pages(zero_page, compound_order(zero_page));
goto retry;
}
@@ -232,7 +232,7 @@ static unsigned long shrink_huge_zero_pa
if (atomic_cmpxchg(&huge_zero_refcount, 1, 0) == 1) {
struct page *zero_page = xchg(&huge_zero_page, NULL);
BUG_ON(zero_page == NULL);
- __free_page(zero_page);
+ __free_pages(zero_page, compound_order(zero_page));
return HPAGE_PMD_NR;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 242/319] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations.
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (228 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 241/319] mm: free compound page with correct order Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 243/319] mm: page-writeback: inline account_page_dirtied() into single caller Greg Kroah-Hartman
` (73 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Nan, Johannes Weiner,
Michal Hocko, Steven Rostedt, Andrew Morton, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Nan <wangnan0@huawei.com>
commit 401507d67d5c2854f5a88b3f93f64fc6f267bca5 upstream.
Commit ff7ee93f4715 ("cgroup/kmemleak: Annotate alloc_page() for cgroup
allocations") introduces kmemleak_alloc() for alloc_page_cgroup(), but
corresponding kmemleak_free() is missing, which makes kmemleak be
wrongly disabled after memory offlining. Log is pasted at the end of
this commit message.
This patch add kmemleak_free() into free_page_cgroup(). During page
offlining, this patch removes corresponding entries in kmemleak rbtree.
After that, the freed memory can be allocated again by other subsystems
without killing kmemleak.
bash # for x in 1 2 3 4; do echo offline > /sys/devices/system/memory/memory$x/state ; sleep 1; done ; dmesg | grep leak
Offlined Pages 32768
kmemleak: Cannot insert 0xffff880016969000 into the object search tree (overlaps existing)
CPU: 0 PID: 412 Comm: sleep Not tainted 3.17.0-rc5+ #86
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
dump_stack+0x46/0x58
create_object+0x266/0x2c0
kmemleak_alloc+0x26/0x50
kmem_cache_alloc+0xd3/0x160
__sigqueue_alloc+0x49/0xd0
__send_signal+0xcb/0x410
send_signal+0x45/0x90
__group_send_sig_info+0x13/0x20
do_notify_parent+0x1bb/0x260
do_exit+0x767/0xa40
do_group_exit+0x44/0xa0
SyS_exit_group+0x17/0x20
system_call_fastpath+0x16/0x1b
kmemleak: Kernel memory leak detector disabled
kmemleak: Object 0xffff880016900000 (size 524288):
kmemleak: comm "swapper/0", pid 0, jiffies 4294667296
kmemleak: min_count = 0
kmemleak: count = 0
kmemleak: flags = 0x1
kmemleak: checksum = 0
kmemleak: backtrace:
log_early+0x63/0x77
kmemleak_alloc+0x4b/0x50
init_section_page_cgroup+0x7f/0xf5
page_cgroup_init+0xc5/0xd0
start_kernel+0x333/0x408
x86_64_start_reservations+0x2a/0x2c
x86_64_start_kernel+0xf5/0xfc
Fixes: ff7ee93f4715 (cgroup/kmemleak: Annotate alloc_page() for cgroup allocations)
Signed-off-by: Wang Nan <wangnan0@huawei.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.cz>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page_cgroup.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/page_cgroup.c
+++ b/mm/page_cgroup.c
@@ -171,6 +171,7 @@ static void free_page_cgroup(void *addr)
sizeof(struct page_cgroup) * PAGES_PER_SECTION;
BUG_ON(PageReserved(page));
+ kmemleak_free(addr);
free_pages_exact(addr, table_size);
}
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 243/319] mm: page-writeback: inline account_page_dirtied() into single caller
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (229 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 242/319] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 244/319] mm: memcontrol: fix missed end-writeback page accounting Greg Kroah-Hartman
` (72 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Weiner, Michal Hocko,
Vladimir Davydov, Andrew Morton, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Weiner <hannes@cmpxchg.org>
commit 3a3c02ecf7f2852f122d6d16fb9b3d9cb0c6f201 upstream.
A follow-up patch would have changed the call signature. To save the
trouble, just fold it instead.
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.cz>
Cc: Vladimir Davydov <vdavydov@parallels.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mm.h | 1 -
mm/page-writeback.c | 23 ++++-------------------
2 files changed, 4 insertions(+), 20 deletions(-)
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1233,7 +1233,6 @@ int __set_page_dirty_no_writeback(struct
int redirty_page_for_writepage(struct writeback_control *wbc,
struct page *page);
void account_page_dirtied(struct page *page, struct address_space *mapping);
-void account_page_writeback(struct page *page);
int set_page_dirty(struct page *page);
int set_page_dirty_lock(struct page *page);
int clear_page_dirty_for_io(struct page *page);
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -2116,23 +2116,6 @@ void account_page_dirtied(struct page *p
EXPORT_SYMBOL(account_page_dirtied);
/*
- * Helper function for set_page_writeback family.
- *
- * The caller must hold mem_cgroup_begin/end_update_page_stat() lock
- * while calling this function.
- * See test_set_page_writeback for example.
- *
- * NOTE: Unlike account_page_dirtied this does not rely on being atomic
- * wrt interrupts.
- */
-void account_page_writeback(struct page *page)
-{
- mem_cgroup_inc_page_stat(page, MEM_CGROUP_STAT_WRITEBACK);
- inc_zone_page_state(page, NR_WRITEBACK);
-}
-EXPORT_SYMBOL(account_page_writeback);
-
-/*
* For address_spaces which do not use buffers. Just tag the page as dirty in
* its radix tree.
*
@@ -2410,8 +2393,10 @@ int __test_set_page_writeback(struct pag
} else {
ret = TestSetPageWriteback(page);
}
- if (!ret)
- account_page_writeback(page);
+ if (!ret) {
+ mem_cgroup_inc_page_stat(page, MEM_CGROUP_STAT_WRITEBACK);
+ inc_zone_page_state(page, NR_WRITEBACK);
+ }
mem_cgroup_end_update_page_stat(page, &locked, &memcg_flags);
return ret;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 244/319] mm: memcontrol: fix missed end-writeback page accounting
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (230 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 243/319] mm: page-writeback: inline account_page_dirtied() into single caller Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 245/319] lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}() Greg Kroah-Hartman
` (71 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Weiner, Michal Hocko,
Vladimir Davydov, Andrew Morton, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Weiner <hannes@cmpxchg.org>
commit d7365e783edb858279be1d03f61bc8d5d3383d90 upstream.
Commit 0a31bc97c80c ("mm: memcontrol: rewrite uncharge API") changed
page migration to uncharge the old page right away. The page is locked,
unmapped, truncated, and off the LRU, but it could race with writeback
ending, which then doesn't unaccount the page properly:
test_clear_page_writeback() migration
wait_on_page_writeback()
TestClearPageWriteback()
mem_cgroup_migrate()
clear PCG_USED
mem_cgroup_update_page_stat()
if (PageCgroupUsed(pc))
decrease memcg pages under writeback
release pc->mem_cgroup->move_lock
The per-page statistics interface is heavily optimized to avoid a
function call and a lookup_page_cgroup() in the file unmap fast path,
which means it doesn't verify whether a page is still charged before
clearing PageWriteback() and it has to do it in the stat update later.
Rework it so that it looks up the page's memcg once at the beginning of
the transaction and then uses it throughout. The charge will be
verified before clearing PageWriteback() and migration can't uncharge
the page as long as that is still set. The RCU lock will protect the
memcg past uncharge.
As far as losing the optimization goes, the following test results are
from a microbenchmark that maps, faults, and unmaps a 4GB sparse file
three times in a nested fashion, so that there are two negative passes
that don't account but still go through the new transaction overhead.
There is no actual difference:
old: 33.195102545 seconds time elapsed ( +- 0.01% )
new: 33.199231369 seconds time elapsed ( +- 0.03% )
The time spent in page_remove_rmap()'s callees still adds up to the
same, but the time spent in the function itself seems reduced:
# Children Self Command Shared Object Symbol
old: 0.12% 0.11% filemapstress [kernel.kallsyms] [k] page_remove_rmap
new: 0.12% 0.08% filemapstress [kernel.kallsyms] [k] page_remove_rmap
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.cz>
Cc: Vladimir Davydov <vdavydov@parallels.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/memcontrol.h | 56 ++++++---------------
mm/memcontrol.c | 115 ++++++++++++++++++++++++---------------------
mm/page-writeback.c | 22 ++++----
mm/rmap.c | 20 +++----
4 files changed, 100 insertions(+), 113 deletions(-)
--- a/include/linux/memcontrol.h
+++ b/include/linux/memcontrol.h
@@ -139,48 +139,23 @@ static inline bool mem_cgroup_disabled(v
return false;
}
-void __mem_cgroup_begin_update_page_stat(struct page *page, bool *locked,
- unsigned long *flags);
+struct mem_cgroup *mem_cgroup_begin_page_stat(struct page *page, bool *locked,
+ unsigned long *flags);
+void mem_cgroup_end_page_stat(struct mem_cgroup *memcg, bool locked,
+ unsigned long flags);
+void mem_cgroup_update_page_stat(struct mem_cgroup *memcg,
+ enum mem_cgroup_stat_index idx, int val);
-extern atomic_t memcg_moving;
-
-static inline void mem_cgroup_begin_update_page_stat(struct page *page,
- bool *locked, unsigned long *flags)
-{
- if (mem_cgroup_disabled())
- return;
- rcu_read_lock();
- *locked = false;
- if (atomic_read(&memcg_moving))
- __mem_cgroup_begin_update_page_stat(page, locked, flags);
-}
-
-void __mem_cgroup_end_update_page_stat(struct page *page,
- unsigned long *flags);
-static inline void mem_cgroup_end_update_page_stat(struct page *page,
- bool *locked, unsigned long *flags)
-{
- if (mem_cgroup_disabled())
- return;
- if (*locked)
- __mem_cgroup_end_update_page_stat(page, flags);
- rcu_read_unlock();
-}
-
-void mem_cgroup_update_page_stat(struct page *page,
- enum mem_cgroup_stat_index idx,
- int val);
-
-static inline void mem_cgroup_inc_page_stat(struct page *page,
+static inline void mem_cgroup_inc_page_stat(struct mem_cgroup *memcg,
enum mem_cgroup_stat_index idx)
{
- mem_cgroup_update_page_stat(page, idx, 1);
+ mem_cgroup_update_page_stat(memcg, idx, 1);
}
-static inline void mem_cgroup_dec_page_stat(struct page *page,
+static inline void mem_cgroup_dec_page_stat(struct mem_cgroup *memcg,
enum mem_cgroup_stat_index idx)
{
- mem_cgroup_update_page_stat(page, idx, -1);
+ mem_cgroup_update_page_stat(memcg, idx, -1);
}
unsigned long mem_cgroup_soft_limit_reclaim(struct zone *zone, int order,
@@ -315,13 +290,14 @@ mem_cgroup_print_oom_info(struct mem_cgr
{
}
-static inline void mem_cgroup_begin_update_page_stat(struct page *page,
+static inline struct mem_cgroup *mem_cgroup_begin_page_stat(struct page *page,
bool *locked, unsigned long *flags)
{
+ return NULL;
}
-static inline void mem_cgroup_end_update_page_stat(struct page *page,
- bool *locked, unsigned long *flags)
+static inline void mem_cgroup_end_page_stat(struct mem_cgroup *memcg,
+ bool locked, unsigned long flags)
{
}
@@ -343,12 +319,12 @@ static inline bool mem_cgroup_oom_synchr
return false;
}
-static inline void mem_cgroup_inc_page_stat(struct page *page,
+static inline void mem_cgroup_inc_page_stat(struct mem_cgroup *memcg,
enum mem_cgroup_stat_index idx)
{
}
-static inline void mem_cgroup_dec_page_stat(struct page *page,
+static inline void mem_cgroup_dec_page_stat(struct mem_cgroup *memcg,
enum mem_cgroup_stat_index idx)
{
}
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1545,12 +1545,8 @@ int mem_cgroup_swappiness(struct mem_cgr
* start move here.
*/
-/* for quick checking without looking up memcg */
-atomic_t memcg_moving __read_mostly;
-
static void mem_cgroup_start_move(struct mem_cgroup *memcg)
{
- atomic_inc(&memcg_moving);
atomic_inc(&memcg->moving_account);
synchronize_rcu();
}
@@ -1561,10 +1557,8 @@ static void mem_cgroup_end_move(struct m
* Now, mem_cgroup_clear_mc() may call this function with NULL.
* We check NULL in callee rather than caller.
*/
- if (memcg) {
- atomic_dec(&memcg_moving);
+ if (memcg)
atomic_dec(&memcg->moving_account);
- }
}
/*
@@ -2249,41 +2243,52 @@ cleanup:
return true;
}
-/*
- * Used to update mapped file or writeback or other statistics.
- *
- * Notes: Race condition
- *
- * Charging occurs during page instantiation, while the page is
- * unmapped and locked in page migration, or while the page table is
- * locked in THP migration. No race is possible.
- *
- * Uncharge happens to pages with zero references, no race possible.
- *
- * Charge moving between groups is protected by checking mm->moving
- * account and taking the move_lock in the slowpath.
- */
-
-void __mem_cgroup_begin_update_page_stat(struct page *page,
- bool *locked, unsigned long *flags)
+/**
+ * mem_cgroup_begin_page_stat - begin a page state statistics transaction
+ * @page: page that is going to change accounted state
+ * @locked: &memcg->move_lock slowpath was taken
+ * @flags: IRQ-state flags for &memcg->move_lock
+ *
+ * This function must mark the beginning of an accounted page state
+ * change to prevent double accounting when the page is concurrently
+ * being moved to another memcg:
+ *
+ * memcg = mem_cgroup_begin_page_stat(page, &locked, &flags);
+ * if (TestClearPageState(page))
+ * mem_cgroup_update_page_stat(memcg, state, -1);
+ * mem_cgroup_end_page_stat(memcg, locked, flags);
+ *
+ * The RCU lock is held throughout the transaction. The fast path can
+ * get away without acquiring the memcg->move_lock (@locked is false)
+ * because page moving starts with an RCU grace period.
+ *
+ * The RCU lock also protects the memcg from being freed when the page
+ * state that is going to change is the only thing preventing the page
+ * from being uncharged. E.g. end-writeback clearing PageWriteback(),
+ * which allows migration to go ahead and uncharge the page before the
+ * account transaction might be complete.
+ */
+struct mem_cgroup *mem_cgroup_begin_page_stat(struct page *page,
+ bool *locked,
+ unsigned long *flags)
{
struct mem_cgroup *memcg;
struct page_cgroup *pc;
+ rcu_read_lock();
+
+ if (mem_cgroup_disabled())
+ return NULL;
+
pc = lookup_page_cgroup(page);
again:
memcg = pc->mem_cgroup;
if (unlikely(!memcg || !PageCgroupUsed(pc)))
- return;
- /*
- * If this memory cgroup is not under account moving, we don't
- * need to take move_lock_mem_cgroup(). Because we already hold
- * rcu_read_lock(), any calls to move_account will be delayed until
- * rcu_read_unlock().
- */
- VM_BUG_ON(!rcu_read_lock_held());
+ return NULL;
+
+ *locked = false;
if (atomic_read(&memcg->moving_account) <= 0)
- return;
+ return memcg;
move_lock_mem_cgroup(memcg, flags);
if (memcg != pc->mem_cgroup || !PageCgroupUsed(pc)) {
@@ -2291,36 +2296,40 @@ again:
goto again;
}
*locked = true;
+
+ return memcg;
}
-void __mem_cgroup_end_update_page_stat(struct page *page, unsigned long *flags)
+/**
+ * mem_cgroup_end_page_stat - finish a page state statistics transaction
+ * @memcg: the memcg that was accounted against
+ * @locked: value received from mem_cgroup_begin_page_stat()
+ * @flags: value received from mem_cgroup_begin_page_stat()
+ */
+void mem_cgroup_end_page_stat(struct mem_cgroup *memcg, bool locked,
+ unsigned long flags)
{
- struct page_cgroup *pc = lookup_page_cgroup(page);
+ if (memcg && locked)
+ move_unlock_mem_cgroup(memcg, &flags);
- /*
- * It's guaranteed that pc->mem_cgroup never changes while
- * lock is held because a routine modifies pc->mem_cgroup
- * should take move_lock_mem_cgroup().
- */
- move_unlock_mem_cgroup(pc->mem_cgroup, flags);
+ rcu_read_unlock();
}
-void mem_cgroup_update_page_stat(struct page *page,
+/**
+ * mem_cgroup_update_page_stat - update page state statistics
+ * @memcg: memcg to account against
+ * @idx: page state item to account
+ * @val: number of pages (positive or negative)
+ *
+ * See mem_cgroup_begin_page_stat() for locking requirements.
+ */
+void mem_cgroup_update_page_stat(struct mem_cgroup *memcg,
enum mem_cgroup_stat_index idx, int val)
{
- struct mem_cgroup *memcg;
- struct page_cgroup *pc = lookup_page_cgroup(page);
- unsigned long uninitialized_var(flags);
-
- if (mem_cgroup_disabled())
- return;
-
VM_BUG_ON(!rcu_read_lock_held());
- memcg = pc->mem_cgroup;
- if (unlikely(!memcg || !PageCgroupUsed(pc)))
- return;
- this_cpu_add(memcg->stat->count[idx], val);
+ if (memcg)
+ this_cpu_add(memcg->stat->count[idx], val);
}
/*
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -2327,11 +2327,12 @@ EXPORT_SYMBOL(clear_page_dirty_for_io);
int test_clear_page_writeback(struct page *page)
{
struct address_space *mapping = page_mapping(page);
- int ret;
- bool locked;
unsigned long memcg_flags;
+ struct mem_cgroup *memcg;
+ bool locked;
+ int ret;
- mem_cgroup_begin_update_page_stat(page, &locked, &memcg_flags);
+ memcg = mem_cgroup_begin_page_stat(page, &locked, &memcg_flags);
if (mapping) {
struct backing_dev_info *bdi = mapping->backing_dev_info;
unsigned long flags;
@@ -2352,22 +2353,23 @@ int test_clear_page_writeback(struct pag
ret = TestClearPageWriteback(page);
}
if (ret) {
- mem_cgroup_dec_page_stat(page, MEM_CGROUP_STAT_WRITEBACK);
+ mem_cgroup_dec_page_stat(memcg, MEM_CGROUP_STAT_WRITEBACK);
dec_zone_page_state(page, NR_WRITEBACK);
inc_zone_page_state(page, NR_WRITTEN);
}
- mem_cgroup_end_update_page_stat(page, &locked, &memcg_flags);
+ mem_cgroup_end_page_stat(memcg, locked, memcg_flags);
return ret;
}
int __test_set_page_writeback(struct page *page, bool keep_write)
{
struct address_space *mapping = page_mapping(page);
- int ret;
- bool locked;
unsigned long memcg_flags;
+ struct mem_cgroup *memcg;
+ bool locked;
+ int ret;
- mem_cgroup_begin_update_page_stat(page, &locked, &memcg_flags);
+ memcg = mem_cgroup_begin_page_stat(page, &locked, &memcg_flags);
if (mapping) {
struct backing_dev_info *bdi = mapping->backing_dev_info;
unsigned long flags;
@@ -2394,10 +2396,10 @@ int __test_set_page_writeback(struct pag
ret = TestSetPageWriteback(page);
}
if (!ret) {
- mem_cgroup_inc_page_stat(page, MEM_CGROUP_STAT_WRITEBACK);
+ mem_cgroup_inc_page_stat(memcg, MEM_CGROUP_STAT_WRITEBACK);
inc_zone_page_state(page, NR_WRITEBACK);
}
- mem_cgroup_end_update_page_stat(page, &locked, &memcg_flags);
+ mem_cgroup_end_page_stat(memcg, locked, memcg_flags);
return ret;
}
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -1042,15 +1042,16 @@ void page_add_new_anon_rmap(struct page
*/
void page_add_file_rmap(struct page *page)
{
- bool locked;
+ struct mem_cgroup *memcg;
unsigned long flags;
+ bool locked;
- mem_cgroup_begin_update_page_stat(page, &locked, &flags);
+ memcg = mem_cgroup_begin_page_stat(page, &locked, &flags);
if (atomic_inc_and_test(&page->_mapcount)) {
__inc_zone_page_state(page, NR_FILE_MAPPED);
- mem_cgroup_inc_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED);
+ mem_cgroup_inc_page_stat(memcg, MEM_CGROUP_STAT_FILE_MAPPED);
}
- mem_cgroup_end_update_page_stat(page, &locked, &flags);
+ mem_cgroup_end_page_stat(memcg, locked, flags);
}
/**
@@ -1061,9 +1062,10 @@ void page_add_file_rmap(struct page *pag
*/
void page_remove_rmap(struct page *page)
{
+ struct mem_cgroup *uninitialized_var(memcg);
bool anon = PageAnon(page);
- bool locked;
unsigned long flags;
+ bool locked;
/*
* The anon case has no mem_cgroup page_stat to update; but may
@@ -1071,7 +1073,7 @@ void page_remove_rmap(struct page *page)
* we hold the lock against page_stat move: so avoid it on anon.
*/
if (!anon)
- mem_cgroup_begin_update_page_stat(page, &locked, &flags);
+ memcg = mem_cgroup_begin_page_stat(page, &locked, &flags);
/* page still mapped by someone else? */
if (!atomic_add_negative(-1, &page->_mapcount))
@@ -1096,8 +1098,7 @@ void page_remove_rmap(struct page *page)
-hpage_nr_pages(page));
} else {
__dec_zone_page_state(page, NR_FILE_MAPPED);
- mem_cgroup_dec_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED);
- mem_cgroup_end_update_page_stat(page, &locked, &flags);
+ mem_cgroup_dec_page_stat(memcg, MEM_CGROUP_STAT_FILE_MAPPED);
}
if (unlikely(PageMlocked(page)))
clear_page_mlock(page);
@@ -1110,10 +1111,9 @@ void page_remove_rmap(struct page *page)
* Leaving it set also helps swapoff to reinstate ptes
* faster for those pages still in swapcache.
*/
- return;
out:
if (!anon)
- mem_cgroup_end_update_page_stat(page, &locked, &flags);
+ mem_cgroup_end_page_stat(memcg, locked, flags);
}
/*
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 245/319] lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (231 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 244/319] mm: memcontrol: fix missed end-writeback page accounting Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 246/319] mm/balloon_compaction: fix deflation when compaction is disabled Greg Kroah-Hartman
` (70 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Rasmus Villemoes,
Andrew Morton, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit ea5d05b34aca25c066e0699512d0ffbd8ee6ac3e upstream.
If __bitmap_shift_left() or __bitmap_shift_right() are asked to shift by
a multiple of BITS_PER_LONG, they will try to shift a long value by
BITS_PER_LONG bits which is undefined. Change the functions to avoid
the undefined shift.
Coverity id: 1192175
Coverity id: 1192174
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/bitmap.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -131,7 +131,9 @@ void __bitmap_shift_right(unsigned long
lower = src[off + k];
if (left && off + k == lim - 1)
lower &= mask;
- dst[k] = upper << (BITS_PER_LONG - rem) | lower >> rem;
+ dst[k] = lower >> rem;
+ if (rem)
+ dst[k] |= upper << (BITS_PER_LONG - rem);
if (left && k == lim - 1)
dst[k] &= mask;
}
@@ -172,7 +174,9 @@ void __bitmap_shift_left(unsigned long *
upper = src[k];
if (left && k == lim - 1)
upper &= (1UL << left) - 1;
- dst[k + off] = lower >> (BITS_PER_LONG - rem) | upper << rem;
+ dst[k + off] = upper << rem;
+ if (rem)
+ dst[k + off] |= lower >> (BITS_PER_LONG - rem);
if (left && k + off == lim - 1)
dst[k + off] &= (1UL << left) - 1;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 246/319] mm/balloon_compaction: fix deflation when compaction is disabled
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (232 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 245/319] lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}() Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 247/319] xhci: no switching back on non-ULT Haswell Greg Kroah-Hartman
` (69 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov, Matt Mullins,
Andrew Morton, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
commit 4d88e6f7d5ffc84e6094a47925870f4a130555c2 upstream.
If CONFIG_BALLOON_COMPACTION=n balloon_page_insert() does not link pages
with balloon and doesn't set PagePrivate flag, as a result
balloon_page_dequeue() cannot get any pages because it thinks that all
of them are isolated. Without balloon compaction nobody can isolate
ballooned pages. It's safe to remove this check.
Fixes: d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management").
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Reported-by: Matt Mullins <mmullins@mmlx.us>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/balloon_compaction.c | 2 ++
1 file changed, 2 insertions(+)
--- a/mm/balloon_compaction.c
+++ b/mm/balloon_compaction.c
@@ -93,11 +93,13 @@ struct page *balloon_page_dequeue(struct
* to be released by the balloon driver.
*/
if (trylock_page(page)) {
+#ifdef CONFIG_BALLOON_COMPACTION
if (!PagePrivate(page)) {
/* raced with isolation */
unlock_page(page);
continue;
}
+#endif
spin_lock_irqsave(&b_dev_info->pages_lock, flags);
balloon_page_delete(page);
spin_unlock_irqrestore(&b_dev_info->pages_lock, flags);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 247/319] xhci: no switching back on non-ULT Haswell
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (233 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 246/319] mm/balloon_compaction: fix deflation when compaction is disabled Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 248/319] xhci: Disable streams on Asmedia 1042 xhci controllers Greg Kroah-Hartman
` (68 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oliver Neukum
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.de>
commit b45abacde3d551c6696c6738bef4a1805d0bf27a upstream.
The switch back is limited to ULT even on HP. The contrary
finding arose by bad luck in BIOS versions for testing.
This fixes spontaneous resume from S3 on some HP laptops.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 14 --------------
1 file changed, 14 deletions(-)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -126,20 +126,6 @@ static void xhci_pci_quirks(struct devic
xhci->quirks |= XHCI_AVOID_BEI;
}
if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
- (pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI ||
- pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI)) {
- /* Workaround for occasional spurious wakeups from S5 (or
- * any other sleep) on Haswell machines with LPT and LPT-LP
- * with the new Intel BIOS
- */
- /* Limit the quirk to only known vendors, as this triggers
- * yet another BIOS bug on some other machines
- * https://bugzilla.kernel.org/show_bug.cgi?id=66171
- */
- if (pdev->subsystem_vendor == PCI_VENDOR_ID_HP)
- xhci->quirks |= XHCI_SPURIOUS_WAKEUP;
- }
- if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI) {
xhci->quirks |= XHCI_SPURIOUS_REBOOT;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 248/319] xhci: Disable streams on Asmedia 1042 xhci controllers
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (234 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 247/319] xhci: no switching back on non-ULT Haswell Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 249/319] scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND Greg Kroah-Hartman
` (67 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bogdan Mihalcea, Hans de Goede
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 2391eacbd00b706ff4902db7dbee21e33b6f1850 upstream.
Streams seem to be broken on the Asmedia 1042. An uas capable Seagate disk
which is known to work fine with other controllers causes the system to freeze
when connected over usb-3 with this controller, where as it works fine with
uas in usb-2 ports, indicating a problem with streams.
This is a bit bigger hammer then I would like to use for this, but for now it
will have to make do. I've ordered a pci-e usb controller card with an Asmedia
1042, once that arrives I'll try to get streams to work (with a quirk flag if
necessary) and then we can re-enable them. For now this at least makes uas
capable disk enclosures work again by forcing fallback to the usb-storage
driver.
Reported-by: Bogdan Mihalcea <bogdan.mihalcea@infim.ro>
Cc: Bogdan Mihalcea <bogdan.mihalcea@infim.ro>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -146,6 +146,10 @@ static void xhci_pci_quirks(struct devic
pdev->device == 0x3432)
xhci->quirks |= XHCI_BROKEN_STREAMS;
+ if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA &&
+ pdev->device == 0x1042)
+ xhci->quirks |= XHCI_BROKEN_STREAMS;
+
if (xhci->quirks & XHCI_RESET_ON_RESUME)
xhci_dbg_trace(xhci, trace_xhci_dbg_quirks,
"QUIRK: Resetting on resume");
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 249/319] scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (235 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 248/319] xhci: Disable streams on Asmedia 1042 xhci controllers Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 250/319] lib/scatterlist: fix memory leak with scsi-mq Greg Kroah-Hartman
` (66 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jens Axboe, linux-scsi, Jan Kara, Jens Axboe
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 84ce0f0e94ac97217398b3b69c21c7a62ebeed05 upstream.
When sg_scsi_ioctl() fails to prepare request to submit in
blk_rq_map_kern() we jump to a label where we just end up copying
(luckily zeroed-out) kernel buffer to userspace instead of reporting
error. Fix the problem by jumping to the right label.
CC: Jens Axboe <axboe@kernel.dk>
CC: linux-scsi@vger.kernel.org
Coverity-id: 1226871
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed up the, now unused, out label.
Signed-off-by: Jens Axboe <axboe@fb.com>
---
block/scsi_ioctl.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -509,7 +509,7 @@ int sg_scsi_ioctl(struct request_queue *
if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) {
err = DRIVER_ERROR << 24;
- goto out;
+ goto error;
}
memset(sense, 0, sizeof(sense));
@@ -518,7 +518,6 @@ int sg_scsi_ioctl(struct request_queue *
blk_execute_rq(q, disk, rq, 0);
-out:
err = rq->errors & 0xff; /* only 8 bit SCSI status */
if (err) {
if (rq->sense_len && rq->sense) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 250/319] lib/scatterlist: fix memory leak with scsi-mq
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (236 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 249/319] scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 251/319] scsi: set REQ_QUEUE for the blk-mq case Greg Kroah-Hartman
` (65 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Battersby, Martin K. Petersen,
Jens Axboe
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Battersby <tonyb@cybernetics.com>
commit c21e59d8dc04b2107bdb4ff0f412a9b7ae3349f3 upstream.
Fix a memory leak with scsi-mq triggered by commands with large data
transfer length.
Fixes: c53c6d6a68b1 ("scatterlist: allow chaining to preallocated chunks")
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/scatterlist.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -203,10 +203,10 @@ void __sg_free_table(struct sg_table *ta
}
table->orig_nents -= sg_size;
- if (!skip_first_chunk) {
- free_fn(sgl, alloc_size);
+ if (skip_first_chunk)
skip_first_chunk = false;
- }
+ else
+ free_fn(sgl, alloc_size);
sgl = next;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 251/319] scsi: set REQ_QUEUE for the blk-mq case
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (237 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 250/319] lib/scatterlist: fix memory leak with scsi-mq Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 252/319] i82860_edac: Report CE events properly Greg Kroah-Hartman
` (64 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig,
Martin K. Petersen, Jens Axboe, Meelis Roos
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit b1dd2aac4cc0892b82ec60232ed37e3b0af776cc upstream.
To generate the right SPI tag messages we need to properly set
QUEUE_FLAG_QUEUED in the request_queue and mirror it to the
request.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Jens Axboe <axboe@kernel.dk>
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/scsi_lib.c | 5 +++++
include/scsi/scsi_tcq.h | 8 ++++----
2 files changed, 9 insertions(+), 4 deletions(-)
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1887,6 +1887,11 @@ static int scsi_queue_rq(struct blk_mq_h
req->cmd_flags |= REQ_DONTPREP;
}
+ if (blk_queue_tagged(q))
+ req->cmd_flags |= REQ_QUEUED;
+ else
+ req->cmd_flags &= ~REQ_QUEUED;
+
scsi_init_cmd_errh(cmd);
cmd->scsi_done = scsi_mq_done;
--- a/include/scsi/scsi_tcq.h
+++ b/include/scsi/scsi_tcq.h
@@ -67,8 +67,9 @@ static inline void scsi_activate_tcq(str
if (!sdev->tagged_supported)
return;
- if (!shost_use_blk_mq(sdev->host) &&
- !blk_queue_tagged(sdev->request_queue))
+ if (shost_use_blk_mq(sdev->host))
+ queue_flag_set_unlocked(QUEUE_FLAG_QUEUED, sdev->request_queue);
+ else if (!blk_queue_tagged(sdev->request_queue))
blk_queue_init_tags(sdev->request_queue, depth,
sdev->host->bqt);
@@ -81,8 +82,7 @@ static inline void scsi_activate_tcq(str
**/
static inline void scsi_deactivate_tcq(struct scsi_device *sdev, int depth)
{
- if (!shost_use_blk_mq(sdev->host) &&
- blk_queue_tagged(sdev->request_queue))
+ if (blk_queue_tagged(sdev->request_queue))
blk_queue_free_tags(sdev->request_queue);
scsi_adjust_queue_depth(sdev, 0, depth);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 252/319] i82860_edac: Report CE events properly
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (238 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 251/319] scsi: set REQ_QUEUE for the blk-mq case Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 253/319] i3200_edac: " Greg Kroah-Hartman
` (63 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason Baron, Borislav Petkov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Baron <jbaron@akamai.com>
commit ab0543de6ff0877474f57a5aafbb51a61e88676f upstream.
Fix CE event being reported as HW_EVENT_ERR_UNCORRECTED.
Signed-off-by: Jason Baron <jbaron@akamai.com>
Link: http://lkml.kernel.org/r/7aee8e244a32ff86b399a8f966c4aae70296aae0.1413405053.git.jbaron@akamai.com
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/i82860_edac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/edac/i82860_edac.c
+++ b/drivers/edac/i82860_edac.c
@@ -124,7 +124,7 @@ static int i82860_process_error_info(str
dimm->location[0], dimm->location[1], -1,
"i82860 UE", "");
else
- edac_mc_handle_error(HW_EVENT_ERR_UNCORRECTED, mci, 1,
+ edac_mc_handle_error(HW_EVENT_ERR_CORRECTED, mci, 1,
info->eap, 0, info->derrsyn,
dimm->location[0], dimm->location[1], -1,
"i82860 CE", "");
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 253/319] i3200_edac: Report CE events properly
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (239 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 252/319] i82860_edac: Report CE events properly Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 254/319] e7xxx_edac: " Greg Kroah-Hartman
` (62 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason Baron, Borislav Petkov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Baron <jbaron@akamai.com>
commit 8a3f075d6c9b3612b4a5fb2af8db82b38b20caf0 upstream.
Fix CE event being reported as HW_EVENT_ERR_UNCORRECTED.
Signed-off-by: Jason Baron <jbaron@akamai.com>
Link: http://lkml.kernel.org/r/d02465b4f30314b390c12c061502eda5e9d29c52.1413405053.git.jbaron@akamai.com
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/i3200_edac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/edac/i3200_edac.c
+++ b/drivers/edac/i3200_edac.c
@@ -242,11 +242,11 @@ static void i3200_process_error_info(str
-1, -1,
"i3000 UE", "");
} else if (log & I3200_ECCERRLOG_CE) {
- edac_mc_handle_error(HW_EVENT_ERR_UNCORRECTED, mci, 1,
+ edac_mc_handle_error(HW_EVENT_ERR_CORRECTED, mci, 1,
0, 0, eccerrlog_syndrome(log),
eccerrlog_row(channel, log),
-1, -1,
- "i3000 UE", "");
+ "i3000 CE", "");
}
}
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 254/319] e7xxx_edac: Report CE events properly
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (240 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 253/319] i3200_edac: " Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 255/319] cpc925_edac: Report UE " Greg Kroah-Hartman
` (61 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason Baron, Borislav Petkov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Baron <jbaron@akamai.com>
commit 8030122a9ccf939186f8db96c318dbb99b5463f6 upstream.
Fix CE event being reported as HW_EVENT_ERR_UNCORRECTED.
Signed-off-by: Jason Baron <jbaron@akamai.com>
Link: http://lkml.kernel.org/r/e6dd616f2cd51583a7e77af6f639b86313c74144.1413405053.git.jbaron@akamai.com
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/e7xxx_edac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/edac/e7xxx_edac.c
+++ b/drivers/edac/e7xxx_edac.c
@@ -226,7 +226,7 @@ static void process_ce(struct mem_ctl_in
static void process_ce_no_info(struct mem_ctl_info *mci)
{
edac_dbg(3, "\n");
- edac_mc_handle_error(HW_EVENT_ERR_UNCORRECTED, mci, 1, 0, 0, 0, -1, -1, -1,
+ edac_mc_handle_error(HW_EVENT_ERR_CORRECTED, mci, 1, 0, 0, 0, -1, -1, -1,
"e7xxx CE log register overflow", "");
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 255/319] cpc925_edac: Report UE events properly
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (241 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 254/319] e7xxx_edac: " Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 256/319] nfsd4: fix response size estimation for OP_SEQUENCE Greg Kroah-Hartman
` (60 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason Baron, Borislav Petkov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Baron <jbaron@akamai.com>
commit fa19ac4b92bc2b5024af3e868f41f81fa738567a upstream.
Fix UE event being reported as HW_EVENT_ERR_CORRECTED.
Signed-off-by: Jason Baron <jbaron@akamai.com>
Link: http://lkml.kernel.org/r/8beb13803500076fef827eab33d523e355d83759.1413405053.git.jbaron@akamai.com
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/edac/cpc925_edac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/edac/cpc925_edac.c
+++ b/drivers/edac/cpc925_edac.c
@@ -562,7 +562,7 @@ static void cpc925_mc_check(struct mem_c
if (apiexcp & UECC_EXCP_DETECTED) {
cpc925_mc_printk(mci, KERN_INFO, "DRAM UECC Fault\n");
- edac_mc_handle_error(HW_EVENT_ERR_CORRECTED, mci, 1,
+ edac_mc_handle_error(HW_EVENT_ERR_UNCORRECTED, mci, 1,
pfn, offset, 0,
csrow, -1, -1,
mci->ctl_name, "");
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 256/319] nfsd4: fix response size estimation for OP_SEQUENCE
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (242 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 255/319] cpc925_edac: Report UE " Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 257/319] nfsd4: fix crash on unknown operation number Greg Kroah-Hartman
` (59 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chuck Lever, J. Bruce Fields
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "J. Bruce Fields" <bfields@redhat.com>
commit d1d84c9626bb3a519863b3ffc40d347166f9fb83 upstream.
We added this new estimator function but forgot to hook it up. The
effect is that NFSv4.1 (and greater) won't do zero-copy reads.
The estimate was also wrong by 8 bytes.
Fixes: ccae70a9ee41 "nfsd4: estimate sequence response size"
Reported-by: Chuck Lever <chucklever@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4proc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1546,7 +1546,8 @@ static inline u32 nfsd4_rename_rsize(str
static inline u32 nfsd4_sequence_rsize(struct svc_rqst *rqstp,
struct nfsd4_op *op)
{
- return NFS4_MAX_SESSIONID_LEN + 20;
+ return (op_encode_hdr_size
+ + XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + 5) * sizeof(__be32);
}
static inline u32 nfsd4_setattr_rsize(struct svc_rqst *rqstp, struct nfsd4_op *op)
@@ -1850,6 +1851,7 @@ static struct nfsd4_operation nfsd4_ops[
.op_func = (nfsd4op_func)nfsd4_sequence,
.op_flags = ALLOWED_WITHOUT_FH | ALLOWED_AS_FIRST_OP,
.op_name = "OP_SEQUENCE",
+ .op_rsize_bop = (nfsd4op_rsize)nfsd4_sequence_rsize,
},
[OP_DESTROY_CLIENTID] = {
.op_func = (nfsd4op_func)nfsd4_destroy_clientid,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 257/319] nfsd4: fix crash on unknown operation number
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (243 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 256/319] nfsd4: fix response size estimation for OP_SEQUENCE Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 258/319] zap_pte_range: update addr when forcing flush after TLB batching faiure Greg Kroah-Hartman
` (58 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, J. Bruce Fields
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: "J. Bruce Fields" <bfields@redhat.com>
commit 51904b08072a8bf2b9ed74d1bd7a5300a614471d upstream.
Unknown operation numbers are caught in nfsd4_decode_compound() which
sets op->opnum to OP_ILLEGAL and op->status to nfserr_op_illegal. The
error causes the main loop in nfsd4_proc_compound() to skip most
processing. But nfsd4_proc_compound also peeks ahead at the next
operation in one case and doesn't take similar precautions there.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4proc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1229,7 +1229,8 @@ static bool need_wrongsec_check(struct s
*/
if (argp->opcnt == resp->opcnt)
return false;
-
+ if (next->opnum == OP_ILLEGAL)
+ return false;
nextd = OPDESC(next);
/*
* Rest of 2.6.3.1.1: certain operations will return WRONGSEC
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 258/319] zap_pte_range: update addr when forcing flush after TLB batching faiure
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (244 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 257/319] nfsd4: fix crash on unknown operation number Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 259/319] iwlwifi: mvm: BT Coex - update the MPLUT Boost register value Greg Kroah-Hartman
` (57 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Will Deacon, Linus Torvalds
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
commit ce9ec37bddb633404a0c23e1acb181a264e7f7f2 upstream.
When unmapping a range of pages in zap_pte_range, the page being
unmapped is added to an mmu_gather_batch structure for asynchronous
freeing. If we run out of space in the batch structure before the range
has been completely unmapped, then we break out of the loop, force a
TLB flush and free the pages that we have batched so far. If there are
further pages to unmap, then we resume the loop where we left off.
Unfortunately, we forget to update addr when we break out of the loop,
which causes us to truncate the range being invalidated as the end
address is exclusive. When we re-enter the loop at the same address, the
page has already been freed and the pte_present test will fail, meaning
that we do not reconsider the address for invalidation.
This patch fixes the problem by incrementing addr by the PAGE_SIZE
before breaking out of the loop on batch failure.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memory.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1147,6 +1147,7 @@ again:
print_bad_pte(vma, addr, ptent, page);
if (unlikely(!__tlb_remove_page(tlb, page))) {
force_flush = 1;
+ addr += PAGE_SIZE;
break;
}
continue;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 259/319] iwlwifi: mvm: BT Coex - update the MPLUT Boost register value
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (245 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 258/319] zap_pte_range: update addr when forcing flush after TLB batching faiure Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 260/319] iwlwifi: configure the LTR Greg Kroah-Hartman
` (56 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit d14b28fd2c61af0bf310230472e342864d799c98 upstream.
Fixes: 2adc8949efab ("iwlwifi: mvm: BT Coex - fix boost register / LUT values")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/iwlwifi/mvm/coex.c | 4 ++--
drivers/net/wireless/iwlwifi/mvm/coex_legacy.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/net/wireless/iwlwifi/mvm/coex.c
+++ b/drivers/net/wireless/iwlwifi/mvm/coex.c
@@ -301,8 +301,8 @@ static const __le64 iwl_ci_mask[][3] = {
};
static const __le32 iwl_bt_mprio_lut[BT_COEX_MULTI_PRIO_LUT_SIZE] = {
- cpu_to_le32(0x28412201),
- cpu_to_le32(0x11118451),
+ cpu_to_le32(0x2e402280),
+ cpu_to_le32(0x7711a751),
};
struct corunning_block_luts {
--- a/drivers/net/wireless/iwlwifi/mvm/coex_legacy.c
+++ b/drivers/net/wireless/iwlwifi/mvm/coex_legacy.c
@@ -289,8 +289,8 @@ static const __le64 iwl_ci_mask[][3] = {
};
static const __le32 iwl_bt_mprio_lut[BT_COEX_MULTI_PRIO_LUT_SIZE] = {
- cpu_to_le32(0x28412201),
- cpu_to_le32(0x11118451),
+ cpu_to_le32(0x2e402280),
+ cpu_to_le32(0x7711a751),
};
struct corunning_block_luts {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 260/319] iwlwifi: configure the LTR
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (246 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 259/319] iwlwifi: mvm: BT Coex - update the MPLUT Boost register value Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 261/319] iwlwifi: dvm: drop non VO frames when flushing Greg Kroah-Hartman
` (55 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit 9180ac50716a097a407c6d7e7e4589754a922260 upstream.
The LTR is the handshake between the device and the root
complex about the latency allowed when the bus exits power
save. This configuration was missing and this led to high
latency in the link power up. The end user could experience
high latency in the network because of this.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/iwlwifi/iwl-trans.h | 2 +
drivers/net/wireless/iwlwifi/mvm/fw-api-power.h | 35 +++++++++++++++++++++++-
drivers/net/wireless/iwlwifi/mvm/fw-api.h | 1
drivers/net/wireless/iwlwifi/mvm/fw.c | 9 ++++++
drivers/net/wireless/iwlwifi/mvm/ops.c | 1
drivers/net/wireless/iwlwifi/pcie/trans.c | 16 ++++++----
6 files changed, 56 insertions(+), 8 deletions(-)
--- a/drivers/net/wireless/iwlwifi/iwl-trans.h
+++ b/drivers/net/wireless/iwlwifi/iwl-trans.h
@@ -548,6 +548,7 @@ enum iwl_trans_state {
* Set during transport allocation.
* @hw_id_str: a string with info about HW ID. Set during transport allocation.
* @pm_support: set to true in start_hw if link pm is supported
+ * @ltr_enabled: set to true if the LTR is enabled
* @dev_cmd_pool: pool for Tx cmd allocation - for internal use only.
* The user should use iwl_trans_{alloc,free}_tx_cmd.
* @dev_cmd_headroom: room needed for the transport's private use before the
@@ -574,6 +575,7 @@ struct iwl_trans {
u8 rx_mpdu_cmd, rx_mpdu_cmd_hdr_size;
bool pm_support;
+ bool ltr_enabled;
/* The following fields are internal only */
struct kmem_cache *dev_cmd_pool;
--- a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h
+++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h
@@ -66,13 +66,46 @@
/* Power Management Commands, Responses, Notifications */
+/**
+ * enum iwl_ltr_config_flags - masks for LTR config command flags
+ * @LTR_CFG_FLAG_FEATURE_ENABLE: Feature operational status
+ * @LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS: allow LTR change on shadow
+ * memory access
+ * @LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH: allow LTR msg send on ANY LTR
+ * reg change
+ * @LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3: allow LTR msg send on transition from
+ * D0 to D3
+ * @LTR_CFG_FLAG_SW_SET_SHORT: fixed static short LTR register
+ * @LTR_CFG_FLAG_SW_SET_LONG: fixed static short LONG register
+ * @LTR_CFG_FLAG_DENIE_C10_ON_PD: allow going into C10 on PD
+ */
+enum iwl_ltr_config_flags {
+ LTR_CFG_FLAG_FEATURE_ENABLE = BIT(0),
+ LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS = BIT(1),
+ LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH = BIT(2),
+ LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3 = BIT(3),
+ LTR_CFG_FLAG_SW_SET_SHORT = BIT(4),
+ LTR_CFG_FLAG_SW_SET_LONG = BIT(5),
+ LTR_CFG_FLAG_DENIE_C10_ON_PD = BIT(6),
+};
+
+/**
+ * struct iwl_ltr_config_cmd - configures the LTR
+ * @flags: See %enum iwl_ltr_config_flags
+ */
+struct iwl_ltr_config_cmd {
+ __le32 flags;
+ __le32 static_long;
+ __le32 static_short;
+} __packed;
+
/* Radio LP RX Energy Threshold measured in dBm */
#define POWER_LPRX_RSSI_THRESHOLD 75
#define POWER_LPRX_RSSI_THRESHOLD_MAX 94
#define POWER_LPRX_RSSI_THRESHOLD_MIN 30
/**
- * enum iwl_scan_flags - masks for power table command flags
+ * enum iwl_power_flags - masks for power table command flags
* @POWER_FLAGS_POWER_SAVE_ENA_MSK: '1' Allow to save power by turning off
* receiver and transmitter. '0' - does not allow.
* @POWER_FLAGS_POWER_MANAGEMENT_ENA_MSK: '0' Driver disables power management,
--- a/drivers/net/wireless/iwlwifi/mvm/fw-api.h
+++ b/drivers/net/wireless/iwlwifi/mvm/fw-api.h
@@ -148,6 +148,7 @@ enum {
/* Power - legacy power table command */
POWER_TABLE_CMD = 0x77,
PSM_UAPSD_AP_MISBEHAVING_NOTIFICATION = 0x78,
+ LTR_CONFIG = 0xee,
/* Thermal Throttling*/
REPLY_THERMAL_MNG_BACKOFF = 0x7e,
--- a/drivers/net/wireless/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/iwlwifi/mvm/fw.c
@@ -475,6 +475,15 @@ int iwl_mvm_up(struct iwl_mvm *mvm)
/* Initialize tx backoffs to the minimal possible */
iwl_mvm_tt_tx_backoff(mvm, 0);
+ if (mvm->trans->ltr_enabled) {
+ struct iwl_ltr_config_cmd cmd = {
+ .flags = cpu_to_le32(LTR_CFG_FLAG_FEATURE_ENABLE),
+ };
+
+ WARN_ON(iwl_mvm_send_cmd_pdu(mvm, LTR_CONFIG, 0,
+ sizeof(cmd), &cmd));
+ }
+
ret = iwl_mvm_power_update_device(mvm);
if (ret)
goto error;
--- a/drivers/net/wireless/iwlwifi/mvm/ops.c
+++ b/drivers/net/wireless/iwlwifi/mvm/ops.c
@@ -332,6 +332,7 @@ static const char *const iwl_mvm_cmd_str
CMD(REPLY_BEACON_FILTERING_CMD),
CMD(REPLY_THERMAL_MNG_BACKOFF),
CMD(MAC_PM_POWER_TABLE),
+ CMD(LTR_CONFIG),
CMD(BT_COEX_CI),
CMD(BT_COEX_UPDATE_SW_BOOST),
CMD(BT_COEX_UPDATE_CORUN_LUT),
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
@@ -172,6 +172,7 @@ static void iwl_pcie_apm_config(struct i
{
struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
u16 lctl;
+ u16 cap;
/*
* HW bug W/A for instability in PCIe bus L0S->L1 transition.
@@ -182,16 +183,17 @@ static void iwl_pcie_apm_config(struct i
* power savings, even without L1.
*/
pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_LNKCTL, &lctl);
- if (lctl & PCI_EXP_LNKCTL_ASPM_L1) {
- /* L1-ASPM enabled; disable(!) L0S */
+ if (lctl & PCI_EXP_LNKCTL_ASPM_L1)
iwl_set_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED);
- dev_info(trans->dev, "L1 Enabled; Disabling L0S\n");
- } else {
- /* L1-ASPM disabled; enable(!) L0S */
+ else
iwl_clear_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED);
- dev_info(trans->dev, "L1 Disabled; Enabling L0S\n");
- }
trans->pm_support = !(lctl & PCI_EXP_LNKCTL_ASPM_L0S);
+
+ pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_DEVCTL2, &cap);
+ trans->ltr_enabled = cap & PCI_EXP_DEVCTL2_LTR_EN;
+ dev_info(trans->dev, "L1 %sabled - LTR %sabled\n",
+ (lctl & PCI_EXP_LNKCTL_ASPM_L1) ? "En" : "Dis",
+ trans->ltr_enabled ? "En" : "Dis");
}
/*
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 261/319] iwlwifi: dvm: drop non VO frames when flushing
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (247 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 260/319] iwlwifi: configure the LTR Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 262/319] Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" Greg Kroah-Hartman
` (54 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit a0855054e59b0c5b2b00237fdb5147f7bcc18efb upstream.
When mac80211 wants to ensure that a frame is sent, it calls
the flush() callback. Until now, iwldvm implemented this by
waiting that all the frames are sent (ACKed or timeout).
In case of weak signal, this can take a significant amount
of time, delaying the next connection (in case of roaming).
Many users have reported that the flush would take too long
leading to the following error messages to be printed:
iwlwifi 0000:03:00.0: fail to flush all tx fifo queues Q 2
iwlwifi 0000:03:00.0: Current SW read_ptr 161 write_ptr 201
iwl data: 00000000: 00 00 00 00 00 00 00 00 fe ff 01 00 00 00 00 00
[snip]
iwlwifi 0000:03:00.0: FH TRBs(0) = 0x00000000
[snip]
iwlwifi 0000:03:00.0: Q 0 is active and mapped to fifo 3 ra_tid 0x0000 [9,9]
[snip]
Instead of waiting for these packets, simply drop them. This
significantly improves the responsiveness of the network.
Note that all the queues are flushed, but the VO one. This
is not typically used by the applications and it likely
contains management frames that are useful for connection
or roaming.
This bug is tracked here:
https://bugzilla.kernel.org/show_bug.cgi?id=56581
But it is duplicated in distributions' trackers.
A simple search in Ubuntu's database led to these bugs:
https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1270808
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1305406
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1356236
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1360597
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1361809
Depends-on: 77be2c54c5bd ("mac80211: add vif to flush call")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/iwlwifi/dvm/mac80211.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
--- a/drivers/net/wireless/iwlwifi/dvm/mac80211.c
+++ b/drivers/net/wireless/iwlwifi/dvm/mac80211.c
@@ -1095,6 +1095,7 @@ static void iwlagn_mac_flush(struct ieee
u32 queues, bool drop)
{
struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw);
+ u32 scd_queues;
mutex_lock(&priv->mutex);
IWL_DEBUG_MAC80211(priv, "enter\n");
@@ -1108,18 +1109,19 @@ static void iwlagn_mac_flush(struct ieee
goto done;
}
- /*
- * mac80211 will not push any more frames for transmit
- * until the flush is completed
- */
- if (drop) {
- IWL_DEBUG_MAC80211(priv, "send flush command\n");
- if (iwlagn_txfifo_flush(priv, 0)) {
- IWL_ERR(priv, "flush request fail\n");
- goto done;
- }
+ scd_queues = BIT(priv->cfg->base_params->num_of_queues) - 1;
+ scd_queues &= ~(BIT(IWL_IPAN_CMD_QUEUE_NUM) |
+ BIT(IWL_DEFAULT_CMD_QUEUE_NUM));
+
+ if (vif)
+ scd_queues &= ~BIT(vif->hw_queue[IEEE80211_AC_VO]);
+
+ IWL_DEBUG_TX_QUEUES(priv, "Flushing SCD queues: 0x%x\n", scd_queues);
+ if (iwlagn_txfifo_flush(priv, scd_queues)) {
+ IWL_ERR(priv, "flush request fail\n");
+ goto done;
}
- IWL_DEBUG_MAC80211(priv, "wait transmit/flush all frames\n");
+ IWL_DEBUG_TX_QUEUES(priv, "wait transmit/flush all frames\n");
iwl_trans_wait_tx_queue_empty(priv->trans, 0xffffffff);
done:
mutex_unlock(&priv->mutex);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 262/319] Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (248 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 261/319] iwlwifi: dvm: drop non VO frames when flushing Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 263/319] ext3: Dont check quota format when there are no quota files Greg Kroah-Hartman
` (53 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit 1ffde699aae127e7abdb98dbdedc2cc6a973a1a1 upstream.
This reverts commit aa11bbf3df026d6b1c6b528bef634fd9de7c2619.
This commit was causing connection issues and is not needed
if IWL_MVM_RS_RSSI_BASED_INIT_RATE is set to false by default.
Regardless of the issues mentioned above, this patch added the
following WARNING:
WARNING: CPU: 0 PID: 3946 at drivers/net/wireless/iwlwifi/mvm/tx.c:190 iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]()
Got an HT rate for a non data frame 0x8
CPU: 0 PID: 3946 Comm: wpa_supplicant Tainted: G O 3.17.0+ #6
Hardware name: LENOVO 20ANCTO1WW/20ANCTO1WW, BIOS GLET71WW (2.25 ) 07/02/2014
0000000000000009 ffffffff814fa911 ffff8804288db8f8 ffffffff81064f52
0000000000001808 ffff8804288db948 ffff88040add8660 ffff8804291b5600
0000000000000000 ffffffff81064fb7 ffffffffa07b73d0 0000000000000020
Call Trace:
[<ffffffff814fa911>] ? dump_stack+0x41/0x51
[<ffffffff81064f52>] ? warn_slowpath_common+0x72/0x90
[<ffffffff81064fb7>] ? warn_slowpath_fmt+0x47/0x50
[<ffffffffa07a39ea>] ? iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]
[<ffffffffa07a3cf8>] ? iwl_mvm_tx_skb+0x48/0x3c0 [iwlmvm]
[<ffffffffa079cb9b>] ? iwl_mvm_mac_tx+0x7b/0x180 [iwlmvm]
[<ffffffffa0746ce9>] ? __ieee80211_tx+0x2b9/0x3c0 [mac80211]
[<ffffffffa07492f3>] ? ieee80211_tx+0xb3/0x100 [mac80211]
[<ffffffffa0749c49>] ? ieee80211_subif_start_xmit+0x459/0xca0 [mac80211]
[<ffffffff814116e7>] ? dev_hard_start_xmit+0x337/0x5f0
[<ffffffff81430d46>] ? sch_direct_xmit+0x96/0x1f0
[<ffffffff81411ba3>] ? __dev_queue_xmit+0x203/0x4f0
[<ffffffff8142f670>] ? ether_setup+0x70/0x70
[<ffffffff814e96a1>] ? packet_sendmsg+0xf81/0x1110
[<ffffffff8140625c>] ? skb_free_datagram+0xc/0x40
[<ffffffff813f7538>] ? sock_sendmsg+0x88/0xc0
[<ffffffff813f7274>] ? move_addr_to_kernel.part.20+0x14/0x60
[<ffffffff811c47c2>] ? __inode_wait_for_writeback+0x62/0xb0
[<ffffffff813f7a91>] ? SYSC_sendto+0xf1/0x180
[<ffffffff813f88f9>] ? __sys_recvmsg+0x39/0x70
[<ffffffff8150066d>] ? system_call_fastpath+0x1a/0x1f
---[ end trace cc19a150d311fc63 ]---
which was reported here: https://bugzilla.kernel.org/show_bug.cgi?id=85691
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/iwlwifi/mvm/tx.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/iwlwifi/mvm/tx.c
@@ -168,14 +168,10 @@ static void iwl_mvm_set_tx_cmd_rate(stru
/*
* for data packets, rate info comes from the table inside the fw. This
- * table is controlled by LINK_QUALITY commands. Exclude ctrl port
- * frames like EAPOLs which should be treated as mgmt frames. This
- * avoids them being sent initially in high rates which increases the
- * chances for completion of the 4-Way handshake.
+ * table is controlled by LINK_QUALITY commands
*/
- if (ieee80211_is_data(fc) && sta &&
- !(info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO)) {
+ if (ieee80211_is_data(fc) && sta) {
tx_cmd->initial_rate_index = 0;
tx_cmd->tx_flags |= cpu_to_le32(TX_CMD_FLG_STA_RATE);
return;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 263/319] ext3: Dont check quota format when there are no quota files
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (249 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 262/319] Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 264/319] PCI: Rename sysfs enabled file back to enable Greg Kroah-Hartman
` (52 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 7938db449bbc55bbeb164bec7af406212e7e98f1 upstream.
The check whether quota format is set even though there are no
quota files with journalled quota is pointless and it actually
makes it impossible to turn off journalled quotas (as there's
no way to unset journalled quota format). Just remove the check.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext3/super.c | 7 -------
1 file changed, 7 deletions(-)
--- a/fs/ext3/super.c
+++ b/fs/ext3/super.c
@@ -1354,13 +1354,6 @@ set_qf_format:
"not specified.");
return 0;
}
- } else {
- if (sbi->s_jquota_fmt) {
- ext3_msg(sb, KERN_ERR, "error: journaled quota format "
- "specified with no journaling "
- "enabled.");
- return 0;
- }
}
#endif
return 1;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 264/319] PCI: Rename sysfs enabled file back to enable
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (250 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 263/319] ext3: Dont check quota format when there are no quota files Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 265/319] quota: Properly return errors from dquot_writeback_dquots() Greg Kroah-Hartman
` (51 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeff Epler, Bjorn Helgaas
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d8e7d53a2fc14e0830ab728cb84ee19933d3ac8d upstream.
Back in commit 5136b2da770d ("PCI: convert bus code to use dev_groups"),
I misstyped the 'enable' sysfs filename as 'enabled', which broke the
userspace API. This patch fixes that issue by renaming the file back.
Fixes: 5136b2da770d ("PCI: convert bus code to use dev_groups")
Reported-by: Jeff Epler <jepler@unpythonic.net>
Tested-by: Jeff Epler <jepler@unpythonic.net> # on v3.14-rt
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
---
drivers/pci/pci-sysfs.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -185,7 +185,7 @@ static ssize_t modalias_show(struct devi
}
static DEVICE_ATTR_RO(modalias);
-static ssize_t enabled_store(struct device *dev, struct device_attribute *attr,
+static ssize_t enable_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
struct pci_dev *pdev = to_pci_dev(dev);
@@ -210,7 +210,7 @@ static ssize_t enabled_store(struct devi
return result < 0 ? result : count;
}
-static ssize_t enabled_show(struct device *dev, struct device_attribute *attr,
+static ssize_t enable_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
struct pci_dev *pdev;
@@ -218,7 +218,7 @@ static ssize_t enabled_show(struct devic
pdev = to_pci_dev(dev);
return sprintf(buf, "%u\n", atomic_read(&pdev->enable_cnt));
}
-static DEVICE_ATTR_RW(enabled);
+static DEVICE_ATTR_RW(enable);
#ifdef CONFIG_NUMA
static ssize_t numa_node_show(struct device *dev, struct device_attribute *attr,
@@ -564,7 +564,7 @@ static struct attribute *pci_dev_attrs[]
#endif
&dev_attr_dma_mask_bits.attr,
&dev_attr_consistent_dma_mask_bits.attr,
- &dev_attr_enabled.attr,
+ &dev_attr_enable.attr,
&dev_attr_broken_parity_status.attr,
&dev_attr_msi_bus.attr,
#if defined(CONFIG_PM_RUNTIME) && defined(CONFIG_ACPI)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 265/319] quota: Properly return errors from dquot_writeback_dquots()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (251 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 264/319] PCI: Rename sysfs enabled file back to enable Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 266/319] tty/vt: dont set font mappings on vc not supporting this Greg Kroah-Hartman
` (50 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 474d2605d119479e5aa050f738632e63589d4bb5 upstream.
Due to a switched left and right side of an assignment,
dquot_writeback_dquots() never returned error. This could result in
errors during quota writeback to not be reported to userspace properly.
Fix it.
Coverity-id: 1226884
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/quota/dquot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -634,7 +634,7 @@ int dquot_writeback_dquots(struct super_
dqstats_inc(DQST_LOOKUPS);
err = sb->dq_op->write_dquot(dquot);
if (!ret && err)
- err = ret;
+ ret = err;
dqput(dquot);
spin_lock(&dq_list_lock);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 266/319] tty/vt: dont set font mappings on vc not supporting this
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (252 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 265/319] quota: Properly return errors from dquot_writeback_dquots() Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 267/319] tty: Fix high cpu load if tty is unreleaseable Greg Kroah-Hartman
` (49 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Imre Deak
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Imre Deak <imre.deak@intel.com>
commit 9e326f78713a4421fe11afc2ddeac07698fac131 upstream.
We can call this function for a dummy console that doesn't support
setting the font mapping, which will result in a null ptr BUG. So check
for this case and return error for consoles w/o font mapping support.
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=59321
Signed-off-by: Imre Deak <imre.deak@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/vt/consolemap.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -539,6 +539,12 @@ int con_set_unimap(struct vc_data *vc, u
/* Save original vc_unipagdir_loc in case we allocate a new one */
p = *vc->vc_uni_pagedir_loc;
+
+ if (!p) {
+ err = -EINVAL;
+
+ goto out_unlock;
+ }
if (p->refcount > 1) {
int j, k;
@@ -623,6 +629,7 @@ int con_set_unimap(struct vc_data *vc, u
set_inverse_transl(vc, p, i); /* Update inverse translations */
set_inverse_trans_unicode(vc, p);
+out_unlock:
console_unlock();
return err;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 267/319] tty: Fix high cpu load if tty is unreleaseable
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (253 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 266/319] tty/vt: dont set font mappings on vc not supporting this Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 268/319] PM / Sleep: fix async suspend_late/freeze_late error handling Greg Kroah-Hartman
` (48 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Peter Hurley
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Hurley <peter@hurleysoftware.com>
commit 37b164578826406a173ca7c20d9ba7430134d23e upstream.
Kernel oops can cause the tty to be unreleaseable (for example, if
n_tty_read() crashes while on the read_wait queue). This will cause
tty_release() to endlessly loop without sleeping.
Use a killable sleep timeout which grows by 2n+1 jiffies over the interval
[0, 120 secs.) and then jumps to forever (but still killable).
NB: killable just allows for the task to be rewoken manually, not
to be terminated.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/tty_io.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -1686,6 +1686,7 @@ int tty_release(struct inode *inode, str
int pty_master, tty_closing, o_tty_closing, do_sleep;
int idx;
char buf[64];
+ long timeout = 0;
if (tty_paranoia_check(tty, inode, __func__))
return 0;
@@ -1770,7 +1771,11 @@ int tty_release(struct inode *inode, str
__func__, tty_name(tty, buf));
tty_unlock_pair(tty, o_tty);
mutex_unlock(&tty_mutex);
- schedule();
+ schedule_timeout_killable(timeout);
+ if (timeout < 120 * HZ)
+ timeout = 2 * timeout + 1;
+ else
+ timeout = MAX_SCHEDULE_TIMEOUT;
}
/*
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 268/319] PM / Sleep: fix async suspend_late/freeze_late error handling
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (254 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 267/319] tty: Fix high cpu load if tty is unreleaseable Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 269/319] PM / Sleep: fix recovery during resuming from hibernation Greg Kroah-Hartman
` (47 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Imre Deak, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Imre Deak <imre.deak@intel.com>
commit 246ef766743618a7cab059d6c4993270075b173e upstream.
If an asynchronous suspend_late or freeze_late callback fails
during the SUSPEND, FREEZE or QUIESCE phases, we don't propagate the
corresponding error correctly, in effect ignoring the error and
continuing the suspend-to-ram/hibernation. During suspend-to-ram this
could leave some devices without a valid saved context, leading to a
failure to reinitialize them during resume. During hibernation this
could leave some devices active interfeering with the creation /
restoration of the hibernation image. Also this could leave the
corresponding devices without a valid saved context and failure to
reinitialize them during resume.
Fixes: de377b397272 (PM / sleep: Asynchronous threads for suspend_late)
Signed-off-by: Imre Deak <imre.deak@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/power/main.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -1266,6 +1266,8 @@ static int dpm_suspend_late(pm_message_t
}
mutex_unlock(&dpm_list_mtx);
async_synchronize_full();
+ if (!error)
+ error = async_error;
if (error) {
suspend_stats.failed_suspend_late++;
dpm_save_failed_step(SUSPEND_SUSPEND_LATE);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 269/319] PM / Sleep: fix recovery during resuming from hibernation
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (255 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 268/319] PM / Sleep: fix async suspend_late/freeze_late error handling Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 270/319] staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl Greg Kroah-Hartman
` (46 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Imre Deak, Rafael J. Wysocki
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Imre Deak <imre.deak@intel.com>
commit 94fb823fcb4892614f57e59601bb9d4920f24711 upstream.
If a device's dev_pm_ops::freeze callback fails during the QUIESCE
phase, we don't rollback things correctly calling the thaw and complete
callbacks. This could leave some devices in a suspended state in case of
an error during resuming from hibernation.
Signed-off-by: Imre Deak <imre.deak@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/power/hibernate.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -502,8 +502,14 @@ int hibernation_restore(int platform_mod
error = dpm_suspend_start(PMSG_QUIESCE);
if (!error) {
error = resume_target_kernel(platform_mode);
- dpm_resume_end(PMSG_RECOVER);
+ /*
+ * The above should either succeed and jump to the new kernel,
+ * or return with an error. Otherwise things are just
+ * undefined, so let's be paranoid.
+ */
+ BUG_ON(!error);
}
+ dpm_resume_end(PMSG_RECOVER);
pm_restore_gfp_mask();
resume_console();
pm_restore_console();
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 270/319] staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (256 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 269/319] PM / Sleep: fix recovery during resuming from hibernation Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 271/319] staging: comedi: fix memory leak / bad pointer freeing for chanlist Greg Kroah-Hartman
` (45 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bernd Porr, Ian Abbott, H Hartley Sweeten
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Abbott <abbotti@mev.co.uk>
commit 6cab7a37f5c048bb2a768f24b0ec748b052fda09 upstream.
`do_cmd_ioctl()`, the handler for the `COMEDI_CMD` ioctl can incorrectly
call the Comedi subdevice's `do_cmd()` handler with a NULL channel list
pointer. This is a regression as the `do_cmd()` handler has never been
expected to deal with that, leading to a kernel OOPS when it tries to
dereference it.
A NULL channel list pointer is allowed for the `COMEDI_CMDTEST` ioctl,
handled by `do_cmdtest_ioctl()` and the subdevice's `do_cmdtest()`
handler, but not for the `COMEDI_CMD` ioctl and its handlers.
Both `do_cmd_ioctl()` and `do_cmdtest_ioctl()` call
`__comedi_get_user_chanlist()` to copy the channel list from user memory
into dynamically allocated kernel memory and check it for consistency.
That function currently returns 0 if the `user_chanlist` parameter
(pointing to the channel list in user memory) is NULL. That's fine for
`do_cmdtest_ioctl()`, but `do_cmd_ioctl()` incorrectly assumes the
kernel copy of the channel list has been set-up correctly.
Fix it by not allowing the `user_chanlist` parameter to be NULL in
`__comedi_get_user_chanlist()`, and only calling it from
`do_cmdtest_ioctl()` if the parameter is non-NULL.
Thanks to Bernd Porr for reporting the bug via an initial patch sent
privately.
Fixes: c6cd0eefb27b ("staging: comedi: comedi_fops: introduce __comedi_get_user_chanlist()")
Reported-by: Bernd Porr <mail@berndporr.me.uk>
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Reviewed-by: H Hartley Sweeten <hsweeten@visionengravers.com>
Cc: Bernd Porr <mail@berndporr.me.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/comedi/comedi_fops.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -1462,10 +1462,6 @@ static int __comedi_get_user_chanlist(st
unsigned int *chanlist;
int ret;
- /* user_chanlist could be NULL for do_cmdtest ioctls */
- if (!user_chanlist)
- return 0;
-
chanlist = memdup_user(user_chanlist,
cmd->chanlist_len * sizeof(unsigned int));
if (IS_ERR(chanlist))
@@ -1609,10 +1605,13 @@ static int do_cmdtest_ioctl(struct comed
s = &dev->subdevices[cmd.subdev];
- /* load channel/gain list */
- ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &cmd);
- if (ret)
- return ret;
+ /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */
+ if (user_chanlist) {
+ /* load channel/gain list */
+ ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &cmd);
+ if (ret)
+ return ret;
+ }
ret = s->do_cmdtest(dev, s, &cmd);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 271/319] staging: comedi: fix memory leak / bad pointer freeing for chanlist
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (257 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 270/319] staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 272/319] mac80211: fix typo in starting baserate for rts_cts_rate_idx Greg Kroah-Hartman
` (44 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, H Hartley Sweeten
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Abbott <abbotti@mev.co.uk>
commit 238b5ad855924919e5b98d0c772d9dc78795639b upstream.
As a follow-up to commit 6cab7a37f5c04 ("staging: comedi: (regression)
channel list must be set for COMEDI_CMD ioctl"), Hartley Sweeten pointed
out another couple of bugs stemming from commit 6cab7a37f5c04 ("staging:
comedi: comedi_fops: introduce __comedi_get_user_chanlist()").
Firstly, `do_cmdtest_ioctl()` never frees the kernel copy of the user
chanlist allocated by `__comedi_get_user_chanlist()`, so that memory is
leaked. Fix it by freeing the allocated kernel memory pointed to by
`cmd.chanlist` before that pointer is overwritten with its original
pointer to user memory before `cmd` is copied back to user-space.
Secondly, if `__comedi_get_user_chanlist()` returns an error,
`cmd->chanlist` is left unchanged and in fact will be a pointer to user
memory. This causes `do_cmd_ioctl()` to `goto cleanup` and call
`do_become_nonbusy()` which would attempt to free the memory pointed to
by the user-space pointer. Fix it by setting `cmd->chanlist` to NULL at
the start of `__comedi_get_user_chanlist()`.
Fixes: c6cd0eefb27b ("staging: comedi: comedi_fops: introduce __comedi_get_user_chanlist()")
Reported-by: H Hartley Sweeten <hsweeten@visionengravers.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/comedi/comedi_fops.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -1462,6 +1462,7 @@ static int __comedi_get_user_chanlist(st
unsigned int *chanlist;
int ret;
+ cmd->chanlist = NULL;
chanlist = memdup_user(user_chanlist,
cmd->chanlist_len * sizeof(unsigned int));
if (IS_ERR(chanlist))
@@ -1615,6 +1616,8 @@ static int do_cmdtest_ioctl(struct comed
ret = s->do_cmdtest(dev, s, &cmd);
+ kfree(cmd.chanlist); /* free kernel copy of user chanlist */
+
/* restore chanlist pointer before copying back */
cmd.chanlist = (unsigned int __force *)user_chanlist;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 272/319] mac80211: fix typo in starting baserate for rts_cts_rate_idx
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (258 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 271/319] staging: comedi: fix memory leak / bad pointer freeing for chanlist Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 273/319] mtd: cfi_cmdset_0001.c: fix resume for LH28F640BF chips Greg Kroah-Hartman
` (43 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Karl Beldan, Johannes Berg
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karl Beldan <karl.beldan@rivierawaves.com>
commit c7abf25af0f41be4b50d44c5b185d52eea360cb8 upstream.
It affects non-(V)HT rates and can lead to selecting an rts_cts rate
that is not a basic rate or way superior to the reference rate (ATM
rates[0] used for the 1st attempt of the protected frame data).
E.g, assuming drivers register growing (bitrate) sorted tables of
ieee80211_rate-s, having :
- rates[0].idx == d'2 and basic_rates == b'10100
will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise
- rates[0].idx == d'2 and basic_rates == b'10001
will select rts_cts idx b'10000
The first is not a basic rate and the second is > rates[0].
Also, wrt severity of the addressed misbehavior, ATM we only have one
rts_cts_rate_idx rather than one per rate table entry, so this idx might
still point to bitrates > rates[1..MAX_RATES].
Fixes: 5253ffb8c9e1 ("mac80211: always pick a basic rate to tx RTS/CTS for pre-HT rates")
Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/rate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -448,7 +448,7 @@ static void rate_fixup_ratelist(struct i
*/
if (!(rates[0].flags & IEEE80211_TX_RC_MCS)) {
u32 basic_rates = vif->bss_conf.basic_rates;
- s8 baserate = basic_rates ? ffs(basic_rates - 1) : 0;
+ s8 baserate = basic_rates ? ffs(basic_rates) - 1 : 0;
rate = &sband->bitrates[rates[0].idx];
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 273/319] mtd: cfi_cmdset_0001.c: fix resume for LH28F640BF chips
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (259 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 272/319] mac80211: fix typo in starting baserate for rts_cts_rate_idx Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 274/319] posix-timers: Fix stack info leak in timer_create() Greg Kroah-Hartman
` (42 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Eremin-Solenikov,
Andrea Adami, Brian Norris
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
commit 89cf38dd536a7301d6b5f5ddd73f42074c01bfaa upstream.
After '#echo mem > /sys/power/state' some devices can not be properly resumed
because apparently the MTD Partition Configuration Register has been reset
to default thus the rootfs cannot be mounted cleanly on resume.
An example of this can be found in the SA-1100 Developer's Manual at 9.5.3.3
where the second step of the Sleep Shutdown Sequence is described:
"An internal reset is applied to the SA-1100. All units are reset...".
As workaround we refresh the PCR value as done initially on chip setup.
This behavior and the fix are confirmed by our tests done on 2 different Zaurus
collie units with kernel 3.17.
Fixes: 812c5fa82bae: ("mtd: cfi_cmdset_0001.c: add support for Sharp LH28F640BF NOR")
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/chips/cfi_cmdset_0001.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/mtd/chips/cfi_cmdset_0001.c
+++ b/drivers/mtd/chips/cfi_cmdset_0001.c
@@ -2590,6 +2590,8 @@ static void cfi_intelext_resume(struct m
/* Go to known state. Chip may have been power cycled */
if (chip->state == FL_PM_SUSPENDED) {
+ /* Refresh LH28F640BF Partition Config. Register */
+ fixup_LH28F640BF(mtd);
map_write(map, CMD(0xFF), cfi->chips[i].start);
chip->oldstate = chip->state = FL_READY;
wake_up(&chip->wq);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 274/319] posix-timers: Fix stack info leak in timer_create()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (260 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 273/319] mtd: cfi_cmdset_0001.c: fix resume for LH28F640BF chips Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 275/319] x86, apic: Handle a bad TSC more gracefully Greg Kroah-Hartman
` (41 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Krause, Oleg Nesterov,
Brad Spengler, PaX Team, Thomas Gleixner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Krause <minipli@googlemail.com>
commit 6891c4509c792209c44ced55a60f13954cb50ef4 upstream.
If userland creates a timer without specifying a sigevent info, we'll
create one ourself, using a stack local variable. Particularly will we
use the timer ID as sival_int. But as sigev_value is a union containing
a pointer and an int, that assignment will only partially initialize
sigev_value on systems where the size of a pointer is bigger than the
size of an int. On such systems we'll copy the uninitialized stack bytes
from the timer_create() call to userland when the timer actually fires
and we're going to deliver the signal.
Initialize sigev_value with 0 to plug the stack info leak.
Found in the PaX patch, written by the PaX Team.
Fixes: 5a9fa7307285 ("posix-timers: kill ->it_sigev_signo and...")
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Brad Spengler <spender@grsecurity.net>
Cc: PaX Team <pageexec@freemail.hu>
Link: http://lkml.kernel.org/r/1412456799-32339-1-git-send-email-minipli@googlemail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/time/posix-timers.c | 1 +
1 file changed, 1 insertion(+)
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -636,6 +636,7 @@ SYSCALL_DEFINE3(timer_create, const cloc
goto out;
}
} else {
+ memset(&event.sigev_value, 0, sizeof(event.sigev_value));
event.sigev_notify = SIGEV_SIGNAL;
event.sigev_signo = SIGALRM;
event.sigev_value.sival_int = new_timer->it_id;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 275/319] x86, apic: Handle a bad TSC more gracefully
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (261 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 274/319] posix-timers: Fix stack info leak in timer_create() Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 276/319] mm: Remove false WARN_ON from pagecache_isize_extended() Greg Kroah-Hartman
` (40 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Lutomirski, Bandan Das, Thomas Gleixner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto@amacapital.net>
commit b47dcbdc5161d3d5756f430191e2840d9b855492 upstream.
If the TSC is unusable or disabled, then this patch fixes:
- Confusion while trying to clear old APIC interrupts.
- Division by zero and incorrect programming of the TSC deadline
timer.
This fixes boot if the CPU has a TSC deadline timer but a missing or
broken TSC. The failure to boot can be observed with qemu using
-cpu qemu64,-tsc,+tsc-deadline
This also happens to me in nested KVM for unknown reasons.
With this patch, I can boot cleanly (although without a TSC).
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Cc: Bandan Das <bsd@redhat.com>
Link: http://lkml.kernel.org/r/e2fa274e498c33988efac0ba8b7e3120f7f92d78.1413393027.git.luto@amacapital.net
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/apic/apic.c | 4 ++--
arch/x86/kernel/tsc.c | 5 ++++-
2 files changed, 6 insertions(+), 3 deletions(-)
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1297,7 +1297,7 @@ void setup_local_APIC(void)
unsigned int value, queued;
int i, j, acked = 0;
unsigned long long tsc = 0, ntsc;
- long long max_loops = cpu_khz;
+ long long max_loops = cpu_khz ? cpu_khz : 1000000;
if (cpu_has_tsc)
rdtscll(tsc);
@@ -1383,7 +1383,7 @@ void setup_local_APIC(void)
break;
}
if (queued) {
- if (cpu_has_tsc) {
+ if (cpu_has_tsc && cpu_khz) {
rdtscll(ntsc);
max_loops = (cpu_khz << 10) - (ntsc - tsc);
} else
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -1166,14 +1166,17 @@ void __init tsc_init(void)
x86_init.timers.tsc_pre_init();
- if (!cpu_has_tsc)
+ if (!cpu_has_tsc) {
+ setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER);
return;
+ }
tsc_khz = x86_platform.calibrate_tsc();
cpu_khz = tsc_khz;
if (!tsc_khz) {
mark_tsc_unstable("could not calculate TSC khz");
+ setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER);
return;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 276/319] mm: Remove false WARN_ON from pagecache_isize_extended()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (262 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 275/319] x86, apic: Handle a bad TSC more gracefully Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 277/319] media: Remove references to non-existent PLAT_S5P symbol Greg Kroah-Hartman
` (39 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Dave Chinner, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit f55fefd1a5a339b1bd08c120b93312d6eb64a9fb upstream.
The WARN_ON checking whether i_mutex is held in
pagecache_isize_extended() was wrong because some filesystems (e.g.
XFS) use different locks for serialization of truncates / writes. So
just remove the check.
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/truncate.c | 1 -
1 file changed, 1 deletion(-)
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -755,7 +755,6 @@ void pagecache_isize_extended(struct ino
struct page *page;
pgoff_t index;
- WARN_ON(!mutex_is_locked(&inode->i_mutex));
WARN_ON(to > inode->i_size);
if (from >= to || bsize == PAGE_CACHE_SIZE)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 277/319] media: Remove references to non-existent PLAT_S5P symbol
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (263 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 276/319] mm: Remove false WARN_ON from pagecache_isize_extended() Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 278/319] crypto: algif - avoid excessive use of socket buffer in skcipher Greg Kroah-Hartman
` (38 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Bolle, Sylwester Nawrocki,
Mauro Carvalho Chehab
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
commit 098bcd2335f0824e76dd835e4e2b7ae8e38fc281 upstream.
The PLAT_S5P Kconfig symbol was removed in commit d78c16ccde96
("ARM: SAMSUNG: Remove remaining legacy code"). However, there
are still some references to that symbol left, fix that by
substituting them with ARCH_S5PV210.
Fixes: d78c16ccde96 ("ARM: SAMSUNG: Remove remaining legacy code")
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/Kconfig | 6 +++---
drivers/media/platform/exynos4-is/Kconfig | 2 +-
drivers/media/platform/s5p-tv/Kconfig | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/media/platform/Kconfig
+++ b/drivers/media/platform/Kconfig
@@ -158,7 +158,7 @@ config VIDEO_MEM2MEM_DEINTERLACE
config VIDEO_SAMSUNG_S5P_G2D
tristate "Samsung S5P and EXYNOS4 G2D 2d graphics accelerator driver"
- depends on VIDEO_DEV && VIDEO_V4L2 && (PLAT_S5P || ARCH_EXYNOS)
+ depends on VIDEO_DEV && VIDEO_V4L2 && (ARCH_S5PV210 || ARCH_EXYNOS)
select VIDEOBUF2_DMA_CONTIG
select V4L2_MEM2MEM_DEV
default n
@@ -168,7 +168,7 @@ config VIDEO_SAMSUNG_S5P_G2D
config VIDEO_SAMSUNG_S5P_JPEG
tristate "Samsung S5P/Exynos3250/Exynos4 JPEG codec driver"
- depends on VIDEO_DEV && VIDEO_V4L2 && (PLAT_S5P || ARCH_EXYNOS)
+ depends on VIDEO_DEV && VIDEO_V4L2 && (ARCH_S5PV210 || ARCH_EXYNOS)
select VIDEOBUF2_DMA_CONTIG
select V4L2_MEM2MEM_DEV
---help---
@@ -177,7 +177,7 @@ config VIDEO_SAMSUNG_S5P_JPEG
config VIDEO_SAMSUNG_S5P_MFC
tristate "Samsung S5P MFC Video Codec"
- depends on VIDEO_DEV && VIDEO_V4L2 && (PLAT_S5P || ARCH_EXYNOS)
+ depends on VIDEO_DEV && VIDEO_V4L2 && (ARCH_S5PV210 || ARCH_EXYNOS)
select VIDEOBUF2_DMA_CONTIG
default n
help
--- a/drivers/media/platform/exynos4-is/Kconfig
+++ b/drivers/media/platform/exynos4-is/Kconfig
@@ -2,7 +2,7 @@
config VIDEO_SAMSUNG_EXYNOS4_IS
bool "Samsung S5P/EXYNOS4 SoC series Camera Subsystem driver"
depends on VIDEO_V4L2 && VIDEO_V4L2_SUBDEV_API
- depends on (PLAT_S5P || ARCH_EXYNOS)
+ depends on ARCH_S5PV210 || ARCH_EXYNOS
depends on OF && COMMON_CLK
help
Say Y here to enable camera host interface devices for
--- a/drivers/media/platform/s5p-tv/Kconfig
+++ b/drivers/media/platform/s5p-tv/Kconfig
@@ -8,7 +8,7 @@
config VIDEO_SAMSUNG_S5P_TV
bool "Samsung TV driver for S5P platform"
- depends on (PLAT_S5P || ARCH_EXYNOS) && PM_RUNTIME
+ depends on (ARCH_S5PV210 || ARCH_EXYNOS) && PM_RUNTIME
default n
---help---
Say Y here to enable selecting the TV output devices for
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 278/319] crypto: algif - avoid excessive use of socket buffer in skcipher
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (264 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 277/319] media: Remove references to non-existent PLAT_S5P symbol Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 279/319] [PATCH] mtd: m25p80: Fix module aliases for m25p80 Greg Kroah-Hartman
` (37 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ondrej Kozina, Herbert Xu
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ondrej Kozina <okozina@redhat.com>
commit e2cffb5f493a8b431dc87124388ea59b79f0bccb upstream.
On archs with PAGE_SIZE >= 64 KiB the function skcipher_alloc_sgl()
fails with -ENOMEM no matter what user space actually requested.
This is caused by the fact sock_kmalloc call inside the function tried
to allocate more memory than allowed by the default kernel socket buffer
size (kernel param net.core.optmem_max).
Signed-off-by: Ondrej Kozina <okozina@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/algif_skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -49,7 +49,7 @@ struct skcipher_ctx {
struct ablkcipher_request req;
};
-#define MAX_SGL_ENTS ((PAGE_SIZE - sizeof(struct skcipher_sg_list)) / \
+#define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \
sizeof(struct scatterlist) - 1)
static inline int skcipher_sndbuf(struct sock *sk)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 279/319] [PATCH] mtd: m25p80: Fix module aliases for m25p80
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (265 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 278/319] crypto: algif - avoid excessive use of socket buffer in skcipher Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 280/319] usb: dwc3: gadget: fix set_halt() bug with pending transfers Greg Kroah-Hartman
` (36 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel, Ben Hutchings; +Cc: Greg Kroah-Hartman, stable, Brian Norris
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
Based on a5b7616c55e188fe3d6ef686bef402d4703ecb62, but backported so
that a bunch of dependencies are not needed.
m25p80's device ID table is now spi_nor_ids, defined in spi-nor. The
MODULE_DEVICE_TABLE() macro doesn't work with extern definitions, but
its use was also removed at the same time. Now if m25p80 is built as
a module it doesn't get the necessary aliases to be loaded
automatically.
A clean solution to this will involve defining the list of device
IDs in spi-nor.h and removing struct spi_device_id from the spi-nor
API, but this is quite a large change.
As a quick fix suitable for stable, copy the device IDs back into
m25p80.
Fixes: 03e296f613af ("mtd: m25p80: use the SPI nor framework")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[Brian: backport without the dependencies]
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/devices/m25p80.c | 50 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
--- a/drivers/mtd/devices/m25p80.c
+++ b/drivers/mtd/devices/m25p80.c
@@ -245,6 +245,56 @@ static int m25p_remove(struct spi_device
}
+/*
+ * XXX This needs to be kept in sync with spi_nor_ids. We can't share
+ * it with spi-nor, because if this is built as a module then modpost
+ * won't be able to read it and add appropriate aliases.
+ */
+static const struct spi_device_id m25p_ids[] = {
+ {"at25fs010"}, {"at25fs040"}, {"at25df041a"}, {"at25df321a"},
+ {"at25df641"}, {"at26f004"}, {"at26df081a"}, {"at26df161a"},
+ {"at26df321"}, {"at45db081d"},
+ {"en25f32"}, {"en25p32"}, {"en25q32b"}, {"en25p64"},
+ {"en25q64"}, {"en25qh128"}, {"en25qh256"},
+ {"f25l32pa"},
+ {"mr25h256"}, {"mr25h10"},
+ {"gd25q32"}, {"gd25q64"},
+ {"160s33b"}, {"320s33b"}, {"640s33b"},
+ {"mx25l2005a"}, {"mx25l4005a"}, {"mx25l8005"}, {"mx25l1606e"},
+ {"mx25l3205d"}, {"mx25l3255e"}, {"mx25l6405d"}, {"mx25l12805d"},
+ {"mx25l12855e"},{"mx25l25635e"},{"mx25l25655e"},{"mx66l51235l"},
+ {"mx66l1g55g"},
+ {"n25q064"}, {"n25q128a11"}, {"n25q128a13"}, {"n25q256a"},
+ {"n25q512a"}, {"n25q512ax3"}, {"n25q00"},
+ {"pm25lv512"}, {"pm25lv010"}, {"pm25lq032"},
+ {"s25sl032p"}, {"s25sl064p"}, {"s25fl256s0"}, {"s25fl256s1"},
+ {"s25fl512s"}, {"s70fl01gs"}, {"s25sl12800"}, {"s25sl12801"},
+ {"s25fl129p0"}, {"s25fl129p1"}, {"s25sl004a"}, {"s25sl008a"},
+ {"s25sl016a"}, {"s25sl032a"}, {"s25sl064a"}, {"s25fl008k"},
+ {"s25fl016k"}, {"s25fl064k"},
+ {"sst25vf040b"},{"sst25vf080b"},{"sst25vf016b"},{"sst25vf032b"},
+ {"sst25vf064c"},{"sst25wf512"}, {"sst25wf010"}, {"sst25wf020"},
+ {"sst25wf040"},
+ {"m25p05"}, {"m25p10"}, {"m25p20"}, {"m25p40"},
+ {"m25p80"}, {"m25p16"}, {"m25p32"}, {"m25p64"},
+ {"m25p128"}, {"n25q032"},
+ {"m25p05-nonjedec"}, {"m25p10-nonjedec"}, {"m25p20-nonjedec"},
+ {"m25p40-nonjedec"}, {"m25p80-nonjedec"}, {"m25p16-nonjedec"},
+ {"m25p32-nonjedec"}, {"m25p64-nonjedec"}, {"m25p128-nonjedec"},
+ {"m45pe10"}, {"m45pe80"}, {"m45pe16"},
+ {"m25pe20"}, {"m25pe80"}, {"m25pe16"},
+ {"m25px16"}, {"m25px32"}, {"m25px32-s0"}, {"m25px32-s1"},
+ {"m25px64"},
+ {"w25x10"}, {"w25x20"}, {"w25x40"}, {"w25x80"},
+ {"w25x16"}, {"w25x32"}, {"w25q32"}, {"w25q32dw"},
+ {"w25x64"}, {"w25q64"}, {"w25q128"}, {"w25q80"},
+ {"w25q80bl"}, {"w25q128"}, {"w25q256"}, {"cat25c11"},
+ {"cat25c03"}, {"cat25c09"}, {"cat25c17"}, {"cat25128"},
+ { },
+};
+MODULE_DEVICE_TABLE(spi, m25p_ids);
+
+
static struct spi_driver m25p80_driver = {
.driver = {
.name = "m25p80",
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 280/319] usb: dwc3: gadget: fix set_halt() bug with pending transfers
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (266 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 279/319] [PATCH] mtd: m25p80: Fix module aliases for m25p80 Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 281/319] usb: gadget: function: acm: make f_acm pass USB20CV Chapter9 Greg Kroah-Hartman
` (35 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alan Stern, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 7a60855972f0d3c014093046cb6f013a1ee5bb19 ]
According to our Gadget Framework API documentation,
->set_halt() *must* return -EAGAIN if we have pending
transfers (on either direction) or FIFO isn't empty (on
TX endpoints).
Fix this bug so that the mass storage gadget can be used
without stall=0 parameter.
This patch should be backported to all kernels since v3.2.
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/ep0.c | 4 ++--
drivers/usb/dwc3/gadget.c | 16 ++++++++++++----
drivers/usb/dwc3/gadget.h | 2 +-
3 files changed, 15 insertions(+), 7 deletions(-)
--- a/drivers/usb/dwc3/ep0.c
+++ b/drivers/usb/dwc3/ep0.c
@@ -251,7 +251,7 @@ static void dwc3_ep0_stall_and_restart(s
/* stall is always issued on EP0 */
dep = dwc->eps[0];
- __dwc3_gadget_ep_set_halt(dep, 1);
+ __dwc3_gadget_ep_set_halt(dep, 1, false);
dep->flags = DWC3_EP_ENABLED;
dwc->delayed_status = false;
@@ -461,7 +461,7 @@ static int dwc3_ep0_handle_feature(struc
return -EINVAL;
if (set == 0 && (dep->flags & DWC3_EP_WEDGE))
break;
- ret = __dwc3_gadget_ep_set_halt(dep, set);
+ ret = __dwc3_gadget_ep_set_halt(dep, set, true);
if (ret)
return -EINVAL;
break;
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -670,7 +670,7 @@ static int __dwc3_gadget_ep_disable(stru
/* make sure HW endpoint isn't stalled */
if (dep->flags & DWC3_EP_STALL)
- __dwc3_gadget_ep_set_halt(dep, 0);
+ __dwc3_gadget_ep_set_halt(dep, 0, false);
reg = dwc3_readl(dwc->regs, DWC3_DALEPENA);
reg &= ~DWC3_DALEPENA_EP(dep->number);
@@ -1286,7 +1286,7 @@ out0:
return ret;
}
-int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value)
+int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol)
{
struct dwc3_gadget_ep_cmd_params params;
struct dwc3 *dwc = dep->dwc;
@@ -1295,6 +1295,14 @@ int __dwc3_gadget_ep_set_halt(struct dwc
memset(¶ms, 0x00, sizeof(params));
if (value) {
+ if (!protocol && ((dep->direction && dep->flags & DWC3_EP_BUSY) ||
+ (!list_empty(&dep->req_queued) ||
+ !list_empty(&dep->request_list)))) {
+ dev_dbg(dwc->dev, "%s: pending request, cannot halt\n",
+ dep->name);
+ return -EAGAIN;
+ }
+
ret = dwc3_send_gadget_ep_cmd(dwc, dep->number,
DWC3_DEPCMD_SETSTALL, ¶ms);
if (ret)
@@ -1332,7 +1340,7 @@ static int dwc3_gadget_ep_set_halt(struc
goto out;
}
- ret = __dwc3_gadget_ep_set_halt(dep, value);
+ ret = __dwc3_gadget_ep_set_halt(dep, value, false);
out:
spin_unlock_irqrestore(&dwc->lock, flags);
@@ -1352,7 +1360,7 @@ static int dwc3_gadget_ep_set_wedge(stru
if (dep->number == 0 || dep->number == 1)
return dwc3_gadget_ep0_set_halt(ep, 1);
else
- return dwc3_gadget_ep_set_halt(ep, 1);
+ return __dwc3_gadget_ep_set_halt(dep, 1, false);
}
/* -------------------------------------------------------------------------- */
--- a/drivers/usb/dwc3/gadget.h
+++ b/drivers/usb/dwc3/gadget.h
@@ -85,7 +85,7 @@ void dwc3_ep0_out_start(struct dwc3 *dwc
int dwc3_gadget_ep0_set_halt(struct usb_ep *ep, int value);
int dwc3_gadget_ep0_queue(struct usb_ep *ep, struct usb_request *request,
gfp_t gfp_flags);
-int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value);
+int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol);
/**
* dwc3_gadget_ep_get_transfer_index - Gets transfer index from HW
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 281/319] usb: gadget: function: acm: make f_acm pass USB20CV Chapter9
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (267 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 280/319] usb: dwc3: gadget: fix set_halt() bug with pending transfers Greg Kroah-Hartman
@ 2014-11-12 1:16 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 282/319] sched: Use rq->rd in sched_setaffinity() under RCU read lock Greg Kroah-Hartman
` (34 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felipe Balbi
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felipe Balbi <balbi@ti.com>
[ Upstream commit 52ec49a5e56a27c5b6f8217708783eff39f24c16 ]
During Halt Endpoint Test, our interrupt endpoint
will be disabled, which will clear out ep->desc
to NULL. Unless we call config_ep_by_speed() again,
we will not be able to enable this endpoint which
will make us fail that test.
Fixes: f9c56cd (usb: gadget: Clear usb_endpoint_descriptor
inside the struct usb_ep on disable)
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_acm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/usb/gadget/function/f_acm.c
+++ b/drivers/usb/gadget/function/f_acm.c
@@ -430,11 +430,12 @@ static int acm_set_alt(struct usb_functi
if (acm->notify->driver_data) {
VDBG(cdev, "reset acm control interface %d\n", intf);
usb_ep_disable(acm->notify);
- } else {
- VDBG(cdev, "init acm ctrl interface %d\n", intf);
+ }
+
+ if (!acm->notify->desc)
if (config_ep_by_speed(cdev->gadget, f, acm->notify))
return -EINVAL;
- }
+
usb_ep_enable(acm->notify);
acm->notify->driver_data = acm;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 282/319] sched: Use rq->rd in sched_setaffinity() under RCU read lock
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (268 preceding siblings ...)
2014-11-12 1:16 ` [PATCH 3.17 281/319] usb: gadget: function: acm: make f_acm pass USB20CV Chapter9 Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 283/319] x86, intel-mid: Create IRQs for APB timers and RTC timers Greg Kroah-Hartman
` (33 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kirill Tkhai, Peter Zijlstra (Intel),
Paul E. McKenney, Linus Torvalds, Ingo Molnar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kirill Tkhai <ktkhai@parallels.com>
commit f1e3a0932f3a9554371792a7daaf1e0eb19f66d5 upstream.
Probability of use-after-free isn't zero in this place.
Signed-off-by: Kirill Tkhai <ktkhai@parallels.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20140922183636.11015.83611.stgit@localhost
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/core.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4008,13 +4008,14 @@ long sched_setaffinity(pid_t pid, const
* root_domain.
*/
#ifdef CONFIG_SMP
- if (task_has_dl_policy(p)) {
- const struct cpumask *span = task_rq(p)->rd->span;
-
- if (dl_bandwidth_enabled() && !cpumask_subset(span, new_mask)) {
+ if (task_has_dl_policy(p) && dl_bandwidth_enabled()) {
+ rcu_read_lock();
+ if (!cpumask_subset(task_rq(p)->rd->span, new_mask)) {
retval = -EBUSY;
+ rcu_read_unlock();
goto out_unlock;
}
+ rcu_read_unlock();
}
#endif
again:
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 283/319] x86, intel-mid: Create IRQs for APB timers and RTC timers
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (269 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 282/319] sched: Use rq->rd in sched_setaffinity() under RCU read lock Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 284/319] drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size Greg Kroah-Hartman
` (32 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Jiang Liu,
Konrad Rzeszutek Wilk, Tony Luck, Joerg Roedel, H. Peter Anvin,
Benjamin Herrenschmidt, Rafael J. Wysocki, Bjorn Helgaas,
Randy Dunlap, Yinghai Lu, Borislav Petkov, David Cohen,
Thomas Gleixner, Ingo Molnar
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiang Liu <jiang.liu@linux.intel.com>
commit f18298595aefa2c836a128ec6e0f75f39965dd81 upstream.
Intel MID platforms has no legacy interrupts, so no IRQ descriptors
preallocated. We need to call mp_map_gsi_to_irq() to create IRQ
descriptors for APB timers and RTC timers, otherwise it may cause
invalid memory access as:
[ 0.116839] BUG: unable to handle kernel NULL pointer dereference at
0000003a
[ 0.123803] IP: [<c1071c0e>] setup_irq+0xf/0x4d
Tested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@linux.intel.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: David Cohen <david.a.cohen@linux.intel.com>
Link: http://lkml.kernel.org/r/1414387308-27148-3-git-send-email-jiang.liu@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/apb_timer.c | 2 --
arch/x86/platform/intel-mid/sfi.c | 2 ++
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/apb_timer.c
+++ b/arch/x86/kernel/apb_timer.c
@@ -185,8 +185,6 @@ static void apbt_setup_irq(struct apbt_d
irq_modify_status(adev->irq, 0, IRQ_MOVE_PCNTXT);
irq_set_affinity(adev->irq, cpumask_of(adev->cpu));
- /* APB timer irqs are set up as mp_irqs, timer is edge type */
- __irq_set_handler(adev->irq, handle_edge_irq, 0, "edge");
}
/* Should be called with per cpu */
--- a/arch/x86/platform/intel-mid/sfi.c
+++ b/arch/x86/platform/intel-mid/sfi.c
@@ -106,6 +106,7 @@ int __init sfi_parse_mtmr(struct sfi_tab
mp_irq.dstapic = MP_APIC_ALL;
mp_irq.dstirq = pentry->irq;
mp_save_irq(&mp_irq);
+ mp_map_gsi_to_irq(pentry->irq, IOAPIC_MAP_ALLOC);
}
return 0;
@@ -176,6 +177,7 @@ int __init sfi_parse_mrtc(struct sfi_tab
mp_irq.dstapic = MP_APIC_ALL;
mp_irq.dstirq = pentry->irq;
mp_save_irq(&mp_irq);
+ mp_map_gsi_to_irq(pentry->irq, IOAPIC_MAP_ALLOC);
}
return 0;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 284/319] drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size.
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (270 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 283/319] x86, intel-mid: Create IRQs for APB timers and RTC timers Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 285/319] drm/radeon/dpm: disable ulv support on SI Greg Kroah-Hartman
` (31 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sinclair Yeh, Thomas Hellstrom
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sinclair Yeh <syeh@vmware.com>
commit 9a72384d86b26cb8a2b25106677e1197f606668f upstream.
When screen objects are enabled, the bpp is assumed to be 32, otherwise
it is set to 16.
v2:
* Use u32 instead of u64 for assumed_bpp.
* Fixed mechanism to check for screen objects
* Limit the back buffer size to VRAM.
Signed-off-by: Sinclair Yeh <syeh@vmware.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 6 +++++-
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 16 +++++++++++++---
2 files changed, 18 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
@@ -688,7 +688,11 @@ static int vmw_driver_load(struct drm_de
goto out_err0;
}
- if (unlikely(dev_priv->prim_bb_mem < dev_priv->vram_size))
+ /*
+ * Limit back buffer size to VRAM size. Remove this once
+ * screen targets are implemented.
+ */
+ if (dev_priv->prim_bb_mem > dev_priv->vram_size)
dev_priv->prim_bb_mem = dev_priv->vram_size;
mutex_unlock(&dev_priv->hw_mutex);
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -1950,6 +1950,14 @@ int vmw_du_connector_fill_modes(struct d
DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
};
int i;
+ u32 assumed_bpp = 2;
+
+ /*
+ * If using screen objects, then assume 32-bpp because that's what the
+ * SVGA device is assuming
+ */
+ if (dev_priv->sou_priv)
+ assumed_bpp = 4;
/* Add preferred mode */
{
@@ -1960,8 +1968,9 @@ int vmw_du_connector_fill_modes(struct d
mode->vdisplay = du->pref_height;
vmw_guess_mode_timing(mode);
- if (vmw_kms_validate_mode_vram(dev_priv, mode->hdisplay * 2,
- mode->vdisplay)) {
+ if (vmw_kms_validate_mode_vram(dev_priv,
+ mode->hdisplay * assumed_bpp,
+ mode->vdisplay)) {
drm_mode_probed_add(connector, mode);
} else {
drm_mode_destroy(dev, mode);
@@ -1983,7 +1992,8 @@ int vmw_du_connector_fill_modes(struct d
bmode->vdisplay > max_height)
continue;
- if (!vmw_kms_validate_mode_vram(dev_priv, bmode->hdisplay * 2,
+ if (!vmw_kms_validate_mode_vram(dev_priv,
+ bmode->hdisplay * assumed_bpp,
bmode->vdisplay))
continue;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 285/319] drm/radeon/dpm: disable ulv support on SI
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (271 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 284/319] drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 287/319] drm/radeon: dpm fixes for asrock systems Greg Kroah-Hartman
` (30 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 6fa455935ab956248b165f150ec6ae9106210077 upstream.
Causes problems on some boards.
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=82889
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/si_dpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -6255,7 +6255,7 @@ static void si_parse_pplib_clock_info(st
if ((rps->class2 & ATOM_PPLIB_CLASSIFICATION2_ULV) &&
index == 0) {
/* XXX disable for A0 tahiti */
- si_pi->ulv.supported = true;
+ si_pi->ulv.supported = false;
si_pi->ulv.pl = *pl;
si_pi->ulv.one_pcie_lane_in_ulv = false;
si_pi->ulv.volt_change_delay = SISLANDS_ULVVOLTAGECHANGEDELAY_DFLT;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 287/319] drm/radeon: dpm fixes for asrock systems
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (272 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 285/319] drm/radeon/dpm: disable ulv support on SI Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 288/319] drm/radeon: remove invalid pci id Greg Kroah-Hartman
` (29 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 72b3f9183ed57e4a2f0601a1c25ae2fd39855952 upstream.
- bapm seems to cause CPU stuck messages so disable it.
- nb dpm seems to prevent GPU dpm from getting enabled, so
disable it.
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=85107
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/kv_dpm.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/radeon/kv_dpm.c
+++ b/drivers/gpu/drm/radeon/kv_dpm.c
@@ -2725,7 +2725,11 @@ int kv_dpm_init(struct radeon_device *rd
pi->sram_end = SMC_RAM_END;
- pi->enable_nb_dpm = true;
+ /* Enabling nb dpm on an asrock system prevents dpm from working */
+ if (rdev->pdev->subsystem_vendor == 0x1849)
+ pi->enable_nb_dpm = false;
+ else
+ pi->enable_nb_dpm = true;
pi->caps_power_containment = true;
pi->caps_cac = true;
@@ -2740,10 +2744,19 @@ int kv_dpm_init(struct radeon_device *rd
pi->caps_sclk_ds = true;
pi->enable_auto_thermal_throttling = true;
pi->disable_nb_ps3_in_battery = false;
- if (radeon_bapm == 0)
+ if (radeon_bapm == -1) {
+ /* There are stability issues reported on with
+ * bapm enabled on an asrock system.
+ */
+ if (rdev->pdev->subsystem_vendor == 0x1849)
+ pi->bapm_enable = false;
+ else
+ pi->bapm_enable = true;
+ } else if (radeon_bapm == 0) {
pi->bapm_enable = false;
- else
+ } else {
pi->bapm_enable = true;
+ }
pi->voltage_drop_t = 0;
pi->caps_sclk_throttle_low_notification = false;
pi->caps_fps = false; /* true? */
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 288/319] drm/radeon: remove invalid pci id
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (273 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 287/319] drm/radeon: dpm fixes for asrock systems Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 292/319] mm: cma: Dont crash on allocation if CMA area cant be activated Greg Kroah-Hartman
` (28 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 8c3e434769b1707fd2d24de5a2eb25fedc634c4a upstream.
0x4c6e is a secondary device id so should not be used
by the driver.
Noticed-by: Mark Kettenis <mark.kettenis@xs4all.nl>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/drm/drm_pciids.h | 1 -
1 file changed, 1 deletion(-)
--- a/include/drm/drm_pciids.h
+++ b/include/drm/drm_pciids.h
@@ -74,7 +74,6 @@
{0x1002, 0x4C64, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV250|RADEON_IS_MOBILITY}, \
{0x1002, 0x4C66, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV250|RADEON_IS_MOBILITY}, \
{0x1002, 0x4C67, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV250|RADEON_IS_MOBILITY}, \
- {0x1002, 0x4C6E, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV280|RADEON_IS_MOBILITY}, \
{0x1002, 0x4E44, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R300}, \
{0x1002, 0x4E45, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R300}, \
{0x1002, 0x4E46, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R300}, \
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 292/319] mm: cma: Dont crash on allocation if CMA area cant be activated
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (274 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 288/319] drm/radeon: remove invalid pci id Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 293/319] rbd: Fix error recovery in rbd_obj_read_sync() Greg Kroah-Hartman
` (27 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Michal Nazarewicz,
Marek Szyprowski
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
commit f022d8cb7ec70fe8edd56383d876001317ee76b1 upstream.
If activation of the CMA area fails its mutex won't be initialized,
leading to an oops at allocation time when trying to lock the mutex. Fix
this by setting the cma area count field to 0 when activation fails,
leading to allocation returning NULL immediately.
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/cma.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -123,6 +123,7 @@ static int __init cma_activate_area(stru
err:
kfree(cma->bitmap);
+ cma->count = 0;
return -EINVAL;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 293/319] rbd: Fix error recovery in rbd_obj_read_sync()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (275 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 292/319] mm: cma: Dont crash on allocation if CMA area cant be activated Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 294/319] acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80 Greg Kroah-Hartman
` (26 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yehuda Sadeh, Sage Weil, ceph-devel,
Jan Kara, Ilya Dryomov
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit a8d4205623ae965e36c68629db306ca0695a2771 upstream.
When we fail to allocate page vector in rbd_obj_read_sync() we just
basically ignore the problem and continue which will result in an oops
later. Fix the problem by returning proper error.
CC: Yehuda Sadeh <yehuda@inktank.com>
CC: Sage Weil <sage@inktank.com>
CC: ceph-devel@vger.kernel.org
Coverity-id: 1226882
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/rbd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -3382,7 +3382,7 @@ static int rbd_obj_read_sync(struct rbd_
page_count = (u32) calc_pages_for(offset, length);
pages = ceph_alloc_page_vector(page_count, GFP_KERNEL);
if (IS_ERR(pages))
- ret = PTR_ERR(pages);
+ return PTR_ERR(pages);
ret = -ENOMEM;
obj_request = rbd_obj_request_create(object_name, offset, length,
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 294/319] acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (276 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 293/319] rbd: Fix error recovery in rbd_obj_read_sync() Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 295/319] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110 Greg Kroah-Hartman
` (25 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Darren Hart
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 183fd8fcd7f8afb7ac5ec68f83194872f9fecc84 upstream.
The acpi-video backlight interface on the Acer KAV80 is broken, and worse
it causes the entire machine to slow down significantly after a suspend/resume.
Blacklist it, and use the acer-wmi backlight interface instead. Note that
the KAV80 is somewhat unique in that it is the only Acer model where we
fall back to acer-wmi after blacklisting, rather then using the native
(e.g. intel) backlight driver. This is done because there is no native
backlight interface on this model.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1128309
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/acer-wmi.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/platform/x86/acer-wmi.c
+++ b/drivers/platform/x86/acer-wmi.c
@@ -579,6 +579,17 @@ static const struct dmi_system_id video_
DMI_MATCH(DMI_PRODUCT_NAME, "Aspire 5741"),
},
},
+ {
+ /*
+ * Note no video_set_backlight_video_vendor, we must use the
+ * acer interface, as there is no native backlight interface.
+ */
+ .ident = "Acer KAV80",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "KAV80"),
+ },
+ },
{}
};
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 295/319] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (277 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 294/319] acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80 Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 296/319] fix breakage in o2net_send_tcp_msg() Greg Kroah-Hartman
` (24 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Darren Hart
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 5a1426c99f9b7aa11d60c4e6b7a3211bb5321696 upstream.
The acpi-video backlight interface on the NC210 does not work, blacklist it
and use the samsung-laptop interface instead.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=861573
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/samsung-laptop.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/platform/x86/samsung-laptop.c
+++ b/drivers/platform/x86/samsung-laptop.c
@@ -1561,6 +1561,16 @@ static struct dmi_system_id __initdata s
},
{
.callback = samsung_dmi_matched,
+ .ident = "NC210",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "NC210/NC110"),
+ DMI_MATCH(DMI_BOARD_NAME, "NC210/NC110"),
+ },
+ .driver_data = &samsung_broken_acpi_video,
+ },
+ {
+ .callback = samsung_dmi_matched,
.ident = "730U3E/740U3E",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD."),
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 296/319] fix breakage in o2net_send_tcp_msg()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (278 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 295/319] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110 Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 297/319] pinctrl: baytrail: show output gpio state correctly on Intel Baytrail Greg Kroah-Hartman
` (23 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 7e8631e8b9d4e9f698c09c7e7309c96249180ff9 upstream.
uninitialized msghdr. Broken in "ocfs2: don't open-code kernel_recvmsg()"
by me ;-/
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/cluster/tcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ocfs2/cluster/tcp.c
+++ b/fs/ocfs2/cluster/tcp.c
@@ -925,7 +925,7 @@ static int o2net_send_tcp_msg(struct soc
size_t veclen, size_t total)
{
int ret;
- struct msghdr msg;
+ struct msghdr msg = {.msg_flags = 0,};
if (sock == NULL) {
ret = -EINVAL;
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 297/319] pinctrl: baytrail: show output gpio state correctly on Intel Baytrail
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (279 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 296/319] fix breakage in o2net_send_tcp_msg() Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 298/319] ARM: pxa: fix hang on startup with DEBUG_LL Greg Kroah-Hartman
` (22 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Nyman, David Cohen,
Felipe Balbi, Linus Walleij
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Cohen <david.a.cohen@linux.intel.com>
commit d90c33818967c5e5371961604ad98b4dea4fa3f4 upstream.
Even if a gpio pin is set to output, we still need to set INPUT_EN
functionality (by clearing INPUT_EN bit) to be able to read the pin's
level.
E.g. without this change, we'll always read low level state from sysfs.
Cc: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: David Cohen <david.a.cohen@linux.intel.com>
Reviewed-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/pinctrl-baytrail.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pinctrl/pinctrl-baytrail.c
+++ b/drivers/pinctrl/pinctrl-baytrail.c
@@ -318,7 +318,7 @@ static int byt_gpio_direction_output(str
"Potential Error: Setting GPIO with direct_irq_en to output");
reg_val = readl(reg) | BYT_DIR_MASK;
- reg_val &= ~BYT_OUTPUT_EN;
+ reg_val &= ~(BYT_OUTPUT_EN | BYT_INPUT_EN);
if (value)
writel(reg_val | BYT_LEVEL, reg);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 298/319] ARM: pxa: fix hang on startup with DEBUG_LL
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (280 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 297/319] pinctrl: baytrail: show output gpio state correctly on Intel Baytrail Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 299/319] powerpc: use device_online/offline() instead of cpu_up/down() Greg Kroah-Hartman
` (21 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Eremin-Solenikov,
Robert Jarzmik, Arnd Bergmann
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robert Jarzmik <robert.jarzmik@free.fr>
commit cde7fc879969f933614b1256df2625d6ff637bab upstream.
The commit 2111667b4677 ("ARM: pxa: call debug_ll_io_init for
earlyprintk") triggers in the current kernel the attached backtrace on
PXA/tosa early in the boot time when DEBUG_LL is enabled.
It is due to overlap between uart virtual memory defined in
DEBUG_UART_VIRT and mapped by debug_ll_io_init() and peripheral bus
mapped by pxa_map_io at the same address, 0xf2100000.
As hinted by Arnd, map early virtual memory for low level debug on
address 0xf6200000, even if that means 2 virtual mappings will give
access to the pxa internal UARTs (FFUART, BTUART, STUART, ...).
------------[ cut here ]------------
kernel BUG at /home/lumag/linux/mm/vmalloc.c:1143!
Internal error: Oops - BUG: 0 [#1] PREEMPT ARM
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.17.0-00032-g8e0d202-dirty #23
task: c062a5a8 ti: c0620000 task.ti: c0620000
PC is at vm_area_add_early+0x54/0x84
LR is at add_static_vm_early+0xc/0x60
pc : [<c03e1100>] lr : [<c03d9ef4>] psr: 800001d3
sp : c0621f04 ip : c03efa74 fp : c03edf84
r10: c0637e98 r9 : 40000001 r8 : c03da57c
r7 : c3ffcfb0 r6 : 00000000 r5 : c3ffcfb0 r4 : 02000000
r3 : c3ffcfd8 r2 : f2100000 r1 : f4000000 r0 : c3ffcfb0
Flags: Nzcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment kernel
Control: 00007977 Table: a0004000 DAC: 00000017
Process swapper (pid: 0, stack limit = 0xc06201c8)
Stack: (0xc0621f04 to 0xc0622000)
1f00: c3ffcfd8 40000001 c3ffcfd8 c03ee08c c03da570 c03db90c c0637d24
1f20: 00000000 c03ec7cc c066e654 a0700000 000a0700 c03db914 c03db90c c03daf84
1f40: 00000000 000a0000 c0000000 c03ec7cc 000a0700 c0700000 ffff1000 000a3fff
1f60: 00001000 00000007 00000000 c03ec7cc c0008000 c03ed748 c0621fd4 c03d5d18
1f80: 69052d00 a03ec48c 00000000 c03d8ad0 0000006c 00007977 c036c6e8 00000001
1fa0: c0621fd4 c03ed744 c0628000 a0004000 69052d00 a03ec48c 00000000 c03d68d4
1fc0: 00000000 00000000 00000000 00000000 00000000 c03ed748 c0649894 c062801c
1fe0: c03ed744 c062b2f0 a0004000 69052d00 a03ec48c a0008040 00000000 00000000
[<c03e1100>] (vm_area_add_early) from [<c03d9ef4>] (add_static_vm_early+0xc/0x60)
[<c03d9ef4>] (add_static_vm_early) from [<c03da570>] (iotable_init.part.6+0xa8/0xb4)
[<c03da570>] (iotable_init.part.6) from [<c03db914>] (pxa25x_map_io+0x8/0x24)
[<c03db914>] (pxa25x_map_io) from [<c03daf84>] (paging_init+0x744/0x8d8)
[<c03daf84>] (paging_init) from [<c03d8ad0>] (setup_arch+0x354/0x608)
[<c03d8ad0>] (setup_arch) from [<c03d68d4>] (start_kernel+0xa8/0x3dc)
[<c03d68d4>] (start_kernel) from [<a0008040>] (0xa0008040)
Code: e5904008 e0811004 e1520001 2a000005 (e7f001f2)
---[ end trace f24b6c88ae00fa9a ]---
Kernel panic - not syncing: Attempted to kill the idle task!
---[ end Kernel panic - not syncing: Attempted to kill the idle task!
Reported-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/Kconfig.debug | 2 +-
arch/arm/mach-pxa/include/mach/addr-map.h | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -1142,7 +1142,7 @@ config DEBUG_UART_VIRT
default 0xf1c28000 if DEBUG_SUNXI_UART0
default 0xf1c28400 if DEBUG_SUNXI_UART1
default 0xf1f02800 if DEBUG_SUNXI_R_UART
- default 0xf2100000 if DEBUG_PXA_UART1
+ default 0xf6200000 if DEBUG_PXA_UART1
default 0xf4090000 if ARCH_LPC32XX
default 0xf4200000 if ARCH_GEMINI
default 0xf7000000 if DEBUG_S3C24XX_UART && (DEBUG_S3C_UART0 || \
--- a/arch/arm/mach-pxa/include/mach/addr-map.h
+++ b/arch/arm/mach-pxa/include/mach/addr-map.h
@@ -39,6 +39,11 @@
#define DMEMC_SIZE 0x00100000
/*
+ * Reserved space for low level debug virtual addresses within
+ * 0xf6200000..0xf6201000
+ */
+
+/*
* Internal Memory Controller (PXA27x and later)
*/
#define IMEMC_PHYS 0x58000000
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 299/319] powerpc: use device_online/offline() instead of cpu_up/down()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (281 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 298/319] ARM: pxa: fix hang on startup with DEBUG_LL Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 300/319] powerpc/powernv: Properly fix LPC debugfs endianness Greg Kroah-Hartman
` (20 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Streetman, Nathan Fontenot,
Michael Ellerman
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Streetman <ddstreet@ieee.org>
commit 10ccaf178b2b961d8bca252d647ed7ed8aae2a20 upstream.
In powerpc pseries platform dlpar operations, use device_online() and
device_offline() instead of cpu_up() and cpu_down().
Calling cpu_up/down() directly does not update the cpu device offline
field, which is used to online/offline a cpu from sysfs. Calling
device_online/offline() instead keeps the sysfs cpu online value
correct. The hotplug lock, which is required to be held when calling
device_online/offline(), is already held when dlpar_online/offline_cpu()
are called, since they are called only from cpu_probe|release_store().
This patch fixes errors on phyp (PowerVM) systems that have cpu(s)
added/removed using dlpar operations; without this patch, the
/sys/devices/system/cpu/cpuN/online nodes do not correctly show the
online state of added/removed cpus.
Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Cc: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Fixes: 0902a9044fa5 ("Driver core: Use generic offline/online for CPU offline/online")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/dlpar.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/powerpc/platforms/pseries/dlpar.c
+++ b/arch/powerpc/platforms/pseries/dlpar.c
@@ -379,7 +379,7 @@ static int dlpar_online_cpu(struct devic
BUG_ON(get_cpu_current_state(cpu)
!= CPU_STATE_OFFLINE);
cpu_maps_update_done();
- rc = cpu_up(cpu);
+ rc = device_online(get_cpu_device(cpu));
if (rc)
goto out;
cpu_maps_update_begin();
@@ -462,7 +462,7 @@ static int dlpar_offline_cpu(struct devi
if (get_cpu_current_state(cpu) == CPU_STATE_ONLINE) {
set_preferred_offline_state(cpu, CPU_STATE_OFFLINE);
cpu_maps_update_done();
- rc = cpu_down(cpu);
+ rc = device_offline(get_cpu_device(cpu));
if (rc)
goto out;
cpu_maps_update_begin();
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 300/319] powerpc/powernv: Properly fix LPC debugfs endianness
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (282 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 299/319] powerpc: use device_online/offline() instead of cpu_up/down() Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 301/319] powerpc: do_notify_resume can be called with bad thread_info flags argument Greg Kroah-Hartman
` (19 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Herrenschmidt, Michael Ellerman
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
commit 325e4114043469e5f9923d902b4d30bcc2be8163 upstream.
Endian is hard, especially when I designed a stupid FW interface, and
I should know better... oh well, this is attempt #2 at fixing this
properly. This time it seems to work with all access sizes and I
can run my flashing tool (which exercises all sort of access sizes
and types to access the SPI controller in the BMC) just fine.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/powernv/opal-lpc.c | 59 ++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
--- a/arch/powerpc/platforms/powernv/opal-lpc.c
+++ b/arch/powerpc/platforms/powernv/opal-lpc.c
@@ -216,14 +216,54 @@ static ssize_t lpc_debug_read(struct fil
&data, len);
if (rc)
return -ENXIO;
+
+ /*
+ * Now there is some trickery with the data returned by OPAL
+ * as it's the desired data right justified in a 32-bit BE
+ * word.
+ *
+ * This is a very bad interface and I'm to blame for it :-(
+ *
+ * So we can't just apply a 32-bit swap to what comes from OPAL,
+ * because user space expects the *bytes* to be in their proper
+ * respective positions (ie, LPC position).
+ *
+ * So what we really want to do here is to shift data right
+ * appropriately on a LE kernel.
+ *
+ * IE. If the LPC transaction has bytes B0, B1, B2 and B3 in that
+ * order, we have in memory written to by OPAL at the "data"
+ * pointer:
+ *
+ * Bytes: OPAL "data" LE "data"
+ * 32-bit: B0 B1 B2 B3 B0B1B2B3 B3B2B1B0
+ * 16-bit: B0 B1 0000B0B1 B1B00000
+ * 8-bit: B0 000000B0 B0000000
+ *
+ * So a BE kernel will have the leftmost of the above in the MSB
+ * and rightmost in the LSB and can just then "cast" the u32 "data"
+ * down to the appropriate quantity and write it.
+ *
+ * However, an LE kernel can't. It doesn't need to swap because a
+ * load from data followed by a store to user are going to preserve
+ * the byte ordering which is the wire byte order which is what the
+ * user wants, but in order to "crop" to the right size, we need to
+ * shift right first.
+ */
switch(len) {
case 4:
rc = __put_user((u32)data, (u32 __user *)ubuf);
break;
case 2:
+#ifdef __LITTLE_ENDIAN__
+ data >>= 16;
+#endif
rc = __put_user((u16)data, (u16 __user *)ubuf);
break;
default:
+#ifdef __LITTLE_ENDIAN__
+ data >>= 24;
+#endif
rc = __put_user((u8)data, (u8 __user *)ubuf);
break;
}
@@ -263,12 +303,31 @@ static ssize_t lpc_debug_write(struct fi
else if (todo > 1 && (pos & 1) == 0)
len = 2;
}
+
+ /*
+ * Similarly to the read case, we have some trickery here but
+ * it's different to handle. We need to pass the value to OPAL in
+ * a register whose layout depends on the access size. We want
+ * to reproduce the memory layout of the user, however we aren't
+ * doing a load from user and a store to another memory location
+ * which would achieve that. Here we pass the value to OPAL via
+ * a register which is expected to contain the "BE" interpretation
+ * of the byte sequence. IE: for a 32-bit access, byte 0 should be
+ * in the MSB. So here we *do* need to byteswap on LE.
+ *
+ * User bytes: LE "data" OPAL "data"
+ * 32-bit: B0 B1 B2 B3 B3B2B1B0 B0B1B2B3
+ * 16-bit: B0 B1 0000B1B0 0000B0B1
+ * 8-bit: B0 000000B0 000000B0
+ */
switch(len) {
case 4:
rc = __get_user(data, (u32 __user *)ubuf);
+ data = cpu_to_be32(data);
break;
case 2:
rc = __get_user(data, (u16 __user *)ubuf);
+ data = cpu_to_be16(data);
break;
default:
rc = __get_user(data, (u8 __user *)ubuf);
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 301/319] powerpc: do_notify_resume can be called with bad thread_info flags argument
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (283 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 300/319] powerpc/powernv: Properly fix LPC debugfs endianness Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 302/319] ALSA: hda - fix mute led problem for three HP laptops Greg Kroah-Hartman
` (18 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anton Blanchard, Michael Ellerman
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anton Blanchard <anton@samba.org>
commit 808be31426af57af22268ef0fcb42617beb3d15b upstream.
Back in 7230c5644188 ("powerpc: Rework lazy-interrupt handling") we
added a call out to restore_interrupts() (written in c) before calling
do_notify_resume:
bl restore_interrupts
addi r3,r1,STACK_FRAME_OVERHEAD
bl do_notify_resume
Unfortunately do_notify_resume takes two arguments, the second one
being the thread_info flags:
void do_notify_resume(struct pt_regs *regs, unsigned long thread_info_flags)
We do populate r4 (the second argument) earlier, but
restore_interrupts() is free to muck it up all it wants. My guess is
the gcc compiler gods shone down on us and its register allocator
never used r4. Sometimes, rarely, luck is on our side.
LLVM on the other hand did trample r4.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/entry_64.S | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -659,7 +659,13 @@ _GLOBAL(ret_from_except_lite)
3:
#endif
bl save_nvgprs
+ /*
+ * Use a non volatile GPR to save and restore our thread_info flags
+ * across the call to restore_interrupts.
+ */
+ mr r30,r4
bl restore_interrupts
+ mr r4,r30
addi r3,r1,STACK_FRAME_OVERHEAD
bl do_notify_resume
b ret_from_except
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 302/319] ALSA: hda - fix mute led problem for three HP laptops
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (284 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 301/319] powerpc: do_notify_resume can be called with bad thread_info flags argument Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 303/319] regulator: max77693: Fix use of uninitialized regulator config Greg Kroah-Hartman
` (17 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TieFu Chen, Kailang Yang, Hui Wang,
Takashi Iwai
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hui Wang <hui.wang@canonical.com>
commit c922c4e87b9b5a3b50d4d17b96f189121430f511 upstream.
Without the fix, the mute led can't work on these three machines.
After apply this fix, these three machines will fall back on the led
control quirk as below, and through testing, the mute led works very
well.
PIN_QUIRK(0x10ec0282, 0x103c, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED,
ALC282_STANDARD_PINS,
{0x12, 0x90a60140},
...
BugLink: https://bugs.launchpad.net/bugs/1389497
Tested-by: TieFu Chen <tienfu.chen@canonical.com>
Cc: Kailang Yang <kailang@realtek.com>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 3 ---
1 file changed, 3 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5008,9 +5008,6 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x2224, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2225, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2246, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
- SND_PCI_QUIRK(0x103c, 0x2247, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
- SND_PCI_QUIRK(0x103c, 0x2248, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
- SND_PCI_QUIRK(0x103c, 0x2249, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2253, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2254, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2255, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 303/319] regulator: max77693: Fix use of uninitialized regulator config
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (285 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 302/319] ALSA: hda - fix mute led problem for three HP laptops Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 304/319] irqchip: armada-370-xp: Fix MSI interrupt handling Greg Kroah-Hartman
` (16 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Mark Brown
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
commit ca0c37a0b489bb14bf3e1549e7a8d0c9a17f4919 upstream.
Driver allocated on stack struct regulator_config but didn't initialize
it fully. Few fields (driver_data, ena_gpio) were left untouched. This
lead to using random ena_gpio values as GPIOs for max77693 regulators.
On occasion these values could match real GPIO numbers leading to
interfering with other drivers and to unsuccessful enable/disable of
regulator.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Fixes: 80b022e29bfd ("regulator: max77693: Add max77693 regualtor driver.")
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/max77693.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/regulator/max77693.c
+++ b/drivers/regulator/max77693.c
@@ -227,7 +227,7 @@ static int max77693_pmic_probe(struct pl
struct max77693_dev *iodev = dev_get_drvdata(pdev->dev.parent);
struct max77693_regulator_data *rdata = NULL;
int num_rdata, i;
- struct regulator_config config;
+ struct regulator_config config = { };
num_rdata = max77693_pmic_init_rdata(&pdev->dev, &rdata);
if (!rdata || num_rdata <= 0) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 304/319] irqchip: armada-370-xp: Fix MSI interrupt handling
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (286 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 303/319] regulator: max77693: Fix use of uninitialized regulator config Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 305/319] irqchip: armada-370-xp: Fix MPIC " Greg Kroah-Hartman
` (15 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grzegorz Jaszczyk, Gregory CLEMENT,
Ezequiel Garcia, Jason Cooper
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Grzegorz Jaszczyk <jaz@semihalf.com>
commit 298dcb2dd0267d51e4f7c94a628cd0765a50ad75 upstream.
The MSI interrupts use the 16 high doorbells, which are notified by using IRQ1
of the main interrupt controller.
The MSI interrupts were handled correctly for Armada-XP and Armada-370 but not
for Armada-375 and Armada-38x, which use chained handler for the MPIC.
This commit fixes that by checking proper interrupt number in chained handler
for the MPIC.
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Fixes: bc69b8adfe22 ("irqchip: armada-370-xp: Setup a chained handler for the MPIC")
Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
Link: https://lkml.kernel.org/r/1411643839-64925-2-git-send-email-jaz@semihalf.com
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-armada-370-xp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/irqchip/irq-armada-370-xp.c
+++ b/drivers/irqchip/irq-armada-370-xp.c
@@ -417,9 +417,9 @@ static void armada_370_xp_mpic_handle_ca
irqmap = readl_relaxed(per_cpu_int_base + ARMADA_375_PPI_CAUSE);
- if (irqmap & BIT(0)) {
+ if (irqmap & BIT(1)) {
armada_370_xp_handle_msi_irq(NULL, true);
- irqmap &= ~BIT(0);
+ irqmap &= ~BIT(1);
}
for_each_set_bit(irqn, &irqmap, BITS_PER_LONG) {
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 305/319] irqchip: armada-370-xp: Fix MPIC interrupt handling
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (287 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 304/319] irqchip: armada-370-xp: Fix MSI interrupt handling Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 306/319] i2c: at91: dont account as iowait Greg Kroah-Hartman
` (14 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grzegorz Jaszczyk, Gregory CLEMENT,
Ezequiel Garcia, Jason Cooper
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Grzegorz Jaszczyk <jaz@semihalf.com>
commit 758e8366754d3fa57da978fef9d2c652f7b55c02 upstream.
In both Armada-375 and Armada-38x MPIC interrupts should be identified by
reading cause register multiplied by the interrupt mask.
A lack of above mentioned multiplication resulted in a bug, caused by the
fact that in Armada-375 and Armada-38x some of the interrupts
(e.g. network interrupts) can be handled either as a GIC or MPIC interrupts.
Therefore during MPIC interrupts handling, cause register shows hits from
interrupts even if they are masked for MPIC but unmasked for a GIC.
This resulted in 'bad IRQ' error, because masked MPIC interrupt without
registered interrupt handler, was trying to be handled during interrupt
handling procedure of some other unmasked MPIC interrupt (e.g. local timer
irq).
This commit fixes that by ensuring that during MPIC interrupt handling only
interrupts that are unmasked for MPIC are processed.
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Fixes: bc69b8adfe22 ("irqchip: armada-370-xp: Setup a chained handler for the MPIC")
Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
Link: https://lkml.kernel.org/r/1411643839-64925-3-git-send-email-jaz@semihalf.com
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-armada-370-xp.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
--- a/drivers/irqchip/irq-armada-370-xp.c
+++ b/drivers/irqchip/irq-armada-370-xp.c
@@ -43,6 +43,7 @@
#define ARMADA_370_XP_INT_CLEAR_ENABLE_OFFS (0x34)
#define ARMADA_370_XP_INT_SOURCE_CTL(irq) (0x100 + irq*4)
#define ARMADA_370_XP_INT_SOURCE_CPU_MASK 0xF
+#define ARMADA_370_XP_INT_IRQ_FIQ_MASK(cpuid) ((BIT(0) | BIT(8)) << cpuid)
#define ARMADA_370_XP_CPU_INTACK_OFFS (0x44)
#define ARMADA_375_PPI_CAUSE (0x10)
@@ -410,19 +411,29 @@ static void armada_370_xp_mpic_handle_ca
struct irq_desc *desc)
{
struct irq_chip *chip = irq_get_chip(irq);
- unsigned long irqmap, irqn;
+ unsigned long irqmap, irqn, irqsrc, cpuid;
unsigned int cascade_irq;
chained_irq_enter(chip, desc);
irqmap = readl_relaxed(per_cpu_int_base + ARMADA_375_PPI_CAUSE);
-
- if (irqmap & BIT(1)) {
- armada_370_xp_handle_msi_irq(NULL, true);
- irqmap &= ~BIT(1);
- }
+ cpuid = cpu_logical_map(smp_processor_id());
for_each_set_bit(irqn, &irqmap, BITS_PER_LONG) {
+ irqsrc = readl_relaxed(main_int_base +
+ ARMADA_370_XP_INT_SOURCE_CTL(irqn));
+
+ /* Check if the interrupt is not masked on current CPU.
+ * Test IRQ (0-1) and FIQ (8-9) mask bits.
+ */
+ if (!(irqsrc & ARMADA_370_XP_INT_IRQ_FIQ_MASK(cpuid)))
+ continue;
+
+ if (irqn == 1) {
+ armada_370_xp_handle_msi_irq(NULL, true);
+ continue;
+ }
+
cascade_irq = irq_find_mapping(armada_370_xp_mpic_domain, irqn);
generic_handle_irq(cascade_irq);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 306/319] i2c: at91: dont account as iowait
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (288 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 305/319] irqchip: armada-370-xp: Fix MPIC " Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 307/319] sysfs: driver core: Fix glue dir race condition by gdp_mutex Greg Kroah-Hartman
` (13 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Ludovic Desroches
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wolfram Sang <wsa@the-dreams.de>
commit 11cfbfb098b22d3e57f1f2be217cad20e2d48463 upstream.
iowait is for blkio [1]. I2C shouldn't use it.
[1] https://lkml.org/lkml/2014/11/3/317
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-at91.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/i2c/busses/i2c-at91.c
+++ b/drivers/i2c/busses/i2c-at91.c
@@ -434,7 +434,7 @@ static int at91_do_twi_transfer(struct a
}
}
- ret = wait_for_completion_io_timeout(&dev->cmd_complete,
+ ret = wait_for_completion_timeout(&dev->cmd_complete,
dev->adapter.timeout);
if (ret == 0) {
dev_err(dev->dev, "controller timed out\n");
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 307/319] sysfs: driver core: Fix glue dir race condition by gdp_mutex
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (289 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 306/319] i2c: at91: dont account as iowait Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 309/319] of: Fix overflow bug in string property parsing functions Greg Kroah-Hartman
` (12 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yijing Wang, Weng Meiling
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yijing Wang <wangyijing@huawei.com>
commit e4a60d139060975eb956717e4f63ae348d4d8cc5 upstream.
There is a race condition when removing glue directory.
It can be reproduced in following test:
path 1: Add first child device
device_add()
get_device_parent()
/*find parent from glue_dirs.list*/
list_for_each_entry(k, &dev->class->p->glue_dirs.list, entry)
if (k->parent == parent_kobj) {
kobj = kobject_get(k);
break;
}
....
class_dir_create_and_add()
path2: Remove last child device under glue dir
device_del()
cleanup_device_parent()
cleanup_glue_dir()
kobject_put(glue_dir);
If path2 has been called cleanup_glue_dir(), but not
call kobject_put(glue_dir), the glue dir is still
in parent's kset list. Meanwhile, path1 find the glue
dir from the glue_dirs.list. Path2 may release glue dir
before path1 call kobject_get(). So kernel will report
the warning and bug_on.
This is a "classic" problem we have of a kref in a list
that can be found while the last instance could be removed
at the same time.
This patch reuse gdp_mutex to fix this race condition.
The following calltrace is captured in kernel 3.4, but
the latest kernel still has this bug.
-----------------------------------------------------
<4>[ 3965.441471] WARNING: at ...include/linux/kref.h:41 kobject_get+0x33/0x40()
<4>[ 3965.441474] Hardware name: Romley
<4>[ 3965.441475] Modules linked in: isd_iop(O) isd_xda(O)...
...
<4>[ 3965.441605] Call Trace:
<4>[ 3965.441611] [<ffffffff8103717a>] warn_slowpath_common+0x7a/0xb0
<4>[ 3965.441615] [<ffffffff810371c5>] warn_slowpath_null+0x15/0x20
<4>[ 3965.441618] [<ffffffff81215963>] kobject_get+0x33/0x40
<4>[ 3965.441624] [<ffffffff812d1e45>] get_device_parent.isra.11+0x135/0x1f0
<4>[ 3965.441627] [<ffffffff812d22d4>] device_add+0xd4/0x6d0
<4>[ 3965.441631] [<ffffffff812d0dbc>] ? dev_set_name+0x3c/0x40
....
<2>[ 3965.441912] kernel BUG at ..../fs/sysfs/group.c:65!
<4>[ 3965.441915] invalid opcode: 0000 [#1] SMP
...
<4>[ 3965.686743] [<ffffffff811a677e>] sysfs_create_group+0xe/0x10
<4>[ 3965.686748] [<ffffffff810cfb04>] blk_trace_init_sysfs+0x14/0x20
<4>[ 3965.686753] [<ffffffff811fcabb>] blk_register_queue+0x3b/0x120
<4>[ 3965.686756] [<ffffffff812030bc>] add_disk+0x1cc/0x490
....
-------------------------------------------------------
Signed-off-by: Yijing Wang <wangyijing@huawei.com>
Signed-off-by: Weng Meiling <wengmeiling.weng@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -724,12 +724,12 @@ class_dir_create_and_add(struct class *c
return &dir->kobj;
}
+static DEFINE_MUTEX(gdp_mutex);
static struct kobject *get_device_parent(struct device *dev,
struct device *parent)
{
if (dev->class) {
- static DEFINE_MUTEX(gdp_mutex);
struct kobject *kobj = NULL;
struct kobject *parent_kobj;
struct kobject *k;
@@ -793,7 +793,9 @@ static void cleanup_glue_dir(struct devi
glue_dir->kset != &dev->class->p->glue_dirs)
return;
+ mutex_lock(&gdp_mutex);
kobject_put(glue_dir);
+ mutex_unlock(&gdp_mutex);
}
static void cleanup_device_parent(struct device *dev)
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 309/319] of: Fix overflow bug in string property parsing functions
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (290 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 307/319] sysfs: driver core: Fix glue dir race condition by gdp_mutex Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 310/319] Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup Greg Kroah-Hartman
` (11 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grant Likely, Rafael J. Wysocki,
Mika Westerberg, Rob Herring, Arnd Bergmann, Darren Hart
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Grant Likely <grant.likely@linaro.org>
commit a87fa1d81a9fb5e9adca9820e16008c40ad09f33 upstream.
The string property read helpers will run off the end of the buffer if
it is handed a malformed string property. Rework the parsers to make
sure that doesn't happen. At the same time add new test cases to make
sure the functions behave themselves.
The original implementations of of_property_read_string_index() and
of_property_count_strings() both open-coded the same block of parsing
code, each with it's own subtly different bugs. The fix here merges
functions into a single helper and makes the original functions static
inline wrappers around the helper.
One non-bugfix aspect of this patch is the addition of a new wrapper,
of_property_read_string_array(). The new wrapper is needed by the
device_properties feature that Rafael is working on and planning to
merge for v3.19. The implementation is identical both with and without
the new static inline wrapper, so it just got left in to reduce the
churn on the header file.
Signed-off-by: Grant Likely <grant.likely@linaro.org>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Darren Hart <darren.hart@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/base.c | 88 +++++++---------------------
drivers/of/selftest.c | 66 +++++++++++++++++++--
drivers/of/testcase-data/tests-phandle.dtsi | 2
include/linux/of.h | 84 ++++++++++++++++++++++----
4 files changed, 154 insertions(+), 86 deletions(-)
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -1277,52 +1277,6 @@ int of_property_read_string(struct devic
EXPORT_SYMBOL_GPL(of_property_read_string);
/**
- * of_property_read_string_index - Find and read a string from a multiple
- * strings property.
- * @np: device node from which the property value is to be read.
- * @propname: name of the property to be searched.
- * @index: index of the string in the list of strings
- * @out_string: pointer to null terminated return string, modified only if
- * return value is 0.
- *
- * Search for a property in a device tree node and retrieve a null
- * terminated string value (pointer to data, not a copy) in the list of strings
- * contained in that property.
- * Returns 0 on success, -EINVAL if the property does not exist, -ENODATA if
- * property does not have a value, and -EILSEQ if the string is not
- * null-terminated within the length of the property data.
- *
- * The out_string pointer is modified only if a valid string can be decoded.
- */
-int of_property_read_string_index(struct device_node *np, const char *propname,
- int index, const char **output)
-{
- struct property *prop = of_find_property(np, propname, NULL);
- int i = 0;
- size_t l = 0, total = 0;
- const char *p;
-
- if (!prop)
- return -EINVAL;
- if (!prop->value)
- return -ENODATA;
- if (strnlen(prop->value, prop->length) >= prop->length)
- return -EILSEQ;
-
- p = prop->value;
-
- for (i = 0; total < prop->length; total += l, p += l) {
- l = strlen(p) + 1;
- if (i++ == index) {
- *output = p;
- return 0;
- }
- }
- return -ENODATA;
-}
-EXPORT_SYMBOL_GPL(of_property_read_string_index);
-
-/**
* of_property_match_string() - Find string in a list and return index
* @np: pointer to node containing string list property
* @propname: string list property name
@@ -1348,7 +1302,7 @@ int of_property_match_string(struct devi
end = p + prop->length;
for (i = 0; p < end; i++, p += l) {
- l = strlen(p) + 1;
+ l = strnlen(p, end - p) + 1;
if (p + l > end)
return -EILSEQ;
pr_debug("comparing %s with %s\n", string, p);
@@ -1360,39 +1314,41 @@ int of_property_match_string(struct devi
EXPORT_SYMBOL_GPL(of_property_match_string);
/**
- * of_property_count_strings - Find and return the number of strings from a
- * multiple strings property.
+ * of_property_read_string_util() - Utility helper for parsing string properties
* @np: device node from which the property value is to be read.
* @propname: name of the property to be searched.
+ * @out_strs: output array of string pointers.
+ * @sz: number of array elements to read.
+ * @skip: Number of strings to skip over at beginning of list.
*
- * Search for a property in a device tree node and retrieve the number of null
- * terminated string contain in it. Returns the number of strings on
- * success, -EINVAL if the property does not exist, -ENODATA if property
- * does not have a value, and -EILSEQ if the string is not null-terminated
- * within the length of the property data.
+ * Don't call this function directly. It is a utility helper for the
+ * of_property_read_string*() family of functions.
*/
-int of_property_count_strings(struct device_node *np, const char *propname)
+int of_property_read_string_helper(struct device_node *np, const char *propname,
+ const char **out_strs, size_t sz, int skip)
{
struct property *prop = of_find_property(np, propname, NULL);
- int i = 0;
- size_t l = 0, total = 0;
- const char *p;
+ int l = 0, i = 0;
+ const char *p, *end;
if (!prop)
return -EINVAL;
if (!prop->value)
return -ENODATA;
- if (strnlen(prop->value, prop->length) >= prop->length)
- return -EILSEQ;
-
p = prop->value;
+ end = p + prop->length;
- for (i = 0; total < prop->length; total += l, p += l, i++)
- l = strlen(p) + 1;
-
- return i;
+ for (i = 0; p < end && (!out_strs || i < skip + sz); i++, p += l) {
+ l = strnlen(p, end - p) + 1;
+ if (p + l > end)
+ return -EILSEQ;
+ if (out_strs && i >= skip)
+ *out_strs++ = p;
+ }
+ i -= skip;
+ return i <= 0 ? -ENODATA : i;
}
-EXPORT_SYMBOL_GPL(of_property_count_strings);
+EXPORT_SYMBOL_GPL(of_property_read_string_helper);
void of_print_phandle_args(const char *msg, const struct of_phandle_args *args)
{
--- a/drivers/of/selftest.c
+++ b/drivers/of/selftest.c
@@ -247,8 +247,9 @@ static void __init of_selftest_parse_pha
selftest(rc == -EINVAL, "expected:%i got:%i\n", -EINVAL, rc);
}
-static void __init of_selftest_property_match_string(void)
+static void __init of_selftest_property_string(void)
{
+ const char *strings[4];
struct device_node *np;
int rc;
@@ -265,13 +266,66 @@ static void __init of_selftest_property_
rc = of_property_match_string(np, "phandle-list-names", "third");
selftest(rc == 2, "third expected:0 got:%i\n", rc);
rc = of_property_match_string(np, "phandle-list-names", "fourth");
- selftest(rc == -ENODATA, "unmatched string; rc=%i", rc);
+ selftest(rc == -ENODATA, "unmatched string; rc=%i\n", rc);
rc = of_property_match_string(np, "missing-property", "blah");
- selftest(rc == -EINVAL, "missing property; rc=%i", rc);
+ selftest(rc == -EINVAL, "missing property; rc=%i\n", rc);
rc = of_property_match_string(np, "empty-property", "blah");
- selftest(rc == -ENODATA, "empty property; rc=%i", rc);
+ selftest(rc == -ENODATA, "empty property; rc=%i\n", rc);
rc = of_property_match_string(np, "unterminated-string", "blah");
- selftest(rc == -EILSEQ, "unterminated string; rc=%i", rc);
+ selftest(rc == -EILSEQ, "unterminated string; rc=%i\n", rc);
+
+ /* of_property_count_strings() tests */
+ rc = of_property_count_strings(np, "string-property");
+ selftest(rc == 1, "Incorrect string count; rc=%i\n", rc);
+ rc = of_property_count_strings(np, "phandle-list-names");
+ selftest(rc == 3, "Incorrect string count; rc=%i\n", rc);
+ rc = of_property_count_strings(np, "unterminated-string");
+ selftest(rc == -EILSEQ, "unterminated string; rc=%i\n", rc);
+ rc = of_property_count_strings(np, "unterminated-string-list");
+ selftest(rc == -EILSEQ, "unterminated string array; rc=%i\n", rc);
+
+ /* of_property_read_string_index() tests */
+ rc = of_property_read_string_index(np, "string-property", 0, strings);
+ selftest(rc == 0 && !strcmp(strings[0], "foobar"), "of_property_read_string_index() failure; rc=%i\n", rc);
+ strings[0] = NULL;
+ rc = of_property_read_string_index(np, "string-property", 1, strings);
+ selftest(rc == -ENODATA && strings[0] == NULL, "of_property_read_string_index() failure; rc=%i\n", rc);
+ rc = of_property_read_string_index(np, "phandle-list-names", 0, strings);
+ selftest(rc == 0 && !strcmp(strings[0], "first"), "of_property_read_string_index() failure; rc=%i\n", rc);
+ rc = of_property_read_string_index(np, "phandle-list-names", 1, strings);
+ selftest(rc == 0 && !strcmp(strings[0], "second"), "of_property_read_string_index() failure; rc=%i\n", rc);
+ rc = of_property_read_string_index(np, "phandle-list-names", 2, strings);
+ selftest(rc == 0 && !strcmp(strings[0], "third"), "of_property_read_string_index() failure; rc=%i\n", rc);
+ strings[0] = NULL;
+ rc = of_property_read_string_index(np, "phandle-list-names", 3, strings);
+ selftest(rc == -ENODATA && strings[0] == NULL, "of_property_read_string_index() failure; rc=%i\n", rc);
+ strings[0] = NULL;
+ rc = of_property_read_string_index(np, "unterminated-string", 0, strings);
+ selftest(rc == -EILSEQ && strings[0] == NULL, "of_property_read_string_index() failure; rc=%i\n", rc);
+ rc = of_property_read_string_index(np, "unterminated-string-list", 0, strings);
+ selftest(rc == 0 && !strcmp(strings[0], "first"), "of_property_read_string_index() failure; rc=%i\n", rc);
+ strings[0] = NULL;
+ rc = of_property_read_string_index(np, "unterminated-string-list", 2, strings); /* should fail */
+ selftest(rc == -EILSEQ && strings[0] == NULL, "of_property_read_string_index() failure; rc=%i\n", rc);
+ strings[1] = NULL;
+
+ /* of_property_read_string_array() tests */
+ rc = of_property_read_string_array(np, "string-property", strings, 4);
+ selftest(rc == 1, "Incorrect string count; rc=%i\n", rc);
+ rc = of_property_read_string_array(np, "phandle-list-names", strings, 4);
+ selftest(rc == 3, "Incorrect string count; rc=%i\n", rc);
+ rc = of_property_read_string_array(np, "unterminated-string", strings, 4);
+ selftest(rc == -EILSEQ, "unterminated string; rc=%i\n", rc);
+ /* -- An incorrectly formed string should cause a failure */
+ rc = of_property_read_string_array(np, "unterminated-string-list", strings, 4);
+ selftest(rc == -EILSEQ, "unterminated string array; rc=%i\n", rc);
+ /* -- parsing the correctly formed strings should still work: */
+ strings[2] = NULL;
+ rc = of_property_read_string_array(np, "unterminated-string-list", strings, 2);
+ selftest(rc == 2 && strings[2] == NULL, "of_property_read_string_array() failure; rc=%i\n", rc);
+ strings[1] = NULL;
+ rc = of_property_read_string_array(np, "phandle-list-names", strings, 1);
+ selftest(rc == 1 && strings[1] == NULL, "Overwrote end of string array; rc=%i, str='%s'\n", rc, strings[1]);
}
#define propcmp(p1, p2) (((p1)->length == (p2)->length) && \
@@ -783,7 +837,7 @@ static int __init of_selftest(void)
of_selftest_find_node_by_name();
of_selftest_dynamic();
of_selftest_parse_phandle_with_args();
- of_selftest_property_match_string();
+ of_selftest_property_string();
of_selftest_property_copy();
of_selftest_changeset();
of_selftest_parse_interrupts();
--- a/drivers/of/testcase-data/tests-phandle.dtsi
+++ b/drivers/of/testcase-data/tests-phandle.dtsi
@@ -39,7 +39,9 @@
phandle-list-bad-args = <&provider2 1 0>,
<&provider3 0>;
empty-property;
+ string-property = "foobar";
unterminated-string = [40 41 42 43];
+ unterminated-string-list = "first", "second", [40 41 42 43];
};
};
};
--- a/include/linux/of.h
+++ b/include/linux/of.h
@@ -267,14 +267,12 @@ extern int of_property_read_u64(const st
extern int of_property_read_string(struct device_node *np,
const char *propname,
const char **out_string);
-extern int of_property_read_string_index(struct device_node *np,
- const char *propname,
- int index, const char **output);
extern int of_property_match_string(struct device_node *np,
const char *propname,
const char *string);
-extern int of_property_count_strings(struct device_node *np,
- const char *propname);
+extern int of_property_read_string_helper(struct device_node *np,
+ const char *propname,
+ const char **out_strs, size_t sz, int index);
extern int of_device_is_compatible(const struct device_node *device,
const char *);
extern int of_device_is_available(const struct device_node *device);
@@ -486,15 +484,9 @@ static inline int of_property_read_strin
return -ENOSYS;
}
-static inline int of_property_read_string_index(struct device_node *np,
- const char *propname, int index,
- const char **out_string)
-{
- return -ENOSYS;
-}
-
-static inline int of_property_count_strings(struct device_node *np,
- const char *propname)
+static inline int of_property_read_string_helper(struct device_node *np,
+ const char *propname,
+ const char **out_strs, size_t sz, int index)
{
return -ENOSYS;
}
@@ -668,6 +660,70 @@ static inline int of_property_count_u64_
}
/**
+ * of_property_read_string_array() - Read an array of strings from a multiple
+ * strings property.
+ * @np: device node from which the property value is to be read.
+ * @propname: name of the property to be searched.
+ * @out_strs: output array of string pointers.
+ * @sz: number of array elements to read.
+ *
+ * Search for a property in a device tree node and retrieve a list of
+ * terminated string values (pointer to data, not a copy) in that property.
+ *
+ * If @out_strs is NULL, the number of strings in the property is returned.
+ */
+static inline int of_property_read_string_array(struct device_node *np,
+ const char *propname, const char **out_strs,
+ size_t sz)
+{
+ return of_property_read_string_helper(np, propname, out_strs, sz, 0);
+}
+
+/**
+ * of_property_count_strings() - Find and return the number of strings from a
+ * multiple strings property.
+ * @np: device node from which the property value is to be read.
+ * @propname: name of the property to be searched.
+ *
+ * Search for a property in a device tree node and retrieve the number of null
+ * terminated string contain in it. Returns the number of strings on
+ * success, -EINVAL if the property does not exist, -ENODATA if property
+ * does not have a value, and -EILSEQ if the string is not null-terminated
+ * within the length of the property data.
+ */
+static inline int of_property_count_strings(struct device_node *np,
+ const char *propname)
+{
+ return of_property_read_string_helper(np, propname, NULL, 0, 0);
+}
+
+/**
+ * of_property_read_string_index() - Find and read a string from a multiple
+ * strings property.
+ * @np: device node from which the property value is to be read.
+ * @propname: name of the property to be searched.
+ * @index: index of the string in the list of strings
+ * @out_string: pointer to null terminated return string, modified only if
+ * return value is 0.
+ *
+ * Search for a property in a device tree node and retrieve a null
+ * terminated string value (pointer to data, not a copy) in the list of strings
+ * contained in that property.
+ * Returns 0 on success, -EINVAL if the property does not exist, -ENODATA if
+ * property does not have a value, and -EILSEQ if the string is not
+ * null-terminated within the length of the property data.
+ *
+ * The out_string pointer is modified only if a valid string can be decoded.
+ */
+static inline int of_property_read_string_index(struct device_node *np,
+ const char *propname,
+ int index, const char **output)
+{
+ int rc = of_property_read_string_helper(np, propname, output, 1, index);
+ return rc < 0 ? rc : 0;
+}
+
+/**
* of_property_read_bool - Findfrom a property
* @np: device node from which the property value is to be read.
* @propname: name of the property to be searched.
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 310/319] Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (291 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 309/319] of: Fix overflow bug in string property parsing functions Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 311/319] xfs: bulkstat doesnt release AGI buffer on error Greg Kroah-Hartman
` (10 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chris Mason, Erik Berg
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Mason <clm@fb.com>
commit 6e5aafb27419f32575b27ef9d6a31e5d54661aca upstream.
If we hit any errors in btrfs_lookup_csums_range, we'll loop through all
the csums we allocate and free them. But the code was using list_entry
incorrectly, and ended up trying to free the on-stack list_head instead.
This bug came from commit 0678b6185
btrfs: Don't BUG_ON kzalloc error in btrfs_lookup_csums_range()
Signed-off-by: Chris Mason <clm@fb.com>
Reported-by: Erik Berg <btrfs@slipsprogrammoer.no>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file-item.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -423,7 +423,7 @@ int btrfs_lookup_csums_range(struct btrf
ret = 0;
fail:
while (ret < 0 && !list_empty(&tmplist)) {
- sums = list_entry(&tmplist, struct btrfs_ordered_sum, list);
+ sums = list_entry(tmplist.next, struct btrfs_ordered_sum, list);
list_del(&sums->list);
kfree(sums);
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 311/319] xfs: bulkstat doesnt release AGI buffer on error
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (292 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 310/319] Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 312/319] xfs: Check error during inode btree iteration in xfs_bulkstat() Greg Kroah-Hartman
` (9 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Brian Foster,
Eric Sandeen, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit a6bbce54efa9145dbcf3029c885549f7ebc40a3b upstream.
The recent refactoring of the bulkstat code left a small landmine in
the code. If a inobt read fails, then the tree walk is aborted and
returns without releasing the AGI buffer or freeing the cursor. This
can lead to a subsequent bulkstat call hanging trying to grab the
AGI buffer again.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -427,7 +427,7 @@ xfs_bulkstat(
error = xfs_bulkstat_grab_ichunk(cur, agino, &icount, &r);
if (error)
- break;
+ goto del_cursor;
if (icount) {
irbp->ir_startino = r.ir_startino;
irbp->ir_freecount = r.ir_freecount;
@@ -442,7 +442,7 @@ xfs_bulkstat(
error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &tmp);
}
if (error)
- break;
+ goto del_cursor;
/*
* Loop through inode btree records in this ag,
@@ -454,7 +454,7 @@ xfs_bulkstat(
error = xfs_inobt_get_rec(cur, &r, &i);
if (error || i == 0) {
end_of_ag = 1;
- break;
+ goto del_cursor;
}
/*
@@ -476,13 +476,17 @@ xfs_bulkstat(
error = xfs_btree_increment(cur, 0, &tmp);
cond_resched();
}
+
/*
- * Drop the btree buffers and the agi buffer.
- * We can't hold any of the locks these represent
- * when calling iget.
+ * Drop the btree buffers and the agi buffer as we can't hold any
+ * of the locks these represent when calling iget. If there is a
+ * pending error, then we are done.
*/
+del_cursor:
xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
xfs_buf_relse(agbp);
+ if (error)
+ break;
/*
* Now format all the good inodes into the user's buffer.
*/
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 312/319] xfs: Check error during inode btree iteration in xfs_bulkstat()
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (293 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 311/319] xfs: bulkstat doesnt release AGI buffer on error Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 313/319] xfs: bulkstat btree walk doesnt terminate Greg Kroah-Hartman
` (8 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Jie Liu, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 7a19dee116c8fae7ba7a778043c245194289f5a2 upstream.
xfs_bulkstat() doesn't check error return from xfs_btree_increment(). In
case of specific fs corruption that could result in xfs_bulkstat()
entering an infinite loop because we would be looping over the same
chunk over and over again. Fix the problem by checking the return value
and terminating the loop properly.
Coverity-id: 1231338
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jie Liu <jeff.u.liu@gmail.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -474,6 +474,10 @@ xfs_bulkstat(
*/
agino = r.ir_startino + XFS_INODES_PER_CHUNK;
error = xfs_btree_increment(cur, 0, &tmp);
+ if (error) {
+ end_of_ag = 1;
+ goto del_cursor;
+ }
cond_resched();
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 313/319] xfs: bulkstat btree walk doesnt terminate
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (294 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 312/319] xfs: Check error during inode btree iteration in xfs_bulkstat() Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 314/319] xfs: bulkstat chunk formatting cursor is broken Greg Kroah-Hartman
` (7 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Brian Foster, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit afa947cb52a8e73fe71915a0b0af6fcf98dfbe1a upstream.
The bulkstat code has several different ways of detecting the end of
an AG when doing a walk. They are not consistently detected, and the
code that checks for the end of AG conditions is not consistently
coded. Hence the are conditions where the walk code can get stuck in
an endless loop making no progress and not triggering any
termination conditions.
Convert all the "tmp/i" status return codes from btree operations
to a common name (stat) and apply end-of-ag detection to these
operations consistently.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -356,7 +356,6 @@ xfs_bulkstat(
int end_of_ag; /* set if we've seen the ag end */
int error; /* error code */
int fmterror;/* bulkstat formatter result */
- int i; /* loop index */
int icount; /* count of inodes good in irbuf */
size_t irbsize; /* size of irec buffer in bytes */
xfs_ino_t ino; /* inode number (filesystem) */
@@ -366,11 +365,11 @@ xfs_bulkstat(
xfs_ino_t lastino; /* last inode number returned */
int nirbuf; /* size of irbuf */
int rval; /* return value error code */
- int tmp; /* result value from btree calls */
int ubcount; /* size of user's buffer */
int ubleft; /* bytes left in user's buffer */
char __user *ubufp; /* pointer into user's buffer */
int ubelem; /* spaces used in user's buffer */
+ int stat;
/*
* Get the last inode value, see if there's nothing to do.
@@ -436,13 +435,15 @@ xfs_bulkstat(
agino = r.ir_startino + XFS_INODES_PER_CHUNK;
}
/* Increment to the next record */
- error = xfs_btree_increment(cur, 0, &tmp);
+ error = xfs_btree_increment(cur, 0, &stat);
} else {
/* Start of ag. Lookup the first inode chunk */
- error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &tmp);
+ error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &stat);
}
- if (error)
+ if (error || stat == 0) {
+ end_of_ag = 1;
goto del_cursor;
+ }
/*
* Loop through inode btree records in this ag,
@@ -451,8 +452,8 @@ xfs_bulkstat(
while (irbp < irbufend && icount < ubcount) {
struct xfs_inobt_rec_incore r;
- error = xfs_inobt_get_rec(cur, &r, &i);
- if (error || i == 0) {
+ error = xfs_inobt_get_rec(cur, &r, &stat);
+ if (error || stat == 0) {
end_of_ag = 1;
goto del_cursor;
}
@@ -473,8 +474,8 @@ xfs_bulkstat(
* Set agino to after this chunk and bump the cursor.
*/
agino = r.ir_startino + XFS_INODES_PER_CHUNK;
- error = xfs_btree_increment(cur, 0, &tmp);
- if (error) {
+ error = xfs_btree_increment(cur, 0, &stat);
+ if (error || stat == 0) {
end_of_ag = 1;
goto del_cursor;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 314/319] xfs: bulkstat chunk formatting cursor is broken
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (295 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 313/319] xfs: bulkstat btree walk doesnt terminate Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 315/319] xfs: bulkstat chunk-formatter has issues Greg Kroah-Hartman
` (6 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Brian Foster, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit bf4a5af20d25ecc8876978ad34b8db83b4235f3c upstream.
The xfs_bulkstat_agichunk formatting cursor takes buffer values from
the main loop and passes them via the structure to the chunk
formatter, and the writes the changed values back into the main loop
local variables. Unfortunately, this complex dance is full of corner
cases that aren't handled correctly.
The biggest problem is that it is double handling the information in
both the main loop and the chunk formatting function, leading to
inconsistent updates and endless loops where progress is not made.
To fix this, push the struct xfs_bulkstat_agichunk outwards to be
the primary holder of user buffer information. this removes the
double handling in the main loop.
Also, pass the last inode processed by the chunk formatter as a
separate parameter as it purely an output variable and is not
related to the user buffer consumption cursor.
Finally, the chunk formatting code is not shared by anyone, so make
it local to xfs_itable.c.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 59 ++++++++++++++++++++++++----------------------------
fs/xfs/xfs_itable.h | 16 --------------
2 files changed, 28 insertions(+), 47 deletions(-)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -262,20 +262,26 @@ xfs_bulkstat_grab_ichunk(
#define XFS_BULKSTAT_UBLEFT(ubleft) ((ubleft) >= statstruct_size)
+struct xfs_bulkstat_agichunk {
+ char __user **ac_ubuffer;/* pointer into user's buffer */
+ int ac_ubleft; /* bytes left in user's buffer */
+ int ac_ubelem; /* spaces used in user's buffer */
+};
+
/*
* Process inodes in chunk with a pointer to a formatter function
* that will iget the inode and fill in the appropriate structure.
*/
-int
+static int
xfs_bulkstat_ag_ichunk(
struct xfs_mount *mp,
xfs_agnumber_t agno,
struct xfs_inobt_rec_incore *irbp,
bulkstat_one_pf formatter,
size_t statstruct_size,
- struct xfs_bulkstat_agichunk *acp)
+ struct xfs_bulkstat_agichunk *acp,
+ xfs_ino_t *lastino)
{
- xfs_ino_t lastino = acp->ac_lastino;
char __user **ubufp = acp->ac_ubuffer;
int ubleft = acp->ac_ubleft;
int ubelem = acp->ac_ubelem;
@@ -295,7 +301,7 @@ xfs_bulkstat_ag_ichunk(
/* Skip if this inode is free */
if (XFS_INOBT_MASK(chunkidx) & irbp->ir_free) {
- lastino = ino;
+ *lastino = ino;
continue;
}
@@ -313,7 +319,7 @@ xfs_bulkstat_ag_ichunk(
ubleft = 0;
break;
}
- lastino = ino;
+ *lastino = ino;
continue;
}
if (fmterror == BULKSTAT_RV_GIVEUP) {
@@ -325,10 +331,9 @@ xfs_bulkstat_ag_ichunk(
*ubufp += ubused;
ubleft -= ubused;
ubelem++;
- lastino = ino;
+ *lastino = ino;
}
- acp->ac_lastino = lastino;
acp->ac_ubleft = ubleft;
acp->ac_ubelem = ubelem;
@@ -355,7 +360,6 @@ xfs_bulkstat(
xfs_btree_cur_t *cur; /* btree cursor for ialloc btree */
int end_of_ag; /* set if we've seen the ag end */
int error; /* error code */
- int fmterror;/* bulkstat formatter result */
int icount; /* count of inodes good in irbuf */
size_t irbsize; /* size of irec buffer in bytes */
xfs_ino_t ino; /* inode number (filesystem) */
@@ -366,10 +370,8 @@ xfs_bulkstat(
int nirbuf; /* size of irbuf */
int rval; /* return value error code */
int ubcount; /* size of user's buffer */
- int ubleft; /* bytes left in user's buffer */
- char __user *ubufp; /* pointer into user's buffer */
- int ubelem; /* spaces used in user's buffer */
int stat;
+ struct xfs_bulkstat_agichunk ac;
/*
* Get the last inode value, see if there's nothing to do.
@@ -386,11 +388,13 @@ xfs_bulkstat(
}
ubcount = *ubcountp; /* statstruct's */
- ubleft = ubcount * statstruct_size; /* bytes */
- *ubcountp = ubelem = 0;
+ ac.ac_ubuffer = &ubuffer;
+ ac.ac_ubleft = ubcount * statstruct_size; /* bytes */;
+ ac.ac_ubelem = 0;
+
+ *ubcountp = 0;
*done = 0;
- fmterror = 0;
- ubufp = ubuffer;
+
irbuf = kmem_zalloc_greedy(&irbsize, PAGE_SIZE, PAGE_SIZE * 4);
if (!irbuf)
return -ENOMEM;
@@ -402,7 +406,7 @@ xfs_bulkstat(
* inode returned; 0 means start of the allocation group.
*/
rval = 0;
- while (XFS_BULKSTAT_UBLEFT(ubleft) && agno < mp->m_sb.sb_agcount) {
+ while (XFS_BULKSTAT_UBLEFT(ac.ac_ubleft) && agno < mp->m_sb.sb_agcount) {
cond_resched();
error = xfs_ialloc_read_agi(mp, NULL, agno, &agbp);
if (error)
@@ -497,28 +501,21 @@ del_cursor:
*/
irbufend = irbp;
for (irbp = irbuf;
- irbp < irbufend && XFS_BULKSTAT_UBLEFT(ubleft); irbp++) {
- struct xfs_bulkstat_agichunk ac;
-
- ac.ac_lastino = lastino;
- ac.ac_ubuffer = &ubuffer;
- ac.ac_ubleft = ubleft;
- ac.ac_ubelem = ubelem;
+ irbp < irbufend && XFS_BULKSTAT_UBLEFT(ac.ac_ubleft);
+ irbp++) {
error = xfs_bulkstat_ag_ichunk(mp, agno, irbp,
- formatter, statstruct_size, &ac);
+ formatter, statstruct_size, &ac,
+ &lastino);
if (error)
rval = error;
- lastino = ac.ac_lastino;
- ubleft = ac.ac_ubleft;
- ubelem = ac.ac_ubelem;
-
cond_resched();
}
+
/*
* Set up for the next loop iteration.
*/
- if (XFS_BULKSTAT_UBLEFT(ubleft)) {
+ if (XFS_BULKSTAT_UBLEFT(ac.ac_ubleft)) {
if (end_of_ag) {
agno++;
agino = 0;
@@ -531,11 +528,11 @@ del_cursor:
* Done, we're either out of filesystem or space to put the data.
*/
kmem_free(irbuf);
- *ubcountp = ubelem;
+ *ubcountp = ac.ac_ubelem;
/*
* Found some inodes, return them now and return the error next time.
*/
- if (ubelem)
+ if (ac.ac_ubelem)
rval = 0;
if (agno >= mp->m_sb.sb_agcount) {
/*
--- a/fs/xfs/xfs_itable.h
+++ b/fs/xfs/xfs_itable.h
@@ -30,22 +30,6 @@ typedef int (*bulkstat_one_pf)(struct xf
int *ubused,
int *stat);
-struct xfs_bulkstat_agichunk {
- xfs_ino_t ac_lastino; /* last inode returned */
- char __user **ac_ubuffer;/* pointer into user's buffer */
- int ac_ubleft; /* bytes left in user's buffer */
- int ac_ubelem; /* spaces used in user's buffer */
-};
-
-int
-xfs_bulkstat_ag_ichunk(
- struct xfs_mount *mp,
- xfs_agnumber_t agno,
- struct xfs_inobt_rec_incore *irbp,
- bulkstat_one_pf formatter,
- size_t statstruct_size,
- struct xfs_bulkstat_agichunk *acp);
-
/*
* Values for stat return value.
*/
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 315/319] xfs: bulkstat chunk-formatter has issues
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (296 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 314/319] xfs: bulkstat chunk formatting cursor is broken Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 316/319] xfs: bulkstat main loop logic is a mess Greg Kroah-Hartman
` (5 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Brian Foster, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit 2b831ac6bc87d3cbcbb1a8816827b6923403e461 upstream.
The loop construct has issues:
- clustidx is completely unused, so remove it.
- the loop tries to be smart by terminating when the
"freecount" tells it that all inodes are free. Just drop
it as in most cases we have to scan all inodes in the
chunk anyway.
- move the "user buffer left" condition check to the only
point where we consume space int eh user buffer.
- move the initialisation of agino out of the loop, leaving
just a simple loop control logic using the clusteridx.
Also, double handling of the user buffer variables leads to problems
tracking the current state - use the cursor variables directly
rather than keeping local copies and then having to update the
cursor before returning.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 58 +++++++++++++++++++++-------------------------------
1 file changed, 24 insertions(+), 34 deletions(-)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -283,59 +283,49 @@ xfs_bulkstat_ag_ichunk(
xfs_ino_t *lastino)
{
char __user **ubufp = acp->ac_ubuffer;
- int ubleft = acp->ac_ubleft;
- int ubelem = acp->ac_ubelem;
- int chunkidx, clustidx;
+ int chunkidx;
int error = 0;
xfs_agino_t agino;
- for (agino = irbp->ir_startino, chunkidx = clustidx = 0;
- XFS_BULKSTAT_UBLEFT(ubleft) &&
- irbp->ir_freecount < XFS_INODES_PER_CHUNK;
- chunkidx++, clustidx++, agino++) {
- int fmterror; /* bulkstat formatter result */
+ agino = irbp->ir_startino;
+ for (chunkidx = 0; chunkidx < XFS_INODES_PER_CHUNK;
+ chunkidx++, agino++) {
+ int fmterror;
int ubused;
xfs_ino_t ino = XFS_AGINO_TO_INO(mp, agno, agino);
- ASSERT(chunkidx < XFS_INODES_PER_CHUNK);
-
/* Skip if this inode is free */
if (XFS_INOBT_MASK(chunkidx) & irbp->ir_free) {
*lastino = ino;
continue;
}
- /*
- * Count used inodes as free so we can tell when the
- * chunk is used up.
- */
- irbp->ir_freecount++;
-
/* Get the inode and fill in a single buffer */
ubused = statstruct_size;
- error = formatter(mp, ino, *ubufp, ubleft, &ubused, &fmterror);
- if (fmterror == BULKSTAT_RV_NOTHING) {
- if (error && error != -ENOENT && error != -EINVAL) {
- ubleft = 0;
- break;
- }
- *lastino = ino;
- continue;
- }
- if (fmterror == BULKSTAT_RV_GIVEUP) {
- ubleft = 0;
+ error = formatter(mp, ino, *ubufp, acp->ac_ubleft,
+ &ubused, &fmterror);
+ if (fmterror == BULKSTAT_RV_GIVEUP ||
+ (error && error != -ENOENT && error != -EINVAL)) {
+ acp->ac_ubleft = 0;
ASSERT(error);
break;
}
- if (*ubufp)
- *ubufp += ubused;
- ubleft -= ubused;
- ubelem++;
+
+ /* be careful not to leak error if at end of chunk */
+ if (fmterror == BULKSTAT_RV_NOTHING || error) {
+ *lastino = ino;
+ error = 0;
+ continue;
+ }
+
+ *ubufp += ubused;
+ acp->ac_ubleft -= ubused;
+ acp->ac_ubelem++;
*lastino = ino;
- }
- acp->ac_ubleft = ubleft;
- acp->ac_ubelem = ubelem;
+ if (acp->ac_ubleft < statstruct_size)
+ break;
+ }
return error;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 316/319] xfs: bulkstat main loop logic is a mess
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (297 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 315/319] xfs: bulkstat chunk-formatter has issues Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 317/319] xfs: bulkstat error handling is broken Greg Kroah-Hartman
` (4 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Brian Foster, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit 6e57c542cb7e0e580eb53ae76a77875c7d92b4b1 upstream.
There are a bunch of variables tha tare more wildy scoped than they
need to be, obfuscated user buffer checks and tortured "next inode"
tracking. This all needs cleaning up to expose the real issues that
need fixing.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 56 ++++++++++++++++++++++------------------------------
1 file changed, 24 insertions(+), 32 deletions(-)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -348,30 +348,23 @@ xfs_bulkstat(
xfs_agino_t agino; /* inode # in allocation group */
xfs_agnumber_t agno; /* allocation group number */
xfs_btree_cur_t *cur; /* btree cursor for ialloc btree */
- int end_of_ag; /* set if we've seen the ag end */
- int error; /* error code */
- int icount; /* count of inodes good in irbuf */
size_t irbsize; /* size of irec buffer in bytes */
- xfs_ino_t ino; /* inode number (filesystem) */
- xfs_inobt_rec_incore_t *irbp; /* current irec buffer pointer */
xfs_inobt_rec_incore_t *irbuf; /* start of irec buffer */
- xfs_inobt_rec_incore_t *irbufend; /* end of good irec buffer entries */
xfs_ino_t lastino; /* last inode number returned */
int nirbuf; /* size of irbuf */
int rval; /* return value error code */
int ubcount; /* size of user's buffer */
- int stat;
struct xfs_bulkstat_agichunk ac;
+ int error = 0;
/*
* Get the last inode value, see if there's nothing to do.
*/
- ino = (xfs_ino_t)*lastinop;
- lastino = ino;
- agno = XFS_INO_TO_AGNO(mp, ino);
- agino = XFS_INO_TO_AGINO(mp, ino);
+ lastino = *lastinop;
+ agno = XFS_INO_TO_AGNO(mp, lastino);
+ agino = XFS_INO_TO_AGINO(mp, lastino);
if (agno >= mp->m_sb.sb_agcount ||
- ino != XFS_AGINO_TO_INO(mp, agno, agino)) {
+ lastino != XFS_AGINO_TO_INO(mp, agno, agino)) {
*done = 1;
*ubcountp = 0;
return 0;
@@ -396,8 +389,13 @@ xfs_bulkstat(
* inode returned; 0 means start of the allocation group.
*/
rval = 0;
- while (XFS_BULKSTAT_UBLEFT(ac.ac_ubleft) && agno < mp->m_sb.sb_agcount) {
- cond_resched();
+ while (agno < mp->m_sb.sb_agcount) {
+ struct xfs_inobt_rec_incore *irbp = irbuf;
+ struct xfs_inobt_rec_incore *irbufend = irbuf + nirbuf;
+ bool end_of_ag = false;
+ int icount = 0;
+ int stat;
+
error = xfs_ialloc_read_agi(mp, NULL, agno, &agbp);
if (error)
break;
@@ -407,10 +405,6 @@ xfs_bulkstat(
*/
cur = xfs_inobt_init_cursor(mp, NULL, agbp, agno,
XFS_BTNUM_INO);
- irbp = irbuf;
- irbufend = irbuf + nirbuf;
- end_of_ag = 0;
- icount = 0;
if (agino > 0) {
/*
* In the middle of an allocation group, we need to get
@@ -435,7 +429,7 @@ xfs_bulkstat(
error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &stat);
}
if (error || stat == 0) {
- end_of_ag = 1;
+ end_of_ag = true;
goto del_cursor;
}
@@ -448,7 +442,7 @@ xfs_bulkstat(
error = xfs_inobt_get_rec(cur, &r, &stat);
if (error || stat == 0) {
- end_of_ag = 1;
+ end_of_ag = true;
goto del_cursor;
}
@@ -470,7 +464,7 @@ xfs_bulkstat(
agino = r.ir_startino + XFS_INODES_PER_CHUNK;
error = xfs_btree_increment(cur, 0, &stat);
if (error || stat == 0) {
- end_of_ag = 1;
+ end_of_ag = true;
goto del_cursor;
}
cond_resched();
@@ -491,7 +485,7 @@ del_cursor:
*/
irbufend = irbp;
for (irbp = irbuf;
- irbp < irbufend && XFS_BULKSTAT_UBLEFT(ac.ac_ubleft);
+ irbp < irbufend && ac.ac_ubleft >= statstruct_size;
irbp++) {
error = xfs_bulkstat_ag_ichunk(mp, agno, irbp,
formatter, statstruct_size, &ac,
@@ -502,17 +496,15 @@ del_cursor:
cond_resched();
}
- /*
- * Set up for the next loop iteration.
- */
- if (XFS_BULKSTAT_UBLEFT(ac.ac_ubleft)) {
- if (end_of_ag) {
- agno++;
- agino = 0;
- } else
- agino = XFS_INO_TO_AGINO(mp, lastino);
- } else
+ /* If we've run out of space, we are done */
+ if (ac.ac_ubleft < statstruct_size)
break;
+
+ if (end_of_ag) {
+ agno++;
+ agino = 0;
+ } else
+ agino = XFS_INO_TO_AGINO(mp, lastino);
}
/*
* Done, we're either out of filesystem or space to put the data.
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 317/319] xfs: bulkstat error handling is broken
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (298 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 316/319] xfs: bulkstat main loop logic is a mess Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 318/319] xfs: track bulkstat progress by agino Greg Kroah-Hartman
` (3 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dave Chinner, Brian Foster
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit febe3cbe38b0bc0a925906dc90e8d59048851f87 upstream.
The error propagation is a horror - xfs_bulkstat() returns
a rval variable which is only set if there are formatter errors. Any
sort of btree walk error or corruption will cause the bulkstat walk
to terminate but will not pass an error back to userspace. Worse
is the fact that formatter errors will also be ignored if any inodes
were correctly formatted into the user buffer.
Hence bulkstat can fail badly yet still report success to userspace.
This causes significant issues with xfsdump not dumping everything
in the filesystem yet reporting success. It's not until a restore
fails that there is any indication that the dump was bad and tha
bulkstat failed. This patch now triggers xfsdump to fail with
bulkstat errors rather than silently missing files in the dump.
This now causes bulkstat to fail when the lastino cookie does not
fall inside an existing inode chunk. The pre-3.17 code tolerated
that error by allowing the code to move to the next inode chunk
as the agino target is guaranteed to fall into the next btree
record.
With the fixes up to this point in the series, xfsdump now passes on
the troublesome filesystem image that exposes all these bugs.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -236,8 +236,10 @@ xfs_bulkstat_grab_ichunk(
XFS_WANT_CORRUPTED_RETURN(stat == 1);
/* Check if the record contains the inode in request */
- if (irec->ir_startino + XFS_INODES_PER_CHUNK <= agino)
- return -EINVAL;
+ if (irec->ir_startino + XFS_INODES_PER_CHUNK <= agino) {
+ *icount = 0;
+ return 0;
+ }
idx = agino - irec->ir_startino + 1;
if (idx < XFS_INODES_PER_CHUNK &&
@@ -352,7 +354,6 @@ xfs_bulkstat(
xfs_inobt_rec_incore_t *irbuf; /* start of irec buffer */
xfs_ino_t lastino; /* last inode number returned */
int nirbuf; /* size of irbuf */
- int rval; /* return value error code */
int ubcount; /* size of user's buffer */
struct xfs_bulkstat_agichunk ac;
int error = 0;
@@ -388,7 +389,6 @@ xfs_bulkstat(
* Loop over the allocation groups, starting from the last
* inode returned; 0 means start of the allocation group.
*/
- rval = 0;
while (agno < mp->m_sb.sb_agcount) {
struct xfs_inobt_rec_incore *irbp = irbuf;
struct xfs_inobt_rec_incore *irbufend = irbuf + nirbuf;
@@ -491,13 +491,16 @@ del_cursor:
formatter, statstruct_size, &ac,
&lastino);
if (error)
- rval = error;
+ break;
cond_resched();
}
- /* If we've run out of space, we are done */
- if (ac.ac_ubleft < statstruct_size)
+ /*
+ * If we've run out of space or had a formatting error, we
+ * are now done
+ */
+ if (ac.ac_ubleft < statstruct_size || error)
break;
if (end_of_ag) {
@@ -511,11 +514,17 @@ del_cursor:
*/
kmem_free(irbuf);
*ubcountp = ac.ac_ubelem;
+
/*
- * Found some inodes, return them now and return the error next time.
+ * We found some inodes, so clear the error status and return them.
+ * The lastino pointer will point directly at the inode that triggered
+ * any error that occurred, so on the next call the error will be
+ * triggered again and propagated to userspace as there will be no
+ * formatted inodes in the buffer.
*/
if (ac.ac_ubelem)
- rval = 0;
+ error = 0;
+
if (agno >= mp->m_sb.sb_agcount) {
/*
* If we ran out of filesystem, mark lastino as off
@@ -527,7 +536,7 @@ del_cursor:
} else
*lastinop = (xfs_ino_t)lastino;
- return rval;
+ return error;
}
int
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 318/319] xfs: track bulkstat progress by agino
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (299 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 317/319] xfs: bulkstat error handling is broken Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 319/319] HID: add keyboard input assist hid usages Greg Kroah-Hartman
` (2 subsequent siblings)
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Brian Foster, Dave Chinner
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit 002758992693ae63c04122603ea9261a0a58d728 upstream.
The bulkstat main loop progress is tracked by the "lastino"
variable, which is a full 64 bit inode. However, the loop actually
works on agno/agino pairs, and so there's a significant disconnect
between the rest of the loop and the main cursor. Convert this to
use the agino, and pass the agino into the chunk formatting function
and convert it too.
This gets rid of the inconsistency in the loop processing, and
finally makes it simple for us to skip inodes at any point in the
loop simply by incrementing the agino cursor.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_itable.c | 71 ++++++++++++++++++++++++----------------------------
1 file changed, 34 insertions(+), 37 deletions(-)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -282,30 +282,31 @@ xfs_bulkstat_ag_ichunk(
bulkstat_one_pf formatter,
size_t statstruct_size,
struct xfs_bulkstat_agichunk *acp,
- xfs_ino_t *lastino)
+ xfs_agino_t *last_agino)
{
char __user **ubufp = acp->ac_ubuffer;
int chunkidx;
int error = 0;
- xfs_agino_t agino;
+ xfs_agino_t agino = irbp->ir_startino;
- agino = irbp->ir_startino;
for (chunkidx = 0; chunkidx < XFS_INODES_PER_CHUNK;
chunkidx++, agino++) {
int fmterror;
int ubused;
- xfs_ino_t ino = XFS_AGINO_TO_INO(mp, agno, agino);
+
+ /* inode won't fit in buffer, we are done */
+ if (acp->ac_ubleft < statstruct_size)
+ break;
/* Skip if this inode is free */
- if (XFS_INOBT_MASK(chunkidx) & irbp->ir_free) {
- *lastino = ino;
+ if (XFS_INOBT_MASK(chunkidx) & irbp->ir_free)
continue;
- }
/* Get the inode and fill in a single buffer */
ubused = statstruct_size;
- error = formatter(mp, ino, *ubufp, acp->ac_ubleft,
- &ubused, &fmterror);
+ error = formatter(mp, XFS_AGINO_TO_INO(mp, agno, agino),
+ *ubufp, acp->ac_ubleft, &ubused, &fmterror);
+
if (fmterror == BULKSTAT_RV_GIVEUP ||
(error && error != -ENOENT && error != -EINVAL)) {
acp->ac_ubleft = 0;
@@ -315,7 +316,6 @@ xfs_bulkstat_ag_ichunk(
/* be careful not to leak error if at end of chunk */
if (fmterror == BULKSTAT_RV_NOTHING || error) {
- *lastino = ino;
error = 0;
continue;
}
@@ -323,12 +323,18 @@ xfs_bulkstat_ag_ichunk(
*ubufp += ubused;
acp->ac_ubleft -= ubused;
acp->ac_ubelem++;
- *lastino = ino;
-
- if (acp->ac_ubleft < statstruct_size)
- break;
}
+ /*
+ * Post-update *last_agino. At this point, agino will always point one
+ * inode past the last inode we processed successfully. Hence we
+ * substract that inode when setting the *last_agino cursor so that we
+ * return the correct cookie to userspace. On the next bulkstat call,
+ * the inode under the lastino cookie will be skipped as we have already
+ * processed it here.
+ */
+ *last_agino = agino - 1;
+
return error;
}
@@ -352,7 +358,6 @@ xfs_bulkstat(
xfs_btree_cur_t *cur; /* btree cursor for ialloc btree */
size_t irbsize; /* size of irec buffer in bytes */
xfs_inobt_rec_incore_t *irbuf; /* start of irec buffer */
- xfs_ino_t lastino; /* last inode number returned */
int nirbuf; /* size of irbuf */
int ubcount; /* size of user's buffer */
struct xfs_bulkstat_agichunk ac;
@@ -361,11 +366,10 @@ xfs_bulkstat(
/*
* Get the last inode value, see if there's nothing to do.
*/
- lastino = *lastinop;
- agno = XFS_INO_TO_AGNO(mp, lastino);
- agino = XFS_INO_TO_AGINO(mp, lastino);
+ agno = XFS_INO_TO_AGNO(mp, *lastinop);
+ agino = XFS_INO_TO_AGINO(mp, *lastinop);
if (agno >= mp->m_sb.sb_agcount ||
- lastino != XFS_AGINO_TO_INO(mp, agno, agino)) {
+ *lastinop != XFS_AGINO_TO_INO(mp, agno, agino)) {
*done = 1;
*ubcountp = 0;
return 0;
@@ -420,7 +424,6 @@ xfs_bulkstat(
irbp->ir_freecount = r.ir_freecount;
irbp->ir_free = r.ir_free;
irbp++;
- agino = r.ir_startino + XFS_INODES_PER_CHUNK;
}
/* Increment to the next record */
error = xfs_btree_increment(cur, 0, &stat);
@@ -458,10 +461,6 @@ xfs_bulkstat(
irbp++;
icount += XFS_INODES_PER_CHUNK - r.ir_freecount;
}
- /*
- * Set agino to after this chunk and bump the cursor.
- */
- agino = r.ir_startino + XFS_INODES_PER_CHUNK;
error = xfs_btree_increment(cur, 0, &stat);
if (error || stat == 0) {
end_of_ag = true;
@@ -481,7 +480,9 @@ del_cursor:
if (error)
break;
/*
- * Now format all the good inodes into the user's buffer.
+ * Now format all the good inodes into the user's buffer. The
+ * call to xfs_bulkstat_ag_ichunk() sets up the agino pointer
+ * for the next loop iteration.
*/
irbufend = irbp;
for (irbp = irbuf;
@@ -489,7 +490,7 @@ del_cursor:
irbp++) {
error = xfs_bulkstat_ag_ichunk(mp, agno, irbp,
formatter, statstruct_size, &ac,
- &lastino);
+ &agino);
if (error)
break;
@@ -506,8 +507,7 @@ del_cursor:
if (end_of_ag) {
agno++;
agino = 0;
- } else
- agino = XFS_INO_TO_AGINO(mp, lastino);
+ }
}
/*
* Done, we're either out of filesystem or space to put the data.
@@ -525,16 +525,13 @@ del_cursor:
if (ac.ac_ubelem)
error = 0;
- if (agno >= mp->m_sb.sb_agcount) {
- /*
- * If we ran out of filesystem, mark lastino as off
- * the end of the filesystem, so the next call
- * will return immediately.
- */
- *lastinop = (xfs_ino_t)XFS_AGINO_TO_INO(mp, agno, 0);
+ /*
+ * If we ran out of filesystem, lastino will point off the end of
+ * the filesystem so the next call will return immediately.
+ */
+ *lastinop = XFS_AGINO_TO_INO(mp, agno, agino);
+ if (agno >= mp->m_sb.sb_agcount)
*done = 1;
- } else
- *lastinop = (xfs_ino_t)lastino;
return error;
}
^ permalink raw reply [flat|nested] 312+ messages in thread
* [PATCH 3.17 319/319] HID: add keyboard input assist hid usages
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (300 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 318/319] xfs: track bulkstat progress by agino Greg Kroah-Hartman
@ 2014-11-12 1:17 ` Greg Kroah-Hartman
2014-11-12 6:25 ` [PATCH 3.17 000/319] 3.17.3-stable review Guenter Roeck
2014-11-13 15:24 ` Shuah Khan
303 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 1:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Olivier Gay, Dmitry Torokhov, Jiri Kosina
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olivier Gay <ogay@logitech.com>
commit f974008f07a62171a9dede08250c9a35c2b2b986 upstream.
Add keyboard input assist controls usages from approved
hid usage table request HUTTR42:
http://www.usb.org/developers/hidpage/HUTRR42c.pdf
Signed-off-by: Olivier Gay <ogay@logitech.com>
Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-debug.c | 6 ++++++
drivers/hid/hid-input.c | 7 +++++++
include/uapi/linux/input.h | 7 +++++++
3 files changed, 20 insertions(+)
--- a/drivers/hid/hid-debug.c
+++ b/drivers/hid/hid-debug.c
@@ -946,6 +946,12 @@ static const char *keys[KEY_MAX + 1] = {
[KEY_BRIGHTNESS_MIN] = "BrightnessMin",
[KEY_BRIGHTNESS_MAX] = "BrightnessMax",
[KEY_BRIGHTNESS_AUTO] = "BrightnessAuto",
+ [KEY_KBDINPUTASSIST_PREV] = "KbdInputAssistPrev",
+ [KEY_KBDINPUTASSIST_NEXT] = "KbdInputAssistNext",
+ [KEY_KBDINPUTASSIST_PREVGROUP] = "KbdInputAssistPrevGroup",
+ [KEY_KBDINPUTASSIST_NEXTGROUP] = "KbdInputAssistNextGroup",
+ [KEY_KBDINPUTASSIST_ACCEPT] = "KbdInputAssistAccept",
+ [KEY_KBDINPUTASSIST_CANCEL] = "KbdInputAssistCancel",
};
static const char *relatives[REL_MAX + 1] = {
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -859,6 +859,13 @@ static void hidinput_configure_usage(str
case 0x28b: map_key_clear(KEY_FORWARDMAIL); break;
case 0x28c: map_key_clear(KEY_SEND); break;
+ case 0x2c7: map_key_clear(KEY_KBDINPUTASSIST_PREV); break;
+ case 0x2c8: map_key_clear(KEY_KBDINPUTASSIST_NEXT); break;
+ case 0x2c9: map_key_clear(KEY_KBDINPUTASSIST_PREVGROUP); break;
+ case 0x2ca: map_key_clear(KEY_KBDINPUTASSIST_NEXTGROUP); break;
+ case 0x2cb: map_key_clear(KEY_KBDINPUTASSIST_ACCEPT); break;
+ case 0x2cc: map_key_clear(KEY_KBDINPUTASSIST_CANCEL); break;
+
default: goto ignore;
}
break;
--- a/include/uapi/linux/input.h
+++ b/include/uapi/linux/input.h
@@ -739,6 +739,13 @@ struct input_keymap_entry {
#define KEY_BRIGHTNESS_MIN 0x250 /* Set Brightness to Minimum */
#define KEY_BRIGHTNESS_MAX 0x251 /* Set Brightness to Maximum */
+#define KEY_KBDINPUTASSIST_PREV 0x260
+#define KEY_KBDINPUTASSIST_NEXT 0x261
+#define KEY_KBDINPUTASSIST_PREVGROUP 0x262
+#define KEY_KBDINPUTASSIST_NEXTGROUP 0x263
+#define KEY_KBDINPUTASSIST_ACCEPT 0x264
+#define KEY_KBDINPUTASSIST_CANCEL 0x265
+
#define BTN_TRIGGER_HAPPY 0x2c0
#define BTN_TRIGGER_HAPPY1 0x2c0
#define BTN_TRIGGER_HAPPY2 0x2c1
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 000/319] 3.17.3-stable review
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (301 preceding siblings ...)
2014-11-12 1:17 ` [PATCH 3.17 319/319] HID: add keyboard input assist hid usages Greg Kroah-Hartman
@ 2014-11-12 6:25 ` Guenter Roeck
2014-11-12 7:29 ` Greg Kroah-Hartman
2014-11-13 15:24 ` Shuah Khan
303 siblings, 1 reply; 312+ messages in thread
From: Guenter Roeck @ 2014-11-12 6:25 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, satoru.takeuchi, shuah.kh, stable
On 11/11/2014 05:12 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.17.3 release.
> There are 319 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri Nov 14 01:07:52 UTC 2014.
> Anything received after that time might be too late.
>
Build results:
total: 133 pass: 132 fail: 1
Failed builds:
avr32:atngw100mkii_evklcd101_defconfig
Qemu tests:
total: 30 pass: 30 fail: 0
The failing build is due to a link error:
lib/lib.a(vsprintf.o): In function `vsnprintf':
vsprintf.c:(.text+0x16dc): relocation truncated to fit:
R_AVR32_16N_PCREL against symbol `_ctype' defined in .text section in lib/lib.a(ctype.o)
which has been observed on and off for the last few releases.
Details are available at http://server.roeck-us.net:8010/builder.
Guenter
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 000/319] 3.17.3-stable review
2014-11-12 6:25 ` [PATCH 3.17 000/319] 3.17.3-stable review Guenter Roeck
@ 2014-11-12 7:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-12 7:29 UTC (permalink / raw)
To: Guenter Roeck
Cc: linux-kernel, torvalds, akpm, satoru.takeuchi, shuah.kh, stable
On Tue, Nov 11, 2014 at 10:25:39PM -0800, Guenter Roeck wrote:
> On 11/11/2014 05:12 PM, Greg Kroah-Hartman wrote:
> >This is the start of the stable review cycle for the 3.17.3 release.
> >There are 319 patches in this series, all will be posted as a response
> >to this one. If anyone has any issues with these being applied, please
> >let me know.
> >
> >Responses should be made by Fri Nov 14 01:07:52 UTC 2014.
> >Anything received after that time might be too late.
> >
>
> Build results:
> total: 133 pass: 132 fail: 1
> Failed builds:
> avr32:atngw100mkii_evklcd101_defconfig
>
> Qemu tests:
> total: 30 pass: 30 fail: 0
>
> The failing build is due to a link error:
>
> lib/lib.a(vsprintf.o): In function `vsnprintf':
> vsprintf.c:(.text+0x16dc): relocation truncated to fit:
> R_AVR32_16N_PCREL against symbol `_ctype' defined in .text section in lib/lib.a(ctype.o)
>
> which has been observed on and off for the last few releases.
>
> Details are available at http://server.roeck-us.net:8010/builder.
Thanks for testing, I'll not worry about avr32 as that's an odd one...
greg k-h
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio
2014-11-12 1:12 ` [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio Greg Kroah-Hartman
@ 2014-11-12 21:03 ` Ben Hutchings
2014-11-13 10:26 ` Luis Henriques
` (2 more replies)
0 siblings, 3 replies; 312+ messages in thread
From: Ben Hutchings @ 2014-11-12 21:03 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller
[-- Attachment #1: Type: text/plain, Size: 1408 bytes --]
On Wed, 2014-11-12 at 10:12 +0900, Greg Kroah-Hartman wrote:
> 3.17-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Ben Hutchings <ben@decadent.org.uk>
>
> [ Upstream commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 ]
>
> IPv6 does not allow fragmentation by routers, so there is no
> fragmentation ID in the fixed header. UFO for IPv6 requires the ID to
> be passed separately, but there is no provision for this in the virtio
> net protocol.
>
> Until recently our software implementation of UFO/IPv6 generated a new
> ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet
> passed through a tap, which is even worse.
>
> Unfortunately there is no distinction between UFO/IPv4 and v6
> features, so disable UFO on taps and virtio_net completely until we
> have a proper solution.
[...]
Please drop this patch for 3.14 and 3.17. It causes problems for
migration of VMs and we're probably going to revert part of this. The
following patch ("drivers/net, ipv6: Select IPv6 fragment idents for
virtio UFO packets") might no longer apply, in which case you can drop
that as well until we have this sorted out upstream.
Ben.
--
Ben Hutchings
Experience is directly proportional to the value of equipment destroyed.
- Carolyn Scheppner
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio
2014-11-12 21:03 ` Ben Hutchings
@ 2014-11-13 10:26 ` Luis Henriques
2014-11-13 17:48 ` Jiri Slaby
2014-11-14 17:46 ` Greg Kroah-Hartman
2 siblings, 0 replies; 312+ messages in thread
From: Luis Henriques @ 2014-11-13 10:26 UTC (permalink / raw)
To: Ben Hutchings; +Cc: Greg Kroah-Hartman, linux-kernel, stable, David S. Miller
On Wed, Nov 12, 2014 at 09:03:59PM +0000, Ben Hutchings wrote:
> On Wed, 2014-11-12 at 10:12 +0900, Greg Kroah-Hartman wrote:
> > 3.17-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Ben Hutchings <ben@decadent.org.uk>
> >
> > [ Upstream commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 ]
> >
> > IPv6 does not allow fragmentation by routers, so there is no
> > fragmentation ID in the fixed header. UFO for IPv6 requires the ID to
> > be passed separately, but there is no provision for this in the virtio
> > net protocol.
> >
> > Until recently our software implementation of UFO/IPv6 generated a new
> > ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet
> > passed through a tap, which is even worse.
> >
> > Unfortunately there is no distinction between UFO/IPv4 and v6
> > features, so disable UFO on taps and virtio_net completely until we
> > have a proper solution.
> [...]
>
> Please drop this patch for 3.14 and 3.17. It causes problems for
> migration of VMs and we're probably going to revert part of this. The
> following patch ("drivers/net, ipv6: Select IPv6 fragment idents for
> virtio UFO packets") might no longer apply, in which case you can drop
> that as well until we have this sorted out upstream.
>
I guess the same applies to the 3.16 kernel; I'll drop both patches
from the kernel currently under review.
Cheers,
--
Luís
> Ben.
>
> --
> Ben Hutchings
> Experience is directly proportional to the value of equipment destroyed.
> - Carolyn Scheppner
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 000/319] 3.17.3-stable review
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
` (302 preceding siblings ...)
2014-11-12 6:25 ` [PATCH 3.17 000/319] 3.17.3-stable review Guenter Roeck
@ 2014-11-13 15:24 ` Shuah Khan
303 siblings, 0 replies; 312+ messages in thread
From: Shuah Khan @ 2014-11-13 15:24 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, satoru.takeuchi, shuah.kh, stable
On 11/11/2014 06:12 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.17.3 release.
> There are 319 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri Nov 14 01:07:52 UTC 2014.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.17.3-rc1.gz
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
-- Shuah
--
Shuah Khan
Sr. Linux Kernel Developer
Samsung Research America (Silicon Valley)
shuahkh@osg.samsung.com | (970) 217-8978
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio
2014-11-12 21:03 ` Ben Hutchings
2014-11-13 10:26 ` Luis Henriques
@ 2014-11-13 17:48 ` Jiri Slaby
2014-11-13 18:35 ` Ben Hutchings
2014-11-14 17:46 ` Greg Kroah-Hartman
2 siblings, 1 reply; 312+ messages in thread
From: Jiri Slaby @ 2014-11-13 17:48 UTC (permalink / raw)
To: Ben Hutchings, Greg Kroah-Hartman; +Cc: linux-kernel, stable, David S. Miller
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/12/2014, 10:03 PM, Ben Hutchings wrote:
> On Wed, 2014-11-12 at 10:12 +0900, Greg Kroah-Hartman wrote:
>> 3.17-stable review patch. If anyone has any objections, please
>> let me know.
>>
>> ------------------
>>
>> From: Ben Hutchings <ben@decadent.org.uk>
>>
>> [ Upstream commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 ]
>>
>> IPv6 does not allow fragmentation by routers, so there is no
>> fragmentation ID in the fixed header. UFO for IPv6 requires the
>> ID to be passed separately, but there is no provision for this in
>> the virtio net protocol.
>>
>> Until recently our software implementation of UFO/IPv6 generated
>> a new ID, but this was a bug. Now we will use ID=0 for any
>> UFO/IPv6 packet passed through a tap, which is even worse.
>>
>> Unfortunately there is no distinction between UFO/IPv4 and v6
>> features, so disable UFO on taps and virtio_net completely until
>> we have a proper solution.
> [...]
>
> Please drop this patch for 3.14 and 3.17. It causes problems for
> migration of VMs and we're probably going to revert part of this.
> The following patch ("drivers/net, ipv6: Select IPv6 fragment
> idents for virtio UFO packets") might no longer apply, in which
> case you can drop that as well until we have this sorted out
> upstream.
The same holds for 3.12, I suppose?
thanks,
- --
js
suse labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUZO8DAAoJEL0lsQQGtHBJ6m0QAKtFdrlbdrBszq6o7pR5B+Jz
7ULH2GpXb+s0eGK5jf2Wfrz3IGnpStPZa8wpOVVrCLX/sggccEwgTfTIN9LgDS84
juNP1aHKVMXc62Mf/ZTJpZF7+k1HbRp/M5EnZpFy/QrwHjbn1s+KGtepkLtt7Lsg
QHtmU+kvfoJKI1yOrStwuNYoOVLHl8cfG8gIB/8JLSuii9IzEO5nt4pHLbemW7s1
cwICvtRlQJkRDf7wWLPvy77pvBdlMERg5zqANQPZTyopQvn2nMs9V4h8JMiZYx0l
YR1aw8CrYm1BiOSCscNSCla5ypU3VcWLaNLHGhsaJwMwl12FhR4+4biNrobfHjU7
1dvWTA5VD9Hdz0rf/iqMpOrA7qbyp/ucmYkcpPe+y6BCT7f8VapnsUWrQxPU37N8
WdLYa4D9dgA1uL4zQICiQQpQqoJVTRZRep5W07zuMkjWiQnSVwRbOMiWD3bpee20
wrppKHKSwRskKK25J9wXWgLu+EfgqvskqB5RjzmDU2jZv/bkBqfTf00JY6ar4rlr
lAQHXnVaBHA3agY7yOvRc/95vNGW1BN/z+/fDu0sl/h5JCmapzN7mr5eSLWLQK8N
aVgc+y/z5rYsID2SKPI3gCKTCfIiASYAedNn+e67OiTTrTcNg2d9SWKJctVcsAD+
nBEnS4azRHV/9tyMKIFS
=6NLa
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio
2014-11-13 17:48 ` Jiri Slaby
@ 2014-11-13 18:35 ` Ben Hutchings
2014-11-13 18:45 ` Jiri Slaby
0 siblings, 1 reply; 312+ messages in thread
From: Ben Hutchings @ 2014-11-13 18:35 UTC (permalink / raw)
To: Jiri Slaby; +Cc: Greg Kroah-Hartman, linux-kernel, stable, David S. Miller
[-- Attachment #1: Type: text/plain, Size: 1574 bytes --]
On Thu, 2014-11-13 at 18:48 +0100, Jiri Slaby wrote:
> On 11/12/2014, 10:03 PM, Ben Hutchings wrote:
> > On Wed, 2014-11-12 at 10:12 +0900, Greg Kroah-Hartman wrote:
> >> 3.17-stable review patch. If anyone has any objections, please
> >> let me know.
> >>
> >> ------------------
> >>
> >> From: Ben Hutchings <ben@decadent.org.uk>
> >>
> >> [ Upstream commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 ]
> >>
> >> IPv6 does not allow fragmentation by routers, so there is no
> >> fragmentation ID in the fixed header. UFO for IPv6 requires the
> >> ID to be passed separately, but there is no provision for this in
> >> the virtio net protocol.
> >>
> >> Until recently our software implementation of UFO/IPv6 generated
> >> a new ID, but this was a bug. Now we will use ID=0 for any
> >> UFO/IPv6 packet passed through a tap, which is even worse.
> >>
> >> Unfortunately there is no distinction between UFO/IPv4 and v6
> >> features, so disable UFO on taps and virtio_net completely until
> >> we have a proper solution.
> > [...]
> >
> > Please drop this patch for 3.14 and 3.17. It causes problems for
> > migration of VMs and we're probably going to revert part of this.
> > The following patch ("drivers/net, ipv6: Select IPv6 fragment
> > idents for virtio UFO packets") might no longer apply, in which
> > case you can drop that as well until we have this sorted out
> > upstream.
>
> The same holds for 3.12, I suppose?
Right.
Ben.
--
Ben Hutchings
friends: People who know you well, but like you anyway.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio
2014-11-13 18:35 ` Ben Hutchings
@ 2014-11-13 18:45 ` Jiri Slaby
0 siblings, 0 replies; 312+ messages in thread
From: Jiri Slaby @ 2014-11-13 18:45 UTC (permalink / raw)
To: Ben Hutchings; +Cc: Greg Kroah-Hartman, linux-kernel, stable, David S. Miller
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/13/2014, 07:35 PM, Ben Hutchings wrote:
> On Thu, 2014-11-13 at 18:48 +0100, Jiri Slaby wrote:
>> On 11/12/2014, 10:03 PM, Ben Hutchings wrote:
>>> On Wed, 2014-11-12 at 10:12 +0900, Greg Kroah-Hartman wrote:
>>>> 3.17-stable review patch. If anyone has any objections,
>>>> please let me know.
>>>>
>>>> ------------------
>>>>
>>>> From: Ben Hutchings <ben@decadent.org.uk>
>>>>
>>>> [ Upstream commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 ]
>>>>
>>>> IPv6 does not allow fragmentation by routers, so there is no
>>>> fragmentation ID in the fixed header. UFO for IPv6 requires
>>>> the ID to be passed separately, but there is no provision for
>>>> this in the virtio net protocol.
>>>>
>>>> Until recently our software implementation of UFO/IPv6
>>>> generated a new ID, but this was a bug. Now we will use ID=0
>>>> for any UFO/IPv6 packet passed through a tap, which is even
>>>> worse.
>>>>
>>>> Unfortunately there is no distinction between UFO/IPv4 and v6
>>>> features, so disable UFO on taps and virtio_net completely
>>>> until we have a proper solution.
>>> [...]
>>>
>>> Please drop this patch for 3.14 and 3.17. It causes problems
>>> for migration of VMs and we're probably going to revert part of
>>> this. The following patch ("drivers/net, ipv6: Select IPv6
>>> fragment idents for virtio UFO packets") might no longer apply,
>>> in which case you can drop that as well until we have this
>>> sorted out upstream.
>>
>> The same holds for 3.12, I suppose?
>
> Right.
Great, I dropped that one.
Thanks!
- --
js
suse labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUZPw3AAoJEL0lsQQGtHBJuegP/R1DEoyC2tBsWD78lPFirrF7
bMgXR/KWruqMa2UL9heWgaJOhrFtsmUiaRWgkFapuGyjpMmWm5ZH1qpZTsBo9Y0u
rXFsxJgPF3X2OCBLj7AcaKPsGahYSTpBMY665e+lhO5uqYDx/2B84QqWsLlm3yls
JuWNdMmct/6h8mkGbwTGQ+iM9ancqF2vwNd70Rax1KwydowOxN5/uQfWrkUGUJga
Hh2PKF0OB7goI5MlYPeLiFPLqTigB0k7Rs4G1bFElM8ATTxQ5Fz89rMjd7KXN6kD
ND8mtlMXIvOuTQN1w14Zrke11RFsy2OG5qHDt6xw0Z2dvoflUHdzRAdW3u1ikpI0
7q36uHeokdAI45iqQEmFdSjJmpS1dsSpVNIirrugePi0HSE5oz/wma4762V3mTfk
C1QAkOVxGW8WiwSvmKzqMHeCXIHxekxuaHtQlHPXmZ8foTtliU74jbp8RAZiwyZW
Onaj6cU6K1KWAqgZBsSRmz8YP6yU0xKxjD1b/QK47drEJtHQmog7hfx9bYi+Jd9v
47PL38ZYI0ncwQBtybFbOMtqCjHnK5eQowZJY/1fQlaffQf4cZf5dIiU7lAdLsad
torFKi0drQsLkT5mCTHYGGC/UbyxM4BC/XSaBWXDOvXHPIdr4gC+YYDCS2ZSR4oo
6XJG/XuyKEAkIkgl5bwJ
=qzaW
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 312+ messages in thread
* Re: [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio
2014-11-12 21:03 ` Ben Hutchings
2014-11-13 10:26 ` Luis Henriques
2014-11-13 17:48 ` Jiri Slaby
@ 2014-11-14 17:46 ` Greg Kroah-Hartman
2 siblings, 0 replies; 312+ messages in thread
From: Greg Kroah-Hartman @ 2014-11-14 17:46 UTC (permalink / raw)
To: Ben Hutchings; +Cc: linux-kernel, stable, David S. Miller
On Wed, Nov 12, 2014 at 09:03:59PM +0000, Ben Hutchings wrote:
> On Wed, 2014-11-12 at 10:12 +0900, Greg Kroah-Hartman wrote:
> > 3.17-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Ben Hutchings <ben@decadent.org.uk>
> >
> > [ Upstream commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 ]
> >
> > IPv6 does not allow fragmentation by routers, so there is no
> > fragmentation ID in the fixed header. UFO for IPv6 requires the ID to
> > be passed separately, but there is no provision for this in the virtio
> > net protocol.
> >
> > Until recently our software implementation of UFO/IPv6 generated a new
> > ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet
> > passed through a tap, which is even worse.
> >
> > Unfortunately there is no distinction between UFO/IPv4 and v6
> > features, so disable UFO on taps and virtio_net completely until we
> > have a proper solution.
> [...]
>
> Please drop this patch for 3.14 and 3.17. It causes problems for
> migration of VMs and we're probably going to revert part of this. The
> following patch ("drivers/net, ipv6: Select IPv6 fragment idents for
> virtio UFO packets") might no longer apply, in which case you can drop
> that as well until we have this sorted out upstream.
Oops, I missed this for 3.14-stable, I'll go revert that as the first
patch to be queued up for the next round there.
I've dropped this from 3.17-stable, and the patch "drivers/net, ipv6:
Select IPv6 fragment idents for virtio UFO packets" still applied with
some fuzz, I'll do a test build to ensure I didn't break anything there.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 312+ messages in thread
end of thread, other threads:[~2014-11-14 17:46 UTC | newest]
Thread overview: 312+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-12 1:12 [PATCH 3.17 000/319] 3.17.3-stable review Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 001/319] tracing/syscalls: Ignore numbers outside NR_syscalls range Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 002/319] KVM: emulator: fix execution close to the segment limit Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 003/319] x86: bpf_jit: fix two bugs in eBPF JIT compiler Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 004/319] ipv4: fix nexthop attlen check in fib_nh_match Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 005/319] vxlan: fix a use after free in vxlan_encap_bypass Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 006/319] vxlan: using pskb_may_pull as early as possible Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 007/319] vxlan: fix a free after use Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 008/319] ipv4: dst_entry leak in ip_send_unicast_reply() Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 009/319] ipv4: fix a potential use after free in ip_tunnel_core.c Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 010/319] tipc: fix bug in bundled buffer reception Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 011/319] ax88179_178a: fix bonding failure Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 012/319] netlink: Re-add locking to netlink_lookup() and seq walker Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 013/319] net: tso: fix unaligned access to crafted TCP header in helper API Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 014/319] net: fix saving TX flow hash in sock for outgoing connections Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 015/319] hyperv: Fix the total_data_buflen in send path Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 016/319] tcp: md5: do not use alloc_percpu() Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 017/319] macvlan: fix a race on port dismantle and possible skb leaks Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 018/319] cxgb4 : Fix missing initialization of win0_lock Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 019/319] ipv4: Do not cache routing failures due to disabled forwarding Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 020/319] net/mlx4_en: Dont attempt to TX offload the outer UDP checksum for VXLAN Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 021/319] mlx4: Avoid leaking steering rules on flow creation error flow Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 022/319] gre: Use inner mac length when computing tunnel length Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 023/319] drivers/net: Disable UFO through virtio Greg Kroah-Hartman
2014-11-12 21:03 ` Ben Hutchings
2014-11-13 10:26 ` Luis Henriques
2014-11-13 17:48 ` Jiri Slaby
2014-11-13 18:35 ` Ben Hutchings
2014-11-13 18:45 ` Jiri Slaby
2014-11-14 17:46 ` Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 024/319] drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 025/319] drivers/net: macvtap and tun depend on INET Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 026/319] stmmac: pci: set default of the filter bins Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 027/319] lockd: Try to reconnect if statd has moved Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 028/319] SUNRPC: Dont wake tasks during connection abort Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 029/319] SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 030/319] Revert "percpu: free percpu allocation info for uniprocessor system" Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 031/319] pata_serverworks: disable 64-KB DMA transfers on Broadcom OSB4 IDE Controller Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 032/319] libata-sff: Fix controllers with no ctl port Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 033/319] ASoC: core: fix use after free in snd_soc_remove_platform() Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 034/319] ASoC: soc-dapm: fix use after free Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 035/319] ASoC: soc-pcm: fix sig_bits determination in soc_pcm_apply_msb() Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 036/319] ASoC: tlv320aic3x: fix PLL D configuration Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 037/319] ASoC: Intel: HSW/BDW only support S16 and S24 formats Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 038/319] ASoC: adau1761: Fix input PGA volume Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 039/319] mmc: core: sdio: Fix unconditional wake_up_process() on sdio thread Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 040/319] mmc: sdhci-pxav3: set_uhs_signaling is initialized twice differently Greg Kroah-Hartman
2014-11-12 1:12 ` [PATCH 3.17 041/319] mmc: rtsx_usb_sdmmc: fix incorrect last byte in R2 response Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 042/319] mmc: dont request CD IRQ until mmc_start_host() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 043/319] mmc: rtsx_pci_sdmmc: fix incorrect last byte in R2 response Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 044/319] mmc: sdhci-s3c: fix runtime PM handling on sdhci_add_host() failure Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 045/319] fs: make cont_expand_zero interruptible Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 046/319] fs: Fix theoretical division by 0 in super_cache_scan() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 047/319] fs: allow open(dir, O_TMPFILE|..., 0) with mode 0 Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 048/319] UBIFS: fix a race condition Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 049/319] UBIFS: fix free log space calculation Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 050/319] vfs: fix data corruption when blocksize < pagesize for mmaped data Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 051/319] x86: Reject x32 executables if x32 ABI not supported Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 052/319] x86, fpu: __restore_xstate_sig()->math_state_restore() needs preempt_disable() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 053/319] x86, fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 054/319] x86_64, entry: Filter RFLAGS.NT on entry from userspace Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 055/319] x86_64, entry: Fix out of bounds read on sysenter Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 056/319] x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 057/319] perf: Fix unclone_ctx() vs. locking Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 058/319] evm: properly handle INTEGRITY_NOXATTRS EVM status Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 059/319] evm: check xattr value length and type in evm_inode_setxattr() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 060/319] ALSA: hda - Add workaround for CMI8888 snoop behavior Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 061/319] ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 062/319] ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 063/319] missing data dependency barrier in prepend_name() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 064/319] [jffs2] kill wbuf_queued/wbuf_dwork_lock Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 065/319] fix misuses of f_count() in ppp and netlink Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 066/319] rbd: rbd workqueues need a resque worker Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 067/319] libceph: ceph-msgr workqueue needs " Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 068/319] sched: Use dl_bw_of() under RCU read lock Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 069/319] um: ubd: Fix for processes stuck in D state forever Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 070/319] random: add and use memzero_explicit() for clearing data Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 071/319] s390/topology: call set_sched_topology early Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 072/319] UBI: block: Fix block device size setting Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 073/319] UBI: block: Add support for the UBI_VOLUME_UPDATED notification Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 074/319] UBI: Dispatch update notification if the volume is updated Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 075/319] UBI: add missing kmem_cache_free() in process_pool_aeb error path Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 076/319] mnt: Prevent pivot_root from creating a loop in the mount tree Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 077/319] mfd: ti_am335x_tscadc: Fix TSC operation after ADC continouous mode Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 078/319] mfd: ti_am335x_tscadc: Fix TSC resume Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 079/319] mfd: rtsx_pcr: Fix MSI enable error handling Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 080/319] iommu: Rework iommu_group_get_for_pci_dev() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 081/319] iommu/amd: Split init_iommu_group() from iommu_init_device() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 082/319] pstore: Fix duplicate {console,ftrace}-efi entries Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 083/319] selinux: fix inode security list corruption Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 084/319] power: charger-manager: Fix NULL pointer exception with missing cm-fuel-gauge Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 085/319] virtio_pci: fix virtio spec compliance on restore Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 086/319] xen/blkback: unmap all persistent grants when frontend gets disconnected Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 088/319] drm/cirrus: bind also to qemu-xen-traditional Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 089/319] blk-mq: fix potential hang if rolling wakeup depth is too high Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 090/319] dm bufio: update last_accessed when relinking a buffer Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 091/319] dm bufio: when done scanning return from __scan immediately Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 092/319] drbd: compute the end before rb_insert_augmented() Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 093/319] block: fix alignment_offset math that assumes io_min is a power-of-2 Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 094/319] Revert "block: all blk-mq requests are tagged" Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 095/319] dm log userspace: fix memory leak in dm_ulog_tfr_init failure path Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 096/319] modules, lock around setting of MODULE_STATE_UNFORMED Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 097/319] framebuffer: fix screen corruption when copying Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 098/319] framebuffer: fix border color Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 099/319] Input: synaptics - gate forcepad support by DMI check Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 100/319] Input: i8042 - add noloop quirk for Asus X750LN Greg Kroah-Hartman
2014-11-12 1:13 ` [PATCH 3.17 101/319] Input: alps - fix v4 button press recognition Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 102/319] Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544 Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 103/319] HID: input: Fix TransducerSerialNumber implementation Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 104/319] drm/ast: Fix HW cursor image Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 105/319] drm/nouveau/gpio: rename g92 class to g94 Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 106/319] drm/i915: Do not store the error pointer for a failed userptr registration Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 107/319] drm/i915: Do not leak pages when freeing userptr objects Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 108/319] drm/vmwgfx: Fix drm.h include Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 109/319] drm/tilcdc: Fix the error path in tilcdc_load() Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 110/319] drm/nouveau/bios: memset dcb struct to zero before parsing Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 111/319] drm/gt214-/kms: fix hda eld regression Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 112/319] media: v4l2-common: fix overflow in v4l_bound_align_image() Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 113/319] media: usb: uvc: add a quirk for Dell XPS M1330 webcam Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 115/319] media: siano: add support for PCTV 77e Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 116/319] media: m88ts2022: fix 32bit overflow on filter calc Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 119/319] media: imon: fix other RC type protocol support Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 120/319] media: ds3000: fix LNB supply voltage on Tevii S480 on initialization Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 122/319] media: tda7432: Fix setting TDA7432_MUTE bit for TDA7432_RF register Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 123/319] media: vmalloc_sg: off by one in error handling Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 124/319] KVM: emulate: avoid accessing NULL ctxt->memopp Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 125/319] kvm: fix excessive pages un-pinning in kvm_iommu_map error path Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 126/319] KVM: x86: Decoding guest instructions which cross page boundary may fail Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 127/319] KVM: x86: Emulator does not decode clflush well Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 128/319] KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 129/319] KVM: x86: Prevent host from panicking on shared MSR writes Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 130/319] KVM: x86: Improve thread safety in pit Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 131/319] KVM: x86: Check non-canonical addresses upon WRMSR Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 132/319] kvm: x86: dont kill guest on unknown exit reason Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 133/319] KVM: x86: Fix wrong masking on relative jump/call Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 134/319] KVM: x86: Emulator fixes for eip canonical checks on near branches Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 135/319] KVM: x86: Handle errors when RIP is set during far jumps Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 136/319] kvm: vmx: handle invvpid vm exit gracefully Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 137/319] ARC: [nsimosci] Allow "headless" models to boot Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 138/319] ARC: Update order of registers in KGDB to match GDB 7.5 Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 139/319] ARC: unbork FPU save/restore Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 140/319] qla_target: dont delete changed nacls Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 141/319] iser-target: Disable TX completion interrupt coalescing Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 142/319] target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 143/319] target: Fix APTPL metadata handling for dynamic MappedLUNs Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 144/319] MIPS: ptrace.h: Add a missing include Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 145/319] MIPS: loongson2_cpufreq: Fix CPU clock rate setting mismerge Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 146/319] MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 147/319] MIPS: ftrace: Fix a microMIPS build problem Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 148/319] MIPS: tlbex: Properly fix HUGE TLB Refill exception handler Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 150/319] jbd2: free bh when descriptor block checksum fails Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 151/319] ext4: check EA value offset when loading Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 152/319] ext4: dont check quota format when there are no quota files Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 153/319] ext4: fix mmap data corruption when blocksize < pagesize Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 154/319] ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 155/319] ext4: add ext4_iget_normal() which is to be used for dir tree lookups Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 156/319] ext4: dont orphan or truncate the boot loader inode Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 157/319] ext4: fix reservation overflow in ext4_da_write_begin Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 158/319] ext4: Replace open coded mdata csum feature to helper function Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 159/319] ext4: move error report out of atomic context in ext4_init_block_bitmap() Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 160/319] ext4: check s_chksum_driver when looking for bg csum presence Greg Kroah-Hartman
2014-11-12 1:14 ` [PATCH 3.17 161/319] ext4: fix oops when loading block bitmap failed Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 162/319] ext4: fix overflow when updating superblock backups after resize Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 163/319] ext4: enable journal checksum when metadata checksum feature enabled Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 164/319] ext4: prevent bugon on race between write/fcntl Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 165/319] futex: Fix a race condition between REQUEUE_PI and task death Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 166/319] drm/nouveau: fix regression on agp boards Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 167/319] drm/i915: intel_backlight scale() math WA Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 169/319] drm/radeon: fix speaker allocation setup Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 170/319] drm/radeon: use gart memory for DMA ring tests Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 171/319] drm/radeon: fix vm page table block size calculation Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 172/319] cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 173/319] cpufreq: intel_pstate: Reflect current no_turbo state correctly Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 175/319] x86/platform/intel/iosf: Add Braswell PCI ID Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 176/319] x86: Add cpu_detect_cache_sizes to init_intel() add Quark legacy_cache() Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 177/319] rtc: Disable EFI rtc for x86 Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 178/319] intel_pstate: Dont lose sysfs settings during cpu offline Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 179/319] intel_pstate: Fix BYT frequency reporting Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 180/319] intel_pstate: Correct BYT VID values Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 181/319] freezer: Do not freeze tasks killed by OOM killer Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 182/319] fix inode leaks on d_splice_alias() failure exits Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 183/319] ACPI: invoke acpi_device_wakeup() with correct parameters Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 184/319] x86: ACPI: Do not translate GSI number if IOAPIC is disabled Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 185/319] ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi() Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 187/319] OOM, PM: OOM killed task shouldnt escape PM suspend Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 188/319] iio: st_sensors: Fix buffer copy Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 189/319] iio: adc: mxs-lradc: Disable the clock on probe failure Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 190/319] staging:iio:ad5933: Fix NULL pointer deref when enabling buffer Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 191/319] staging:iio:ad5933: Drop "raw" from channel names Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 192/319] iio: as3935: allocate correct iio_device size Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 193/319] staging:iio:ade7758: Fix NULL pointer deref when enabling buffer Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 194/319] staging:iio:ade7758: Fix check if channels are enabled in prenable Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 195/319] staging:iio:ade7758: Remove "raw" from channel name Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 196/319] serial: msm_serial: Fix kgdb continue Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 198/319] USB: serial: cp210x: add Silicon Labs 358x VID and PID Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 199/319] usb: serial: ftdi_sio: add Awinda Station and Dongle products Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 200/319] usb: serial: ftdi_sio: add "bricked" FTDI device PID Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 201/319] USB: cdc-acm: add device id for GW Instek AFG-2225 Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 202/319] USB: cdc-acm: only raise DTR on transitions from B0 Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 203/319] USB: cdc-acm: add quirk for control-line state requests Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 204/319] phy: omap-usb2: Enable runtime PM of omap-usb2 phy properly Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 205/319] usb: option: add support for Telit LE910 Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 206/319] USB: option: add Haier CE81B CDMA modem Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 208/319] wireless: rt2x00: add new rt2800usb device Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 209/319] Revert "usb: dwc3: dwc3-omap: Disable/Enable only wrapper interrupts in prepare/complete" Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 210/319] usb: dwc3: gadget: Properly initialize LINK TRB Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 211/319] spi: pl022: Fix incorrect dma_unmap_sg Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 212/319] spi: fsl-dspi: Fix CTAR selection Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 213/319] spi: pxa2xx: toggle clocks on suspend if not disabled by runtime PM Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 214/319] uas: Add NO_ATA_1X for VIA VL711 devices Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 215/319] uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 216/319] uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 217/319] usb: musb: cppi41: restart hrtimer only if not yet done Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 218/319] usb: musb: dsps: start OTG timer on resume again Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 219/319] usb: gadget: f_fs: remove redundant ffs_data_get() Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 220/319] usb: ffs: fix regression when quirk_ep_out_aligned_size flag is set Greg Kroah-Hartman
2014-11-12 1:15 ` [PATCH 3.17 221/319] usb: chipidea: Fix oops when removing the ci_hdrc module Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 223/319] USB: quirks: enable device-qualifier quirk for Elan Touchscreen Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 224/319] USB: quirks: enable device-qualifier quirk for another Elan touchscreen Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 225/319] USB: quirks: enable device-qualifier quirk for yet " Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 226/319] HID: usbhid: add always-poll quirk Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 227/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 228/319] HID: usbhid: fix PIXART optical mouse Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 229/319] HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 230/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 231/319] HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 232/319] usb: gadget: udc: core: fix kernel oops with soft-connect Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 233/319] ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 234/319] usb-storage: handle a skipped data phase Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 235/319] USB: opticon: fix non-atomic allocation in write path Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 236/319] usb: Do not allow usb_alloc_streams on unconfigured devices Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 237/319] USB: kobil_sct: fix non-atomic allocation in write path Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 238/319] usb: Remove references to non-existent PLAT_S5P symbol Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 239/319] ima: check xattr value length and type in the ima_inode_setxattr() Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 240/319] sh: fix sh770x SCIF memory regions Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 241/319] mm: free compound page with correct order Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 242/319] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 243/319] mm: page-writeback: inline account_page_dirtied() into single caller Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 244/319] mm: memcontrol: fix missed end-writeback page accounting Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 245/319] lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}() Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 246/319] mm/balloon_compaction: fix deflation when compaction is disabled Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 247/319] xhci: no switching back on non-ULT Haswell Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 248/319] xhci: Disable streams on Asmedia 1042 xhci controllers Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 249/319] scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 250/319] lib/scatterlist: fix memory leak with scsi-mq Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 251/319] scsi: set REQ_QUEUE for the blk-mq case Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 252/319] i82860_edac: Report CE events properly Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 253/319] i3200_edac: " Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 254/319] e7xxx_edac: " Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 255/319] cpc925_edac: Report UE " Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 256/319] nfsd4: fix response size estimation for OP_SEQUENCE Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 257/319] nfsd4: fix crash on unknown operation number Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 258/319] zap_pte_range: update addr when forcing flush after TLB batching faiure Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 259/319] iwlwifi: mvm: BT Coex - update the MPLUT Boost register value Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 260/319] iwlwifi: configure the LTR Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 261/319] iwlwifi: dvm: drop non VO frames when flushing Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 262/319] Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 263/319] ext3: Dont check quota format when there are no quota files Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 264/319] PCI: Rename sysfs enabled file back to enable Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 265/319] quota: Properly return errors from dquot_writeback_dquots() Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 266/319] tty/vt: dont set font mappings on vc not supporting this Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 267/319] tty: Fix high cpu load if tty is unreleaseable Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 268/319] PM / Sleep: fix async suspend_late/freeze_late error handling Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 269/319] PM / Sleep: fix recovery during resuming from hibernation Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 270/319] staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 271/319] staging: comedi: fix memory leak / bad pointer freeing for chanlist Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 272/319] mac80211: fix typo in starting baserate for rts_cts_rate_idx Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 273/319] mtd: cfi_cmdset_0001.c: fix resume for LH28F640BF chips Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 274/319] posix-timers: Fix stack info leak in timer_create() Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 275/319] x86, apic: Handle a bad TSC more gracefully Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 276/319] mm: Remove false WARN_ON from pagecache_isize_extended() Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 277/319] media: Remove references to non-existent PLAT_S5P symbol Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 278/319] crypto: algif - avoid excessive use of socket buffer in skcipher Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 279/319] [PATCH] mtd: m25p80: Fix module aliases for m25p80 Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 280/319] usb: dwc3: gadget: fix set_halt() bug with pending transfers Greg Kroah-Hartman
2014-11-12 1:16 ` [PATCH 3.17 281/319] usb: gadget: function: acm: make f_acm pass USB20CV Chapter9 Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 282/319] sched: Use rq->rd in sched_setaffinity() under RCU read lock Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 283/319] x86, intel-mid: Create IRQs for APB timers and RTC timers Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 284/319] drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 285/319] drm/radeon/dpm: disable ulv support on SI Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 287/319] drm/radeon: dpm fixes for asrock systems Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 288/319] drm/radeon: remove invalid pci id Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 292/319] mm: cma: Dont crash on allocation if CMA area cant be activated Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 293/319] rbd: Fix error recovery in rbd_obj_read_sync() Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 294/319] acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80 Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 295/319] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110 Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 296/319] fix breakage in o2net_send_tcp_msg() Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 297/319] pinctrl: baytrail: show output gpio state correctly on Intel Baytrail Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 298/319] ARM: pxa: fix hang on startup with DEBUG_LL Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 299/319] powerpc: use device_online/offline() instead of cpu_up/down() Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 300/319] powerpc/powernv: Properly fix LPC debugfs endianness Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 301/319] powerpc: do_notify_resume can be called with bad thread_info flags argument Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 302/319] ALSA: hda - fix mute led problem for three HP laptops Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 303/319] regulator: max77693: Fix use of uninitialized regulator config Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 304/319] irqchip: armada-370-xp: Fix MSI interrupt handling Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 305/319] irqchip: armada-370-xp: Fix MPIC " Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 306/319] i2c: at91: dont account as iowait Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 307/319] sysfs: driver core: Fix glue dir race condition by gdp_mutex Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 309/319] of: Fix overflow bug in string property parsing functions Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 310/319] Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 311/319] xfs: bulkstat doesnt release AGI buffer on error Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 312/319] xfs: Check error during inode btree iteration in xfs_bulkstat() Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 313/319] xfs: bulkstat btree walk doesnt terminate Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 314/319] xfs: bulkstat chunk formatting cursor is broken Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 315/319] xfs: bulkstat chunk-formatter has issues Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 316/319] xfs: bulkstat main loop logic is a mess Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 317/319] xfs: bulkstat error handling is broken Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 318/319] xfs: track bulkstat progress by agino Greg Kroah-Hartman
2014-11-12 1:17 ` [PATCH 3.17 319/319] HID: add keyboard input assist hid usages Greg Kroah-Hartman
2014-11-12 6:25 ` [PATCH 3.17 000/319] 3.17.3-stable review Guenter Roeck
2014-11-12 7:29 ` Greg Kroah-Hartman
2014-11-13 15:24 ` Shuah Khan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).