* [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review
@ 2016-01-15 23:56 Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 001/305] tools: Add a "make all" rule Kamal Mostafa
` (304 more replies)
0 siblings, 305 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:56 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Kamal Mostafa
This is the start of the review cycle for the Linux 4.2.8-ckt2 stable kernel.
This version contains 305 new patches, summarized below. The new patches are
posted as replies to this message and also available in this git branch:
http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-4.2.y-review
git://kernel.ubuntu.com/ubuntu/linux.git linux-4.2.y-review
The review period for version 4.2.8-ckt2 will be open for the next three days.
To report a problem, please reply to the relevant follow-up patch message.
For more information about the Linux 4.2.y-ckt extended stable kernel version,
see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable .
-Kamal
--
arch/arc/include/asm/unwind.h | 4 -
arch/arc/kernel/intc-arcv2.c | 15 +-
arch/arc/kernel/setup.c | 1 -
arch/arc/kernel/unwind.c | 90 ++++------
arch/arm/Kconfig | 4 +-
arch/arm/boot/dts/imx6q-gw5400-a.dts | 2 +-
arch/arm/boot/dts/imx6qdl-gw51xx.dtsi | 2 +-
arch/arm/boot/dts/imx6qdl-gw52xx.dtsi | 2 +-
arch/arm/boot/dts/imx6qdl-gw53xx.dtsi | 2 +-
arch/arm/boot/dts/imx6qdl-gw54xx.dtsi | 2 +-
arch/arm/boot/dts/kirkwood-ts219.dtsi | 2 +-
arch/arm/boot/dts/versatile-ab.dts | 10 +-
arch/arm/boot/dts/versatile-pb.dts | 20 ++-
arch/arm/boot/dts/vf610-colibri.dtsi | 5 -
arch/arm/boot/dts/vf610.dtsi | 2 +-
arch/arm/boot/dts/vfxxx.dtsi | 4 +-
arch/arm/boot/dts/wm8650.dtsi | 9 +
arch/arm/kernel/sys_oabi-compat.c | 73 ++++----
arch/arm/kvm/mmu.c | 15 +-
arch/arm/mach-dove/include/mach/entry-macro.S | 4 +-
arch/arm/mach-imx/gpc.c | 1 +
arch/arm/mach-omap2/gpmc-onenand.c | 14 +-
arch/arm/mach-orion5x/include/mach/entry-macro.S | 2 +-
arch/arm/mm/context.c | 38 ++--
arch/arm/mm/proc-v7.S | 4 +-
arch/arm/net/bpf_jit_32.c | 16 +-
arch/arm64/include/asm/kvm_emulate.h | 8 +-
arch/arm64/kernel/suspend.c | 10 ++
arch/arm64/kvm/inject_fault.c | 2 +-
arch/arm64/mm/mmu.c | 12 +-
arch/mips/include/asm/uaccess.h | 2 +-
arch/mips/kernel/cps-vec.S | 2 -
arch/mips/net/bpf_jit.c | 16 +-
arch/parisc/include/uapi/asm/mman.h | 10 --
arch/parisc/kernel/signal.c | 64 +++++--
arch/powerpc/include/asm/reg.h | 1 +
arch/powerpc/kernel/process.c | 18 ++
arch/powerpc/kernel/signal_32.c | 14 +-
arch/powerpc/kernel/signal_64.c | 4 +
arch/powerpc/kvm/book3s_hv.c | 6 +
arch/powerpc/net/bpf_jit_comp.c | 13 +-
arch/powerpc/platforms/powernv/opal-irqchip.c | 64 ++++---
arch/powerpc/platforms/powernv/opal.c | 2 +-
arch/s390/kernel/dis.c | 17 +-
arch/sh/include/uapi/asm/unistd_64.h | 2 +-
arch/sparc/net/bpf_jit_comp.c | 17 +-
arch/tile/Kconfig | 11 +-
arch/tile/include/asm/page.h | 8 +-
arch/um/kernel/signal.c | 2 +-
arch/x86/include/asm/paravirt.h | 6 +
arch/x86/include/asm/paravirt_types.h | 5 +
arch/x86/include/asm/processor.h | 1 +
arch/x86/kernel/cpu/mcheck/mce.c | 11 ++
arch/x86/kernel/rtc.c | 3 +
arch/x86/kernel/signal.c | 17 +-
arch/x86/kvm/cpuid.h | 8 +
arch/x86/kvm/i8254.c | 1 +
arch/x86/kvm/mtrr.c | 25 ++-
arch/x86/kvm/x86.c | 3 +-
arch/x86/lguest/boot.c | 1 +
arch/x86/mm/mpx.c | 6 +-
arch/x86/xen/enlighten.c | 4 +-
block/blk-core.c | 33 ++--
block/blk-mq.c | 14 +-
block/partitions/mac.c | 10 +-
crypto/ablkcipher.c | 2 +-
crypto/async_tx/async_memcpy.c | 2 +-
crypto/async_tx/async_pq.c | 4 +-
crypto/async_tx/async_raid6_recov.c | 4 +-
crypto/async_tx/async_xor.c | 4 +-
crypto/blkcipher.c | 2 +-
drivers/ata/ahci_mvebu.c | 5 +
drivers/ata/libahci.c | 9 +
drivers/ata/sata_sil.c | 3 +
drivers/base/memory.c | 4 +
drivers/base/power/domain.c | 3 +-
drivers/block/xen-blkback/blkback.c | 15 +-
drivers/block/xen-blkback/common.h | 8 +-
drivers/char/ipmi/ipmi_si_intf.c | 81 +++++----
drivers/crypto/nx/nx-aes-ccm.c | 2 +-
drivers/crypto/nx/nx-aes-gcm.c | 2 +-
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 2 +-
drivers/crypto/talitos.c | 2 +-
drivers/dma/at_xdmac.c | 3 +-
drivers/dma/bcm2835-dma.c | 78 +++++---
drivers/firmware/dmi_scan.c | 6 +-
drivers/gpio/gpio-omap.c | 2 -
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 5 +-
drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 3 +-
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 3 +-
drivers/gpu/drm/drm_drv.c | 5 +
drivers/gpu/drm/drm_fops.c | 84 ++++++---
drivers/gpu/drm/drm_probe_helper.c | 3 +-
drivers/gpu/drm/i915/i915_drv.h | 27 ++-
drivers/gpu/drm/i915/i915_gem.c | 76 +++++++-
drivers/gpu/drm/i915/i915_gem_tiling.c | 36 +++-
drivers/gpu/drm/i915/intel_display.c | 10 +-
drivers/gpu/drm/i915/intel_dp.c | 3 +-
drivers/gpu/drm/imx/ipuv3-crtc.c | 3 +-
drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c | 1 +
drivers/gpu/drm/radeon/cik.c | 6 +-
drivers/gpu/drm/radeon/radeon_object.c | 6 +
drivers/gpu/drm/radeon/radeon_pm.c | 3 +-
drivers/gpu/drm/radeon/radeon_vce.c | 100 +++++------
drivers/gpu/drm/radeon/rv730_dpm.c | 2 +-
drivers/gpu/drm/radeon/rv770_dpm.c | 4 +-
drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 1 +
drivers/gpu/drm/ttm/ttm_lock.c | 2 +-
drivers/gpu/drm/virtio/virtgpu_display.c | 2 +-
drivers/gpu/vga/vgaarb.c | 6 +-
drivers/i2c/busses/i2c-designware-core.c | 6 +
drivers/i2c/busses/i2c-designware-core.h | 1 +
drivers/i2c/busses/i2c-designware-platdrv.c | 24 +--
drivers/i2c/busses/i2c-mv64xxx.c | 27 ++-
drivers/i2c/busses/i2c-rcar.c | 4 +-
drivers/i2c/busses/i2c-rk3x.c | 2 +-
drivers/iio/adc/ad7793.c | 2 +-
drivers/iio/adc/qcom-spmi-vadc.c | 4 +-
drivers/iio/adc/vf610_adc.c | 22 ++-
drivers/iio/adc/xilinx-xadc-core.c | 1 +
drivers/iio/dac/ad5064.c | 91 +++++++---
drivers/iio/humidity/si7020.c | 8 +-
drivers/iio/industrialio-buffer.c | 2 +-
drivers/iio/industrialio-core.c | 2 +-
drivers/infiniband/ulp/srp/ib_srp.c | 24 +--
drivers/irqchip/irq-versatile-fpga.c | 5 +
drivers/isdn/gigaset/ser-gigaset.c | 10 +-
drivers/isdn/hardware/mISDN/mISDNipac.c | 7 +-
drivers/isdn/hisax/config.c | 2 +-
drivers/isdn/hisax/hfc_pci.c | 2 +-
drivers/isdn/hisax/hfc_sx.c | 2 +-
drivers/isdn/hisax/q931.c | 6 +-
drivers/md/dm-crypt.c | 22 ++-
drivers/md/dm-thin-metadata.c | 34 +++-
drivers/md/dm-thin.c | 6 +-
drivers/md/md.c | 11 +-
drivers/md/persistent-data/dm-btree.c | 101 ++++++++++-
drivers/md/persistent-data/dm-btree.h | 14 +-
drivers/md/persistent-data/dm-space-map-metadata.c | 32 ++--
drivers/md/raid10.c | 4 +-
drivers/media/pci/ivtv/ivtv-driver.c | 4 +-
drivers/media/usb/airspy/airspy.c | 2 +-
drivers/misc/cxl/native.c | 2 +-
drivers/mmc/card/block.c | 11 +-
drivers/mmc/core/mmc.c | 93 +++++++---
drivers/mtd/nand/nand_base.c | 2 +-
drivers/mtd/ubi/wl.c | 53 +++---
drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 4 +-
drivers/net/ethernet/marvell/mvneta.c | 6 +-
drivers/net/ethernet/marvell/mvpp2.c | 52 ++++--
drivers/net/ethernet/mellanox/mlx4/en_clock.c | 7 +
drivers/net/ethernet/mellanox/mlx4/en_main.c | 7 -
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 10 +-
drivers/net/ethernet/mellanox/mlx4/main.c | 8 +-
.../net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 3 +-
drivers/net/ethernet/renesas/sh_eth.c | 3 +-
.../net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 10 +-
drivers/net/ipvlan/ipvlan_core.c | 14 +-
drivers/net/macvlan.c | 2 +
drivers/net/phy/mdio-mux.c | 7 +-
drivers/net/wan/x25_asy.c | 6 +-
drivers/net/wireless/iwlwifi/mvm/d3.c | 8 +-
drivers/net/wireless/iwlwifi/mvm/mac80211.c | 11 +-
drivers/net/wireless/iwlwifi/mvm/sta.c | 44 +++--
drivers/net/wireless/iwlwifi/mvm/sta.h | 4 +-
drivers/net/wireless/rtlwifi/rtl8821ae/hw.c | 2 +-
drivers/net/wireless/rtlwifi/rtl8821ae/sw.c | 2 +-
drivers/net/xen-netback/netback.c | 34 ++--
drivers/of/fdt.c | 5 +
drivers/parisc/iommu-helpers.h | 15 +-
drivers/pci/pci-sysfs.c | 5 +-
drivers/phy/Kconfig | 1 +
drivers/pinctrl/bcm/pinctrl-bcm2835.c | 13 +-
drivers/powercap/intel_rapl.c | 7 +-
drivers/remoteproc/remoteproc_debugfs.c | 2 +-
drivers/scsi/advansys.c | 2 +-
drivers/scsi/hosts.c | 11 ++
drivers/scsi/scsi_pm.c | 20 +--
drivers/scsi/ses.c | 30 +++-
drivers/spi/spi.c | 2 +-
drivers/staging/iio/adc/lpc32xx_adc.c | 4 +-
.../staging/lustre/lustre/obdecho/echo_client.c | 21 +--
drivers/target/iscsi/iscsi_target.c | 13 +-
drivers/target/iscsi/iscsi_target_nego.c | 1 +
drivers/target/target_core_sbc.c | 17 +-
drivers/target/target_core_transport.c | 14 +-
drivers/tty/n_tty.c | 22 +--
drivers/tty/serial/8250/8250_uniphier.c | 8 +-
drivers/tty/tty_buffer.c | 2 +-
drivers/usb/chipidea/debug.c | 2 +
drivers/usb/class/cdc-acm.c | 5 +
drivers/usb/core/config.c | 3 +-
drivers/usb/core/hub.c | 44 +++--
drivers/usb/core/quirks.c | 6 +
drivers/usb/gadget/udc/pxa27x_udc.c | 3 +
drivers/usb/host/whci/qset.c | 4 +
drivers/usb/host/xhci-hub.c | 62 +++++--
drivers/usb/host/xhci-pci.c | 8 +-
drivers/usb/host/xhci-ring.c | 3 +-
drivers/usb/host/xhci.c | 8 +
drivers/usb/musb/Kconfig | 2 +-
drivers/usb/serial/cp210x.c | 1 -
drivers/usb/serial/ipaq.c | 3 +-
drivers/usb/serial/qcserial.c | 4 +
drivers/usb/serial/usb-serial-simple.c | 1 +
drivers/usb/storage/uas.c | 4 +
drivers/usb/storage/unusual_devs.h | 2 +-
drivers/usb/storage/unusual_uas.h | 2 +-
drivers/vhost/vhost.c | 2 +-
drivers/video/fbdev/fsl-diu-fb.c | 13 +-
drivers/virtio/virtio.c | 1 +
drivers/watchdog/omap_wdt.c | 2 +-
drivers/xen/events/events_fifo.c | 23 ++-
drivers/xen/gntdev.c | 2 +-
drivers/xen/xen-pciback/pciback.h | 1 +
drivers/xen/xen-pciback/pciback_ops.c | 75 ++++++--
drivers/xen/xen-scsiback.c | 2 +-
fs/9p/vfs_inode.c | 4 +-
fs/block_dev.c | 9 +-
fs/cachefiles/rdwr.c | 2 +-
fs/cifs/inode.c | 6 +-
fs/direct-io.c | 11 +-
fs/ext2/super.c | 2 +
fs/ext4/crypto.c | 2 +-
fs/ext4/ext4.h | 51 +++++-
fs/ext4/super.c | 6 +-
fs/ext4/symlink.c | 2 +-
fs/fat/dir.c | 16 +-
fs/fuse/cuse.c | 2 +
fs/fuse/file.c | 2 +-
fs/jbd2/transaction.c | 12 +-
fs/namei.c | 1 -
fs/nfs/inode.c | 6 +-
fs/nfs/internal.h | 2 +-
fs/nfs/pagelist.c | 2 +-
fs/nfs/pnfs.c | 55 +++---
fs/ocfs2/namei.c | 4 +-
fs/ocfs2/resize.c | 15 +-
fs/overlayfs/inode.c | 8 +-
fs/splice.c | 8 +
fs/sysv/inode.c | 11 +-
include/drm/drmP.h | 6 +
include/linux/acpi.h | 4 +-
include/linux/blkdev.h | 1 -
include/linux/enclosure.h | 4 +
include/linux/filter.h | 19 ++
include/linux/ftrace.h | 1 +
include/linux/mmdebug.h | 1 +
include/linux/signal.h | 1 -
include/linux/thermal.h | 3 +-
include/linux/usb/quirks.h | 3 +
include/linux/wait.h | 10 +-
include/net/sctp/structs.h | 17 +-
include/net/sock.h | 4 +-
include/net/xfrm.h | 24 ++-
include/sound/soc.h | 2 +-
include/target/target_core_base.h | 2 +-
include/xen/interface/io/ring.h | 14 ++
kernel/events/core.c | 9 +-
kernel/fork.c | 1 +
kernel/irq/manage.c | 6 +-
kernel/module.c | 6 +
kernel/sched/core.c | 9 +-
kernel/sched/rt.c | 2 +-
kernel/sched/wait.c | 28 +--
kernel/signal.c | 2 +-
kernel/trace/ring_buffer.c | 12 +-
kernel/trace/trace_printk.c | 1 +
lib/dma-debug.c | 4 +-
mm/backing-dev.c | 19 +-
mm/hugetlb.c | 13 +-
mm/memory_hotplug.c | 31 ++--
mm/vmstat.c | 7 +-
net/bluetooth/smp.c | 7 +-
net/core/dst.c | 3 +-
net/core/sock.c | 2 +-
net/ipv4/igmp.c | 5 +-
net/ipv6/addrconf.c | 11 +-
net/ipv6/addrlabel.c | 2 +-
net/mac80211/cfg.c | 8 +-
net/mac80211/iface.c | 3 +-
net/mac80211/mesh_pathtbl.c | 8 +-
net/mac80211/scan.c | 9 +-
net/netfilter/nfnetlink_queue_core.c | 1 +
net/rfkill/core.c | 6 +-
net/sched/sch_generic.c | 4 +-
net/sctp/outqueue.c | 1 +
net/sctp/sm_statefuns.c | 3 +-
net/sunrpc/sched.c | 6 +-
net/sunrpc/svc.c | 13 ++
net/xfrm/xfrm_policy.c | 37 ++--
scripts/recordmcount.c | 137 +++++++++++---
sound/pci/hda/hda_intel.c | 34 ++++
sound/pci/hda/patch_ca0132.c | 3 +-
sound/pci/hda/patch_realtek.c | 197 ++++++++++++++++++---
sound/pci/hda/patch_sigmatel.c | 45 +++--
sound/pci/rme96.c | 41 +++--
sound/soc/codecs/arizona.c | 2 +-
sound/soc/codecs/es8328.c | 25 ++-
sound/soc/codecs/es8328.h | 1 +
sound/soc/codecs/wm8962.c | 4 +-
sound/soc/codecs/wm8974.c | 1 +
sound/soc/davinci/davinci-mcasp.c | 4 +-
sound/soc/sh/rcar/gen.c | 2 +-
sound/usb/mixer.c | 2 +
sound/usb/mixer_maps.c | 12 --
sound/usb/mixer_quirks.c | 37 ++++
sound/usb/mixer_quirks.h | 4 +
sound/usb/quirks.c | 1 +
tools/Makefile | 9 +
tools/perf/util/dso.c | 17 ++
tools/perf/util/dso.h | 1 +
tools/perf/util/machine.c | 1 +
313 files changed, 2759 insertions(+), 1277 deletions(-)
Adrian Hunter (5):
mmc: mmc: Improve reliability of mmc_select_hs200()
mmc: mmc: Fix HS setting in mmc_select_hs400()
mmc: mmc: Move mmc_switch_status()
mmc: mmc: Improve reliability of mmc_select_hs400()
perf symbols: Fix dso lookup by long name and missing buildids
Al Viro (8):
fix sysvfs symlinks
Don't reset ->total_link_count on nested calls of vfs_path_lookup()
ext4: fix an endianness bug in ext4_encrypted_zeroout()
ext4: fix an endianness bug in ext4_encrypted_follow_link()
staging: lustre: echo_copy.._lsm() dereferences userland pointers directly
9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
fix the regression from "direct-io: Fix negative return from dio read beyond eof"
arm: fix handling of F_OFD_... in oabi_fcntl64()
Alan Stern (2):
USB: add quirk for devices with broken LPM
USB: fix invalid memory access in hub_activate()
Alex Deucher (3):
drm/radeon: unconditionally set sysfs_initialized
drm/radeon: make rv770_set_sw_state failures non-fatal
drm/radeon: make some dpm errors debug only
Alexey Khoroshilov (1):
USB: whci-hcd: add check for dma mapping error
Alexis Dambricourt (1):
KVM: MTRR: fix fixed MTRR segment look up
Alistair Popple (2):
powerpc/opal-irqchip: Fix double endian conversion
powerpc/opal-irqchip: Fix deadlock introduced by "Fix double endian conversion"
Andrea Arcangeli (1):
firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6
Andrew Banman (1):
mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
Andrew Lunn (1):
ipv4: igmp: Allow removing groups from a removed interface
Andrey Ryabinin (1):
ipv6/addrlabel: fix ip6addrlbl_get()
Anson Huang (2):
ARM: imx: add platform irq type setting in gpc
ARM: 8471/1: need to save/restore arm register(r11) when it is corrupted
Anssi Hannula (2):
ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly
ALSA: usb-audio: Add sample rate inquiry quirk for AudioQuest DragonFly
Antonio Quartulli (1):
mac80211: do not actively scan DFS channels
Antti Palosaari (1):
[media] airspy: increase USB control message buffer size
Ard Biesheuvel (3):
arm64: mm: use correct mapping granularity under DEBUG_RODATA
ARM/arm64: KVM: test properly for a PTE's uncachedness
ARM/arm64: KVM: correct PTE uncachedness check
Arnd Bergmann (9):
stmmac: avoid ipq806x constant overflow warning
thermal: fix thermal_zone_bind_cooling_device prototype
ARM: 8454/1: OF implies OF_FLATTREE
advansys: fix big-endian builds
remoteproc: avoid stack overflow in debugfs file
sched/rt: Hide the push_irq_work_func() declaration
sata/mvebu: use #ifdef around suspend/resume code
usb: musb: USB_TI_CPPI41_DMA requires dmaengine support
phy: sun9i-usb: add USB dependency
Artur Paszkiewicz (1):
md/raid10: fix data corruption and crash during resync
Ashok Raj (1):
x86/mce: Ensure offline CPUs don't participate in rendezvous process
Bart Van Assche (2):
Fix a memory leak in scsi_host_dev_release()
IB/srp: Fix a memory leak
Ben Hutchings (1):
usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message
Benjamin Coddington (1):
nfs4: limit callback decoding to received bytes
Bhuvanchandra DV (1):
vf610_adc: Fix internal temperature calculation
Bjørn Mork (1):
USB: qcserial: Fix support for HP lt4112 LTE/HSPA+ Gobi 4G Modem
Boris Ostrovsky (1):
xen/gntdev: Grant maps should not be subject to NUMA balancing
Brian Norris (1):
mtd: nand: fix shutdown/reboot for multi-chip systems
Charles Keepax (1):
ASoC: Use nested lock for snd_soc_dapm_mutex_lock
Chris Lesiak (1):
iio: si7020: Swap data byte order
Chris Metcalf (1):
tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro
Chris Wilson (4):
drm/i915: Mark uneven memory banks on gen4 desktop as unknown swizzling
drm/i915: Break busywaiting for requests on pending signals
drm/i915: Limit the busy wait on requests to 5us not 10ms!
drm/i915: Only spin whilst waiting on the current request
Christian König (2):
drm/amdgpu: fix userptr flags check
drm/amdgpu: partially revert "drm/amdgpu: fix VM_CONTEXT*_PAGE_TABLE_END_ADDR" v2
Christoph Biedl (1):
isdn: Partially revert debug format string usage clean up
Chunfeng Yun (1):
usb: xhci: fix config fail of FS hub behind a HS hub with MTT
Colin Ian King (1):
ftrace/scripts: Fix incorrect use of sprintf in recordmcount
Corey Minyard (1):
ipmi: Start the timer and thread on internal msgs
Cory Tusar (1):
ARM: dts: vfxxx: Fix dspi[01] spi-num-chipselects.
Cyrille Pitchen (1):
dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy()
Dan Carpenter (5):
iio: fix some warning messages
USB: ipaq.c: fix a timeout loop
amd-xgbe: fix a couple timeout loops
mISDN: fix a loop count
qlcnic: fix a timeout loop
Dan Williams (1):
ext2, ext4: warn when mounting with dax enabled
Daniel Mentz (1):
dma-debug: Fix dma_debug_entry offset calculation
Dave Hansen (1):
x86/mpx: Fix instruction decoder condition
David Gstir (2):
crypto: nx - Fix timing leak in GCM and CCM decryption
crypto: talitos - Fix timing leak in ESP ICV verification
David Henningsson (2):
ALSA: hda - Add inverted dmic for Packard Bell DOTS
ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines
David Turner (1):
ext4: Fix handling of extended tv_sec
David Vrabel (5):
xen: Add RING_COPY_REQUEST()
xen-netback: don't use last request to determine minimum Tx credit
xen-netback: use RING_COPY_REQUEST() throughout
xen-scsiback: safely copy requests
x86/paravirt: Prevent rtc_cmos platform device init on PV guests
Dmitry Katsubo (1):
usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter JMicron
Dmitry V. Levin (2):
x86/signal: Fix restart_syscall number for x32 tasks
sh64: fix __NR_fgetxattr
Emmanuel Grumbach (1):
mac80211: ensure we don't update tx power on a non-running sdata
Eric Anholt (1):
PM / Domains: Fix bad of_node_put() in failure paths of genpd_dev_pm_attach()
Eric Dumazet (1):
xfrm: add rcu protection to sk->sk_policy[]
Eugenia Emantayev (2):
net/mlx4_en: Remove dependency between timestamping capability and service_task
net/mlx4_en: Fix HW timestamp init issue upon system startup
Felipe Balbi (1):
usb: gadget: pxa27x: fix suspend callback
Francesco Ruggeri (1):
net: possible use after free in dst_release
Frederic Barrat (1):
cxl: Set endianess of kernel contexts
Gabriele Martino (1):
ALSA: hda/ca0132 - quirk for Alienware 17 2015
Geert Uytterhoeven (1):
FS-Cache: Add missing initialization of ret in cachefiles_write_page()
Grygorii Strashko (1):
gpio: omap: drop omap1 mpuio specific irq_mask/unmask callbacks
Guenter Roeck (1):
of/fdt: Add mutex protection for calls to __unflatten_device_tree()
Guillaume Delbergue (1):
irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB
Hanjun Guo (1):
ACPI / property: fix compile error for acpi_node_get_property_reference() when CONFIG_ACPI=n
Hannes Frederic Sowa (1):
net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration
Hannes Reinecke (1):
block: Always check queue limits for cloned requests
Hans Yang (1):
usb: core : hub: Fix BOS 'NULL pointer' kernel panic
Hans de Goede (1):
i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs
Heiko Stuebner (1):
drm/rockchip: unset pgoff when mmap'ing gems
Helge Deller (2):
parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h
parisc: Fix syscall restarts
Helmut Klein (1):
ARM: dts: Kirkwood: Fix QNAP TS219 power-off
Hui Wang (3):
ALSA: hda - Fix headphone noise after Dell XPS 13 resume back from S3
ALSA: hda - Fixing speaker noise on the two latest thinkpad models
ALSA: hda - Add keycode map for alc input device
Ilya Dryomov (1):
block: detach bdev inode from its wb in __blkdev_put()
Imre Deak (1):
drm/i915: get runtime PM reference around GEM set_caching IOCTL
James Bottomley (2):
ses: Fix problems with simple enclosures
ses: fix additional element traversal bug
James Hogan (1):
MIPS: uaccess: Fix strlen_user with EVA
James Morse (1):
include/linux/mmdebug.h: should include linux/bug.h
Jan Engelhardt (1):
target: fix COMPARE_AND_WRITE non zero SGL offset data corruption
Jan Kara (4):
vfs: Make sendfile(2) killable even better
vfs: Avoid softlockups with sendfile(2)
direct-io: Fix negative return from dio read beyond eof
jbd2: Fix unreclaimed pages after truncate in data=journal mode
Jan Stancek (1):
ipmi: move timer init to before irq is setup
Jani Nikula (1):
drm/i915: quirk backlight present on Macbook 4, 1
Jason A. Donenfeld (1):
crypto: skcipher - Copy iv from desc even for 0-len walks
Jay Cornwall (1):
drm/amdgpu: Fix default page access routing
Jeff Layton (1):
nfs4: resend LAYOUTGET when there is a race that changes the seqid
Jens Axboe (1):
blk-mq: fix calling unplug callbacks with preempt disabled
Joe Thornber (4):
dm thin metadata: fix bug in dm_thin_remove_range()
dm thin metadata: fix bug when taking a metadata snapshot
dm space map metadata: fix ref counting bug when bootstrapping a new space map
dm btree: fix bufio buffer leaks in dm_btree_del() error path
Johan Hedberg (1):
Bluetooth: Fix l2cap_chan leak in SMP
Johan Hovold (1):
spi: fix parent-device reference leak
Johannes Berg (3):
mac80211: mesh: fix call_rcu() usage
mac80211: fix off-channel mgmt-tx uninitialized variable usage
rfkill: copy the name into the rfkill struct
John Fastabend (1):
net: sched: fix missing free per cpu on qstats
John Keeping (1):
ASoC: es8328: Fix deemphasis values
Jonas Jonsson (2):
USB: cdc_acm: Ignore Infineon Flash Loader utility
USB: serial: Another Infineon flash loader USB ID
Joseph Qi (1):
ocfs2: fix BUG when calculate new backup super
Julia Lawall (1):
iio: adc: spmi-vadc: add missing of_node_put
Junxiao Bi (2):
jbd2: fix null committed data return in undo_access
ocfs2: fix SGID not inherited issue
Kailang (1):
ALSA: hda - Add mic mute hotkey quirk for Lenovo ThinkCentre AIO
Kamal Mostafa (1):
tools: Add a "make all" rule
Kees Cook (1):
mac: validate mac_partition is within sector
Ken Xue (3):
SCSI: Fix NULL pointer dereference in runtime PM
Revert "SCSI: Fix NULL pointer dereference in runtime PM"
i2c: designware: reverts "i2c: designware: Add support for AMD I2C controller"
Kirill A. Shutemov (1):
vgaarb: fix signal handling in vga_get()
Konrad Rzeszutek Wilk (6):
xen/pciback: Save xen_pci_op commands before processing it
xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
xen/pciback: Do not install an IRQ handler for MSI interrupts.
xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
Konstantin Shkolnyy (1):
USB: cp210x: Remove CP2110 ID from compatibility list
Krzysztof Hałasa (1):
ARM: dts: imx6: Fix Ethernet PHY mode on Ventana boards
Kuninori Morimoto (1):
ASoC: rsnd: fixup SCU_SYS_INT_EN1 address
Larry Finger (1):
rtlwifi: rtl8821ae: Fix lockups on boot
Lars-Peter Clausen (2):
iio: ad5064: Fix ad5629/ad5669 shift
iio:ad7793: Fix ad7785 product ID
Li Jun (1):
usb: chipidea: debug: disable usb irq while role switch
Linus Walleij (1):
ARM: versatile: fix MMC/SD interrupt assignment
Lorenzo Pieralisi (1):
arm64: kernel: pause/unpause function graph tracer in cpu_suspend()
Luca Coelho (1):
iwlwifi: mvm: don't overwrite the key indices in D3 entry
Luca Porzio (1):
mmc: remove bondage between REQ_META and reliable write
Ludovic Desroches (1):
dmaengine: at_xdmac: fix macro typo
Mans Rullgard (1):
ASoC: wm8974: set cache type for regmap
Marc Zyngier (1):
arm64: KVM: Fix AArch32 to AArch64 register mapping
Marc-André Lureau (1):
virtio-gpu: use no-merge for fill-modes
Marcelo Ricardo Leitner (1):
sctp: convert sack_needed and sack_generation to bits
Marcin Wojtas (6):
net: mvneta: fix bit assignment in MVNETA_RXQ_CONFIG_REG
net: mvneta: fix bit assignment for RX packet irq enable
net: mvneta: add configuration for MBUS windows access protection
net: mvpp2: fix missing DMA region unmap in egress processing
net: mvpp2: fix buffers' DMA handling on RX path
net: mvpp2: fix refilling BM pools in RX path
Mario Kleiner (1):
ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
Martin Peres (1):
drm/nouveau/bios/fan: hardcode the fan mode to linear
Masahiro Yamada (1):
serial: 8250_uniphier: fix dl_read and dl_write functions
Mathias Krause (1):
PCI: Prevent out of bounds access in numa_node override
Mathias Nyman (2):
xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices
xhci: fix usb2 resume timing and races.
Mauro Carvalho Chehab (1):
[media] Revert "[media] ivtv: avoid going past input/audio array"
Michael Hennerich (1):
iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
Michael Holzheu (1):
s390/dis: Fix handling of format specifiers
Michael Neuling (2):
powerpc/tm: Block signal return setting invalid MSR state
powerpc/tm: Check for already reclaimed tasks
Michael S. Tsirkin (1):
vhost: relax log address alignment
Michal Hocko (2):
mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress
vmstat: allocate vmstat_wq before it is used
Michel Dänzer (1):
drm/radeon: Disable uncacheable CPU mappings of GTT with RV6xx
Mika Westerberg (1):
xhci: Fix memory leak in xhci_pme_acpi_rtd3_enable()
Mike Snitzer (3):
dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition
dm thin: fix regression in advertised discard limits
dm btree: fix leak of bufio-backed block in btree_split_sibling error path
Miklos Szeredi (2):
ovl: fix permission checking for setattr
cuse: fix memory leak
Mikulas Patocka (3):
dm crypt: fix a possible hang due to race condition on exit
sata_sil: disable trim
parisc iommu: fix panic due to trying to allocate too large region
Naoya Horiguchi (2):
mm: hugetlb: fix hugepage memory leak caused by wrong reserve count
mm: hugetlb: call huge_pte_alloc() only if ptep is null
NeilBrown (2):
md: remove check for MD_RECOVERY_NEEDED in action_store.
async_tx: use GFP_NOWAIT rather than GFP_IO
Nicholas Bellinger (2):
iscsi-target: Fix rx_login_comp hang after login failure
target: Fix race for SCF_COMPARE_AND_WRITE_POST checking
Nicolas Pitre (2):
ARM: dove: Fix legacy get_irqnr_and_base
ARM: orion5x: Fix legacy get_irqnr_and_base
Nikesh Oswal (1):
ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
Nikolay Borisov (1):
netfilter: nfnetlink_queue: Unregister pernet subsys in case of init failure
Noa Osherovich (1):
net/mlx4_core: Avoid returning success in case of an error flow
OGAWA Hirofumi (1):
fat: fix fake_offset handling on error path
Oded Gabbay (3):
radeon/cik: Fix GFX IB test on Big-Endian
radeon: Fix VCE ring test for Big-Endian systems
radeon: Fix VCE IB test on Big-Endian systems
Paolo Bonzini (3):
KVM: MTRR: observe maxphyaddr from guest CPUID, not host
KVM: MTRR: treat memory as writeback if MTRR is disabled in guest CPUID
kvm: x86: only channel 0 of the i8254 is linked to the HPET
Paul Burton (1):
MIPS: CPS: drop .set mips64r2 directives
Paul Mackerras (1):
KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
Peter Hurley (3):
wan/x25: Fix use-after-free in x25_asy_open_tty()
n_tty: Fix poll() after buffer-limited eof push read
tty: Fix GPF in flush_to_ldisc()
Peter Robinson (1):
watchdog: omap_wdt: fix null pointer dereference
Peter Ujfalusi (2):
ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx
dmaengine: bcm2835-dma: Convert to use DMA pool
Peter Zijlstra (3):
sched/wait: Fix signal handling in bit wait helpers
perf: Fix PERF_EVENT_IOC_PERIOD deadlock
sched/wait: Fix the signal handling fix
Prarit Bhargava (1):
powercap / RAPL: fix BIOS lock check
Qiu Peiyang (1):
tracing: Fix setting of start_index in find_next()
Rabin Vincent (1):
net: filter: make JITs zero A for SKF_AD_ALU_XOR_X
Richard Weinberger (2):
kernel/signal.c: unexport sigsuspend()
um: Fix get_signal() usage
Roger Pau Monné (2):
xen-blkback: only read request operation from shared ring once
xen-blkback: read from indirect descriptors only once
Roman Gushchin (1):
fuse: break infinite loop in fuse_fill_write_pages()
Roman Volkov (1):
dts: vt8500: Add SDHC node to DTS file for WM8650
Ross Lagerwall (1):
xen/events/fifo: Consume unprocessed events when a CPU dies
Russell King (2):
drm: imx: convert to drm_crtc_send_vblank_event()
scripts: recordmcount: break hardlinks
Sabrina Dubroca (3):
ipvlan: fix leak in ipvlan_rcv_frame
ipvlan: fix use after free of skb
macvlan: fix leak in macvlan_handle_frame
Sachin Pandhare (1):
ASoC: wm8962: correct addresses for HPF_C_0/1
Sagi Grimberg (1):
IB/srp: Fix possible send queue overflow
Sanchayan Maity (1):
iio: adc: vf610_adc: Fix division by zero error
Sasha Levin (1):
sched/core: Remove false-positive warning from wake_up_process()
Sebastian Andrzej Siewior (1):
sched/core: Reset task's lockless wake-queues on fork()
Sebastian Siewior (2):
mtd: ubi: fixup error correction in do_sync_erase()
mtd: ubi: don't leak e if schedule_erase() fails
Sergei Shtylyov (1):
sh_eth: fix TX buffer byte-swapping
Seth Jennings (1):
drivers/base/memory.c: prohibit offlining of memory blocks with missing sections
Stefan Agner (1):
ARM: dts: vf610: use reset values for L2 cache latencies
Stefan Wahren (1):
pinctrl: bcm2835: Fix initial value for direction_output
Steven Rostedt (Red Hat) (3):
ring-buffer: Update read stamp with first real commit on page
ftrace/scripts: Have recordmcount copy the object file
ftrace/module: Call clean up function when module init fails early
Stewart Smith (1):
powerpc/powernv: pr_warn_once on unsupported OPAL_MSG type
Suman Anna (1):
virtio: fix memory leak of virtio ida cache layers
Tadeusz Struk (1):
crypto: qat - don't use userspace pointer
Takashi Iwai (10):
ALSA: hda - Fix noise on Dell Latitude E6440
ALSA: hda - Add fixup for Acer Aspire One Cloudbook 14
ALSA: hda - Apply HP headphone fixups more generically
ALSA: hda - Fix noise on Gigabyte Z170X mobo
drm/i915: Don't override output type for DDI HDMI
ALSA: rme96: Fix unexpected volume reset after rate changes
ALSA: hda - Fix noise problems on Thinkpad T440s
ALSA: hda - Apply click noise workaround for Thinkpads generically
ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads
ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd
Thomas Betker (1):
iio: adc: xilinx: Fix VREFN scale
Thomas Gleixner (1):
genirq: Prevent chip buslock deadlock
Thomas Hellstrom (2):
drm: Fix an unwanted master inheritance v2
drm/ttm: Fixed a read/write lock imbalance
Tilman Schmidt (1):
ser_gigaset: fix deallocation of platform device structure
Tobias Klauser (1):
net: phy: mdio-mux: Check return value of mdiobus_alloc()
Tony Lindgren (1):
ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption
Trond Myklebust (2):
NFSv4.1/pNFS: Don't request a minimal read layout beyond the end of file
SUNRPC: Fix callback channel
Ville Syrjälä (2):
drm/i915: Don't clobber the addfb2 ioctl params
drm: Don't overwrite UNVERFIED mode status to OK
Vineet Gupta (4):
ARC: dw2 unwind: Remove falllback linear search thru FDE entries
ARCv2: intc: Fix random perf irq disabling in SMP setup
ARC: dw2 unwind: Reinstante unwinding out of modules
ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing
Vladimir Zapolskiy (1):
iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
WANG Cong (1):
addrconf: always initialize sysctl table data
Wang Dongsheng (1):
video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented
Will Deacon (1):
ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers
Wolfram Sang (2):
i2c: rk3x: populate correct variable for sda_falling_time
i2c: rcar: disable runtime PM correctly in slave mode
Xiangliang Yu (2):
AHCI: Fix softreset failed issue of Port Multiplier
i2c: designware: fix IO timeout issue for AMD controller
Xiong Zhang (1):
ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
Xunlei Pang (1):
sched/core: Clear the root_domain cpumasks in init_rootdomain()
lucien (1):
sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING
^ permalink raw reply [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 001/305] tools: Add a "make all" rule
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
@ 2016-01-15 23:56 ` Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 002/305] vf610_adc: Fix internal temperature calculation Kamal Mostafa
` (303 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:56 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kamal Mostafa, Jiri Olsa, Jonathan Cameron, Pali Rohar,
Roberta Dobrescu, Arnaldo Carvalho de Melo
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Kamal Mostafa <kamal@canonical.com>
commit f6ba98c5dc78708cb7fd29950c4a50c4c7e88f95 upstream.
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Jonathan Cameron <jic23@kernel.org>
Cc: Pali Rohar <pali.rohar@gmail.com>
Cc: Roberta Dobrescu <roberta.dobrescu@gmail.com>
Link: http://lkml.kernel.org/r/1447280736-2161-2-git-send-email-kamal@canonical.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/Makefile | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tools/Makefile b/tools/Makefile
index d6f307d..681292b 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -32,6 +32,10 @@ help:
@echo ' from the kernel command line to build and install one of'
@echo ' the tools above'
@echo ''
+ @echo ' $$ make tools/all'
+ @echo ''
+ @echo ' builds all tools.'
+ @echo ''
@echo ' $$ make tools/install'
@echo ''
@echo ' installs all tools.'
@@ -77,6 +81,11 @@ tmon: FORCE
freefall: FORCE
$(call descend,laptop/$@)
+all: acpi cgroup cpupower hv firewire lguest \
+ perf selftests turbostat usb \
+ virtio vm net x86_energy_perf_policy \
+ tmon freefall
+
acpi_install:
$(call descend,power/$(@:_install=),install)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 002/305] vf610_adc: Fix internal temperature calculation
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 001/305] tools: Add a "make all" rule Kamal Mostafa
@ 2016-01-15 23:56 ` Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 003/305] iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock Kamal Mostafa
` (302 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:56 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bhuvanchandra DV, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
commit 6219f432ec037317a77c40910da12a626c34af1c upstream.
Calculate ADCR_VTEMP25 using VTEMP25 at VREFH_ADC 3V3. Existing
calculations consider the typical values provided in datasheet.
Those typical values are valid for VREFH_ADC at 3.0V. VTEMP25
is different for different VREFH_ADC voltages. With VREFH_ADC
at 3.3V, voltage at 25°C is 0.699V. Hence update the VTEMP25
to 0.699V which gives ADCR@Temp25 as 867.
Formula for finding ADCR@Temp25:
ADCR@Temp25 = (ADCR@Vdd * V@TEMP25 * 10) / VDDconv
ADCR@Vdd for 12-Bit ADC = 4095
VDDconv = VREFH_ADC * 10
VREFH_ADC@3.3V
ADCR@Temp25 = (4095 * .699 * 10) / 33
ADCR@Temp25 ~= 867
| VREFH_ADC | V@TEMP25 | VDDconv | ADCR@Temp25 |
| 3.0V | 0.696mV | 30 | 950 |
| 3.3V | 0.699mV | 33 | 867 |
Signed-off-by: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
Acked-by: Fugang Duan <B38611@freescale.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/adc/vf610_adc.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/iio/adc/vf610_adc.c b/drivers/iio/adc/vf610_adc.c
index 819632b..fe8cf11 100644
--- a/drivers/iio/adc/vf610_adc.c
+++ b/drivers/iio/adc/vf610_adc.c
@@ -98,6 +98,13 @@
#define VF610_ADC_CALF 0x2
#define VF610_ADC_TIMEOUT msecs_to_jiffies(100)
+/* V at 25°C of 696 mV */
+#define VF610_VTEMP25_3V0 950
+/* V at 25°C of 699 mV */
+#define VF610_VTEMP25_3V3 867
+/* Typical sensor slope coefficient at all temperatures */
+#define VF610_TEMP_SLOPE_COEFF 1840
+
enum clk_sel {
VF610_ADCIOC_BUSCLK_SET,
VF610_ADCIOC_ALTCLK_SET,
@@ -569,11 +576,13 @@ static int vf610_read_raw(struct iio_dev *indio_dev,
break;
case IIO_TEMP:
/*
- * Calculate in degree Celsius times 1000
- * Using sensor slope of 1.84 mV/°C and
- * V at 25°C of 696 mV
- */
- *val = 25000 - ((int)info->value - 864) * 1000000 / 1840;
+ * Calculate in degree Celsius times 1000
+ * Using the typical sensor slope of 1.84 mV/°C
+ * and VREFH_ADC at 3.3V, V at 25°C of 699 mV
+ */
+ *val = 25000 - ((int)info->value - VF610_VTEMP25_3V3) *
+ 1000000 / VF610_TEMP_SLOPE_COEFF;
+
break;
default:
mutex_unlock(&indio_dev->mlock);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 003/305] iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 001/305] tools: Add a "make all" rule Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 002/305] vf610_adc: Fix internal temperature calculation Kamal Mostafa
@ 2016-01-15 23:56 ` Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 004/305] iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success Kamal Mostafa
` (301 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:56 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Vladimir Zapolskiy, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Vladimir Zapolskiy <vz@mleia.com>
commit 01bb70ae0b98d266fa3e860482c7ce22fa482a6e upstream.
If common clock framework is configured, the driver generates a warning,
which is fixed by this change:
root@devkit3250:~# cat /sys/bus/iio/devices/iio\:device0/in_voltage0_raw
------------[ cut here ]------------
WARNING: CPU: 0 PID: 724 at drivers/clk/clk.c:727 clk_core_enable+0x2c/0xa4()
Modules linked in: sc16is7xx snd_soc_uda1380
CPU: 0 PID: 724 Comm: cat Not tainted 4.3.0-rc2+ #198
Hardware name: LPC32XX SoC (Flattened Device Tree)
Backtrace:
[<>] (dump_backtrace) from [<>] (show_stack+0x18/0x1c)
[<>] (show_stack) from [<>] (dump_stack+0x20/0x28)
[<>] (dump_stack) from [<>] (warn_slowpath_common+0x90/0xb8)
[<>] (warn_slowpath_common) from [<>] (warn_slowpath_null+0x24/0x2c)
[<>] (warn_slowpath_null) from [<>] (clk_core_enable+0x2c/0xa4)
[<>] (clk_core_enable) from [<>] (clk_enable+0x24/0x38)
[<>] (clk_enable) from [<>] (lpc32xx_read_raw+0x38/0x80)
[<>] (lpc32xx_read_raw) from [<>] (iio_read_channel_info+0x70/0x94)
[<>] (iio_read_channel_info) from [<>] (dev_attr_show+0x28/0x4c)
[<>] (dev_attr_show) from [<>] (sysfs_kf_seq_show+0x8c/0xf0)
[<>] (sysfs_kf_seq_show) from [<>] (kernfs_seq_show+0x2c/0x30)
[<>] (kernfs_seq_show) from [<>] (seq_read+0x1c8/0x440)
[<>] (seq_read) from [<>] (kernfs_fop_read+0x38/0x170)
[<>] (kernfs_fop_read) from [<>] (do_readv_writev+0x16c/0x238)
[<>] (do_readv_writev) from [<>] (vfs_readv+0x50/0x58)
[<>] (vfs_readv) from [<>] (default_file_splice_read+0x1a4/0x308)
[<>] (default_file_splice_read) from [<>] (do_splice_to+0x78/0x84)
[<>] (do_splice_to) from [<>] (splice_direct_to_actor+0xc8/0x1cc)
[<>] (splice_direct_to_actor) from [<>] (do_splice_direct+0xa0/0xb8)
[<>] (do_splice_direct) from [<>] (do_sendfile+0x1a8/0x30c)
[<>] (do_sendfile) from [<>] (SyS_sendfile64+0x104/0x10c)
[<>] (SyS_sendfile64) from [<>] (ret_fast_syscall+0x0/0x38)
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/staging/iio/adc/lpc32xx_adc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/iio/adc/lpc32xx_adc.c b/drivers/staging/iio/adc/lpc32xx_adc.c
index 5331c44..ef6d0b0 100644
--- a/drivers/staging/iio/adc/lpc32xx_adc.c
+++ b/drivers/staging/iio/adc/lpc32xx_adc.c
@@ -76,7 +76,7 @@ static int lpc32xx_read_raw(struct iio_dev *indio_dev,
if (mask == IIO_CHAN_INFO_RAW) {
mutex_lock(&indio_dev->mlock);
- clk_enable(info->clk);
+ clk_prepare_enable(info->clk);
/* Measurement setup */
__raw_writel(AD_INTERNAL | (chan->address) | AD_REFp | AD_REFm,
LPC32XX_ADC_SELECT(info->adc_base));
@@ -84,7 +84,7 @@ static int lpc32xx_read_raw(struct iio_dev *indio_dev,
__raw_writel(AD_PDN_CTRL | AD_STROBE,
LPC32XX_ADC_CTRL(info->adc_base));
wait_for_completion(&info->completion); /* set by ISR */
- clk_disable(info->clk);
+ clk_disable_unprepare(info->clk);
*val = info->value;
mutex_unlock(&indio_dev->mlock);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 004/305] iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (2 preceding siblings ...)
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 003/305] iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock Kamal Mostafa
@ 2016-01-15 23:56 ` Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 005/305] iio: ad5064: Fix ad5629/ad5669 shift Kamal Mostafa
` (300 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:56 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michael Hennerich, Lars-Peter Clausen, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Michael Hennerich <michael.hennerich@analog.com>
commit 03fe472ef33b7f31fbd11d300dbb3fdab9c00fd4 upstream.
i2c_master_send() returns the number of bytes transferred on success while
the ad5064 driver expects that the write() callback returns 0 on success.
Fix that by translating any non negative return value of i2c_master_send()
to 0.
Fixes: commit 6a17a0768f77 ("iio:dac:ad5064: Add support for the ad5629r and ad5669r")
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/dac/ad5064.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/dac/ad5064.c b/drivers/iio/dac/ad5064.c
index f03b92f..1b43069 100644
--- a/drivers/iio/dac/ad5064.c
+++ b/drivers/iio/dac/ad5064.c
@@ -598,10 +598,16 @@ static int ad5064_i2c_write(struct ad5064_state *st, unsigned int cmd,
unsigned int addr, unsigned int val)
{
struct i2c_client *i2c = to_i2c_client(st->dev);
+ int ret;
st->data.i2c[0] = (cmd << 4) | addr;
put_unaligned_be16(val, &st->data.i2c[1]);
- return i2c_master_send(i2c, st->data.i2c, 3);
+
+ ret = i2c_master_send(i2c, st->data.i2c, 3);
+ if (ret < 0)
+ return ret;
+
+ return 0;
}
static int ad5064_i2c_probe(struct i2c_client *i2c,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 005/305] iio: ad5064: Fix ad5629/ad5669 shift
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (3 preceding siblings ...)
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 004/305] iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success Kamal Mostafa
@ 2016-01-15 23:56 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 006/305] iio:ad7793: Fix ad7785 product ID Kamal Mostafa
` (299 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:56 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Lars-Peter Clausen, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 5dcbe97bedd6ba4b0f574a96cc2e293d26f3d857 upstream.
The ad5629/ad5669 are the I2C variant of the ad5628/ad5668, which has a SPI
interface. They are mostly identical with the exception that the shift
factor is different. Currently the driver does not take care of this
difference which leads to incorrect DAC output values.
Fix this by introducing a custom channel spec for the ad5629/ad5669 with
the correct shift factor.
Fixes: commit 6a17a0768f77 ("iio:dac:ad5064: Add support for the ad5629r and ad5669r")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/dac/ad5064.c | 83 +++++++++++++++++++++++++++++++++---------------
1 file changed, 57 insertions(+), 26 deletions(-)
diff --git a/drivers/iio/dac/ad5064.c b/drivers/iio/dac/ad5064.c
index 1b43069..aac16fe 100644
--- a/drivers/iio/dac/ad5064.c
+++ b/drivers/iio/dac/ad5064.c
@@ -113,12 +113,16 @@ enum ad5064_type {
ID_AD5065,
ID_AD5628_1,
ID_AD5628_2,
+ ID_AD5629_1,
+ ID_AD5629_2,
ID_AD5648_1,
ID_AD5648_2,
ID_AD5666_1,
ID_AD5666_2,
ID_AD5668_1,
ID_AD5668_2,
+ ID_AD5669_1,
+ ID_AD5669_2,
};
static int ad5064_write(struct ad5064_state *st, unsigned int cmd,
@@ -291,7 +295,7 @@ static const struct iio_chan_spec_ext_info ad5064_ext_info[] = {
{ },
};
-#define AD5064_CHANNEL(chan, addr, bits) { \
+#define AD5064_CHANNEL(chan, addr, bits, _shift) { \
.type = IIO_VOLTAGE, \
.indexed = 1, \
.output = 1, \
@@ -303,36 +307,39 @@ static const struct iio_chan_spec_ext_info ad5064_ext_info[] = {
.sign = 'u', \
.realbits = (bits), \
.storagebits = 16, \
- .shift = 20 - bits, \
+ .shift = (_shift), \
}, \
.ext_info = ad5064_ext_info, \
}
-#define DECLARE_AD5064_CHANNELS(name, bits) \
+#define DECLARE_AD5064_CHANNELS(name, bits, shift) \
const struct iio_chan_spec name[] = { \
- AD5064_CHANNEL(0, 0, bits), \
- AD5064_CHANNEL(1, 1, bits), \
- AD5064_CHANNEL(2, 2, bits), \
- AD5064_CHANNEL(3, 3, bits), \
- AD5064_CHANNEL(4, 4, bits), \
- AD5064_CHANNEL(5, 5, bits), \
- AD5064_CHANNEL(6, 6, bits), \
- AD5064_CHANNEL(7, 7, bits), \
+ AD5064_CHANNEL(0, 0, bits, shift), \
+ AD5064_CHANNEL(1, 1, bits, shift), \
+ AD5064_CHANNEL(2, 2, bits, shift), \
+ AD5064_CHANNEL(3, 3, bits, shift), \
+ AD5064_CHANNEL(4, 4, bits, shift), \
+ AD5064_CHANNEL(5, 5, bits, shift), \
+ AD5064_CHANNEL(6, 6, bits, shift), \
+ AD5064_CHANNEL(7, 7, bits, shift), \
}
-#define DECLARE_AD5065_CHANNELS(name, bits) \
+#define DECLARE_AD5065_CHANNELS(name, bits, shift) \
const struct iio_chan_spec name[] = { \
- AD5064_CHANNEL(0, 0, bits), \
- AD5064_CHANNEL(1, 3, bits), \
+ AD5064_CHANNEL(0, 0, bits, shift), \
+ AD5064_CHANNEL(1, 3, bits, shift), \
}
-static DECLARE_AD5064_CHANNELS(ad5024_channels, 12);
-static DECLARE_AD5064_CHANNELS(ad5044_channels, 14);
-static DECLARE_AD5064_CHANNELS(ad5064_channels, 16);
+static DECLARE_AD5064_CHANNELS(ad5024_channels, 12, 8);
+static DECLARE_AD5064_CHANNELS(ad5044_channels, 14, 6);
+static DECLARE_AD5064_CHANNELS(ad5064_channels, 16, 4);
-static DECLARE_AD5065_CHANNELS(ad5025_channels, 12);
-static DECLARE_AD5065_CHANNELS(ad5045_channels, 14);
-static DECLARE_AD5065_CHANNELS(ad5065_channels, 16);
+static DECLARE_AD5065_CHANNELS(ad5025_channels, 12, 8);
+static DECLARE_AD5065_CHANNELS(ad5045_channels, 14, 6);
+static DECLARE_AD5065_CHANNELS(ad5065_channels, 16, 4);
+
+static DECLARE_AD5064_CHANNELS(ad5629_channels, 12, 4);
+static DECLARE_AD5064_CHANNELS(ad5669_channels, 16, 0);
static const struct ad5064_chip_info ad5064_chip_info_tbl[] = {
[ID_AD5024] = {
@@ -382,6 +389,18 @@ static const struct ad5064_chip_info ad5064_chip_info_tbl[] = {
.channels = ad5024_channels,
.num_channels = 8,
},
+ [ID_AD5629_1] = {
+ .shared_vref = true,
+ .internal_vref = 2500000,
+ .channels = ad5629_channels,
+ .num_channels = 8,
+ },
+ [ID_AD5629_2] = {
+ .shared_vref = true,
+ .internal_vref = 5000000,
+ .channels = ad5629_channels,
+ .num_channels = 8,
+ },
[ID_AD5648_1] = {
.shared_vref = true,
.internal_vref = 2500000,
@@ -418,6 +437,18 @@ static const struct ad5064_chip_info ad5064_chip_info_tbl[] = {
.channels = ad5064_channels,
.num_channels = 8,
},
+ [ID_AD5669_1] = {
+ .shared_vref = true,
+ .internal_vref = 2500000,
+ .channels = ad5669_channels,
+ .num_channels = 8,
+ },
+ [ID_AD5669_2] = {
+ .shared_vref = true,
+ .internal_vref = 5000000,
+ .channels = ad5669_channels,
+ .num_channels = 8,
+ },
};
static inline unsigned int ad5064_num_vref(struct ad5064_state *st)
@@ -623,12 +654,12 @@ static int ad5064_i2c_remove(struct i2c_client *i2c)
}
static const struct i2c_device_id ad5064_i2c_ids[] = {
- {"ad5629-1", ID_AD5628_1},
- {"ad5629-2", ID_AD5628_2},
- {"ad5629-3", ID_AD5628_2}, /* similar enough to ad5629-2 */
- {"ad5669-1", ID_AD5668_1},
- {"ad5669-2", ID_AD5668_2},
- {"ad5669-3", ID_AD5668_2}, /* similar enough to ad5669-2 */
+ {"ad5629-1", ID_AD5629_1},
+ {"ad5629-2", ID_AD5629_2},
+ {"ad5629-3", ID_AD5629_2}, /* similar enough to ad5629-2 */
+ {"ad5669-1", ID_AD5669_1},
+ {"ad5669-2", ID_AD5669_2},
+ {"ad5669-3", ID_AD5669_2}, /* similar enough to ad5669-2 */
{}
};
MODULE_DEVICE_TABLE(i2c, ad5064_i2c_ids);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 006/305] iio:ad7793: Fix ad7785 product ID
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (4 preceding siblings ...)
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 005/305] iio: ad5064: Fix ad5629/ad5669 shift Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 007/305] iio: adc: vf610_adc: Fix division by zero error Kamal Mostafa
` (298 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Lars-Peter Clausen, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Lars-Peter Clausen <lars@metafoo.de>
commit 785171fd6cd7dcd7ada5a733b6a2d44ec566c3a0 upstream.
While the datasheet for the AD7785 lists 0xXB as the product ID the actual
product ID is 0xX3.
Fix the product ID otherwise the driver will reject the device due to non
matching IDs.
Fixes: e786cc26dcc5 ("staging:iio:ad7793: Implement stricter id checking")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/adc/ad7793.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/ad7793.c b/drivers/iio/adc/ad7793.c
index b84922a..710aee8 100644
--- a/drivers/iio/adc/ad7793.c
+++ b/drivers/iio/adc/ad7793.c
@@ -101,7 +101,7 @@
#define AD7795_CH_AIN1M_AIN1M 8 /* AIN1(-) - AIN1(-) */
/* ID Register Bit Designations (AD7793_REG_ID) */
-#define AD7785_ID 0xB
+#define AD7785_ID 0x3
#define AD7792_ID 0xA
#define AD7793_ID 0xB
#define AD7794_ID 0xF
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 007/305] iio: adc: vf610_adc: Fix division by zero error
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (5 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 006/305] iio:ad7793: Fix ad7785 product ID Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 008/305] mmc: mmc: Improve reliability of mmc_select_hs200() Kamal Mostafa
` (297 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sanchayan Maity, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sanchayan Maity <maitysanchayan@gmail.com>
commit 8546d2e5b15e454d2d492a1e9625732980e8eb26 upstream.
In case the fsl,adck-max-frequency property is not present in
the device tree, a division by zero error results during the
probe call on kernel boot (see below). This patch fixes it and
also restores device tree compatibility in case kernels are
booting with old device trees without this property specified.
[ 1.063229] Division by zero in kernel.
[ 1.067152] CPU: 0 PID: 1 Comm: swapper Not tainted
4.3.0-rc5-00212-gcc88cef #37
[ 1.074650] Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree)
[ 1.081135] Backtrace:
[ 1.083694] [<800134a4>] (dump_backtrace) from [<8001369c>]
(show_stack+0x18/0x1c)
[ 1.091340] r7:00000008 r6:8e0ae210 r5:00000000 r4:8e299800
[ 1.097146] [<80013684>] (show_stack) from [<80297b1c>]
(dump_stack+0x24/0x28)
[ 1.104483] [<80297af8>] (dump_stack) from [<80013608>]
(__div0+0x1c/0x20)
[ 1.111421] [<800135ec>] (__div0) from [<802968b4>] (Ldiv0+0x8/0x10)
[ 1.117865] [<80424350>] (vf610_adc_probe) from [<803153b4>]
(platform_drv_probe+0x4c/0xac)
[ 1.126311] r10:00000000 r9:8076a5ec r8:00000000 r7:fffffdfb
r6:807cc67c r5:8e0ae210
[ 1.134319] r4:807f6c54
[ 1.136915] [<80315368>] (platform_drv_probe) from [<803138bc>]
(driver_probe_device+0x20c/0x2f8)
[ 1.145882] r7:807cc67c r6:00000000 r5:8e0ae210 r4:807f6c54
[ 1.151657] [<803136b0>] (driver_probe_device) from [<80313a3c>]
(__driver_attach+0x94/0x98)
[ 1.160190] r9:8076a5ec r8:00000098 r7:00000000 r6:8e0ae244
r5:807cc67c r4:8e0ae210
[ 1.168112] [<803139a8>] (__driver_attach) from [<80311cb8>]
(bus_for_each_dev+0x70/0xa4)
[ 1.176383] r7:00000000 r6:803139a8 r5:807cc67c r4:00000000
[ 1.182159] [<80311c48>] (bus_for_each_dev) from [<80313318>]
(driver_attach+0x24/0x28)
[ 1.190260] r6:807bb568 r5:8e2a5b00 r4:807cc67c
[ 1.194996] [<803132f4>] (driver_attach) from [<80312f50>]
(bus_add_driver+0x1a4/0x21c)
[ 1.203113] [<80312dac>] (bus_add_driver) from [<803142a8>]
(driver_register+0x80/0x100)
[ 1.211275] r7:8e2a7dc0 r6:807a8160 r5:80789e14 r4:807cc67c
[ 1.217075] [<80314228>] (driver_register) from [<803152f8>]
(__platform_driver_register+0x5c/0x64)
[ 1.226216] r5:80789e14 r4:807a8160
[ 1.229877] [<8031529c>] (__platform_driver_register) from
[<80789e30>] (vf610_adc_driver_init+0x1c/0x20)
[ 1.239556] [<80789e14>] (vf610_adc_driver_init) from [<800095f8>]
(do_one_initcall+0x94/0x1dc)
[ 1.248365] [<80009564>] (do_one_initcall) from [<8076ae34>]
(kernel_init_freeable+0x13c/0x1e0)
[ 1.257155] r10:80794830 r9:8076a5ec r8:00000098 r7:807d5780
r6:807d5780 r5:00000006
[ 1.265153] r4:807a0ee8
[ 1.267753] [<8076acf8>] (kernel_init_freeable) from [<80590ef0>]
(kernel_init+0x18/0xf0)
[ 1.276021] r10:00000000 r9:00000000 r8:00000000 r7:00000000
r6:00000000 r5:80590ed8
[ 1.284015] r4:807d5780
[ 1.286615] [<80590ed8>] (kernel_init) from [<8000f878>]
(ret_from_fork+0x14/0x3c)
[ 1.294278] r5:80590ed8 r4:00000000
Signed-off-by: Sanchayan Maity <maitysanchayan@gmail.com>
Acked-by: Fugang Duan <B38611@freescale.com>
Acked-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/adc/vf610_adc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/adc/vf610_adc.c b/drivers/iio/adc/vf610_adc.c
index fe8cf11..c16b58f 100644
--- a/drivers/iio/adc/vf610_adc.c
+++ b/drivers/iio/adc/vf610_adc.c
@@ -180,6 +180,8 @@ static inline void vf610_adc_calculate_rates(struct vf610_adc *info)
adc_feature->clk_div = 8;
}
+ adck_rate = ipg_rate / adc_feature->clk_div;
+
/*
* Calculate ADC sample frequencies
* Sample time unit is ADCK cycles. ADCK clk source is ipg clock,
@@ -191,7 +193,6 @@ static inline void vf610_adc_calculate_rates(struct vf610_adc *info)
* BCT (Base Conversion Time): fixed to 25 ADCK cycles for 12 bit mode
* LSTAdder(Long Sample Time): fixed to 3 ADCK cycles
*/
- adck_rate = ipg_rate / info->adc_feature.clk_div;
for (i = 0; i < ARRAY_SIZE(vf610_hw_avgs); i++)
info->sample_freq_avail[i] =
adck_rate / (6 + vf610_hw_avgs[i] * (25 + 3));
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 008/305] mmc: mmc: Improve reliability of mmc_select_hs200()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (6 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 007/305] iio: adc: vf610_adc: Fix division by zero error Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 009/305] mmc: mmc: Fix HS setting in mmc_select_hs400() Kamal Mostafa
` (296 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Adrian Hunter, Ulf Hansson, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Adrian Hunter <adrian.hunter@intel.com>
commit 1815e61b1a7efe81017a883e817292daf7d2f922 upstream.
Currently mmc_select_hs200() uses __mmc_switch() which checks the
success of the switch to HS200 mode using CMD13 (SEND_STATUS).
The problem is that it does that using the timing settings of legacy
mode. That is prone to error, not least because the timing parameters
for legacy mode are tighter than the timing parameters for HS200 mode.
In the case when CMD13 polling is used (i.e. not MMC_CAP_WAIT_WHILE_BUSY)
with the switch command, it must be assumed that using different modes on
the card and host must work.
However in the case when CMD13 polling is not used
(i.e. MMC_CAP_WAIT_WHILE_BUSY) mmc_select_hs200() can be made more
reliable by setting the host to the correct timing before sending CMD13.
This patch does that.
A complication is that the caller, mmc_select_timing(), will ignore a
switch error (indicated by -EBADMSG), assume the old mode is valid
and continue, so the old timing must be restored in that case.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mmc/core/mmc.c | 25 ++++++++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index f6cd995..3d4e7f7 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1219,6 +1219,8 @@ static void mmc_select_driver_type(struct mmc_card *card)
static int mmc_select_hs200(struct mmc_card *card)
{
struct mmc_host *host = card->host;
+ bool send_status = true;
+ unsigned int old_timing;
int err = -EINVAL;
u8 val;
@@ -1234,6 +1236,9 @@ static int mmc_select_hs200(struct mmc_card *card)
mmc_select_driver_type(card);
+ if (host->caps & MMC_CAP_WAIT_WHILE_BUSY)
+ send_status = false;
+
/*
* Set the bus width(4 or 8) with host's support and
* switch to HS200 mode if bus width is set successfully.
@@ -1245,11 +1250,25 @@ static int mmc_select_hs200(struct mmc_card *card)
err = __mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
EXT_CSD_HS_TIMING, val,
card->ext_csd.generic_cmd6_time,
- true, true, true);
- if (!err)
- mmc_set_timing(host, MMC_TIMING_MMC_HS200);
+ true, send_status, true);
+ if (err)
+ goto err;
+ old_timing = host->ios.timing;
+ mmc_set_timing(host, MMC_TIMING_MMC_HS200);
+ if (!send_status) {
+ err = mmc_switch_status(card);
+ /*
+ * mmc_select_timing() assumes timing has not changed if
+ * it is a switch error.
+ */
+ if (err == -EBADMSG)
+ mmc_set_timing(host, old_timing);
+ }
}
err:
+ if (err)
+ pr_err("%s: %s failed, error %d\n", mmc_hostname(card->host),
+ __func__, err);
return err;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 009/305] mmc: mmc: Fix HS setting in mmc_select_hs400()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (7 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 008/305] mmc: mmc: Improve reliability of mmc_select_hs200() Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 010/305] mmc: mmc: Move mmc_switch_status() Kamal Mostafa
` (295 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Adrian Hunter, Ulf Hansson, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Adrian Hunter <adrian.hunter@intel.com>
commit 51b12f7764fa8bb464cbd0f7bbd3a408d21ade16 upstream.
mmc_select_hs400() begins with the card and host in HS200 mode.
Therefore, any commands sent to the card should use HS200 timing.
It is incorrect to set the host to High Speed (HS) timing before
sending the switch command. Doing so is unreliable because
the timing parameters for HS mode are tighter than the timing
parameters for HS200 mode. Thus the HS timings should be set
only after the card has switched mode.
However, it is not unreasonable first to reduce the frequency to
the HS mode frequency, which should make the switch command and
subsequent CMD13 commands more reliable.
This patch does that.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mmc/core/mmc.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index 3d4e7f7..1eee87d 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1043,6 +1043,7 @@ static int mmc_select_hs_ddr(struct mmc_card *card)
static int mmc_select_hs400(struct mmc_card *card)
{
struct mmc_host *host = card->host;
+ unsigned int max_dtr;
int err = 0;
u8 val;
@@ -1053,13 +1054,11 @@ static int mmc_select_hs400(struct mmc_card *card)
host->ios.bus_width == MMC_BUS_WIDTH_8))
return 0;
- /*
- * Before switching to dual data rate operation for HS400,
- * it is required to convert from HS200 mode to HS mode.
- */
- mmc_set_timing(card->host, MMC_TIMING_MMC_HS);
- mmc_set_bus_speed(card);
+ /* Reduce frequency to HS frequency */
+ max_dtr = card->ext_csd.hs_max_dtr;
+ mmc_set_clock(host, max_dtr);
+ /* Switch card to HS mode */
val = EXT_CSD_TIMING_HS |
card->drive_strength << EXT_CSD_DRV_STR_SHIFT;
err = __mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
@@ -1072,6 +1071,9 @@ static int mmc_select_hs400(struct mmc_card *card)
return err;
}
+ /* Set host controller to HS timing */
+ mmc_set_timing(card->host, MMC_TIMING_MMC_HS);
+
err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
EXT_CSD_BUS_WIDTH,
EXT_CSD_DDR_BUS_WIDTH_8,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 010/305] mmc: mmc: Move mmc_switch_status()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (8 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 009/305] mmc: mmc: Fix HS setting in mmc_select_hs400() Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 011/305] mmc: mmc: Improve reliability of mmc_select_hs400() Kamal Mostafa
` (294 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Adrian Hunter, Ulf Hansson, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Adrian Hunter <adrian.hunter@intel.com>
commit 974007aaf240aa195b31c34cfdb013524a2dcfca upstream.
Move the mmc_switch_status() function in preparation for calling it
in mmc_select_hs400().
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mmc/core/mmc.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index 1eee87d..137b9de 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1040,6 +1040,19 @@ static int mmc_select_hs_ddr(struct mmc_card *card)
return err;
}
+/* Caller must hold re-tuning */
+static int mmc_switch_status(struct mmc_card *card)
+{
+ u32 status;
+ int err;
+
+ err = mmc_send_status(card, &status);
+ if (err)
+ return err;
+
+ return mmc_switch_status_error(card->host, status);
+}
+
static int mmc_select_hs400(struct mmc_card *card)
{
struct mmc_host *host = card->host;
@@ -1107,19 +1120,6 @@ int mmc_hs200_to_hs400(struct mmc_card *card)
return mmc_select_hs400(card);
}
-/* Caller must hold re-tuning */
-static int mmc_switch_status(struct mmc_card *card)
-{
- u32 status;
- int err;
-
- err = mmc_send_status(card, &status);
- if (err)
- return err;
-
- return mmc_switch_status_error(card->host, status);
-}
-
int mmc_hs400_to_hs200(struct mmc_card *card)
{
struct mmc_host *host = card->host;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 011/305] mmc: mmc: Improve reliability of mmc_select_hs400()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (9 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 010/305] mmc: mmc: Move mmc_switch_status() Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 012/305] crypto: qat - don't use userspace pointer Kamal Mostafa
` (293 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Adrian Hunter, Ulf Hansson, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Adrian Hunter <adrian.hunter@intel.com>
commit d23029332c3d51fb5ac117ba5cde4dc0a3ec3fa6 upstream.
mmc_select_hs400() calls __mmc_switch() which checks the switch is
successful using CMD13 (SEND_STATUS). The problem is that it does that
using the timing settings of the previous mode. That is prone to error,
especially when switching from HS to HS400 because the timing parameters
for HS mode are tighter than the timing parameters for HS400 mode.
In the case when CMD13 polling is used (i.e. not MMC_CAP_WAIT_WHILE_BUSY)
with the switch command, it must be assumed that using different modes on
the card and host must work.
However in the case when CMD13 polling is not used
(i.e. MMC_CAP_WAIT_WHILE_BUSY) mmc_select_hs400() can be made more
reliable by setting the host to the correct timing before sending CMD13.
This patch does that.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mmc/core/mmc.c | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index 137b9de..748eddf 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1056,6 +1056,7 @@ static int mmc_switch_status(struct mmc_card *card)
static int mmc_select_hs400(struct mmc_card *card)
{
struct mmc_host *host = card->host;
+ bool send_status = true;
unsigned int max_dtr;
int err = 0;
u8 val;
@@ -1067,6 +1068,9 @@ static int mmc_select_hs400(struct mmc_card *card)
host->ios.bus_width == MMC_BUS_WIDTH_8))
return 0;
+ if (host->caps & MMC_CAP_WAIT_WHILE_BUSY)
+ send_status = false;
+
/* Reduce frequency to HS frequency */
max_dtr = card->ext_csd.hs_max_dtr;
mmc_set_clock(host, max_dtr);
@@ -1077,7 +1081,7 @@ static int mmc_select_hs400(struct mmc_card *card)
err = __mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
EXT_CSD_HS_TIMING, val,
card->ext_csd.generic_cmd6_time,
- true, true, true);
+ true, send_status, true);
if (err) {
pr_err("%s: switch to high-speed from hs200 failed, err:%d\n",
mmc_hostname(host), err);
@@ -1087,6 +1091,13 @@ static int mmc_select_hs400(struct mmc_card *card)
/* Set host controller to HS timing */
mmc_set_timing(card->host, MMC_TIMING_MMC_HS);
+ if (!send_status) {
+ err = mmc_switch_status(card);
+ if (err)
+ goto out_err;
+ }
+
+ /* Switch card to DDR */
err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
EXT_CSD_BUS_WIDTH,
EXT_CSD_DDR_BUS_WIDTH_8,
@@ -1097,22 +1108,35 @@ static int mmc_select_hs400(struct mmc_card *card)
return err;
}
+ /* Switch card to HS400 */
val = EXT_CSD_TIMING_HS400 |
card->drive_strength << EXT_CSD_DRV_STR_SHIFT;
err = __mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
EXT_CSD_HS_TIMING, val,
card->ext_csd.generic_cmd6_time,
- true, true, true);
+ true, send_status, true);
if (err) {
pr_err("%s: switch to hs400 failed, err:%d\n",
mmc_hostname(host), err);
return err;
}
+ /* Set host controller to HS400 timing and frequency */
mmc_set_timing(host, MMC_TIMING_MMC_HS400);
mmc_set_bus_speed(card);
+ if (!send_status) {
+ err = mmc_switch_status(card);
+ if (err)
+ goto out_err;
+ }
+
return 0;
+
+out_err:
+ pr_err("%s: %s failed, error %d\n", mmc_hostname(card->host),
+ __func__, err);
+ return err;
}
int mmc_hs200_to_hs400(struct mmc_card *card)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 012/305] crypto: qat - don't use userspace pointer
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (10 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 011/305] mmc: mmc: Improve reliability of mmc_select_hs400() Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 013/305] iio: si7020: Swap data byte order Kamal Mostafa
` (292 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tadeusz Struk, Herbert Xu, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Tadeusz Struk <tadeusz.struk@intel.com>
commit 176155dac13f528e0a58c14dc322623219365d91 upstream.
Bugfix - don't dereference userspace pointer.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
index e056b9e..0f1d10c 100644
--- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c
+++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
@@ -198,7 +198,7 @@ static int adf_copy_key_value_data(struct adf_accel_dev *accel_dev,
goto out_err;
}
- params_head = section_head->params;
+ params_head = section.params;
while (params_head) {
if (copy_from_user(&key_val, (void __user *)params_head,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 013/305] iio: si7020: Swap data byte order
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (11 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 012/305] crypto: qat - don't use userspace pointer Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 014/305] iio: adc: xilinx: Fix VREFN scale Kamal Mostafa
` (291 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chris Lesiak, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Chris Lesiak <chris.lesiak@licor.com>
commit 0d2f6fd3ffd5e7a447233a57112246bc00064752 upstream.
The Silicon Labs Si7013, Si7020, and Si7021 family of I2C humidity and
temperature sensors deliver 16 bit data high byte first.
See the datasheet available at:
https://www.silabs.com/Support%20Documents%2fTechnicalDocs%2fSi7020-A20.pdf
But as documented in Documentation/i2c/smbus-protocol,
i2c_smbus_read_word_data() expects the low byte first.
Change the driver to use i2c_smbus_read_word_swapped to get correct byte
order.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/humidity/si7020.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/humidity/si7020.c b/drivers/iio/humidity/si7020.c
index fa3b809..1b6935d 100644
--- a/drivers/iio/humidity/si7020.c
+++ b/drivers/iio/humidity/si7020.c
@@ -50,10 +50,10 @@ static int si7020_read_raw(struct iio_dev *indio_dev,
switch (mask) {
case IIO_CHAN_INFO_RAW:
- ret = i2c_smbus_read_word_data(*client,
- chan->type == IIO_TEMP ?
- SI7020CMD_TEMP_HOLD :
- SI7020CMD_RH_HOLD);
+ ret = i2c_smbus_read_word_swapped(*client,
+ chan->type == IIO_TEMP ?
+ SI7020CMD_TEMP_HOLD :
+ SI7020CMD_RH_HOLD);
if (ret < 0)
return ret;
*val = ret >> 2;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 014/305] iio: adc: xilinx: Fix VREFN scale
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (12 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 013/305] iio: si7020: Swap data byte order Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 015/305] ipmi: Start the timer and thread on internal msgs Kamal Mostafa
` (290 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Thomas Betker, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Thomas Betker <thomas.betker@rohde-schwarz.com>
commit a57f8dac46fbac5ab0e31aef1a98b3f6eb30c079 upstream.
The scaling factor for VREFN is 3.0/4096 (not 1.0/4096), just as for
VREFP. This is not immediately obvious from the specification (Xilinx
UG480), but has been confirmed by Xilinx support.
Suggested-by: Hartmut Knaack <knaack.h@gmx.de>
Signed-off-by: Thomas Betker <thomas.betker@rohde-schwarz.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/adc/xilinx-xadc-core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/iio/adc/xilinx-xadc-core.c b/drivers/iio/adc/xilinx-xadc-core.c
index ce93bd8..95c0b3d 100644
--- a/drivers/iio/adc/xilinx-xadc-core.c
+++ b/drivers/iio/adc/xilinx-xadc-core.c
@@ -857,6 +857,7 @@ static int xadc_read_raw(struct iio_dev *indio_dev,
case XADC_REG_VCCINT:
case XADC_REG_VCCAUX:
case XADC_REG_VREFP:
+ case XADC_REG_VREFN:
case XADC_REG_VCCBRAM:
case XADC_REG_VCCPINT:
case XADC_REG_VCCPAUX:
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 015/305] ipmi: Start the timer and thread on internal msgs
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (13 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 014/305] iio: adc: xilinx: Fix VREFN scale Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 016/305] drm/i915: quirk backlight present on Macbook 4, 1 Kamal Mostafa
` (289 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Corey Minyard, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Corey Minyard <cminyard@mvista.com>
commit 0cfec916e86d881e209de4b4ae9959a6271e6660 upstream.
The timer and thread were not being started for internal messages,
so in interrupt mode if something hung the timer would never go
off and clean things up. Factor out the internal message sending
and start the timer for those messages, too.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Tested-by: Gouji, Masayuki <gouji.masayuki@jp.fujitsu.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/ipmi/ipmi_si_intf.c | 73 ++++++++++++++++++++++++----------------
1 file changed, 44 insertions(+), 29 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
index 8a45e92..88a7bdd 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -404,18 +404,42 @@ static enum si_sm_result start_next_msg(struct smi_info *smi_info)
return rv;
}
-static void start_check_enables(struct smi_info *smi_info)
+static void smi_mod_timer(struct smi_info *smi_info, unsigned long new_val)
+{
+ smi_info->last_timeout_jiffies = jiffies;
+ mod_timer(&smi_info->si_timer, new_val);
+ smi_info->timer_running = true;
+}
+
+/*
+ * Start a new message and (re)start the timer and thread.
+ */
+static void start_new_msg(struct smi_info *smi_info, unsigned char *msg,
+ unsigned int size)
+{
+ smi_mod_timer(smi_info, jiffies + SI_TIMEOUT_JIFFIES);
+
+ if (smi_info->thread)
+ wake_up_process(smi_info->thread);
+
+ smi_info->handlers->start_transaction(smi_info->si_sm, msg, size);
+}
+
+static void start_check_enables(struct smi_info *smi_info, bool start_timer)
{
unsigned char msg[2];
msg[0] = (IPMI_NETFN_APP_REQUEST << 2);
msg[1] = IPMI_GET_BMC_GLOBAL_ENABLES_CMD;
- smi_info->handlers->start_transaction(smi_info->si_sm, msg, 2);
+ if (start_timer)
+ start_new_msg(smi_info, msg, 2);
+ else
+ smi_info->handlers->start_transaction(smi_info->si_sm, msg, 2);
smi_info->si_state = SI_CHECKING_ENABLES;
}
-static void start_clear_flags(struct smi_info *smi_info)
+static void start_clear_flags(struct smi_info *smi_info, bool start_timer)
{
unsigned char msg[3];
@@ -424,7 +448,10 @@ static void start_clear_flags(struct smi_info *smi_info)
msg[1] = IPMI_CLEAR_MSG_FLAGS_CMD;
msg[2] = WDT_PRE_TIMEOUT_INT;
- smi_info->handlers->start_transaction(smi_info->si_sm, msg, 3);
+ if (start_timer)
+ start_new_msg(smi_info, msg, 3);
+ else
+ smi_info->handlers->start_transaction(smi_info->si_sm, msg, 3);
smi_info->si_state = SI_CLEARING_FLAGS;
}
@@ -434,10 +461,8 @@ static void start_getting_msg_queue(struct smi_info *smi_info)
smi_info->curr_msg->data[1] = IPMI_GET_MSG_CMD;
smi_info->curr_msg->data_size = 2;
- smi_info->handlers->start_transaction(
- smi_info->si_sm,
- smi_info->curr_msg->data,
- smi_info->curr_msg->data_size);
+ start_new_msg(smi_info, smi_info->curr_msg->data,
+ smi_info->curr_msg->data_size);
smi_info->si_state = SI_GETTING_MESSAGES;
}
@@ -447,20 +472,11 @@ static void start_getting_events(struct smi_info *smi_info)
smi_info->curr_msg->data[1] = IPMI_READ_EVENT_MSG_BUFFER_CMD;
smi_info->curr_msg->data_size = 2;
- smi_info->handlers->start_transaction(
- smi_info->si_sm,
- smi_info->curr_msg->data,
- smi_info->curr_msg->data_size);
+ start_new_msg(smi_info, smi_info->curr_msg->data,
+ smi_info->curr_msg->data_size);
smi_info->si_state = SI_GETTING_EVENTS;
}
-static void smi_mod_timer(struct smi_info *smi_info, unsigned long new_val)
-{
- smi_info->last_timeout_jiffies = jiffies;
- mod_timer(&smi_info->si_timer, new_val);
- smi_info->timer_running = true;
-}
-
/*
* When we have a situtaion where we run out of memory and cannot
* allocate messages, we just leave them in the BMC and run the system
@@ -470,11 +486,11 @@ static void smi_mod_timer(struct smi_info *smi_info, unsigned long new_val)
* Note that we cannot just use disable_irq(), since the interrupt may
* be shared.
*/
-static inline bool disable_si_irq(struct smi_info *smi_info)
+static inline bool disable_si_irq(struct smi_info *smi_info, bool start_timer)
{
if ((smi_info->irq) && (!smi_info->interrupt_disabled)) {
smi_info->interrupt_disabled = true;
- start_check_enables(smi_info);
+ start_check_enables(smi_info, start_timer);
return true;
}
return false;
@@ -484,7 +500,7 @@ static inline bool enable_si_irq(struct smi_info *smi_info)
{
if ((smi_info->irq) && (smi_info->interrupt_disabled)) {
smi_info->interrupt_disabled = false;
- start_check_enables(smi_info);
+ start_check_enables(smi_info, true);
return true;
}
return false;
@@ -502,7 +518,7 @@ static struct ipmi_smi_msg *alloc_msg_handle_irq(struct smi_info *smi_info)
msg = ipmi_alloc_smi_msg();
if (!msg) {
- if (!disable_si_irq(smi_info))
+ if (!disable_si_irq(smi_info, true))
smi_info->si_state = SI_NORMAL;
} else if (enable_si_irq(smi_info)) {
ipmi_free_smi_msg(msg);
@@ -518,7 +534,7 @@ static void handle_flags(struct smi_info *smi_info)
/* Watchdog pre-timeout */
smi_inc_stat(smi_info, watchdog_pretimeouts);
- start_clear_flags(smi_info);
+ start_clear_flags(smi_info, true);
smi_info->msg_flags &= ~WDT_PRE_TIMEOUT_INT;
if (smi_info->intf)
ipmi_smi_watchdog_pretimeout(smi_info->intf);
@@ -870,8 +886,7 @@ static enum si_sm_result smi_event_handler(struct smi_info *smi_info,
msg[0] = (IPMI_NETFN_APP_REQUEST << 2);
msg[1] = IPMI_GET_MSG_FLAGS_CMD;
- smi_info->handlers->start_transaction(
- smi_info->si_sm, msg, 2);
+ start_new_msg(smi_info, msg, 2);
smi_info->si_state = SI_GETTING_FLAGS;
goto restart;
}
@@ -901,7 +916,7 @@ static enum si_sm_result smi_event_handler(struct smi_info *smi_info,
* disable and messages disabled.
*/
if (smi_info->supports_event_msg_buff || smi_info->irq) {
- start_check_enables(smi_info);
+ start_check_enables(smi_info, true);
} else {
smi_info->curr_msg = alloc_msg_handle_irq(smi_info);
if (!smi_info->curr_msg)
@@ -3515,7 +3530,7 @@ static int try_smi_init(struct smi_info *new_smi)
* Start clearing the flags before we enable interrupts or the
* timer to avoid racing with the timer.
*/
- start_clear_flags(new_smi);
+ start_clear_flags(new_smi, false);
/*
* IRQ is defined to be set when non-zero. req_events will
@@ -3817,7 +3832,7 @@ static void cleanup_one_si(struct smi_info *to_clean)
poll(to_clean);
schedule_timeout_uninterruptible(1);
}
- disable_si_irq(to_clean);
+ disable_si_irq(to_clean, false);
while (to_clean->curr_msg || (to_clean->si_state != SI_NORMAL)) {
poll(to_clean);
schedule_timeout_uninterruptible(1);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 016/305] drm/i915: quirk backlight present on Macbook 4, 1
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (14 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 015/305] ipmi: Start the timer and thread on internal msgs Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 017/305] drm/i915: get runtime PM reference around GEM set_caching IOCTL Kamal Mostafa
` (288 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jani Nikula <jani.nikula@intel.com>
commit 1b9448b071caa7d10bb2569fabe3020a2c25ae59 upstream.
Unsurprisingly macbooks have backlights, just the VBT doesn't seem to
know it in this case.
Reported-and-tested-by: Daniel Nicoletti <dantti12@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=88325
Fixes: c675949ec58c ("drm/i915: do not setup backlight if not available according to VBT")
Reviewed-by: Ander Conselvan de Oliveira <conselvan2@gmail.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1446716999-1796-1-git-send-email-jani.nikula@intel.com
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/intel_display.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 8a6da7f..375ded3 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -14584,6 +14584,9 @@ static struct intel_quirk intel_quirks[] = {
/* Apple Macbook 2,1 (Core 2 T7400) */
{ 0x27a2, 0x8086, 0x7270, quirk_backlight_present },
+ /* Apple Macbook 4,1 */
+ { 0x2a02, 0x106b, 0x00a1, quirk_backlight_present },
+
/* Toshiba CB35 Chromebook (Celeron 2955U) */
{ 0x0a06, 0x1179, 0x0a88, quirk_backlight_present },
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 017/305] drm/i915: get runtime PM reference around GEM set_caching IOCTL
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (15 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 016/305] drm/i915: quirk backlight present on Macbook 4, 1 Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 018/305] drm/radeon: Disable uncacheable CPU mappings of GTT with RV6xx Kamal Mostafa
` (287 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Imre Deak, Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Imre Deak <imre.deak@intel.com>
commit fd0fe6acf1dd88aabfbf383f7e4c16315387a7b7 upstream.
After Damien's D3 fix I started to get runtime suspend residency for the
first time and that revealed a breakage on the set_caching IOCTL path
that accesses the HW but doesn't take an RPM ref. Fix this up.
Signed-off-by: Imre Deak <imre.deak@intel.com>
Reviewed-by: Paulo Zanoni <paulo.r.zanoni@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1446665132-22491-1-git-send-email-imre.deak@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/i915_gem.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index 52b446b..3a27978 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -4048,6 +4048,7 @@ int i915_gem_get_caching_ioctl(struct drm_device *dev, void *data,
int i915_gem_set_caching_ioctl(struct drm_device *dev, void *data,
struct drm_file *file)
{
+ struct drm_i915_private *dev_priv = dev->dev_private;
struct drm_i915_gem_caching *args = data;
struct drm_i915_gem_object *obj;
enum i915_cache_level level;
@@ -4067,9 +4068,11 @@ int i915_gem_set_caching_ioctl(struct drm_device *dev, void *data,
return -EINVAL;
}
+ intel_runtime_pm_get(dev_priv);
+
ret = i915_mutex_lock_interruptible(dev);
if (ret)
- return ret;
+ goto rpm_put;
obj = to_intel_bo(drm_gem_object_lookup(dev, file, args->handle));
if (&obj->base == NULL) {
@@ -4082,6 +4085,9 @@ int i915_gem_set_caching_ioctl(struct drm_device *dev, void *data,
drm_gem_object_unreference(&obj->base);
unlock:
mutex_unlock(&dev->struct_mutex);
+rpm_put:
+ intel_runtime_pm_put(dev_priv);
+
return ret;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 018/305] drm/radeon: Disable uncacheable CPU mappings of GTT with RV6xx
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (16 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 017/305] drm/i915: get runtime PM reference around GEM set_caching IOCTL Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 019/305] drm/radeon: unconditionally set sysfs_initialized Kamal Mostafa
` (286 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michel Dänzer, Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <michel.daenzer@amd.com>
commit 96ea47c0ec8c012509116bee8c57414281428fc4 upstream.
They reportedly cause random GPU hangs.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91268
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_object.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon_object.c b/drivers/gpu/drm/radeon/radeon_object.c
index 6763627..6e88c1b0 100644
--- a/drivers/gpu/drm/radeon/radeon_object.c
+++ b/drivers/gpu/drm/radeon/radeon_object.c
@@ -221,6 +221,12 @@ int radeon_bo_create(struct radeon_device *rdev,
if (!(rdev->flags & RADEON_IS_PCIE))
bo->flags &= ~(RADEON_GEM_GTT_WC | RADEON_GEM_GTT_UC);
+ /* Write-combined CPU mappings of GTT cause GPU hangs with RV6xx
+ * See https://bugs.freedesktop.org/show_bug.cgi?id=91268
+ */
+ if (rdev->family >= CHIP_RV610 && rdev->family <= CHIP_RV635)
+ bo->flags &= ~(RADEON_GEM_GTT_WC | RADEON_GEM_GTT_UC);
+
#ifdef CONFIG_X86_32
/* XXX: Write-combined CPU mappings of GTT seem broken on 32-bit
* See https://bugs.freedesktop.org/show_bug.cgi?id=84627
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 019/305] drm/radeon: unconditionally set sysfs_initialized
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (17 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 018/305] drm/radeon: Disable uncacheable CPU mappings of GTT with RV6xx Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 020/305] drm/amdgpu: Fix default page access routing Kamal Mostafa
` (285 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 24dd2f64c5a877392925202321c7c2c46c2b0ddf upstream.
Avoids spew on resume for systems where sysfs may
fail even on init.
bug:
https://bugzilla.kernel.org/show_bug.cgi?id=106851
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_pm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
index 9176432..6e012f0 100644
--- a/drivers/gpu/drm/radeon/radeon_pm.c
+++ b/drivers/gpu/drm/radeon/radeon_pm.c
@@ -1547,8 +1547,7 @@ int radeon_pm_late_init(struct radeon_device *rdev)
ret = device_create_file(rdev->dev, &dev_attr_power_method);
if (ret)
DRM_ERROR("failed to create device file for power method\n");
- if (!ret)
- rdev->pm.sysfs_initialized = true;
+ rdev->pm.sysfs_initialized = true;
}
mutex_lock(&rdev->pm.mutex);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 020/305] drm/amdgpu: Fix default page access routing
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (18 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 019/305] drm/radeon: unconditionally set sysfs_initialized Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 021/305] USB: qcserial: Fix support for HP lt4112 LTE/HSPA+ Gobi 4G Modem Kamal Mostafa
` (284 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jay Cornwall, Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jay Cornwall <jay@jcornwall.me>
commit a80b30476d240482d360a25a1b2e8c13036ed750 upstream.
The VM default page (used when a VM translation fails) is allocated in
system memory. The VM is misconfigured to interpret the physical address
as referencing a VRAM physical page.
Route default page accesses to system memory.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Jay Cornwall <jay@jcornwall.me>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 1 +
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
index ae37fce..2341c59 100644
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
@@ -474,6 +474,7 @@ static int gmc_v7_0_gart_enable(struct amdgpu_device *adev)
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, ENABLE_L2_PDE0_CACHE_LRU_UPDATE_BY_WRITE, 1);
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, EFFECTIVE_L2_QUEUE_SIZE, 7);
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, CONTEXT1_IDENTITY_ACCESS_MODE, 1);
+ tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, ENABLE_DEFAULT_PAGE_OUT_TO_SYSTEM_MEMORY, 1);
WREG32(mmVM_L2_CNTL, tmp);
tmp = REG_SET_FIELD(0, VM_L2_CNTL2, INVALIDATE_ALL_L1_TLBS, 1);
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL2, INVALIDATE_L2_CACHE, 1);
diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
index 8135963..ccdf8d1 100644
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
@@ -563,6 +563,7 @@ static int gmc_v8_0_gart_enable(struct amdgpu_device *adev)
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, ENABLE_L2_PDE0_CACHE_LRU_UPDATE_BY_WRITE, 1);
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, EFFECTIVE_L2_QUEUE_SIZE, 7);
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, CONTEXT1_IDENTITY_ACCESS_MODE, 1);
+ tmp = REG_SET_FIELD(tmp, VM_L2_CNTL, ENABLE_DEFAULT_PAGE_OUT_TO_SYSTEM_MEMORY, 1);
WREG32(mmVM_L2_CNTL, tmp);
tmp = RREG32(mmVM_L2_CNTL2);
tmp = REG_SET_FIELD(tmp, VM_L2_CNTL2, INVALIDATE_ALL_L1_TLBS, 1);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 021/305] USB: qcserial: Fix support for HP lt4112 LTE/HSPA+ Gobi 4G Modem
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (19 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 020/305] drm/amdgpu: Fix default page access routing Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 022/305] ext2, ext4: warn when mounting with dax enabled Kamal Mostafa
` (283 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bjørn Mork, Johan Hovold, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
commit 59536da34513c594af2a6fd35ba65ea45b6960a1 upstream.
The DEVICE_HWI type was added under the faulty assumption that Huawei
devices based on Qualcomm chipsets and firmware use the static USB
interface numbering known from Gobi devices. But this model does
not apply to Huawei devices like the HP branded lt4112 (Huawei me906e).
Huawei firmwares will dynamically assign interface numbers. Functions
are renumbered when the firmware is reconfigured.
Fix by changing the DEVICE_HWI type to use a simplified version
of Huawei's subclass + protocol scheme: Blacklisting known network
interface combinations and assuming the rest are serial.
Reported-and-tested-by: Muri Nicanor <muri+libqmi@immerda.ch>
Tested-by: Martin Hauke <mardnh@gmx.de>
Fixes: e7181d005e84 ("USB: qcserial: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/serial/qcserial.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c
index 514fa91..293b27a 100644
--- a/drivers/usb/serial/qcserial.c
+++ b/drivers/usb/serial/qcserial.c
@@ -216,6 +216,10 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id)
if (intf->desc.bInterfaceClass != USB_CLASS_VENDOR_SPEC)
goto done;
+ /* we only support vendor specific functions */
+ if (intf->desc.bInterfaceClass != USB_CLASS_VENDOR_SPEC)
+ goto done;
+
nintf = serial->dev->actconfig->desc.bNumInterfaces;
dev_dbg(dev, "Num Interfaces = %d\n", nintf);
ifnum = intf->desc.bInterfaceNumber;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 022/305] ext2, ext4: warn when mounting with dax enabled
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (20 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 021/305] USB: qcserial: Fix support for HP lt4112 LTE/HSPA+ Gobi 4G Modem Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 023/305] arm64: mm: use correct mapping granularity under DEBUG_RODATA Kamal Mostafa
` (282 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Theodore Ts'o, Matthew Wilcox, linux-ext4,
Kirill A. Shutemov, Dan Williams, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dan Williams <dan.j.williams@intel.com>
commit ef83b6e8f40bb24b92ad73b5889732346e54a793 upstream.
Similar to XFS warn when mounting DAX while it is still considered under
development. Also, aspects of the DAX implementation, for example
synchronization against multiple faults and faults causing block
allocation, depend on the correct implementation in the filesystem. The
maturity of a given DAX implementation is filesystem specific.
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: linux-ext4@vger.kernel.org
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-by: Dave Chinner <david@fromorbit.com>
Acked-by: Jan Kara <jack@suse.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext2/super.c | 2 ++
fs/ext4/super.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index 900e19c..2597b06 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -566,6 +566,8 @@ static int parse_options(char *options, struct super_block *sb)
/* Fall through */
case Opt_dax:
#ifdef CONFIG_FS_DAX
+ ext2_msg(sb, KERN_WARNING,
+ "DAX enabled. Warning: EXPERIMENTAL, use at your own risk");
set_opt(sbi->s_mount_opt, DAX);
#else
ext2_msg(sb, KERN_INFO, "dax option not supported");
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index bc24d1b..b22d844 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1667,8 +1667,12 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
}
sbi->s_jquota_fmt = m->mount_opt;
#endif
-#ifndef CONFIG_FS_DAX
} else if (token == Opt_dax) {
+#ifdef CONFIG_FS_DAX
+ ext4_msg(sb, KERN_WARNING,
+ "DAX enabled. Warning: EXPERIMENTAL, use at your own risk");
+ sbi->s_mount_opt |= m->mount_opt;
+#else
ext4_msg(sb, KERN_INFO, "dax option not supported");
return -1;
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 023/305] arm64: mm: use correct mapping granularity under DEBUG_RODATA
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (21 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 022/305] ext2, ext4: warn when mounting with dax enabled Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 024/305] drm/i915: Don't clobber the addfb2 ioctl params Kamal Mostafa
` (281 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ard Biesheuvel, Catalin Marinas, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 4fee9f364b9b99f76732f2a6fd6df679a237fa74 upstream.
When booting a 64k pages kernel that is built with CONFIG_DEBUG_RODATA
and resides at an offset that is not a multiple of 512 MB, the rounding
that occurs in __map_memblock() and fixup_executable() results in
incorrect regions being mapped.
The following snippet from /sys/kernel/debug/kernel_page_tables shows
how, when the kernel is loaded 2 MB above the base of DRAM at 0x40000000,
the first 2 MB of memory (which may be inaccessible from non-secure EL1
or just reserved by the firmware) is inadvertently mapped into the end of
the module region.
---[ Modules start ]---
0xfffffdffffe00000-0xfffffe0000000000 2M RW NX ... UXN MEM/NORMAL
---[ Modules end ]---
---[ Kernel Mapping ]---
0xfffffe0000000000-0xfffffe0000090000 576K RW NX ... UXN MEM/NORMAL
0xfffffe0000090000-0xfffffe0000200000 1472K ro x ... UXN MEM/NORMAL
0xfffffe0000200000-0xfffffe0000800000 6M ro x ... UXN MEM/NORMAL
0xfffffe0000800000-0xfffffe0000810000 64K ro x ... UXN MEM/NORMAL
0xfffffe0000810000-0xfffffe0000a00000 1984K RW NX ... UXN MEM/NORMAL
0xfffffe0000a00000-0xfffffe00ffe00000 4084M RW NX ... UXN MEM/NORMAL
The same issue is likely to occur on 16k pages kernels whose load
address is not a multiple of 32 MB (i.e., SECTION_SIZE). So round to
SWAPPER_BLOCK_SIZE instead of SECTION_SIZE.
Fixes: da141706aea5 ("arm64: add better page protections to arm64")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm64/mm/mmu.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index a4ede4e..6a0dc30 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -308,8 +308,8 @@ static void __init __map_memblock(phys_addr_t start, phys_addr_t end)
* for now. This will get more fine grained later once all memory
* is mapped
*/
- unsigned long kernel_x_start = round_down(__pa(_stext), SECTION_SIZE);
- unsigned long kernel_x_end = round_up(__pa(__init_end), SECTION_SIZE);
+ unsigned long kernel_x_start = round_down(__pa(_stext), SWAPPER_BLOCK_SIZE);
+ unsigned long kernel_x_end = round_up(__pa(__init_end), SWAPPER_BLOCK_SIZE);
if (end < kernel_x_start) {
create_mapping(start, __phys_to_virt(start),
@@ -397,18 +397,18 @@ void __init fixup_executable(void)
{
#ifdef CONFIG_DEBUG_RODATA
/* now that we are actually fully mapped, make the start/end more fine grained */
- if (!IS_ALIGNED((unsigned long)_stext, SECTION_SIZE)) {
+ if (!IS_ALIGNED((unsigned long)_stext, SWAPPER_BLOCK_SIZE)) {
unsigned long aligned_start = round_down(__pa(_stext),
- SECTION_SIZE);
+ SWAPPER_BLOCK_SIZE);
create_mapping(aligned_start, __phys_to_virt(aligned_start),
__pa(_stext) - aligned_start,
PAGE_KERNEL);
}
- if (!IS_ALIGNED((unsigned long)__init_end, SECTION_SIZE)) {
+ if (!IS_ALIGNED((unsigned long)__init_end, SWAPPER_BLOCK_SIZE)) {
unsigned long aligned_end = round_up(__pa(__init_end),
- SECTION_SIZE);
+ SWAPPER_BLOCK_SIZE);
create_mapping(__pa(__init_end), (unsigned long)__init_end,
aligned_end - __pa(__init_end),
PAGE_KERNEL);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 024/305] drm/i915: Don't clobber the addfb2 ioctl params
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (22 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 023/305] arm64: mm: use correct mapping granularity under DEBUG_RODATA Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 025/305] arm64: kernel: pause/unpause function graph tracer in cpu_suspend() Kamal Mostafa
` (280 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Vetter, Tvrtko Ursulin, Ville Syrjälä,
Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala@linux.intel.com>
commit 76dc3769d7c3cdcfa7c4c7768a7cb87cd91af12f upstream.
We try to convert the old way of of specifying fb tiling (obj->tiling)
into the new fb modifiers. We store the result in the passed in mode_cmd
structure. But that structure comes directly from the addfb2 ioctl, and
gets copied back out to userspace, which means we're clobbering the
modifiers that the user provided (all 0 since the DRM_MODE_FB_MODIFIERS
flag wasn't even set by the user). Hence if the user reuses the struct
for another addfb2, the ioctl will be rejected since it's now asking for
some modifiers w/o the flag set.
Fix the problem by making a copy of the user provided structure. We can
play any games we want with the copy.
IGT-Version: 1.12-git (x86_64) (Linux: 4.4.0-rc1-stereo+ x86_64)
...
Subtest basic-X-tiled: SUCCESS (0.001s)
Test assertion failure function pitch_tests, file kms_addfb_basic.c:167:
Failed assertion: drmIoctl(fd, DRM_IOCTL_MODE_ADDFB2, &f) == 0
Last errno: 22, Invalid argument
Stack trace:
#0 [__igt_fail_assert+0x101]
#1 [pitch_tests+0x619]
#2 [__real_main426+0x2f]
#3 [main+0x23]
#4 [__libc_start_main+0xf0]
#5 [_start+0x29]
#6 [<unknown>+0x29]
Subtest framebuffer-vs-set-tiling failed.
**** DEBUG ****
Test assertion failure function pitch_tests, file kms_addfb_basic.c:167:
Failed assertion: drmIoctl(fd, DRM_IOCTL_MODE_ADDFB2, &f) == 0
Last errno: 22, Invalid argument
**** END ****
Subtest framebuffer-vs-set-tiling: FAIL (0.003s)
...
IGT-Version: 1.12-git (x86_64) (Linux: 4.4.0-rc1-stereo+ x86_64)
Subtest framebuffer-vs-set-tiling: SUCCESS (0.000s)
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Fixes: 2a80eada326f ("drm/i915: Add fb format modifier support")
Testcase: igt/kms_addfb_basic/clobbered-modifier
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1447261890-3960-1-git-send-email-ville.syrjala@linux.intel.com
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/intel_display.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 375ded3..05bf98d 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -14265,16 +14265,17 @@ static int intel_framebuffer_init(struct drm_device *dev,
static struct drm_framebuffer *
intel_user_framebuffer_create(struct drm_device *dev,
struct drm_file *filp,
- struct drm_mode_fb_cmd2 *mode_cmd)
+ struct drm_mode_fb_cmd2 *user_mode_cmd)
{
struct drm_i915_gem_object *obj;
+ struct drm_mode_fb_cmd2 mode_cmd = *user_mode_cmd;
obj = to_intel_bo(drm_gem_object_lookup(dev, filp,
- mode_cmd->handles[0]));
+ mode_cmd.handles[0]));
if (&obj->base == NULL)
return ERR_PTR(-ENOENT);
- return intel_framebuffer_create(dev, mode_cmd, obj);
+ return intel_framebuffer_create(dev, &mode_cmd, obj);
}
#ifndef CONFIG_DRM_I915_FBDEV
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 025/305] arm64: kernel: pause/unpause function graph tracer in cpu_suspend()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (23 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 024/305] drm/i915: Don't clobber the addfb2 ioctl params Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 026/305] usb: chipidea: debug: disable usb irq while role switch Kamal Mostafa
` (279 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Lorenzo Pieralisi, Will Deacon, Catalin Marinas, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
commit de818bd4522c40ea02a81b387d2fa86f989c9623 upstream.
The function graph tracer adds instrumentation that is required to trace
both entry and exit of a function. In particular the function graph
tracer updates the "return address" of a function in order to insert
a trace callback on function exit.
Kernel power management functions like cpu_suspend() are called
upon power down entry with functions called "finishers" that are in turn
called to trigger the power down sequence but they may not return to the
kernel through the normal return path.
When the core resumes from low-power it returns to the cpu_suspend()
function through the cpu_resume path, which leaves the trace stack frame
set-up by the function tracer in an incosistent state upon return to the
kernel when tracing is enabled.
This patch fixes the issue by pausing/resuming the function graph
tracer on the thread executing cpu_suspend() (ie the function call that
subsequently triggers the "suspend finishers"), so that the function graph
tracer state is kept consistent across functions that enter power down
states and never return by effectively disabling graph tracer while they
are executing.
Fixes: 819e50e25d0c ("arm64: Add ftrace support")
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm64/kernel/suspend.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/arch/arm64/kernel/suspend.c b/arch/arm64/kernel/suspend.c
index 44ca414..dd6ad81 100644
--- a/arch/arm64/kernel/suspend.c
+++ b/arch/arm64/kernel/suspend.c
@@ -1,3 +1,4 @@
+#include <linux/ftrace.h>
#include <linux/percpu.h>
#include <linux/slab.h>
#include <asm/cacheflush.h>
@@ -71,6 +72,13 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long))
local_dbg_save(flags);
/*
+ * Function graph tracer state gets incosistent when the kernel
+ * calls functions that never return (aka suspend finishers) hence
+ * disable graph tracing during their execution.
+ */
+ pause_graph_tracing();
+
+ /*
* mm context saved on the stack, it will be restored when
* the cpu comes out of reset through the identity mapped
* page tables, so that the thread address space is properly
@@ -111,6 +119,8 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long))
hw_breakpoint_restore(NULL);
}
+ unpause_graph_tracing();
+
/*
* Restore pstate flags. OS lock and mdscr have been already
* restored, so from this point onwards, debugging is fully
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 026/305] usb: chipidea: debug: disable usb irq while role switch
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (24 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 025/305] arm64: kernel: pause/unpause function graph tracer in cpu_suspend() Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 027/305] xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices Kamal Mostafa
` (278 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Li Jun, Peter Chen, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Li Jun <jun.li@freescale.com>
commit 251b3c8b57481bcecd3f753108e36e7389ce12ac upstream.
Since the ci->role will be set after the host role start is complete, there
will be nobody cared irq during start host if usb irq enabled. This error
can be reproduced on i.mx6 sololite EVK board by:
1. disable otg id irq(IDIE) and disable all real otg properties of usbotg1
in dts.
2. boot up the board with ID cable and usb device connected.
3. echo gadget > /sys/kernel/debug/ci_hdrc.0/role
4. echo host > /sys/kernel/debug/ci_hdrc.0/role
5. irq 212: nobody cared.
Signed-off-by: Li Jun <jun.li@freescale.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/chipidea/debug.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/chipidea/debug.c b/drivers/usb/chipidea/debug.c
index 5b7061a..6a4151c 100644
--- a/drivers/usb/chipidea/debug.c
+++ b/drivers/usb/chipidea/debug.c
@@ -316,8 +316,10 @@ static ssize_t ci_role_write(struct file *file, const char __user *ubuf,
if (role == CI_ROLE_END || role == ci->role)
return -EINVAL;
+ disable_irq(ci->irq);
ci_role_stop(ci);
ret = ci_role_start(ci, role);
+ enable_irq(ci->irq);
return ret ? ret : count;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 027/305] xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (25 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 026/305] usb: chipidea: debug: disable usb irq while role switch Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 028/305] fat: fix fake_offset handling on error path Kamal Mostafa
` (277 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mathias Nyman, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit dad67d5f3d0efe01d38c6cebcb6698280e51927b upstream.
Clear device initiated resume variables once device is fully up and running
in U0 state.
Resume needs to be signaled for 20ms for usb2 devices before they can be
moved to U0 state.
An interrupt is triggered if a device initiates resume. As we handle the
event in interrupt context we can not sleep for 20ms, so we instead set
a resume flag, a timestamp, and start the roothub polling.
The roothub code will later move the port to U0 when it finds a port in
resume state with the resume flag set, and timestamp passed by 20ms.
A host initiated resume is however not done in interrupt context, and
host initiated resume code will directly signal resume, wait 20ms and then
move the port to U0.
These two codepaths can race, if we are in the middle of a host initated
resume, while sleeping for 20ms, we may handle a port event and find the
port in resume state. The port event handling code will assume the resume
was device initiated and set the resume flag and timestamp.
Root hub code will however not catch the port in resume state again as the
host initated resume code has already moved the port to U0.
The resume flag and timestamp will remain set for this port preventing port
from suspending again (LPM setting port to U3)
Fix this for now by always clearing the device initated resume parameters
once port is in U0
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ kamal: backport to 4.2: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/xhci-hub.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 78241b5..394994f 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -665,12 +665,15 @@ static u32 xhci_get_port_status(struct usb_hcd *hcd,
status |= USB_PORT_STAT_SUSPEND;
}
}
- if ((raw_port_status & PORT_PLS_MASK) == XDEV_U0
- && (raw_port_status & PORT_POWER)
- && (bus_state->suspended_ports & (1 << wIndex))) {
- bus_state->suspended_ports &= ~(1 << wIndex);
- if (hcd->speed != HCD_USB3)
- bus_state->port_c_suspend |= 1 << wIndex;
+ if ((raw_port_status & PORT_PLS_MASK) == XDEV_U0 &&
+ (raw_port_status & PORT_POWER)) {
+ if (bus_state->suspended_ports & (1 << wIndex)) {
+ bus_state->suspended_ports &= ~(1 << wIndex);
+ if (hcd->speed != HCD_USB3)
+ bus_state->port_c_suspend |= 1 << wIndex;
+ }
+ bus_state->resume_done[wIndex] = 0;
+ clear_bit(wIndex, &bus_state->resuming_ports);
}
if (raw_port_status & PORT_CONNECT) {
status |= USB_PORT_STAT_CONNECTION;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 028/305] fat: fix fake_offset handling on error path
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (26 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 027/305] xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 029/305] kernel/signal.c: unexport sigsuspend() Kamal Mostafa
` (276 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Richard Weinberger, OGAWA Hirofumi, Andrew Morton,
Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
commit 928a477102c4fc6739883415b66987207e3502f4 upstream.
For the root directory, . and .. are faked (using dir_emit_dots()) and
ctx->pos is reset from 2 to 0.
A corrupted root directory could cause fat_get_entry() to fail, but
->iterate() (fat_readdir()) reports progress to the VFS (with ctx->pos
rewound to 0), so any following calls to ->iterate() continue to return
the same entries again and again.
The result is that userspace will never see the end of the directory,
causing e.g. 'ls' to hang in a getdents() loop.
[hirofumi@mail.parknet.co.jp: cleanup and make sure to correct fake_offset]
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Tested-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Richard Weinberger <richard.weinberger@gmail.com>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/fat/dir.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/fs/fat/dir.c b/fs/fat/dir.c
index 4afc4d9..8b2127f 100644
--- a/fs/fat/dir.c
+++ b/fs/fat/dir.c
@@ -610,9 +610,9 @@ parse_record:
int status = fat_parse_long(inode, &cpos, &bh, &de,
&unicode, &nr_slots);
if (status < 0) {
- ctx->pos = cpos;
+ bh = NULL;
ret = status;
- goto out;
+ goto end_of_dir;
} else if (status == PARSE_INVALID)
goto record_end;
else if (status == PARSE_NOT_LONGNAME)
@@ -654,8 +654,9 @@ parse_record:
fill_len = short_len;
start_filldir:
- if (!fake_offset)
- ctx->pos = cpos - (nr_slots + 1) * sizeof(struct msdos_dir_entry);
+ ctx->pos = cpos - (nr_slots + 1) * sizeof(struct msdos_dir_entry);
+ if (fake_offset && ctx->pos < 2)
+ ctx->pos = 2;
if (!memcmp(de->name, MSDOS_DOT, MSDOS_NAME)) {
if (!dir_emit_dot(file, ctx))
@@ -681,14 +682,19 @@ record_end:
fake_offset = 0;
ctx->pos = cpos;
goto get_new;
+
end_of_dir:
- ctx->pos = cpos;
+ if (fake_offset && cpos < 2)
+ ctx->pos = 2;
+ else
+ ctx->pos = cpos;
fill_failed:
brelse(bh);
if (unicode)
__putname(unicode);
out:
mutex_unlock(&sbi->s_lock);
+
return ret;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 029/305] kernel/signal.c: unexport sigsuspend()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (27 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 028/305] fat: fix fake_offset handling on error path Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 030/305] parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h Kamal Mostafa
` (275 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Richard Weinberger, Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Richard Weinberger <richard@nod.at>
commit 9d8a765211335cfdad464b90fb19f546af5706ae upstream.
sigsuspend() is nowhere used except in signal.c itself, so we can mark it
static do not pollute the global namespace.
But this patch is more than a boring cleanup patch, it fixes a real issue
on UserModeLinux. UML has a special console driver to display ttys using
xterm, or other terminal emulators, on the host side. Vegard reported
that sometimes UML is unable to spawn a xterm and he's facing the
following warning:
WARNING: CPU: 0 PID: 908 at include/linux/thread_info.h:128 sigsuspend+0xab/0xc0()
It turned out that this warning makes absolutely no sense as the UML
xterm code calls sigsuspend() on the host side, at least it tries. But
as the kernel itself offers a sigsuspend() symbol the linker choose this
one instead of the glibc wrapper. Interestingly this code used to work
since ever but always blocked signals on the wrong side. Some recent
kernel change made the WARN_ON() trigger and uncovered the bug.
It is a wonderful example of how much works by chance on computers. :-)
Fixes: 68f3f16d9ad0f1 ("new helper: sigsuspend()")
Signed-off-by: Richard Weinberger <richard@nod.at>
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Tested-by: Vegard Nossum <vegard.nossum@oracle.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/signal.h | 1 -
kernel/signal.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/include/linux/signal.h b/include/linux/signal.h
index ab1e039..92557bb 100644
--- a/include/linux/signal.h
+++ b/include/linux/signal.h
@@ -239,7 +239,6 @@ extern int sigprocmask(int, sigset_t *, sigset_t *);
extern void set_current_blocked(sigset_t *);
extern void __set_current_blocked(const sigset_t *);
extern int show_unhandled_signals;
-extern int sigsuspend(sigset_t *);
struct sigaction {
#ifndef __ARCH_HAS_IRIX_SIGACTION
diff --git a/kernel/signal.c b/kernel/signal.c
index 0f6bbbe..6c863ca 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -3552,7 +3552,7 @@ SYSCALL_DEFINE0(pause)
#endif
-int sigsuspend(sigset_t *set)
+static int sigsuspend(sigset_t *set)
{
current->saved_sigmask = current->blocked;
set_current_blocked(set);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 030/305] parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (28 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 029/305] kernel/signal.c: unexport sigsuspend() Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 031/305] mmc: remove bondage between REQ_META and reliable write Kamal Mostafa
` (274 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Helge Deller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Helge Deller <deller@gmx.de>
commit dcbf0d299c00ed4f82ea8d6e359ad88a5182f9b8 upstream.
Drop the MADV_xxK_PAGES flags, which were never used and were from a proposed
API which was never integrated into the generic Linux kernel code.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/parisc/include/uapi/asm/mman.h | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/arch/parisc/include/uapi/asm/mman.h b/arch/parisc/include/uapi/asm/mman.h
index 294d251..2ae13ce5 100644
--- a/arch/parisc/include/uapi/asm/mman.h
+++ b/arch/parisc/include/uapi/asm/mman.h
@@ -46,16 +46,6 @@
#define MADV_DONTFORK 10 /* don't inherit across fork */
#define MADV_DOFORK 11 /* do inherit across fork */
-/* The range 12-64 is reserved for page size specification. */
-#define MADV_4K_PAGES 12 /* Use 4K pages */
-#define MADV_16K_PAGES 14 /* Use 16K pages */
-#define MADV_64K_PAGES 16 /* Use 64K pages */
-#define MADV_256K_PAGES 18 /* Use 256K pages */
-#define MADV_1M_PAGES 20 /* Use 1 Megabyte pages */
-#define MADV_4M_PAGES 22 /* Use 4 Megabyte pages */
-#define MADV_16M_PAGES 24 /* Use 16 Megabyte pages */
-#define MADV_64M_PAGES 26 /* Use 64 Megabyte pages */
-
#define MADV_MERGEABLE 65 /* KSM may merge identical pages */
#define MADV_UNMERGEABLE 66 /* KSM may not merge identical pages */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 031/305] mmc: remove bondage between REQ_META and reliable write
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (29 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 030/305] parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 032/305] stmmac: avoid ipq806x constant overflow warning Kamal Mostafa
` (273 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bruce Ford, Luca Porzio, Ulf Hansson, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Luca Porzio <lporzio@micron.com>
commit d3df0465db00cf4ed9f90d0bfc3b827d32b9c796 upstream.
Anytime a write operation is performed with Reliable Write flag enabled,
the eMMC device is enforced to bypass the cache and do a write to the
underling NVM device by Jedec specification; this causes a performance
penalty since write operations can't be optimized by the device cache.
In our tests, we replayed a typical mobile daily trace pattern and found
~9% overall time reduction in trace replay by using this patch. Also the
write ops within 4KB~64KB chunk size range get a 40~60% performance
improvement by using the patch (as this range of write chunks are the ones
affected by REQ_META).
This patch has been discussed in the Mobile & Embedded Linux Storage Forum
and it's the results of feedbacks from many people. We also checked with
fsdevl and f2fs mailing list developers that this change in the usage of
REQ_META is not affecting FS behavior and we got positive feedbacks.
Reporting here the feedbacks:
http://comments.gmane.org/gmane.linux.file-systems/97219
http://thread.gmane.org/gmane.linux.file-systems.f2fs/3178/focus=3183
Signed-off-by: Bruce Ford <bford@micron.com>
Signed-off-by: Luca Porzio <lporzio@micron.com>
Fixes: ce39f9d17c14 ("mmc: support packed write command for eMMC4.5 devices")
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mmc/card/block.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index a1b820f..88c4e08 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -62,8 +62,7 @@ MODULE_ALIAS("mmc:block");
#define MMC_SANITIZE_REQ_TIMEOUT 240000
#define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
-#define mmc_req_rel_wr(req) (((req->cmd_flags & REQ_FUA) || \
- (req->cmd_flags & REQ_META)) && \
+#define mmc_req_rel_wr(req) ((req->cmd_flags & REQ_FUA) && \
(rq_data_dir(req) == WRITE))
#define PACKED_CMD_VER 0x01
#define PACKED_CMD_WR 0x02
@@ -1377,13 +1376,9 @@ static void mmc_blk_rw_rq_prep(struct mmc_queue_req *mqrq,
/*
* Reliable writes are used to implement Forced Unit Access and
- * REQ_META accesses, and are supported only on MMCs.
- *
- * XXX: this really needs a good explanation of why REQ_META
- * is treated special.
+ * are supported only on MMCs.
*/
- bool do_rel_wr = ((req->cmd_flags & REQ_FUA) ||
- (req->cmd_flags & REQ_META)) &&
+ bool do_rel_wr = (req->cmd_flags & REQ_FUA) &&
(rq_data_dir(req) == WRITE) &&
(md->flags & MMC_BLK_REL_WR);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 032/305] stmmac: avoid ipq806x constant overflow warning
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (30 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 031/305] mmc: remove bondage between REQ_META and reliable write Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 033/305] perf symbols: Fix dso lookup by long name and missing buildids Kamal Mostafa
` (272 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 49e4a2293035b420e807e739999d59c8ec1488e9 upstream.
Building dwmac-ipq806x on a 64-bit architecture produces a harmless
warning from gcc:
stmmac/dwmac-ipq806x.c: In function 'ipq806x_gmac_probe':
include/linux/bitops.h:6:19: warning: overflow in implicit constant conversion [-Woverflow]
val = QSGMII_PHY_CDR_EN |
stmmac/dwmac-ipq806x.c:333:8: note: in expansion of macro 'QSGMII_PHY_CDR_EN'
#define QSGMII_PHY_CDR_EN BIT(0)
#define BIT(nr) (1UL << (nr))
This is a result of the type conversion rules in C, when we take the
logical OR of multiple different types. In particular, we have
and unsigned long
QSGMII_PHY_CDR_EN == BIT(0) == (1ul << 0) == 0x0000000000000001ul
and a signed int
0xC << QSGMII_PHY_TX_DRV_AMP_OFFSET == 0xc0000000
which together gives a signed long value
0xffffffffc0000001l
and when this is passed into a function that takes an unsigned int type,
gcc warns about the signed overflow and the loss of the upper 32-bits that
are all ones.
This patch adds 'ul' type modifiers to the literal numbers passed in
here, so now the expression remains an 'unsigned long' with the upper
bits all zero, and that avoids the signed overflow and the warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: b1c17215d718 ("stmmac: add ipq806x glue layer")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c
index f0e4bb4..ae551f4 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c
@@ -320,11 +320,11 @@ static void *ipq806x_gmac_setup(struct platform_device *pdev)
QSGMII_PHY_RX_SIGNAL_DETECT_EN |
QSGMII_PHY_TX_DRIVER_EN |
QSGMII_PHY_QSGMII_EN |
- 0x4 << QSGMII_PHY_PHASE_LOOP_GAIN_OFFSET |
- 0x3 << QSGMII_PHY_RX_DC_BIAS_OFFSET |
- 0x1 << QSGMII_PHY_RX_INPUT_EQU_OFFSET |
- 0x2 << QSGMII_PHY_CDR_PI_SLEW_OFFSET |
- 0xC << QSGMII_PHY_TX_DRV_AMP_OFFSET);
+ 0x4ul << QSGMII_PHY_PHASE_LOOP_GAIN_OFFSET |
+ 0x3ul << QSGMII_PHY_RX_DC_BIAS_OFFSET |
+ 0x1ul << QSGMII_PHY_RX_INPUT_EQU_OFFSET |
+ 0x2ul << QSGMII_PHY_CDR_PI_SLEW_OFFSET |
+ 0xCul << QSGMII_PHY_TX_DRV_AMP_OFFSET);
}
return gmac;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 033/305] perf symbols: Fix dso lookup by long name and missing buildids
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (31 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 032/305] stmmac: avoid ipq806x constant overflow warning Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 034/305] net/mlx4_core: Avoid returning success in case of an error flow Kamal Mostafa
` (271 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Adrian Hunter, Don Zickus, Douglas Hatch, Jiri Olsa,
Namhyung Kim, Peter Zijlstra, Scott J Norton, Waiman Long,
Arnaldo Carvalho de Melo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Adrian Hunter <adrian.hunter@intel.com>
commit e266a753bf51b2c3b46d0d230349662c35ac5629 upstream.
Commit 4598a0a6d22f ("perf symbols: Improve DSO long names lookup speed
with rbtree") Added a tree to lookup dsos by long name. That tree gets
corrupted whenever a dso long name is changed because the tree is not
updated.
One effect of that is buildid-list does not work with the 'with-hits'
option because dso lookup fails and results in two structs for the same
dso. The first has the buildid but no hits, the second has hits but no
buildid. e.g.
Before:
$ tools/perf/perf record ls
arch certs CREDITS Documentation firmware include
ipc Kconfig lib Makefile net REPORTING-BUGS
scripts sound usr block COPYING crypto
drivers fs init Kbuild kernel MAINTAINERS
mm README samples security tools virt
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.012 MB perf.data (11 samples) ]
$ tools/perf/perf buildid-list
574da826c66538a8d9060d393a8866289bd06005 [kernel.kallsyms]
30c94dc66a1fe95180c3d68d2b89e576d5ae213c /lib/x86_64-linux-gnu/libc-2.19.so
$ tools/perf/perf buildid-list -H
574da826c66538a8d9060d393a8866289bd06005 [kernel.kallsyms]
0000000000000000000000000000000000000000 /lib/x86_64-linux-gnu/libc-2.19.so
After:
$ tools/perf/perf buildid-list -H
574da826c66538a8d9060d393a8866289bd06005 [kernel.kallsyms]
30c94dc66a1fe95180c3d68d2b89e576d5ae213c /lib/x86_64-linux-gnu/libc-2.19.so
The fix is to record the root of the tree on the dso so that
dso__set_long_name() can update the tree when the long name changes.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Douglas Hatch <doug.hatch@hp.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Scott J Norton <scott.norton@hp.com>
Cc: Waiman Long <Waiman.Long@hp.com>
Fixes: 4598a0a6d22f ("perf symbols: Improve DSO long names lookup speed with rbtree")
Link: http://lkml.kernel.org/r/1447408112-1920-2-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
tools/perf/util/dso.c | 17 +++++++++++++++++
tools/perf/util/dso.h | 1 +
tools/perf/util/machine.c | 1 +
3 files changed, 19 insertions(+)
diff --git a/tools/perf/util/dso.c b/tools/perf/util/dso.c
index 7c0c083..425df5c 100644
--- a/tools/perf/util/dso.c
+++ b/tools/perf/util/dso.c
@@ -933,6 +933,7 @@ static struct dso *__dso__findlink_by_longname(struct rb_root *root,
/* Add new node and rebalance tree */
rb_link_node(&dso->rb_node, parent, p);
rb_insert_color(&dso->rb_node, root);
+ dso->root = root;
}
return NULL;
}
@@ -945,15 +946,30 @@ static inline struct dso *__dso__find_by_longname(struct rb_root *root,
void dso__set_long_name(struct dso *dso, const char *name, bool name_allocated)
{
+ struct rb_root *root = dso->root;
+
if (name == NULL)
return;
if (dso->long_name_allocated)
free((char *)dso->long_name);
+ if (root) {
+ rb_erase(&dso->rb_node, root);
+ /*
+ * __dso__findlink_by_longname() isn't guaranteed to add it
+ * back, so a clean removal is required here.
+ */
+ RB_CLEAR_NODE(&dso->rb_node);
+ dso->root = NULL;
+ }
+
dso->long_name = name;
dso->long_name_len = strlen(name);
dso->long_name_allocated = name_allocated;
+
+ if (root)
+ __dso__findlink_by_longname(root, dso, NULL);
}
void dso__set_short_name(struct dso *dso, const char *name, bool name_allocated)
@@ -1046,6 +1062,7 @@ struct dso *dso__new(const char *name)
dso->kernel = DSO_TYPE_USER;
dso->needs_swap = DSO_SWAP__UNSET;
RB_CLEAR_NODE(&dso->rb_node);
+ dso->root = NULL;
INIT_LIST_HEAD(&dso->node);
INIT_LIST_HEAD(&dso->data.open_entry);
pthread_mutex_init(&dso->lock, NULL);
diff --git a/tools/perf/util/dso.h b/tools/perf/util/dso.h
index 2fe98bb..b9ec6d8 100644
--- a/tools/perf/util/dso.h
+++ b/tools/perf/util/dso.h
@@ -135,6 +135,7 @@ struct dso {
pthread_mutex_t lock;
struct list_head node;
struct rb_node rb_node; /* rbtree node sorted by long name */
+ struct rb_root *root; /* root of rbtree that rb_node is in */
struct rb_root symbols[MAP__NR_TYPES];
struct rb_root symbol_names[MAP__NR_TYPES];
void *a2l;
diff --git a/tools/perf/util/machine.c b/tools/perf/util/machine.c
index f1a4c83..69c17dc 100644
--- a/tools/perf/util/machine.c
+++ b/tools/perf/util/machine.c
@@ -90,6 +90,7 @@ static void dsos__purge(struct dsos *dsos)
list_for_each_entry_safe(pos, n, &dsos->head, node) {
RB_CLEAR_NODE(&pos->rb_node);
+ pos->root = NULL;
list_del_init(&pos->node);
dso__put(pos);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 034/305] net/mlx4_core: Avoid returning success in case of an error flow
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (32 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 033/305] perf symbols: Fix dso lookup by long name and missing buildids Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 035/305] mtd: nand: fix shutdown/reboot for multi-chip systems Kamal Mostafa
` (270 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Noa Osherovich, Or Gerlitz, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Noa Osherovich <noaos@mellanox.com>
commit d49c2197fd70c37d57982804465268440a33183a upstream.
The err variable wasn't set with the correct error value in some cases.
Fixes: 47605df95398 ('mlx4: Modify proxy/tunnel QP mechanism [..]')
Signed-off-by: Noa Osherovich <noaos@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/mellanox/mlx4/main.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
index a408977..fedc08f 100644
--- a/drivers/net/ethernet/mellanox/mlx4/main.c
+++ b/drivers/net/ethernet/mellanox/mlx4/main.c
@@ -875,9 +875,10 @@ static int mlx4_slave_cap(struct mlx4_dev *dev)
dev->caps.qp1_proxy[i - 1] = func_cap.qp1_proxy_qpn;
dev->caps.port_mask[i] = dev->caps.port_type[i];
dev->caps.phys_port_id[i] = func_cap.phys_port_id;
- if (mlx4_get_slave_pkey_gid_tbl_len(dev, i,
- &dev->caps.gid_table_len[i],
- &dev->caps.pkey_table_len[i]))
+ err = mlx4_get_slave_pkey_gid_tbl_len(dev, i,
+ &dev->caps.gid_table_len[i],
+ &dev->caps.pkey_table_len[i]);
+ if (err)
goto err_mem;
}
@@ -889,6 +890,7 @@ static int mlx4_slave_cap(struct mlx4_dev *dev)
dev->caps.uar_page_size * dev->caps.num_uars,
(unsigned long long)
pci_resource_len(dev->persist->pdev, 2));
+ err = -ENOMEM;
goto err_mem;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 035/305] mtd: nand: fix shutdown/reboot for multi-chip systems
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (33 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 034/305] net/mlx4_core: Avoid returning success in case of an error flow Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 036/305] FS-Cache: Add missing initialization of ret in cachefiles_write_page() Kamal Mostafa
` (269 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Brian Norris, Scott Branden, Andrew E. Mileski, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Brian Norris <computersforpeace@gmail.com>
commit 9ca641b0f02a3a1eedbc8c296e695326da9bbaf9 upstream.
If multiple NAND chips are registered to the same controller, then when
rebooting the system, the first one will grab the controller lock, while
the second will wait forever for the first one to release it. i.e., a
classic deadlock.
This problem was solved for a similar case (suspend/resume) back in
commit 6b0d9a841249 ("mtd: nand: fix multi-chip suspend problem"), and
the shutdown state really isn't much different for us, so rather than
adding a new special case to nand_get_device(), we can just overload the
FL_PM_SUSPENDED state.
Now, multiple chips can "get" the same controller lock (preventing
further I/O), while we still allow other chips to pass through
nand_shutdown().
Original report:
http://thread.gmane.org/gmane.linux.drivers.mtd/59726
http://lists.infradead.org/pipermail/linux-mtd/2015-July/059992.html
Fixes: 72ea403669c7 ("mtd: nand: added nand_shutdown")
Reported-by: Andrew E. Mileski <andrewm@isoar.ca>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Cc: Scott Branden <sbranden@broadcom.com>
Cc: Andrew E. Mileski <andrewm@isoar.ca>
Acked-by: Scott Branden <sbranden@broadcom.com>
Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/nand/nand_base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
index ceb68ca..066f967 100644
--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
@@ -2964,7 +2964,7 @@ static void nand_resume(struct mtd_info *mtd)
*/
static void nand_shutdown(struct mtd_info *mtd)
{
- nand_get_device(mtd, FL_SHUTDOWN);
+ nand_get_device(mtd, FL_PM_SUSPENDED);
}
/* Set default functions */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 036/305] FS-Cache: Add missing initialization of ret in cachefiles_write_page()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (34 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 035/305] mtd: nand: fix shutdown/reboot for multi-chip systems Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 037/305] ipvlan: fix leak in ipvlan_rcv_frame Kamal Mostafa
` (268 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Geert Uytterhoeven, David Howells, Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Geert Uytterhoeven <geert@linux-m68k.org>
commit cf89752645e47d86ba8a4157f4b121fcb33434c5 upstream.
fs/cachefiles/rdwr.c: In function ‘cachefiles_write_page’:
fs/cachefiles/rdwr.c:882: warning: ‘ret’ may be used uninitialized in
this function
If the jump to label "error" is taken, "ret" will indeed be
uninitialized, and random stack data may be printed by the debug code.
Fixes: 102f4d900c9c8f5e ("FS-Cache: Handle a write to the page immediately beyond the EOF marker")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/cachefiles/rdwr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
index e62faae..3ce6467 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
@@ -885,7 +885,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
loff_t pos, eof;
size_t len;
void *data;
- int ret;
+ int ret = -ENOBUFS;
ASSERT(op != NULL);
ASSERT(page != NULL);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 037/305] ipvlan: fix leak in ipvlan_rcv_frame
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (35 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 036/305] FS-Cache: Add missing initialization of ret in cachefiles_write_page() Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 038/305] ipvlan: fix use after free of skb Kamal Mostafa
` (267 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sabrina Dubroca, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sabrina Dubroca <sd@queasysnail.net>
commit cf554ada0be7077906aa9a17faf151ff66e3cb8e upstream.
Pass a **skb to ipvlan_rcv_frame so that if skb_share_check returns a
new skb, we actually use it during further processing.
It's safe to ignore the new skb in the ipvlan_xmit_* functions, because
they call ipvlan_rcv_frame with local == true, so that dev_forward_skb
is called and always takes ownership of the skb.
Fixes: 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ipvlan/ipvlan_core.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
index 207f62e..a50a942 100644
--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -254,7 +254,7 @@ acct:
}
}
-static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff *skb,
+static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
bool local)
{
struct ipvl_dev *ipvlan = addr->master;
@@ -262,6 +262,7 @@ static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff *skb,
unsigned int len;
rx_handler_result_t ret = RX_HANDLER_CONSUMED;
bool success = false;
+ struct sk_buff *skb = *pskb;
len = skb->len + ETH_HLEN;
if (unlikely(!(dev->flags & IFF_UP))) {
@@ -273,6 +274,7 @@ static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff *skb,
if (!skb)
goto out;
+ *pskb = skb;
skb->dev = dev;
skb->pkt_type = PACKET_HOST;
@@ -484,7 +486,7 @@ static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
if (addr)
- return ipvlan_rcv_frame(addr, skb, true);
+ return ipvlan_rcv_frame(addr, &skb, true);
out:
skb->dev = ipvlan->phy_dev;
@@ -504,7 +506,7 @@ static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
if (lyr3h) {
addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
if (addr)
- return ipvlan_rcv_frame(addr, skb, true);
+ return ipvlan_rcv_frame(addr, &skb, true);
}
skb = skb_share_check(skb, GFP_ATOMIC);
if (!skb)
@@ -587,7 +589,7 @@ static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb,
addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
if (addr)
- ret = ipvlan_rcv_frame(addr, skb, false);
+ ret = ipvlan_rcv_frame(addr, pskb, false);
out:
return ret;
@@ -624,7 +626,7 @@ static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb,
addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
if (addr)
- ret = ipvlan_rcv_frame(addr, skb, false);
+ ret = ipvlan_rcv_frame(addr, pskb, false);
}
return ret;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 038/305] ipvlan: fix use after free of skb
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (36 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 037/305] ipvlan: fix leak in ipvlan_rcv_frame Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 039/305] macvlan: fix leak in macvlan_handle_frame Kamal Mostafa
` (266 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sabrina Dubroca, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sabrina Dubroca <sd@queasysnail.net>
commit a534dc529853c69e94994aa47c1d80a03ce2c11d upstream.
ipvlan_handle_frame is a rx_handler, and when it returns a value other
than RX_HANDLER_CONSUMED (here, NET_RX_DROP aka RX_HANDLER_ANOTHER),
__netif_receive_skb_core expects that the skb still exists and will
process it further, but we just freed it.
Fixes: 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ipvlan/ipvlan_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
index a50a942..b64e172 100644
--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -651,5 +651,5 @@ rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb)
WARN_ONCE(true, "ipvlan_handle_frame() called for mode = [%hx]\n",
port->mode);
kfree_skb(skb);
- return NET_RX_DROP;
+ return RX_HANDLER_CONSUMED;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 039/305] macvlan: fix leak in macvlan_handle_frame
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (37 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 038/305] ipvlan: fix use after free of skb Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 040/305] ALSA: hda - Fix noise on Dell Latitude E6440 Kamal Mostafa
` (265 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sabrina Dubroca, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sabrina Dubroca <sd@queasysnail.net>
commit e639b8d8a7a728f0b05ef2df6cb6b45dc3d4e556 upstream.
Reset pskb in macvlan_handle_frame in case skb_share_check returned a
clone.
Fixes: 8a4eb5734e8d ("net: introduce rx_handler results and logic around that")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/macvlan.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 9f59f17..2a815fb 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -415,6 +415,7 @@ static rx_handler_result_t macvlan_handle_frame(struct sk_buff **pskb)
skb = ip_check_defrag(skb, IP_DEFRAG_MACVLAN);
if (!skb)
return RX_HANDLER_CONSUMED;
+ *pskb = skb;
eth = eth_hdr(skb);
macvlan_forward_source(skb, port, eth->h_source);
src = macvlan_hash_lookup(port, eth->h_source);
@@ -456,6 +457,7 @@ static rx_handler_result_t macvlan_handle_frame(struct sk_buff **pskb)
goto out;
}
+ *pskb = skb;
skb->dev = dev;
skb->pkt_type = PACKET_HOST;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 040/305] ALSA: hda - Fix noise on Dell Latitude E6440
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (38 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 039/305] macvlan: fix leak in macvlan_handle_frame Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 041/305] dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition Kamal Mostafa
` (264 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit 86f799b82f5c011404ddef54600bc5e99b7e0cf2 upstream.
Dell Latitude E6440 (1028:05bd) needs the same fixup as applied to
other Latitude E7xxx models for the click noise due to the recent
power-saving changes.
Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=954876
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 8d932d5..0fb7951 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5192,6 +5192,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1025, 0x079b, "Acer Aspire V5-573G", ALC282_FIXUP_ASPIRE_V5_PINS),
SND_PCI_QUIRK(0x1028, 0x0470, "Dell M101z", ALC269_FIXUP_DELL_M101Z),
SND_PCI_QUIRK(0x1028, 0x054b, "Dell XPS one 2710", ALC275_FIXUP_DELL_XPS),
+ SND_PCI_QUIRK(0x1028, 0x05bd, "Dell Latitude E6440", ALC292_FIXUP_DELL_E7X),
SND_PCI_QUIRK(0x1028, 0x05ca, "Dell Latitude E7240", ALC292_FIXUP_DELL_E7X),
SND_PCI_QUIRK(0x1028, 0x05cb, "Dell Latitude E7440", ALC292_FIXUP_DELL_E7X),
SND_PCI_QUIRK(0x1028, 0x05da, "Dell Vostro 5460", ALC290_FIXUP_SUBWOOFER),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 041/305] dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (39 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 040/305] ALSA: hda - Fix noise on Dell Latitude E6440 Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 042/305] ALSA: hda - Add fixup for Acer Aspire One Cloudbook 14 Kamal Mostafa
` (263 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mike Snitzer <snitzer@redhat.com>
commit 172c238612ebf81cabccc86b788c9209af591f61 upstream.
A thin-pool that is in out-of-data-space (OODS) mode may transition back
to write mode -- without the admin adding more space to the thin-pool --
if/when blocks are released (either by deleting thin devices or
discarding provisioned blocks).
But as part of the thin-pool's earlier transition to out-of-data-space
mode the thin-pool may have set the 'error_if_no_space' flag to true if
the no_space_timeout expires without more space having been made
available. That implementation detail, of changing the pool's
error_if_no_space setting, needs to be reset back to the default that
the user specified when the thin-pool's table was loaded.
Otherwise we'll drop the user requested behaviour on the floor when this
out-of-data-space to write mode transition occurs.
Reported-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Acked-by: Joe Thornber <ejt@redhat.com>
Fixes: 2c43fd26e4 ("dm thin: fix missing out-of-data-space to write mode transition if blocks are released")
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/dm-thin.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c
index 493c38e..4190e3b 100644
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -2487,6 +2487,7 @@ static void set_pool_mode(struct pool *pool, enum pool_mode new_mode)
case PM_WRITE:
if (old_mode != new_mode)
notify_of_pool_mode_change(pool, "write");
+ pool->pf.error_if_no_space = pt->requested_pf.error_if_no_space;
dm_pool_metadata_read_write(pool->pmd);
pool->process_bio = process_bio;
pool->process_discard = process_discard_bio;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 042/305] ALSA: hda - Add fixup for Acer Aspire One Cloudbook 14
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (40 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 041/305] dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 043/305] dm crypt: fix a possible hang due to race condition on exit Kamal Mostafa
` (262 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit b9c2fa52135d49a931c56ed2bfc17d61f771b412 upstream.
For making the speakers on Acer Aspire One Cloudbook 14 to work, we
need the as same quirk as for another Chromebook. This patch adds the
corresponding fixup entry.
Reported-by: Patrick <epictetus@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 0fb7951..e5ff32a 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5190,6 +5190,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1025, 0x0742, "Acer AO756", ALC271_FIXUP_HP_GATE_MIC_JACK),
SND_PCI_QUIRK(0x1025, 0x0775, "Acer Aspire E1-572", ALC271_FIXUP_HP_GATE_MIC_JACK_E1_572),
SND_PCI_QUIRK(0x1025, 0x079b, "Acer Aspire V5-573G", ALC282_FIXUP_ASPIRE_V5_PINS),
+ SND_PCI_QUIRK(0x1025, 0x106d, "Acer Cloudbook 14", ALC283_FIXUP_CHROME_BOOK),
SND_PCI_QUIRK(0x1028, 0x0470, "Dell M101z", ALC269_FIXUP_DELL_M101Z),
SND_PCI_QUIRK(0x1028, 0x054b, "Dell XPS one 2710", ALC275_FIXUP_DELL_XPS),
SND_PCI_QUIRK(0x1028, 0x05bd, "Dell Latitude E6440", ALC292_FIXUP_DELL_E7X),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 043/305] dm crypt: fix a possible hang due to race condition on exit
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (41 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 042/305] ALSA: hda - Add fixup for Acer Aspire One Cloudbook 14 Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 044/305] mac: validate mac_partition is within sector Kamal Mostafa
` (261 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mikulas Patocka, Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit bcbd94ff481ec1d7b5c824d90df82d0faafabd35 upstream.
A kernel thread executes __set_current_state(TASK_INTERRUPTIBLE),
__add_wait_queue, spin_unlock_irq and then tests kthread_should_stop().
It is possible that the processor reorders memory accesses so that
kthread_should_stop() is executed before __set_current_state(). If such
reordering happens, there is a possible race on thread termination:
CPU 0:
calls kthread_should_stop()
it tests KTHREAD_SHOULD_STOP bit, returns false
CPU 1:
calls kthread_stop(cc->write_thread)
sets the KTHREAD_SHOULD_STOP bit
calls wake_up_process on the kernel thread, that sets the thread
state to TASK_RUNNING
CPU 0:
sets __set_current_state(TASK_INTERRUPTIBLE)
spin_unlock_irq(&cc->write_thread_wait.lock)
schedule() - and the process is stuck and never terminates, because the
state is TASK_INTERRUPTIBLE and wake_up_process on CPU 1 already
terminated
Fix this race condition by using a new flag DM_CRYPT_EXIT_THREAD to
signal that the kernel thread should exit. The flag is set and tested
while holding cc->write_thread_wait.lock, so there is no possibility of
racy access to the flag.
Also, remove the unnecessary set_task_state(current, TASK_RUNNING)
following the schedule() call. When the process was woken up, its state
was already set to TASK_RUNNING. Other kernel code also doesn't set the
state to TASK_RUNNING following schedule() (for example,
do_wait_for_common in completion.c doesn't do it).
Fixes: dc2676210c42 ("dm crypt: offload writes to thread")
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/dm-crypt.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 0d28c5b..282d400 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -112,7 +112,8 @@ struct iv_tcw_private {
* and encrypts / decrypts at the same time.
*/
enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID,
- DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD };
+ DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD,
+ DM_CRYPT_EXIT_THREAD};
/*
* The fields in here must be read only after initialization.
@@ -1203,20 +1204,18 @@ continue_locked:
if (!RB_EMPTY_ROOT(&cc->write_tree))
goto pop_from_list;
+ if (unlikely(test_bit(DM_CRYPT_EXIT_THREAD, &cc->flags))) {
+ spin_unlock_irq(&cc->write_thread_wait.lock);
+ break;
+ }
+
__set_current_state(TASK_INTERRUPTIBLE);
__add_wait_queue(&cc->write_thread_wait, &wait);
spin_unlock_irq(&cc->write_thread_wait.lock);
- if (unlikely(kthread_should_stop())) {
- set_task_state(current, TASK_RUNNING);
- remove_wait_queue(&cc->write_thread_wait, &wait);
- break;
- }
-
schedule();
- set_task_state(current, TASK_RUNNING);
spin_lock_irq(&cc->write_thread_wait.lock);
__remove_wait_queue(&cc->write_thread_wait, &wait);
goto continue_locked;
@@ -1531,8 +1530,13 @@ static void crypt_dtr(struct dm_target *ti)
if (!cc)
return;
- if (cc->write_thread)
+ if (cc->write_thread) {
+ spin_lock_irq(&cc->write_thread_wait.lock);
+ set_bit(DM_CRYPT_EXIT_THREAD, &cc->flags);
+ wake_up_locked(&cc->write_thread_wait);
+ spin_unlock_irq(&cc->write_thread_wait.lock);
kthread_stop(cc->write_thread);
+ }
if (cc->io_queue)
destroy_workqueue(cc->io_queue);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 044/305] mac: validate mac_partition is within sector
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (42 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 043/305] dm crypt: fix a possible hang due to race condition on exit Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 045/305] ALSA: hda - Apply HP headphone fixups more generically Kamal Mostafa
` (260 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Kees Cook, Jens Axboe, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Kees Cook <keescook@chromium.org>
commit 02e2a5bfebe99edcf9d694575a75032d53fe1b73 upstream.
If md->signature == MAC_DRIVER_MAGIC and md->block_size == 1023, a single
512 byte sector would be read (secsize / 512). However the partition
structure would be located past the end of the buffer (secsize % 512).
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
block/partitions/mac.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/block/partitions/mac.c b/block/partitions/mac.c
index c2c48ec..621317a 100644
--- a/block/partitions/mac.c
+++ b/block/partitions/mac.c
@@ -32,7 +32,7 @@ int mac_partition(struct parsed_partitions *state)
Sector sect;
unsigned char *data;
int slot, blocks_in_map;
- unsigned secsize;
+ unsigned secsize, datasize, partoffset;
#ifdef CONFIG_PPC_PMAC
int found_root = 0;
int found_root_goodness = 0;
@@ -50,10 +50,14 @@ int mac_partition(struct parsed_partitions *state)
}
secsize = be16_to_cpu(md->block_size);
put_dev_sector(sect);
- data = read_part_sector(state, secsize/512, §);
+ datasize = round_down(secsize, 512);
+ data = read_part_sector(state, datasize / 512, §);
if (!data)
return -1;
- part = (struct mac_partition *) (data + secsize%512);
+ partoffset = secsize % 512;
+ if (partoffset + sizeof(*part) > datasize)
+ return -1;
+ part = (struct mac_partition *) (data + partoffset);
if (be16_to_cpu(part->signature) != MAC_PARTITION_MAGIC) {
put_dev_sector(sect);
return 0; /* not a MacOS disk */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 045/305] ALSA: hda - Apply HP headphone fixups more generically
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (43 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 044/305] mac: validate mac_partition is within sector Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 046/305] blk-mq: fix calling unplug callbacks with preempt disabled Kamal Mostafa
` (259 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit 196543d54574f50e3fd04df4e3048181e006a9da upstream.
It turned out that many HP laptops suffer from the same problem as
fixed in commit [c932b98c1e47: ALSA: hda - Apply pin fixup for HP
ProBook 6550b]. But, it's tiresome to list up all such PCI SSIDs, as
there are really lots of HP machines.
Instead, we do a bit more clever, try to check the supposedly dock and
built-in headphone pins, and apply the fixup when both seem valid.
This rule can be applied generically to all models using the same
quirk, so we'll fix all in a shot.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=107491
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_sigmatel.c | 45 +++++++++++++++++++++++++++---------------
1 file changed, 29 insertions(+), 16 deletions(-)
diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
index a0798ae..14a62b8 100644
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -3110,6 +3110,29 @@ static void stac92hd71bxx_fixup_hp_hdx(struct hda_codec *codec,
spec->gpio_led = 0x08;
}
+static bool is_hp_output(struct hda_codec *codec, hda_nid_t pin)
+{
+ unsigned int pin_cfg = snd_hda_codec_get_pincfg(codec, pin);
+
+ /* count line-out, too, as BIOS sets often so */
+ return get_defcfg_connect(pin_cfg) != AC_JACK_PORT_NONE &&
+ (get_defcfg_device(pin_cfg) == AC_JACK_LINE_OUT ||
+ get_defcfg_device(pin_cfg) == AC_JACK_HP_OUT);
+}
+
+static void fixup_hp_headphone(struct hda_codec *codec, hda_nid_t pin)
+{
+ unsigned int pin_cfg = snd_hda_codec_get_pincfg(codec, pin);
+
+ /* It was changed in the BIOS to just satisfy MS DTM.
+ * Lets turn it back into slaved HP
+ */
+ pin_cfg = (pin_cfg & (~AC_DEFCFG_DEVICE)) |
+ (AC_JACK_HP_OUT << AC_DEFCFG_DEVICE_SHIFT);
+ pin_cfg = (pin_cfg & (~(AC_DEFCFG_DEF_ASSOC | AC_DEFCFG_SEQUENCE))) |
+ 0x1f;
+ snd_hda_codec_set_pincfg(codec, pin, pin_cfg);
+}
static void stac92hd71bxx_fixup_hp(struct hda_codec *codec,
const struct hda_fixup *fix, int action)
@@ -3119,22 +3142,12 @@ static void stac92hd71bxx_fixup_hp(struct hda_codec *codec,
if (action != HDA_FIXUP_ACT_PRE_PROBE)
return;
- if (hp_blike_system(codec->core.subsystem_id)) {
- unsigned int pin_cfg = snd_hda_codec_get_pincfg(codec, 0x0f);
- if (get_defcfg_device(pin_cfg) == AC_JACK_LINE_OUT ||
- get_defcfg_device(pin_cfg) == AC_JACK_SPEAKER ||
- get_defcfg_device(pin_cfg) == AC_JACK_HP_OUT) {
- /* It was changed in the BIOS to just satisfy MS DTM.
- * Lets turn it back into slaved HP
- */
- pin_cfg = (pin_cfg & (~AC_DEFCFG_DEVICE))
- | (AC_JACK_HP_OUT <<
- AC_DEFCFG_DEVICE_SHIFT);
- pin_cfg = (pin_cfg & (~(AC_DEFCFG_DEF_ASSOC
- | AC_DEFCFG_SEQUENCE)))
- | 0x1f;
- snd_hda_codec_set_pincfg(codec, 0x0f, pin_cfg);
- }
+ /* when both output A and F are assigned, these are supposedly
+ * dock and built-in headphones; fix both pin configs
+ */
+ if (is_hp_output(codec, 0x0a) && is_hp_output(codec, 0x0f)) {
+ fixup_hp_headphone(codec, 0x0a);
+ fixup_hp_headphone(codec, 0x0f);
}
if (find_mute_led_cfg(codec, 1))
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 046/305] blk-mq: fix calling unplug callbacks with preempt disabled
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (44 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 045/305] ALSA: hda - Apply HP headphone fixups more generically Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 047/305] ARM: imx: add platform irq type setting in gpc Kamal Mostafa
` (258 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Jens Axboe, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jens Axboe <axboe@fb.com>
commit b094f89ca42fbb8ce40174d5f85ca8430e499da6 upstream.
Liu reported that running certain parts of xfstests threw the
following error:
BUG: sleeping function called from invalid context at mm/page_alloc.c:3190
in_atomic(): 1, irqs_disabled(): 0, pid: 6, name: kworker/u16:0
3 locks held by kworker/u16:0/6:
#0: ("writeback"){++++.+}, at: [<ffffffff8107f083>] process_one_work+0x173/0x730
#1: ((&(&wb->dwork)->work)){+.+.+.}, at: [<ffffffff8107f083>] process_one_work+0x173/0x730
#2: (&type->s_umount_key#44){+++++.}, at: [<ffffffff811e6805>] trylock_super+0x25/0x60
CPU: 5 PID: 6 Comm: kworker/u16:0 Tainted: G OE 4.3.0+ #3
Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011
Workqueue: writeback wb_workfn (flush-btrfs-108)
ffffffff81a3abab ffff88042e282ba8 ffffffff8130191b ffffffff81a3abab
0000000000000c76 ffff88042e282ba8 ffff88042e27c180 ffff88042e282bd8
ffffffff8108ed95 ffff880400000004 0000000000000000 0000000000000c76
Call Trace:
[<ffffffff8130191b>] dump_stack+0x4f/0x74
[<ffffffff8108ed95>] ___might_sleep+0x185/0x240
[<ffffffff8108eea2>] __might_sleep+0x52/0x90
[<ffffffff811817e8>] __alloc_pages_nodemask+0x268/0x410
[<ffffffff8109a43c>] ? sched_clock_local+0x1c/0x90
[<ffffffff8109a6d1>] ? local_clock+0x21/0x40
[<ffffffff810b9eb0>] ? __lock_release+0x420/0x510
[<ffffffff810b534c>] ? __lock_acquired+0x16c/0x3c0
[<ffffffff811ca265>] alloc_pages_current+0xc5/0x210
[<ffffffffa0577105>] ? rbio_is_full+0x55/0x70 [btrfs]
[<ffffffff810b7ed8>] ? mark_held_locks+0x78/0xa0
[<ffffffff81666d50>] ? _raw_spin_unlock_irqrestore+0x40/0x60
[<ffffffffa0578c0a>] full_stripe_write+0x5a/0xc0 [btrfs]
[<ffffffffa0578ca9>] __raid56_parity_write+0x39/0x60 [btrfs]
[<ffffffffa0578deb>] run_plug+0x11b/0x140 [btrfs]
[<ffffffffa0578e33>] btrfs_raid_unplug+0x23/0x70 [btrfs]
[<ffffffff812d36c2>] blk_flush_plug_list+0x82/0x1f0
[<ffffffff812e0349>] blk_sq_make_request+0x1f9/0x740
[<ffffffff812ceba2>] ? generic_make_request_checks+0x222/0x7c0
[<ffffffff812cf264>] ? blk_queue_enter+0x124/0x310
[<ffffffff812cf1d2>] ? blk_queue_enter+0x92/0x310
[<ffffffff812d0ae2>] generic_make_request+0x172/0x2c0
[<ffffffff812d0ad4>] ? generic_make_request+0x164/0x2c0
[<ffffffff812d0ca0>] submit_bio+0x70/0x140
[<ffffffffa0577b29>] ? rbio_add_io_page+0x99/0x150 [btrfs]
[<ffffffffa0578a89>] finish_rmw+0x4d9/0x600 [btrfs]
[<ffffffffa0578c4c>] full_stripe_write+0x9c/0xc0 [btrfs]
[<ffffffffa057ab7f>] raid56_parity_write+0xef/0x160 [btrfs]
[<ffffffffa052bd83>] btrfs_map_bio+0xe3/0x2d0 [btrfs]
[<ffffffffa04fbd6d>] btrfs_submit_bio_hook+0x8d/0x1d0 [btrfs]
[<ffffffffa05173c4>] submit_one_bio+0x74/0xb0 [btrfs]
[<ffffffffa0517f55>] submit_extent_page+0xe5/0x1c0 [btrfs]
[<ffffffffa0519b18>] __extent_writepage_io+0x408/0x4c0 [btrfs]
[<ffffffffa05179c0>] ? alloc_dummy_extent_buffer+0x140/0x140 [btrfs]
[<ffffffffa051dc88>] __extent_writepage+0x218/0x3a0 [btrfs]
[<ffffffff810b7ed8>] ? mark_held_locks+0x78/0xa0
[<ffffffffa051e2c9>] extent_write_cache_pages.clone.0+0x2f9/0x400 [btrfs]
[<ffffffffa051e422>] extent_writepages+0x52/0x70 [btrfs]
[<ffffffffa05001f0>] ? btrfs_set_inode_index+0x70/0x70 [btrfs]
[<ffffffffa04fcc17>] btrfs_writepages+0x27/0x30 [btrfs]
[<ffffffff81184df3>] do_writepages+0x23/0x40
[<ffffffff81212229>] __writeback_single_inode+0x89/0x4d0
[<ffffffff81212a60>] ? writeback_sb_inodes+0x260/0x480
[<ffffffff81212a60>] ? writeback_sb_inodes+0x260/0x480
[<ffffffff8121295f>] ? writeback_sb_inodes+0x15f/0x480
[<ffffffff81212ad2>] writeback_sb_inodes+0x2d2/0x480
[<ffffffff810b1397>] ? down_read_trylock+0x57/0x60
[<ffffffff811e6805>] ? trylock_super+0x25/0x60
[<ffffffff810d629f>] ? rcu_read_lock_sched_held+0x4f/0x90
[<ffffffff81212d0c>] __writeback_inodes_wb+0x8c/0xc0
[<ffffffff812130b5>] wb_writeback+0x2b5/0x500
[<ffffffff810b7ed8>] ? mark_held_locks+0x78/0xa0
[<ffffffff810660a8>] ? __local_bh_enable_ip+0x68/0xc0
[<ffffffff81213362>] ? wb_do_writeback+0x62/0x310
[<ffffffff812133c1>] wb_do_writeback+0xc1/0x310
[<ffffffff8107c3d9>] ? set_worker_desc+0x79/0x90
[<ffffffff81213842>] wb_workfn+0x92/0x330
[<ffffffff8107f133>] process_one_work+0x223/0x730
[<ffffffff8107f083>] ? process_one_work+0x173/0x730
[<ffffffff8108035f>] ? worker_thread+0x18f/0x430
[<ffffffff810802ed>] worker_thread+0x11d/0x430
[<ffffffff810801d0>] ? maybe_create_worker+0xf0/0xf0
[<ffffffff810801d0>] ? maybe_create_worker+0xf0/0xf0
[<ffffffff810858df>] kthread+0xef/0x110
[<ffffffff8108f74e>] ? schedule_tail+0x1e/0xd0
[<ffffffff810857f0>] ? __init_kthread_worker+0x70/0x70
[<ffffffff816673bf>] ret_from_fork+0x3f/0x70
[<ffffffff810857f0>] ? __init_kthread_worker+0x70/0x70
The issue is that we've got the software context pinned while
calling blk_flush_plug_list(), which flushes callbacks that
are allowed to sleep. btrfs and raid has such callbacks.
Flip the checks around a bit, so we can enable preempt a bit
earlier and flush plugs without having preempt disabled.
This only affects blk-mq driven devices, and only those that
register a single queue.
Reported-by: Liu Bo <bo.li.liu@oracle.com>
Tested-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
block/blk-mq.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 4d6ff52..0990d4c 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -1300,15 +1300,16 @@ static void blk_mq_make_request(struct request_queue *q, struct bio *bio)
blk_mq_bio_to_request(rq, bio);
/*
- * we do limited pluging. If bio can be merged, do merge.
+ * We do limited pluging. If the bio can be merged, do that.
* Otherwise the existing request in the plug list will be
* issued. So the plug list will have one request at most
*/
if (plug) {
/*
* The plug list might get flushed before this. If that
- * happens, same_queue_rq is invalid and plug list is empty
- **/
+ * happens, same_queue_rq is invalid and plug list is
+ * empty
+ */
if (same_queue_rq && !list_empty(&plug->mq_list)) {
old_rq = same_queue_rq;
list_del_init(&old_rq->queuelist);
@@ -1382,12 +1383,15 @@ static void blk_sq_make_request(struct request_queue *q, struct bio *bio)
blk_mq_bio_to_request(rq, bio);
if (list_empty(&plug->mq_list))
trace_block_plug(q);
- else if (request_count >= BLK_MAX_REQUEST_COUNT) {
+
+ blk_mq_put_ctx(data.ctx);
+
+ if (request_count >= BLK_MAX_REQUEST_COUNT) {
blk_flush_plug_list(plug, false);
trace_block_plug(q);
}
+
list_add_tail(&rq->queuelist, &plug->mq_list);
- blk_mq_put_ctx(data.ctx);
return;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 047/305] ARM: imx: add platform irq type setting in gpc
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (45 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 046/305] blk-mq: fix calling unplug callbacks with preempt disabled Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 048/305] watchdog: omap_wdt: fix null pointer dereference Kamal Mostafa
` (257 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Anson Huang, Shawn Guo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Anson Huang <b20788@freescale.com>
commit 4699ccbf8cf2f962031b88de7851f610030e5c17 upstream.
GPC irq domain is a child domain of GIC, now all of platform irqs
are inside GPC domain, during the module populate, all devices irq
should have correct type setting in GIC, however, there is no
.irq_set_type callback setting in GPC, so the irq_set_type will be
skipped and cause all irqs' type in /proc/interrupt are "edge" which
mismatch with irq type setting in dtb file. Since GPC has no irq
type setting, so just tell kernel to use irq_chip_set_type_parent.
Signed-off-by: Anson Huang <Anson.Huang@freescale.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mach-imx/gpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-imx/gpc.c b/arch/arm/mach-imx/gpc.c
index 8c4467f..af085d7 100644
--- a/arch/arm/mach-imx/gpc.c
+++ b/arch/arm/mach-imx/gpc.c
@@ -176,6 +176,7 @@ static struct irq_chip imx_gpc_chip = {
.irq_unmask = imx_gpc_irq_unmask,
.irq_retrigger = irq_chip_retrigger_hierarchy,
.irq_set_wake = imx_gpc_irq_set_wake,
+ .irq_set_type = irq_chip_set_type_parent,
#ifdef CONFIG_SMP
.irq_set_affinity = irq_chip_set_affinity_parent,
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 048/305] watchdog: omap_wdt: fix null pointer dereference
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (46 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 047/305] ARM: imx: add platform irq type setting in gpc Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 049/305] powerpc/tm: Block signal return setting invalid MSR state Kamal Mostafa
` (256 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Robinson, Wim Van Sebroeck, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Robinson <pbrobinson@gmail.com>
commit de55acd100993c70bb7c5ca9473b59cdc4debb20 upstream.
Fix issue from two patches overlapping causing a kernel oops
[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
[ 3569.306272] pgd = dc894000
[ 3569.309287] [00000088] *pgd=00000000
[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
[ 3569.417902] pc : [<bf0ab138>] lr : [<c0739c54>] psr: 600f0013
[ 3569.417902] sp : dbaadf18 ip : 00000003 fp : 7f5d3bbe
[ 3569.430014] r10: 00000000 r9 : 00000003 r8 : bef21ab8
[ 3569.435535] r7 : dbbc0f7c r6 : dbbc0f18 r5 : bef21ab8 r4 : 00000000
[ 3569.442427] r3 : 00000000 r2 : 00000000 r1 : 8004570a r0 : dbbc0f18
[ 3569.449323] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 3569.456858] Control: 10c5387d Table: 9c894019 DAC: 00000051
[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
[ 3569.473790] df00: bef21ab8 dbf60e38
[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Lars Poeschel <poeschel@lemonage.de>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/watchdog/omap_wdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
index de911c7..7abd698 100644
--- a/drivers/watchdog/omap_wdt.c
+++ b/drivers/watchdog/omap_wdt.c
@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
{
- struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
+ struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
void __iomem *base = wdev->base;
u32 value;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 049/305] powerpc/tm: Block signal return setting invalid MSR state
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (47 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 048/305] watchdog: omap_wdt: fix null pointer dereference Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 050/305] powerpc/tm: Check for already reclaimed tasks Kamal Mostafa
` (255 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michael Neuling, Michael Ellerman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Michael Neuling <mikey@neuling.org>
commit d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 upstream.
Currently we allow both the MSR T and S bits to be set by userspace on
a signal return. Unfortunately this is a reserved configuration and
will cause a TM Bad Thing exception if attempted (via rfid).
This patch checks for this case in both the 32 and 64 bit signals
code. If both T and S are set, we mark the context as invalid.
Found using a syscall fuzzer.
Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context")
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/include/asm/reg.h | 1 +
arch/powerpc/kernel/signal_32.c | 14 +++++++++-----
arch/powerpc/kernel/signal_64.c | 4 ++++
3 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
index af56b5c..f4f99f0 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -108,6 +108,7 @@
#define MSR_TS_T __MASK(MSR_TS_T_LG) /* Transaction Transactional */
#define MSR_TS_MASK (MSR_TS_T | MSR_TS_S) /* Transaction State bits */
#define MSR_TM_ACTIVE(x) (((x) & MSR_TS_MASK) != 0) /* Transaction active? */
+#define MSR_TM_RESV(x) (((x) & MSR_TS_MASK) == MSR_TS_MASK) /* Reserved */
#define MSR_TM_TRANSACTIONAL(x) (((x) & MSR_TS_MASK) == MSR_TS_T)
#define MSR_TM_SUSPENDED(x) (((x) & MSR_TS_MASK) == MSR_TS_S)
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index da50e0c..7356c33 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -875,6 +875,15 @@ static long restore_tm_user_regs(struct pt_regs *regs,
return 1;
#endif /* CONFIG_SPE */
+ /* Get the top half of the MSR from the user context */
+ if (__get_user(msr_hi, &tm_sr->mc_gregs[PT_MSR]))
+ return 1;
+ msr_hi <<= 32;
+ /* If TM bits are set to the reserved value, it's an invalid context */
+ if (MSR_TM_RESV(msr_hi))
+ return 1;
+ /* Pull in the MSR TM bits from the user context */
+ regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr_hi & MSR_TS_MASK);
/* Now, recheckpoint. This loads up all of the checkpointed (older)
* registers, including FP and V[S]Rs. After recheckpointing, the
* transactional versions should be loaded.
@@ -884,11 +893,6 @@ static long restore_tm_user_regs(struct pt_regs *regs,
current->thread.tm_texasr |= TEXASR_FS;
/* This loads the checkpointed FP/VEC state, if used */
tm_recheckpoint(¤t->thread, msr);
- /* Get the top half of the MSR */
- if (__get_user(msr_hi, &tm_sr->mc_gregs[PT_MSR]))
- return 1;
- /* Pull in MSR TM from user context */
- regs->msr = (regs->msr & ~MSR_TS_MASK) | ((msr_hi<<32) & MSR_TS_MASK);
/* This loads the speculative FP/VEC state, if used */
if (msr & MSR_FP) {
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
index c7c24d2..164fd64 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -427,6 +427,10 @@ static long restore_tm_sigcontexts(struct pt_regs *regs,
/* get MSR separately, transfer the LE bit if doing signal return */
err |= __get_user(msr, &sc->gp_regs[PT_MSR]);
+ /* Don't allow reserved mode. */
+ if (MSR_TM_RESV(msr))
+ return -EINVAL;
+
/* pull in MSR TM from user context */
regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr & MSR_TS_MASK);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 050/305] powerpc/tm: Check for already reclaimed tasks
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (48 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 049/305] powerpc/tm: Block signal return setting invalid MSR state Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 051/305] ARC: dw2 unwind: Remove falllback linear search thru FDE entries Kamal Mostafa
` (254 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michael Neuling, Michael Ellerman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Michael Neuling <mikey@neuling.org>
commit 7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 upstream.
Currently we can hit a scenario where we'll tm_reclaim() twice. This
results in a TM bad thing exception because the second reclaim occurs
when not in suspend mode.
The scenario in which this can happen is the following. We attempt to
deliver a signal to userspace. To do this we need obtain the stack
pointer to write the signal context. To get this stack pointer we
must tm_reclaim() in case we need to use the checkpointed stack
pointer (see get_tm_stackpointer()). Normally we'd then return
directly to userspace to deliver the signal without going through
__switch_to().
Unfortunatley, if at this point we get an error (such as a bad
userspace stack pointer), we need to exit the process. The exit will
result in a __switch_to(). __switch_to() will attempt to save the
process state which results in another tm_reclaim(). This
tm_reclaim() now causes a TM Bad Thing exception as this state has
already been saved and the processor is no longer in TM suspend mode.
Whee!
This patch checks the state of the MSR to ensure we are TM suspended
before we attempt the tm_reclaim(). If we've already saved the state
away, we should no longer be in TM suspend mode. This has the
additional advantage of checking for a potential TM Bad Thing
exception.
Found using syscall fuzzer.
Fixes: fb09692e71f1 ("powerpc: Add reclaim and recheckpoint functions for context switching transactional memory processes")
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/kernel/process.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index 64e6e9d..ca783f9 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -551,6 +551,24 @@ static void tm_reclaim_thread(struct thread_struct *thr,
msr_diff &= MSR_FP | MSR_VEC | MSR_VSX | MSR_FE0 | MSR_FE1;
}
+ /*
+ * Use the current MSR TM suspended bit to track if we have
+ * checkpointed state outstanding.
+ * On signal delivery, we'd normally reclaim the checkpointed
+ * state to obtain stack pointer (see:get_tm_stackpointer()).
+ * This will then directly return to userspace without going
+ * through __switch_to(). However, if the stack frame is bad,
+ * we need to exit this thread which calls __switch_to() which
+ * will again attempt to reclaim the already saved tm state.
+ * Hence we need to check that we've not already reclaimed
+ * this state.
+ * We do this using the current MSR, rather tracking it in
+ * some specific thread_struct bit, as it has the additional
+ * benifit of checking for a potential TM bad thing exception.
+ */
+ if (!MSR_TM_SUSPENDED(mfmsr()))
+ return;
+
tm_reclaim(thr, thr->regs->msr, cause);
/* Having done the reclaim, we now have the checkpointed
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 051/305] ARC: dw2 unwind: Remove falllback linear search thru FDE entries
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (49 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 050/305] powerpc/tm: Check for already reclaimed tasks Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 052/305] dm thin: fix regression in advertised discard limits Kamal Mostafa
` (253 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Vineet Gupta, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 2e22502c080f27afeab5e6f11e618fb7bc7aea53 upstream.
Fixes STAR 9000953410: "perf callgraph profiling causing RCU stalls"
| perf record -g -c 15000 -e cycles /sbin/hackbench
|
| INFO: rcu_preempt self-detected stall on CPU
| 1: (1 GPs behind) idle=609/140000000000002/0 softirq=2914/2915 fqs=603
| Task dump for CPU 1:
in-kernel dwarf unwinder has a fast binary lookup and a fallback linear
search (which iterates thru each of ~11K entries) thus takes 2 orders of
magnitude longer (~3 million cycles vs. 2000). Routines written in hand
assembler lack dwarf info (as we don't support assembler CFI pseudo-ops
yet) fail the unwinder binary lookup, hit linear search, failing
nevertheless in the end.
However the linear search is pointless as binary lookup tables are created
from it in first place. It is impossible to have binary lookup fail while
succeed the linear search. It is pure waste of cycles thus removed by
this patch.
This manifested as RCU stalls / NMI watchdog splat when running
hackbench under perf with callgraph profiling. The triggering condition
was perf counter overflowing in routine lacking dwarf info (like memset)
leading to patheic 3 million cycle unwinder slow path and by the time it
returned new interrupts were already pending (Timer, IPI) and taken
rightaway. The original memset didn't make forward progress, system kept
accruing more interrupts and more unwinder delayes in a vicious feedback
loop, ultimately triggering the NMI diagnostic.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arc/kernel/unwind.c | 37 ++++---------------------------------
1 file changed, 4 insertions(+), 33 deletions(-)
diff --git a/arch/arc/kernel/unwind.c b/arch/arc/kernel/unwind.c
index 93c6ea5..7352475 100644
--- a/arch/arc/kernel/unwind.c
+++ b/arch/arc/kernel/unwind.c
@@ -986,42 +986,13 @@ int arc_unwind(struct unwind_frame_info *frame)
(const u8 *)(fde +
1) +
*fde, ptrType);
- if (pc >= endLoc)
+ if (pc >= endLoc) {
fde = NULL;
- } else
- fde = NULL;
- }
- if (fde == NULL) {
- for (fde = table->address, tableSize = table->size;
- cie = NULL, tableSize > sizeof(*fde)
- && tableSize - sizeof(*fde) >= *fde;
- tableSize -= sizeof(*fde) + *fde,
- fde += 1 + *fde / sizeof(*fde)) {
- cie = cie_for_fde(fde, table);
- if (cie == &bad_cie) {
cie = NULL;
- break;
}
- if (cie == NULL
- || cie == ¬_fde
- || (ptrType = fde_pointer_type(cie)) < 0)
- continue;
- ptr = (const u8 *)(fde + 2);
- startLoc = read_pointer(&ptr,
- (const u8 *)(fde + 1) +
- *fde, ptrType);
- if (!startLoc)
- continue;
- if (!(ptrType & DW_EH_PE_indirect))
- ptrType &=
- DW_EH_PE_FORM | DW_EH_PE_signed;
- endLoc =
- startLoc + read_pointer(&ptr,
- (const u8 *)(fde +
- 1) +
- *fde, ptrType);
- if (pc >= startLoc && pc < endLoc)
- break;
+ } else {
+ fde = NULL;
+ cie = NULL;
}
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 052/305] dm thin: fix regression in advertised discard limits
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (50 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 051/305] ARC: dw2 unwind: Remove falllback linear search thru FDE entries Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 053/305] fix sysvfs symlinks Kamal Mostafa
` (252 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mike Snitzer <snitzer@redhat.com>
commit 0fcb04d59351f790efb8da18edefd6ab4d9bbf3b upstream.
When establishing a thin device's discard limits we cannot rely on the
underlying thin-pool device's discard capabilities (which are inherited
from the thin-pool's underlying data device) given that DM thin devices
must provide discard support even when the thin-pool's underlying data
device doesn't support discards.
Users were exposed to this thin device discard limits regression if
their thin-pool's underlying data device does _not_ support discards.
This regression caused all upper-layers that called the
blkdev_issue_discard() interface to not be able to issue discards to
thin devices (because discard_granularity was 0). This regression
wasn't caught earlier because the device-mapper-test-suite's extensive
'thin-provisioning' discard tests are only ever performed against
thin-pool's with data devices that support discards.
Fix is to have thin_io_hints() test the pool's 'discard_enabled' feature
rather than inferring whether or not a thin device's discard support
should be enabled by looking at the thin-pool's discard_granularity.
Fixes: 216076705 ("dm thin: disable discard support for thin devices if pool's is disabled")
Reported-by: Mike Gerber <mike@sprachgewalt.de>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/dm-thin.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c
index 4190e3b..3efdddb 100644
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -4334,10 +4334,9 @@ static void thin_io_hints(struct dm_target *ti, struct queue_limits *limits)
{
struct thin_c *tc = ti->private;
struct pool *pool = tc->pool;
- struct queue_limits *pool_limits = dm_get_queue_limits(pool->pool_md);
- if (!pool_limits->discard_granularity)
- return; /* pool's discard support is disabled */
+ if (!pool->pf.discard_enabled)
+ return;
limits->discard_granularity = pool->sectors_per_block << SECTOR_SHIFT;
limits->max_discard_sectors = 2048 * 1024 * 16; /* 16G */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 053/305] fix sysvfs symlinks
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (51 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 052/305] dm thin: fix regression in advertised discard limits Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 054/305] vfs: Make sendfile(2) killable even better Kamal Mostafa
` (251 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 0ebf7f10d67a70e120f365018f1c5fce9ddc567d upstream.
The thing got broken back in 2002 - sysvfs does *not* have inline
symlinks; even short ones have bodies stored in the first block
of file. sysv_symlink() handles that correctly; unfortunately,
attempting to look an existing symlink up will end up confusing
them for inline symlinks, and interpret the block number containing
the body as the body itself.
Nobody has noticed until now, which says something about the level
of testing sysvfs gets ;-/
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/sysv/inode.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/fs/sysv/inode.c b/fs/sysv/inode.c
index 590ad92..02fa1dc 100644
--- a/fs/sysv/inode.c
+++ b/fs/sysv/inode.c
@@ -162,15 +162,8 @@ void sysv_set_inode(struct inode *inode, dev_t rdev)
inode->i_fop = &sysv_dir_operations;
inode->i_mapping->a_ops = &sysv_aops;
} else if (S_ISLNK(inode->i_mode)) {
- if (inode->i_blocks) {
- inode->i_op = &sysv_symlink_inode_operations;
- inode->i_mapping->a_ops = &sysv_aops;
- } else {
- inode->i_op = &simple_symlink_inode_operations;
- inode->i_link = (char *)SYSV_I(inode)->i_data;
- nd_terminate_link(inode->i_link, inode->i_size,
- sizeof(SYSV_I(inode)->i_data) - 1);
- }
+ inode->i_op = &sysv_symlink_inode_operations;
+ inode->i_mapping->a_ops = &sysv_aops;
} else
init_special_inode(inode, inode->i_mode, rdev);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 054/305] vfs: Make sendfile(2) killable even better
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (52 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 053/305] fix sysvfs symlinks Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 055/305] vfs: Avoid softlockups with sendfile(2) Kamal Mostafa
` (250 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Jan Kara, Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jan Kara <jack@suse.cz>
commit c725bfce7968009756ed2836a8cd7ba4dc163011 upstream.
Commit 296291cdd162 (mm: make sendfile(2) killable) fixed an issue where
sendfile(2) was doing a lot of tiny writes into a filesystem and thus
was unkillable for a long time. However sendfile(2) can be (mis)used to
issue lots of writes into arbitrary file descriptor such as evenfd or
similar special file descriptors which never hit the standard filesystem
write path and thus are still unkillable. E.g. the following example
from Dmitry burns CPU for ~16s on my test system without possibility to
be killed:
int r1 = eventfd(0, 0);
int r2 = memfd_create("", 0);
unsigned long n = 1<<30;
fallocate(r2, 0, 0, n);
sendfile(r1, r2, 0, n);
There are actually quite a few tests for pending signals in sendfile
code however we data to write is always available none of them seems to
trigger. So fix the problem by adding a test for pending signal into
splice_from_pipe_next() also before the loop waiting for pipe buffers to
be available. This should fix all the lockup issues with sendfile of the
do-ton-of-tiny-writes nature.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/splice.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/splice.c b/fs/splice.c
index 5fc1e50..882e5aa 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -809,6 +809,13 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des
*/
static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
{
+ /*
+ * Check for signal early to make process killable when there are
+ * always buffers available
+ */
+ if (signal_pending(current))
+ return -ERESTARTSYS;
+
while (!pipe->nrbufs) {
if (!pipe->writers)
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 055/305] vfs: Avoid softlockups with sendfile(2)
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (53 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 054/305] vfs: Make sendfile(2) killable even better Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 056/305] nfs4: limit callback decoding to received bytes Kamal Mostafa
` (249 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dmitry Vyukov, Jan Kara, Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jan Kara <jack@suse.cz>
commit c2489e07c0a71a56fb2c84bc0ee66cddfca7d068 upstream.
The following test program from Dmitry can cause softlockups or RCU
stalls as it copies 1GB from tmpfs into eventfd and we don't have any
scheduling point at that path in sendfile(2) implementation:
int r1 = eventfd(0, 0);
int r2 = memfd_create("", 0);
unsigned long n = 1<<30;
fallocate(r2, 0, 0, n);
sendfile(r1, r2, 0, n);
Add cond_resched() into __splice_from_pipe() to fix the problem.
CC: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/splice.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/splice.c b/fs/splice.c
index 882e5aa..014657c 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -891,6 +891,7 @@ ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
splice_from_pipe_begin(sd);
do {
+ cond_resched();
ret = splice_from_pipe_next(pipe, sd);
if (ret > 0)
ret = splice_from_pipe_feed(pipe, sd, actor);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 056/305] nfs4: limit callback decoding to received bytes
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (54 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 055/305] vfs: Avoid softlockups with sendfile(2) Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 057/305] ALSA: hda - Fix headphone noise after Dell XPS 13 resume back from S3 Kamal Mostafa
` (248 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Benjamin Coddington, Trond Myklebust, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Benjamin Coddington <bcodding@redhat.com>
commit 38b7631fbe42e6e247e9fc9879f961b14a687e3b upstream.
A truncated cb_compound request will cause the client to decode null or
data from a previous callback for nfs4.1 backchannel case, or uninitialized
data for the nfs4.0 case. This is because the path through
svc_process_common() advances the request's iov_base and decrements iov_len
without adjusting the overall xdr_buf's len field. That causes
xdr_init_decode() to set up the xdr_stream with an incorrect length in
nfs4_callback_compound().
Fixing this for the nfs4.1 backchannel case first requires setting the
correct iov_len and page_len based on the length of received data in the
same manner as the nfs4.0 case.
Then the request's xdr_buf length can be adjusted for both cases based upon
the remaining iov_len and page_len.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/nfs/callback_xdr.c | 7 +++++--
net/sunrpc/backchannel_rqst.c | 8 ++++++++
net/sunrpc/svc.c | 1 +
3 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index 6b1697a..1c8213e 100644
--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -76,7 +76,8 @@ static __be32 *read_buf(struct xdr_stream *xdr, int nbytes)
p = xdr_inline_decode(xdr, nbytes);
if (unlikely(p == NULL))
- printk(KERN_WARNING "NFS: NFSv4 callback reply buffer overflowed!\n");
+ printk(KERN_WARNING "NFS: NFSv4 callback reply buffer overflowed "
+ "or truncated request.\n");
return p;
}
@@ -892,6 +893,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp, void *argp, void *r
struct cb_compound_hdr_arg hdr_arg = { 0 };
struct cb_compound_hdr_res hdr_res = { NULL };
struct xdr_stream xdr_in, xdr_out;
+ struct xdr_buf *rq_arg = &rqstp->rq_arg;
__be32 *p, status;
struct cb_process_state cps = {
.drc_status = 0,
@@ -903,7 +905,8 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp, void *argp, void *r
dprintk("%s: start\n", __func__);
- xdr_init_decode(&xdr_in, &rqstp->rq_arg, rqstp->rq_arg.head[0].iov_base);
+ rq_arg->len = rq_arg->head[0].iov_len + rq_arg->page_len;
+ xdr_init_decode(&xdr_in, rq_arg, rq_arg->head[0].iov_base);
p = (__be32*)((char *)rqstp->rq_res.head[0].iov_base + rqstp->rq_res.head[0].iov_len);
xdr_init_encode(&xdr_out, &rqstp->rq_res, p);
diff --git a/net/sunrpc/backchannel_rqst.c b/net/sunrpc/backchannel_rqst.c
index 6255d14..d92cee1 100644
--- a/net/sunrpc/backchannel_rqst.c
+++ b/net/sunrpc/backchannel_rqst.c
@@ -333,12 +333,20 @@ void xprt_complete_bc_request(struct rpc_rqst *req, uint32_t copied)
{
struct rpc_xprt *xprt = req->rq_xprt;
struct svc_serv *bc_serv = xprt->bc_serv;
+ struct xdr_buf *rq_rcv_buf = &req->rq_rcv_buf;
spin_lock(&xprt->bc_pa_lock);
list_del(&req->rq_bc_pa_list);
xprt_dec_alloc_count(xprt, 1);
spin_unlock(&xprt->bc_pa_lock);
+ if (copied <= rq_rcv_buf->head[0].iov_len) {
+ rq_rcv_buf->head[0].iov_len = copied;
+ rq_rcv_buf->page_len = 0;
+ } else {
+ rq_rcv_buf->page_len = copied - rq_rcv_buf->head[0].iov_len;
+ }
+
req->rq_private_buf.len = copied;
set_bit(RPC_BC_PA_IN_USE, &req->rq_bc_pa_state);
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index 5a16d8d..cebf22d 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -1366,6 +1366,7 @@ bc_svc_process(struct svc_serv *serv, struct rpc_rqst *req,
memcpy(&rqstp->rq_addr, &req->rq_xprt->addr, rqstp->rq_addrlen);
memcpy(&rqstp->rq_arg, &req->rq_rcv_buf, sizeof(rqstp->rq_arg));
memcpy(&rqstp->rq_res, &req->rq_snd_buf, sizeof(rqstp->rq_res));
+ rqstp->rq_arg.len = req->rq_private_buf.len;
/* reset result send buffer "put" position */
resv->iov_len = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 057/305] ALSA: hda - Fix headphone noise after Dell XPS 13 resume back from S3
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (55 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 056/305] nfs4: limit callback decoding to received bytes Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 058/305] ARM: dts: vfxxx: Fix dspi[01] spi-num-chipselects Kamal Mostafa
` (247 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kailang Yang, Hui Wang, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hui Wang <hui.wang@canonical.com>
commit 8c69729b4439bbda88c3073df7243f755cc418ed upstream.
We have a machine Dell XPS 13 with the codec alc256, after resume back
from S3, the headphone has noise when play sound.
Through comparing with the coeff vaule before and after S3, we found
restoring a coeff register will help remove noise.
BugLink: https://bugs.launchpad.net/bugs/1519168
Cc: Kailang Yang <kailang@realtek.com>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index e5ff32a..bc99548 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4597,6 +4597,7 @@ enum {
ALC292_FIXUP_DISABLE_AAMIX,
ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
ALC275_FIXUP_DELL_XPS,
+ ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE,
};
static const struct hda_fixup alc269_fixups[] = {
@@ -5177,6 +5178,17 @@ static const struct hda_fixup alc269_fixups[] = {
{}
}
},
+ [ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE] = {
+ .type = HDA_FIXUP_VERBS,
+ .v.verbs = (const struct hda_verb[]) {
+ /* Disable pass-through path for FRONT 14h */
+ {0x20, AC_VERB_SET_COEF_INDEX, 0x36},
+ {0x20, AC_VERB_SET_PROC_COEF, 0x1737},
+ {}
+ },
+ .chained = true,
+ .chain_id = ALC255_FIXUP_DELL1_MIC_NO_PRESENCE
+ },
};
static const struct snd_pci_quirk alc269_fixup_tbl[] = {
@@ -5216,6 +5228,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
+ SND_PCI_QUIRK(0x1028, 0x0704, "Dell XPS 13", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 058/305] ARM: dts: vfxxx: Fix dspi[01] spi-num-chipselects.
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (56 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 057/305] ALSA: hda - Fix headphone noise after Dell XPS 13 resume back from S3 Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 059/305] ARM/arm64: KVM: test properly for a PTE's uncachedness Kamal Mostafa
` (246 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Cory Tusar, Shawn Guo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Cory Tusar <cory.tusar@pid1solutions.com>
commit 897ed0ca5979f103b8de3c09bcca2ae4860eb5a5 upstream.
Per the Vybrid Reference Manual (section 3.8.6.1), dspi0 has 6 chip
select signals associated with it, while dspi1 has only 4.
Signed-off-by: Cory Tusar <cory.tusar@pid1solutions.com>
Acked-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/boot/dts/vfxxx.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/vfxxx.dtsi b/arch/arm/boot/dts/vfxxx.dtsi
index 4aa3351..a646cb9 100644
--- a/arch/arm/boot/dts/vfxxx.dtsi
+++ b/arch/arm/boot/dts/vfxxx.dtsi
@@ -158,7 +158,7 @@
interrupts = <67 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks VF610_CLK_DSPI0>;
clock-names = "dspi";
- spi-num-chipselects = <5>;
+ spi-num-chipselects = <6>;
status = "disabled";
};
@@ -170,7 +170,7 @@
interrupts = <68 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks VF610_CLK_DSPI1>;
clock-names = "dspi";
- spi-num-chipselects = <5>;
+ spi-num-chipselects = <4>;
status = "disabled";
};
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 059/305] ARM/arm64: KVM: test properly for a PTE's uncachedness
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (57 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 058/305] ARM: dts: vfxxx: Fix dspi[01] spi-num-chipselects Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 060/305] arm64: KVM: Fix AArch32 to AArch64 register mapping Kamal Mostafa
` (245 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ard Biesheuvel, Christoffer Dall, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit e6fab54423450d699a09ec2b899473a541f61971 upstream.
The open coded tests for checking whether a PTE maps a page as
uncached use a flawed '(pte_val(xxx) & CONST) != CONST' pattern,
which is not guaranteed to work since the type of a mapping is
not a set of mutually exclusive bits
For HYP mappings, the type is an index into the MAIR table (i.e, the
index itself does not contain any information whatsoever about the
type of the mapping), and for stage-2 mappings it is a bit field where
normal memory and device types are defined as follows:
#define MT_S2_NORMAL 0xf
#define MT_S2_DEVICE_nGnRE 0x1
I.e., masking *and* comparing with the latter matches on the former,
and we have been getting lucky merely because the S2 device mappings
also have the PTE_UXN bit set, or we would misidentify memory mappings
as device mappings.
Since the unmap_range() code path (which contains one instance of the
flawed test) is used both for HYP mappings and stage-2 mappings, and
considering the difference between the two, it is non-trivial to fix
this by rewriting the tests in place, as it would involve passing
down the type of mapping through all the functions.
However, since HYP mappings and stage-2 mappings both deal with host
physical addresses, we can simply check whether the mapping is backed
by memory that is managed by the host kernel, and only perform the
D-cache maintenance if this is the case.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/kvm/mmu.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 6984342..7dace90 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -98,6 +98,11 @@ static void kvm_flush_dcache_pud(pud_t pud)
__kvm_flush_dcache_pud(pud);
}
+static bool kvm_is_device_pfn(unsigned long pfn)
+{
+ return !pfn_valid(pfn);
+}
+
/**
* stage2_dissolve_pmd() - clear and flush huge PMD entry
* @kvm: pointer to kvm structure.
@@ -213,7 +218,7 @@ static void unmap_ptes(struct kvm *kvm, pmd_t *pmd,
kvm_tlb_flush_vmid_ipa(kvm, addr);
/* No need to invalidate the cache for device mappings */
- if ((pte_val(old_pte) & PAGE_S2_DEVICE) != PAGE_S2_DEVICE)
+ if (!kvm_is_device_pfn(__phys_to_pfn(addr)))
kvm_flush_dcache_pte(old_pte);
put_page(virt_to_page(pte));
@@ -305,8 +310,7 @@ static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd,
pte = pte_offset_kernel(pmd, addr);
do {
- if (!pte_none(*pte) &&
- (pte_val(*pte) & PAGE_S2_DEVICE) != PAGE_S2_DEVICE)
+ if (!pte_none(*pte) && !kvm_is_device_pfn(__phys_to_pfn(addr)))
kvm_flush_dcache_pte(*pte);
} while (pte++, addr += PAGE_SIZE, addr != end);
}
@@ -1037,11 +1041,6 @@ static bool kvm_is_write_fault(struct kvm_vcpu *vcpu)
return kvm_vcpu_dabt_iswrite(vcpu);
}
-static bool kvm_is_device_pfn(unsigned long pfn)
-{
- return !pfn_valid(pfn);
-}
-
/**
* stage2_wp_ptes - write protect PMD range
* @pmd: pointer to pmd entry
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 060/305] arm64: KVM: Fix AArch32 to AArch64 register mapping
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (58 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 059/305] ARM/arm64: KVM: test properly for a PTE's uncachedness Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 061/305] drm/radeon: make rv770_set_sw_state failures non-fatal Kamal Mostafa
` (244 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marc Zyngier, Christoffer Dall, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marc Zyngier <marc.zyngier@arm.com>
commit c0f0963464c24e034b858441205455bf2a5d93ad upstream.
When running a 32bit guest under a 64bit hypervisor, the ARMv8
architecture defines a mapping of the 32bit registers in the 64bit
space. This includes banked registers that are being demultiplexed
over the 64bit ones.
On exceptions caused by an operation involving a 32bit register, the
HW exposes the register number in the ESR_EL2 register. It was so
far understood that SW had to distinguish between AArch32 and AArch64
accesses (based on the current AArch32 mode and register number).
It turns out that I misinterpreted the ARM ARM, and the clue is in
D1.20.1: "For some exceptions, the exception syndrome given in the
ESR_ELx identifies one or more register numbers from the issued
instruction that generated the exception. Where the exception is
taken from an Exception level using AArch32 these register numbers
give the AArch64 view of the register."
Which means that the HW is already giving us the translated version,
and that we shouldn't try to interpret it at all (for example, doing
an MMIO operation from the IRQ mode using the LR register leads to
very unexpected behaviours).
The fix is thus not to perform a call to vcpu_reg32() at all from
vcpu_reg(), and use whatever register number is supplied directly.
The only case we need to find out about the mapping is when we
actively generate a register access, which only occurs when injecting
a fault in a guest.
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm64/include/asm/kvm_emulate.h | 8 +++++---
arch/arm64/kvm/inject_fault.c | 2 +-
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
index 17e92f0..3ca894e 100644
--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@ -99,11 +99,13 @@ static inline void vcpu_set_thumb(struct kvm_vcpu *vcpu)
*vcpu_cpsr(vcpu) |= COMPAT_PSR_T_BIT;
}
+/*
+ * vcpu_reg should always be passed a register number coming from a
+ * read of ESR_EL2. Otherwise, it may give the wrong result on AArch32
+ * with banked registers.
+ */
static inline unsigned long *vcpu_reg(const struct kvm_vcpu *vcpu, u8 reg_num)
{
- if (vcpu_mode_is_32bit(vcpu))
- return vcpu_reg32(vcpu, reg_num);
-
return (unsigned long *)&vcpu_gp_regs(vcpu)->regs.regs[reg_num];
}
diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
index 85c5715..648112e 100644
--- a/arch/arm64/kvm/inject_fault.c
+++ b/arch/arm64/kvm/inject_fault.c
@@ -48,7 +48,7 @@ static void prepare_fault32(struct kvm_vcpu *vcpu, u32 mode, u32 vect_offset)
/* Note: These now point to the banked copies */
*vcpu_spsr(vcpu) = new_spsr_value;
- *vcpu_reg(vcpu, 14) = *vcpu_pc(vcpu) + return_offset;
+ *vcpu_reg32(vcpu, 14) = *vcpu_pc(vcpu) + return_offset;
/* Branch to exception vector */
if (sctlr & (1 << 13))
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 061/305] drm/radeon: make rv770_set_sw_state failures non-fatal
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (59 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 060/305] arm64: KVM: Fix AArch32 to AArch64 register mapping Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 062/305] PCI: Prevent out of bounds access in numa_node override Kamal Mostafa
` (243 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 4e7697ed79d0c0d5f869c87a6b3ce3d5cd1a07d6 upstream.
On some cards it takes a relatively long time for the change
to take place. Make a timeout non-fatal.
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=76130
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/rv770_dpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/radeon/rv770_dpm.c b/drivers/gpu/drm/radeon/rv770_dpm.c
index b9c7707..d24c58c 100644
--- a/drivers/gpu/drm/radeon/rv770_dpm.c
+++ b/drivers/gpu/drm/radeon/rv770_dpm.c
@@ -1418,7 +1418,7 @@ int rv770_resume_smc(struct radeon_device *rdev)
int rv770_set_sw_state(struct radeon_device *rdev)
{
if (rv770_send_msg_to_smc(rdev, PPSMC_MSG_SwitchToSwState) != PPSMC_Result_OK)
- return -EINVAL;
+ DRM_ERROR("rv770_set_sw_state failed\n");
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 062/305] PCI: Prevent out of bounds access in numa_node override
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (60 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 061/305] drm/radeon: make rv770_set_sw_state failures non-fatal Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 063/305] ALSA: hda - Fix noise on Gigabyte Z170X mobo Kamal Mostafa
` (242 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mathias Krause, Bjorn Helgaas, Sasha Levin, Prarit Bhargava,
Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mathias Krause <minipli@googlemail.com>
commit 3dcc8d39cf15fa3ceabedcffcbd3958fe953555a upstream.
Commit 1266963170f5 ("PCI: Prevent out of bounds access in numa_node
override") missed that the user-provided node could also be negative.
Handle this case as well to avoid out-of-bounds accesses to the
node_states[] array. However, allow the special value -1, i.e.
NUMA_NO_NODE, to be able to set the 'no specific node' configuration.
Fixes: 1266963170f5 ("PCI: Prevent out of bounds access in numa_node override")
Fixes: 63692df103e9 ("PCI: Allow numa_node override via sysfs")
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
CC: Sasha Levin <sasha.levin@oracle.com>
CC: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/pci/pci-sysfs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 9261868..eead54c 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -216,7 +216,10 @@ static ssize_t numa_node_store(struct device *dev,
if (ret)
return ret;
- if (node >= MAX_NUMNODES || !node_online(node))
+ if ((node < 0 && node != NUMA_NO_NODE) || node >= MAX_NUMNODES)
+ return -EINVAL;
+
+ if (node != NUMA_NO_NODE && !node_online(node))
return -EINVAL;
add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 063/305] ALSA: hda - Fix noise on Gigabyte Z170X mobo
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (61 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 062/305] PCI: Prevent out of bounds access in numa_node override Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 064/305] ARM: dove: Fix legacy get_irqnr_and_base Kamal Mostafa
` (241 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit 0c25ad80408e95e0a4fbaf0056950206e95f726f upstream.
Gigabyte Z710X mobo with ALC1150 codec gets significant noises from
the analog loopback routes even if their inputs are all muted.
Simply kill the aamix for fixing it.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=108301
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index bc99548..78a77f6 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1769,6 +1769,7 @@ enum {
ALC882_FIXUP_NO_PRIMARY_HP,
ALC887_FIXUP_ASUS_BASS,
ALC887_FIXUP_BASS_CHMAP,
+ ALC882_FIXUP_DISABLE_AAMIX,
};
static void alc889_fixup_coef(struct hda_codec *codec,
@@ -1930,6 +1931,8 @@ static void alc882_fixup_no_primary_hp(struct hda_codec *codec,
static void alc_fixup_bass_chmap(struct hda_codec *codec,
const struct hda_fixup *fix, int action);
+static void alc_fixup_disable_aamix(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action);
static const struct hda_fixup alc882_fixups[] = {
[ALC882_FIXUP_ABIT_AW9D_MAX] = {
@@ -2161,6 +2164,10 @@ static const struct hda_fixup alc882_fixups[] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_bass_chmap,
},
+ [ALC882_FIXUP_DISABLE_AAMIX] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc_fixup_disable_aamix,
+ },
};
static const struct snd_pci_quirk alc882_fixup_tbl[] = {
@@ -2228,6 +2235,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD),
SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3),
SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1458, 0xa182, "Gigabyte Z170X-UD3", ALC882_FIXUP_DISABLE_AAMIX),
SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", ALC882_FIXUP_ABIT_AW9D_MAX),
SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 064/305] ARM: dove: Fix legacy get_irqnr_and_base
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (62 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 063/305] ALSA: hda - Fix noise on Gigabyte Z170X mobo Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 065/305] ARM: orion5x: " Kamal Mostafa
` (240 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nicolas Pitre, Jason Cooper, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Nicolas Pitre <nicolas.pitre@linaro.org>
commit c1c90728efa49eab81ae816718d84116a22b790e upstream.
Commit 5d6bed2a9c ("ARM: dove: fix legacy dove IRQ numbers") shifted
IRQ numbers by one but didn't update the get_irqnr_and_base macro
accordingly. This macro is involved when CONFIG_MULTI_IRQ_HANDLER
is not defined.
[jac: 5d6bed2a9c went in to v4.2, but was backported to v3.18]
Signed-off-by: Nicolas Pitre <nico@linaro.org>
Fixes: 5d6bed2a9c ("ARM: dove: fix legacy dove IRQ numbers")
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mach-dove/include/mach/entry-macro.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-dove/include/mach/entry-macro.S b/arch/arm/mach-dove/include/mach/entry-macro.S
index 72d622b..df1d44b 100644
--- a/arch/arm/mach-dove/include/mach/entry-macro.S
+++ b/arch/arm/mach-dove/include/mach/entry-macro.S
@@ -18,13 +18,13 @@
@ check low interrupts
ldr \irqstat, [\base, #IRQ_CAUSE_LOW_OFF]
ldr \tmp, [\base, #IRQ_MASK_LOW_OFF]
- mov \irqnr, #31
+ mov \irqnr, #32
ands \irqstat, \irqstat, \tmp
@ if no low interrupts set, check high interrupts
ldreq \irqstat, [\base, #IRQ_CAUSE_HIGH_OFF]
ldreq \tmp, [\base, #IRQ_MASK_HIGH_OFF]
- moveq \irqnr, #63
+ moveq \irqnr, #64
andeqs \irqstat, \irqstat, \tmp
@ find first active interrupt source
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 065/305] ARM: orion5x: Fix legacy get_irqnr_and_base
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (63 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 064/305] ARM: dove: Fix legacy get_irqnr_and_base Kamal Mostafa
@ 2016-01-15 23:57 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 066/305] drm/radeon: make some dpm errors debug only Kamal Mostafa
` (239 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:57 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nicolas Pitre, Jason Cooper, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Nicolas Pitre <nicolas.pitre@linaro.org>
commit 4d2ec7e206ae03a51dfbdedc120ce88d403ec926 upstream.
Commit 5be9fc23cd ("ARM: orion5x: fix legacy orion5x IRQ numbers") shifted
IRQ numbers by one but didn't update the get_irqnr_and_base macro
accordingly. This macro is involved when CONFIG_MULTI_IRQ_HANDLER
is not defined.
[jac: 5d6bed2a9c went in to v4.2, but was backported to v3.18]
Signed-off-by: Nicolas Pitre <nico@linaro.org>
Fixes: 5be9fc23cd ("ARM: orion5x: fix legacy orion5x IRQ numbers")
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mach-orion5x/include/mach/entry-macro.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-orion5x/include/mach/entry-macro.S b/arch/arm/mach-orion5x/include/mach/entry-macro.S
index 79eb502..73919a3 100644
--- a/arch/arm/mach-orion5x/include/mach/entry-macro.S
+++ b/arch/arm/mach-orion5x/include/mach/entry-macro.S
@@ -21,5 +21,5 @@
@ find cause bits that are unmasked
ands \irqstat, \irqstat, \tmp @ clear Z flag if any
clzne \irqnr, \irqstat @ calc irqnr
- rsbne \irqnr, \irqnr, #31
+ rsbne \irqnr, \irqnr, #32
.endm
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 066/305] drm/radeon: make some dpm errors debug only
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (64 preceding siblings ...)
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 065/305] ARM: orion5x: " Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 067/305] NFSv4.1/pNFS: Don't request a minimal read layout beyond the end of file Kamal Mostafa
` (238 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 9c565e3386fdc804a61f8c116efc2c5999ba46e1 upstream.
"Could not force DPM to low", etc. is usually harmless and
just confuses users.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/rv730_dpm.c | 2 +-
drivers/gpu/drm/radeon/rv770_dpm.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/radeon/rv730_dpm.c b/drivers/gpu/drm/radeon/rv730_dpm.c
index 3f5e1cf..d37ba2c 100644
--- a/drivers/gpu/drm/radeon/rv730_dpm.c
+++ b/drivers/gpu/drm/radeon/rv730_dpm.c
@@ -464,7 +464,7 @@ void rv730_stop_dpm(struct radeon_device *rdev)
result = rv770_send_msg_to_smc(rdev, PPSMC_MSG_TwoLevelsDisabled);
if (result != PPSMC_Result_OK)
- DRM_ERROR("Could not force DPM to low\n");
+ DRM_DEBUG("Could not force DPM to low\n");
WREG32_P(GENERAL_PWRMGT, 0, ~GLOBAL_PWRMGT_EN);
diff --git a/drivers/gpu/drm/radeon/rv770_dpm.c b/drivers/gpu/drm/radeon/rv770_dpm.c
index d24c58c..e830c89 100644
--- a/drivers/gpu/drm/radeon/rv770_dpm.c
+++ b/drivers/gpu/drm/radeon/rv770_dpm.c
@@ -193,7 +193,7 @@ void rv770_stop_dpm(struct radeon_device *rdev)
result = rv770_send_msg_to_smc(rdev, PPSMC_MSG_TwoLevelsDisabled);
if (result != PPSMC_Result_OK)
- DRM_ERROR("Could not force DPM to low.\n");
+ DRM_DEBUG("Could not force DPM to low.\n");
WREG32_P(GENERAL_PWRMGT, 0, ~GLOBAL_PWRMGT_EN);
@@ -1418,7 +1418,7 @@ int rv770_resume_smc(struct radeon_device *rdev)
int rv770_set_sw_state(struct radeon_device *rdev)
{
if (rv770_send_msg_to_smc(rdev, PPSMC_MSG_SwitchToSwState) != PPSMC_Result_OK)
- DRM_ERROR("rv770_set_sw_state failed\n");
+ DRM_DEBUG("rv770_set_sw_state failed\n");
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 067/305] NFSv4.1/pNFS: Don't request a minimal read layout beyond the end of file
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (65 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 066/305] drm/radeon: make some dpm errors debug only Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 068/305] nfs4: resend LAYOUTGET when there is a race that changes the seqid Kamal Mostafa
` (237 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Trond Myklebust, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Trond Myklebust <trond.myklebust@primarydata.com>
commit 2d89a1d3c9ff8ceb115f001e66cff9788338ca47 upstream.
If we have a read layout, then sanity check the minimal layout length
so that it does not extend beyond the end of file.
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/nfs/pnfs.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 70bf706..38b37d9 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -882,6 +882,7 @@ send_layoutget(struct pnfs_layout_hdr *lo,
struct nfs_server *server = NFS_SERVER(ino);
struct nfs4_layoutget *lgp;
struct pnfs_layout_segment *lseg;
+ loff_t i_size;
dprintk("--> %s\n", __func__);
@@ -889,9 +890,17 @@ send_layoutget(struct pnfs_layout_hdr *lo,
if (lgp == NULL)
return NULL;
+ i_size = i_size_read(ino);
+
lgp->args.minlength = PAGE_CACHE_SIZE;
if (lgp->args.minlength > range->length)
lgp->args.minlength = range->length;
+ if (range->iomode == IOMODE_READ) {
+ if (range->offset >= i_size)
+ lgp->args.minlength = 0;
+ else if (i_size - range->offset < lgp->args.minlength)
+ lgp->args.minlength = i_size - range->offset;
+ }
lgp->args.maxcount = PNFS_LAYOUT_MAXSIZE;
lgp->args.range = *range;
lgp->args.type = server->pnfs_curr_ld->id;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 068/305] nfs4: resend LAYOUTGET when there is a race that changes the seqid
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (66 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 067/305] NFSv4.1/pNFS: Don't request a minimal read layout beyond the end of file Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 069/305] xen/gntdev: Grant maps should not be subject to NUMA balancing Kamal Mostafa
` (236 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jeff Layton, Trond Myklebust, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jeff Layton <jlayton@poochiereds.net>
commit 4f2e9dce0c6348a95eaa56ade9bab18572221088 upstream.
pnfs_layout_process will check the returned layout stateid against what
the kernel has in-core. If it turns out that the stateid we received is
older, then we should resend the LAYOUTGET instead of falling back to
MDS I/O.
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/nfs/pnfs.c | 56 +++++++++++++++++++++++++++++++-------------------------
1 file changed, 31 insertions(+), 25 deletions(-)
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 38b37d9..1cbebec 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -886,33 +886,38 @@ send_layoutget(struct pnfs_layout_hdr *lo,
dprintk("--> %s\n", __func__);
- lgp = kzalloc(sizeof(*lgp), gfp_flags);
- if (lgp == NULL)
- return NULL;
+ /*
+ * Synchronously retrieve layout information from server and
+ * store in lseg. If we race with a concurrent seqid morphing
+ * op, then re-send the LAYOUTGET.
+ */
+ do {
+ lgp = kzalloc(sizeof(*lgp), gfp_flags);
+ if (lgp == NULL)
+ return NULL;
+
+ i_size = i_size_read(ino);
+
+ lgp->args.minlength = PAGE_CACHE_SIZE;
+ if (lgp->args.minlength > range->length)
+ lgp->args.minlength = range->length;
+ if (range->iomode == IOMODE_READ) {
+ if (range->offset >= i_size)
+ lgp->args.minlength = 0;
+ else if (i_size - range->offset < lgp->args.minlength)
+ lgp->args.minlength = i_size - range->offset;
+ }
+ lgp->args.maxcount = PNFS_LAYOUT_MAXSIZE;
+ lgp->args.range = *range;
+ lgp->args.type = server->pnfs_curr_ld->id;
+ lgp->args.inode = ino;
+ lgp->args.ctx = get_nfs_open_context(ctx);
+ lgp->gfp_flags = gfp_flags;
+ lgp->cred = lo->plh_lc_cred;
- i_size = i_size_read(ino);
+ lseg = nfs4_proc_layoutget(lgp, gfp_flags);
+ } while (lseg == ERR_PTR(-EAGAIN));
- lgp->args.minlength = PAGE_CACHE_SIZE;
- if (lgp->args.minlength > range->length)
- lgp->args.minlength = range->length;
- if (range->iomode == IOMODE_READ) {
- if (range->offset >= i_size)
- lgp->args.minlength = 0;
- else if (i_size - range->offset < lgp->args.minlength)
- lgp->args.minlength = i_size - range->offset;
- }
- lgp->args.maxcount = PNFS_LAYOUT_MAXSIZE;
- lgp->args.range = *range;
- lgp->args.type = server->pnfs_curr_ld->id;
- lgp->args.inode = ino;
- lgp->args.ctx = get_nfs_open_context(ctx);
- lgp->gfp_flags = gfp_flags;
- lgp->cred = lo->plh_lc_cred;
-
- /* Synchronously retrieve layout information from server and
- * store in lseg.
- */
- lseg = nfs4_proc_layoutget(lgp, gfp_flags);
if (IS_ERR(lseg)) {
switch (PTR_ERR(lseg)) {
case -ENOMEM:
@@ -1642,6 +1647,7 @@ pnfs_layout_process(struct nfs4_layoutget *lgp)
/* existing state ID, make sure the sequence number matches. */
if (pnfs_layout_stateid_blocked(lo, &res->stateid)) {
dprintk("%s forget reply due to sequence\n", __func__);
+ status = -EAGAIN;
goto out_forget_reply;
}
pnfs_set_layout_stateid(lo, &res->stateid, false);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 069/305] xen/gntdev: Grant maps should not be subject to NUMA balancing
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (67 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 068/305] nfs4: resend LAYOUTGET when there is a race that changes the seqid Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 070/305] iscsi-target: Fix rx_login_comp hang after login failure Kamal Mostafa
` (235 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Boris Ostrovsky, David Vrabel, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
commit 9c17d96500f78d7ecdb71ca6942830158bc75a2b upstream.
Doing so will cause the grant to be unmapped and then, during
fault handling, the fault to be mistakenly treated as NUMA hint
fault.
In addition, even if those maps could partcipate in NUMA
balancing, it wouldn't provide any benefit since we are unable
to determine physical page's node (even if/when VNUMA is
implemented).
Marking grant maps' VMAs as VM_IO will exclude them from being
part of NUMA balancing.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/gntdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 0dbb222..3dcc16e 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -804,7 +804,7 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
vma->vm_ops = &gntdev_vmops;
- vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
+ vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
if (use_ptemod)
vma->vm_flags |= VM_DONTCOPY;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 070/305] iscsi-target: Fix rx_login_comp hang after login failure
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (68 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 069/305] xen/gntdev: Grant maps should not be subject to NUMA balancing Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 071/305] target: Fix race for SCF_COMPARE_AND_WRITE_POST checking Kamal Mostafa
` (234 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sagi Grimberg, Nicholas Bellinger, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit ca82c2bded29b38d36140bfa1e76a7bbfcade390 upstream.
This patch addresses a case where iscsi_target_do_tx_login_io()
fails sending the last login response PDU, after the RX/TX
threads have already been started.
The case centers around iscsi_target_rx_thread() not invoking
allow_signal(SIGINT) before the send_sig(SIGINT, ...) occurs
from the failure path, resulting in RX thread hanging
indefinately on iscsi_conn->rx_login_comp.
Note this bug is a regression introduced by:
commit e54198657b65625085834847ab6271087323ffea
Author: Nicholas Bellinger <nab@linux-iscsi.org>
Date: Wed Jul 22 23:14:19 2015 -0700
iscsi-target: Fix iscsit_start_kthreads failure OOPs
To address this bug, complete ->rx_login_complete for good
measure in the failure path, and immediately return from
RX thread context if connection state did not actually reach
full feature phase (TARG_CONN_STATE_LOGGED_IN).
Cc: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/target/iscsi/iscsi_target.c | 13 ++++++++++++-
drivers/target/iscsi/iscsi_target_nego.c | 1 +
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 56cf199..f7fdc85 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -4085,6 +4085,17 @@ reject:
return iscsit_add_reject(conn, ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf);
}
+static bool iscsi_target_check_conn_state(struct iscsi_conn *conn)
+{
+ bool ret;
+
+ spin_lock_bh(&conn->state_lock);
+ ret = (conn->conn_state != TARG_CONN_STATE_LOGGED_IN);
+ spin_unlock_bh(&conn->state_lock);
+
+ return ret;
+}
+
int iscsi_target_rx_thread(void *arg)
{
int ret, rc;
@@ -4102,7 +4113,7 @@ int iscsi_target_rx_thread(void *arg)
* incoming iscsi/tcp socket I/O, and/or failing the connection.
*/
rc = wait_for_completion_interruptible(&conn->rx_login_comp);
- if (rc < 0)
+ if (rc < 0 || iscsi_target_check_conn_state(conn))
return 0;
if (conn->conn_transport->transport_type == ISCSI_INFINIBAND) {
diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c
index f9cde91..9a96f17 100644
--- a/drivers/target/iscsi/iscsi_target_nego.c
+++ b/drivers/target/iscsi/iscsi_target_nego.c
@@ -393,6 +393,7 @@ err:
if (login->login_complete) {
if (conn->rx_thread && conn->rx_thread_active) {
send_sig(SIGINT, conn->rx_thread, 1);
+ complete(&conn->rx_login_comp);
kthread_stop(conn->rx_thread);
}
if (conn->tx_thread && conn->tx_thread_active) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 071/305] target: Fix race for SCF_COMPARE_AND_WRITE_POST checking
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (69 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 070/305] iscsi-target: Fix rx_login_comp hang after login failure Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 072/305] target: fix COMPARE_AND_WRITE non zero SGL offset data corruption Kamal Mostafa
` (233 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sagi Grimberg, Nicholas Bellinger, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 057085e522f8bf94c2e691a5b76880f68060f8ba upstream.
This patch addresses a race + use after free where the first
stage of COMPARE_AND_WRITE in compare_and_write_callback()
is rescheduled after the backend sends the secondary WRITE,
resulting in second stage compare_and_write_post() callback
completing in target_complete_ok_work() before the first
can return.
Because current code depends on checking se_cmd->se_cmd_flags
after return from se_cmd->transport_complete_callback(),
this results in first stage having SCF_COMPARE_AND_WRITE_POST
set, which incorrectly falls through into second stage CAW
processing code, eventually triggering a NULL pointer
dereference due to use after free.
To address this bug, pass in a new *post_ret parameter into
se_cmd->transport_complete_callback(), and depend upon this
value instead of ->se_cmd_flags to determine when to return
or fall through into ->queue_status() code for CAW.
Cc: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/target/target_core_sbc.c | 13 +++++++++----
drivers/target/target_core_transport.c | 14 ++++++++------
include/target/target_core_base.h | 2 +-
3 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
index e318ddb..4b74c2d 100644
--- a/drivers/target/target_core_sbc.c
+++ b/drivers/target/target_core_sbc.c
@@ -339,7 +339,8 @@ sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *o
return 0;
}
-static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success)
+static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success,
+ int *post_ret)
{
unsigned char *buf, *addr;
struct scatterlist *sg;
@@ -405,7 +406,8 @@ sbc_execute_rw(struct se_cmd *cmd)
cmd->data_direction);
}
-static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success)
+static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
+ int *post_ret)
{
struct se_device *dev = cmd->se_dev;
@@ -415,8 +417,10 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success)
* sent to the backend driver.
*/
spin_lock_irq(&cmd->t_state_lock);
- if ((cmd->transport_state & CMD_T_SENT) && !cmd->scsi_status)
+ if ((cmd->transport_state & CMD_T_SENT) && !cmd->scsi_status) {
cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST;
+ *post_ret = 1;
+ }
spin_unlock_irq(&cmd->t_state_lock);
/*
@@ -428,7 +432,8 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success)
return TCM_NO_SENSE;
}
-static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success)
+static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
+ int *post_ret)
{
struct se_device *dev = cmd->se_dev;
struct scatterlist *write_sg = NULL, *sg;
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
index ce8574b..bbf4f69 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1610,7 +1610,7 @@ bool target_stop_cmd(struct se_cmd *cmd, unsigned long *flags)
void transport_generic_request_failure(struct se_cmd *cmd,
sense_reason_t sense_reason)
{
- int ret = 0;
+ int ret = 0, post_ret = 0;
pr_debug("-----[ Storage Engine Exception for cmd: %p ITT: 0x%08llx"
" CDB: 0x%02x\n", cmd, cmd->tag, cmd->t_task_cdb[0]);
@@ -1632,7 +1632,7 @@ void transport_generic_request_failure(struct se_cmd *cmd,
*/
if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) &&
cmd->transport_complete_callback)
- cmd->transport_complete_callback(cmd, false);
+ cmd->transport_complete_callback(cmd, false, &post_ret);
switch (sense_reason) {
case TCM_NON_EXISTENT_LUN:
@@ -2027,11 +2027,13 @@ static void target_complete_ok_work(struct work_struct *work)
*/
if (cmd->transport_complete_callback) {
sense_reason_t rc;
+ bool caw = (cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE);
+ bool zero_dl = !(cmd->data_length);
+ int post_ret = 0;
- rc = cmd->transport_complete_callback(cmd, true);
- if (!rc && !(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE_POST)) {
- if ((cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE) &&
- !cmd->data_length)
+ rc = cmd->transport_complete_callback(cmd, true, &post_ret);
+ if (!rc && !post_ret) {
+ if (caw && zero_dl)
goto queue_rsp;
return;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
index 17ae2d6..8b0c0dc 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -480,7 +480,7 @@ struct se_cmd {
struct kref cmd_kref;
const struct target_core_fabric_ops *se_tfo;
sense_reason_t (*execute_cmd)(struct se_cmd *);
- sense_reason_t (*transport_complete_callback)(struct se_cmd *, bool);
+ sense_reason_t (*transport_complete_callback)(struct se_cmd *, bool, int *);
void *protocol_data;
unsigned char *t_task_cdb;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 072/305] target: fix COMPARE_AND_WRITE non zero SGL offset data corruption
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (70 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 071/305] target: Fix race for SCF_COMPARE_AND_WRITE_POST checking Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 073/305] thermal: fix thermal_zone_bind_cooling_device prototype Kamal Mostafa
` (232 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jan Engelhardt, Nicholas Bellinger, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jan Engelhardt <jengelh@inai.de>
commit d94e5a61357a04938ce14d6033b4d33a3c5fd780 upstream.
target_core_sbc's compare_and_write functionality suffers from taking
data at the wrong memory location when writing a CAW request to disk
when a SGL offset is non-zero.
This can happen with loopback and vhost-scsi fabric drivers when
SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space
SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers.
Given the following sample LIO subtopology,
% targetcli ls /loopback/
o- loopback ................................. [1 Target]
o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3]
o- luns ................................... [2 LUNs]
o- lun0 ................ [iblock/ram0 (/dev/ram0)]
o- lun1 ................ [iblock/ram1 (/dev/ram1)]
% lsscsi -g
[3:0:1:0] disk LIO-ORG IBLOCK 4.0 /dev/sdc /dev/sg3
[3:0:1:1] disk LIO-ORG IBLOCK 4.0 /dev/sdd /dev/sg4
the following bug can be observed in Linux 4.3 and 4.4~rc1:
% perl -e 'print chr$_ for 0..255,reverse 0..255' >rand
% perl -e 'print "\0" x 512' >zero
% cat rand >/dev/sdd
% sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd
% sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd
Miscompare reported
% hexdump -Cn 512 /dev/sdd
00000000 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
00000200
Rather than writing all-zeroes as instructed with the -D file, it
corrupts the data in the sector by splicing some of the original
bytes in. The page of the first entry of cmd->t_data_sg includes the
CDB, and sg->offset is set to a position past the CDB. I presume that
sg->offset is also the right choice to use for subsequent sglist
members.
Signed-off-by: Jan Engelhardt <jengelh@netitwork.de>
Tested-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/target/target_core_sbc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
index 4b74c2d..9444c7b 100644
--- a/drivers/target/target_core_sbc.c
+++ b/drivers/target/target_core_sbc.c
@@ -529,11 +529,11 @@ static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool succes
if (block_size < PAGE_SIZE) {
sg_set_page(&write_sg[i], m.page, block_size,
- block_size);
+ m.piter.sg->offset + block_size);
} else {
sg_miter_next(&m);
sg_set_page(&write_sg[i], m.page, block_size,
- 0);
+ m.piter.sg->offset);
}
len -= block_size;
i++;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 073/305] thermal: fix thermal_zone_bind_cooling_device prototype
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (71 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 072/305] target: fix COMPARE_AND_WRITE non zero SGL offset data corruption Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 074/305] ARM: 8454/1: OF implies OF_FLATTREE Kamal Mostafa
` (231 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Eduardo Valentin, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit c86b3de8c8b02d7e474fdc002c8df533b844524c upstream.
When the prototype for thermal_zone_bind_cooling_device
changed, the static inline wrapper function was left alone,
which in theory can cause build warnings:
I have seen this error in the past:
drivers/thermal/db8500_thermal.c: In function 'db8500_cdev_bind':
drivers/thermal/db8500_thermal.c:78:9: error: too many arguments to function 'thermal_zone_bind_cooling_device'
ret = thermal_zone_bind_cooling_device(thermal, i, cdev,
while this one no longer shows up, there is no doubt that
the prototype is still wrong, so let's just fix it anyway.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 6cd9e9f629f1 ("thermal: of: fix cooling device weights in device tree")
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/thermal.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/thermal.h b/include/linux/thermal.h
index 037e9df..b5ea8e0 100644
--- a/include/linux/thermal.h
+++ b/include/linux/thermal.h
@@ -434,7 +434,8 @@ static inline void thermal_zone_device_unregister(
static inline int thermal_zone_bind_cooling_device(
struct thermal_zone_device *tz, int trip,
struct thermal_cooling_device *cdev,
- unsigned long upper, unsigned long lower)
+ unsigned long upper, unsigned long lower,
+ unsigned int weight)
{ return -ENODEV; }
static inline int thermal_zone_unbind_cooling_device(
struct thermal_zone_device *tz, int trip,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 074/305] ARM: 8454/1: OF implies OF_FLATTREE
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (72 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 073/305] thermal: fix thermal_zone_bind_cooling_device prototype Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 075/305] ARM: dts: Kirkwood: Fix QNAP TS219 power-off Kamal Mostafa
` (230 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Russell King, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit aa7d5f18e54529ae58a494447ee9b610d379b8d2 upstream.
On the ARM architecture, individual platforms select CONFIG_USE_OF if they
need it, but all device tree code is keyed off CONFIG_OF. When building
a platform without DT support and manually enabling CONFIG_OF, we now
get a number of build errors, e.g.
arch/arm/kernel/devtree.c: In function 'setup_machine_fdt':
arch/arm/kernel/devtree.c:215:19: error: implicit declaration of function 'early_init_dt_verify' [-Werror=implicit-function-declaration]
We could now try to separate the use case of booting from DT vs. the
case of using the dynamic implementation, but that seems more complicated
than it can gain us.
This simply changes the ARM Kconfig file to always enable OF_RESERVED_MEM
and OF_EARLY_FLATTREE when CONFIG_OF is enabled. These options add a little
extra code when we just want the dynamic OF implementation, but that seems
like a rather obscure case, and this version solves all CONFIG_OF related
randconfig regressions.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 0166dc11be91 ("of: make CONFIG_OF user selectable")
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index ede2526..9b063d8 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -76,6 +76,8 @@ config ARM
select IRQ_FORCED_THREADING
select MODULES_USE_ELF_REL
select NO_BOOTMEM
+ select OF_EARLY_FLATTREE if OF
+ select OF_RESERVED_MEM if OF
select OLD_SIGACTION
select OLD_SIGSUSPEND3
select PERF_USE_VMALLOC
@@ -1828,8 +1830,6 @@ config USE_OF
bool "Flattened Device Tree support"
select IRQ_DOMAIN
select OF
- select OF_EARLY_FLATTREE
- select OF_RESERVED_MEM
help
Include support for flattened device tree machine descriptions.
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 075/305] ARM: dts: Kirkwood: Fix QNAP TS219 power-off
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (73 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 074/305] ARM: 8454/1: OF implies OF_FLATTREE Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 076/305] ASoC: rsnd: fixup SCU_SYS_INT_EN1 address Kamal Mostafa
` (229 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Helmut Klein, Andrew Lunn, Gregory CLEMENT, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Helmut Klein <hgkr.klein@gmail.com>
commit 5442f0eadf2885453d5b2ed8c8592f32a3744f8e upstream.
The "reg" entry in the "poweroff" section of "kirkwood-ts219.dtsi"
addressed the wrong uart (0 = console). This patch changes the address
to select uart 1, which is the uart connected to the pic
microcontroller, which can switch the device off.
Signed-off-by: Helmut Klein <hgkr.klein@gmail.com>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Fixes: 4350a47bbac3 ("ARM: Kirkwood: Make use of the QNAP Power off driver.")
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/boot/dts/kirkwood-ts219.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/kirkwood-ts219.dtsi b/arch/arm/boot/dts/kirkwood-ts219.dtsi
index c56ab6b..0e46560 100644
--- a/arch/arm/boot/dts/kirkwood-ts219.dtsi
+++ b/arch/arm/boot/dts/kirkwood-ts219.dtsi
@@ -40,7 +40,7 @@
};
poweroff@12100 {
compatible = "qnap,power-off";
- reg = <0x12000 0x100>;
+ reg = <0x12100 0x100>;
clocks = <&gate_clk 7>;
};
spi@10600 {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 076/305] ASoC: rsnd: fixup SCU_SYS_INT_EN1 address
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (74 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 075/305] ARM: dts: Kirkwood: Fix QNAP TS219 power-off Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 077/305] Bluetooth: Fix l2cap_chan leak in SMP Kamal Mostafa
` (228 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kuninori Morimoto, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
commit 021c5d9469960b8c68aa1d1825f7bfd8d61e157d upstream.
cfcefe0126 ("ASoC: rsnd: add recovery support for under/over flow
error on SRC") added SCU_SYS_INT_EN1 address, but it should be
0x1d4, not 0x1c4. This patch fixup it.
Fixes: cfcefe0126 ("ASoC: rsnd: add recovery support for under/over flow error on SRC")
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/sh/rcar/gen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/sh/rcar/gen.c b/sound/soc/sh/rcar/gen.c
index 8c7dc51..f7a0cb7 100644
--- a/sound/soc/sh/rcar/gen.c
+++ b/sound/soc/sh/rcar/gen.c
@@ -214,7 +214,7 @@ static int rsnd_gen2_probe(struct platform_device *pdev,
RSND_GEN_S_REG(SCU_SYS_STATUS0, 0x1c8),
RSND_GEN_S_REG(SCU_SYS_INT_EN0, 0x1cc),
RSND_GEN_S_REG(SCU_SYS_STATUS1, 0x1d0),
- RSND_GEN_S_REG(SCU_SYS_INT_EN1, 0x1c4),
+ RSND_GEN_S_REG(SCU_SYS_INT_EN1, 0x1d4),
RSND_GEN_M_REG(SRC_SWRSR, 0x200, 0x40),
RSND_GEN_M_REG(SRC_SRCIR, 0x204, 0x40),
RSND_GEN_M_REG(SRC_ADINR, 0x214, 0x40),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 077/305] Bluetooth: Fix l2cap_chan leak in SMP
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (75 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 076/305] ASoC: rsnd: fixup SCU_SYS_INT_EN1 address Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 078/305] crypto: nx - Fix timing leak in GCM and CCM decryption Kamal Mostafa
` (227 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Johan Hedberg, Marcel Holtmann, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Johan Hedberg <johan.hedberg@intel.com>
commit 7883746bc663150e8acd7a57397fc889698b0b33 upstream.
The L2CAP core expects channel implementations to manage the reference
returned by the new_connection callback. With sockets this is already
handled with each channel being tied to the corresponding socket. With
SMP however there's no context to tie the pointer to in the
smp_new_conn_cb function. The function can also not just drop the
reference since it's the only one at that point.
For fixed channels (like SMP) the code path inside the L2CAP core from
new_connection() to ready() is short and straight-forwards. The
crucial difference is that in ready() the implementation has access to
the l2cap_conn that SMP needs associate its l2cap_chan. Instead of
taking a new reference in smp_ready_cb() we can simply assume to
already own the reference created in smp_new_conn_cb(), i.e. there is
no need to call l2cap_chan_hold().
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/bluetooth/smp.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 0510a57..d29fda2 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -3001,8 +3001,13 @@ static void smp_ready_cb(struct l2cap_chan *chan)
BT_DBG("chan %p", chan);
+ /* No need to call l2cap_chan_hold() here since we already own
+ * the reference taken in smp_new_conn_cb(). This is just the
+ * first time that we tie it to a specific pointer. The code in
+ * l2cap_core.c ensures that there's no risk this function wont
+ * get called if smp_new_conn_cb was previously called.
+ */
conn->smp = chan;
- l2cap_chan_hold(chan);
if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
bredr_pairing(chan);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 078/305] crypto: nx - Fix timing leak in GCM and CCM decryption
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (76 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 077/305] Bluetooth: Fix l2cap_chan leak in SMP Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 079/305] crypto: talitos - Fix timing leak in ESP ICV verification Kamal Mostafa
` (226 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Gstir, Herbert Xu, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Gstir <david@sigma-star.at>
commit cb8affb55c7e64816f3effcd9b2fc3268c016fac upstream.
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/crypto/nx/nx-aes-ccm.c | 2 +-
drivers/crypto/nx/nx-aes-gcm.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/nx/nx-aes-ccm.c b/drivers/crypto/nx/nx-aes-ccm.c
index e4311ce..a1d0848 100644
--- a/drivers/crypto/nx/nx-aes-ccm.c
+++ b/drivers/crypto/nx/nx-aes-ccm.c
@@ -412,7 +412,7 @@ static int ccm_nx_decrypt(struct aead_request *req,
processed += to_process;
} while (processed < nbytes);
- rc = memcmp(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag,
+ rc = crypto_memneq(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag,
authsize) ? -EBADMSG : 0;
out:
spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
diff --git a/drivers/crypto/nx/nx-aes-gcm.c b/drivers/crypto/nx/nx-aes-gcm.c
index 92c993f..1c478bc 100644
--- a/drivers/crypto/nx/nx-aes-gcm.c
+++ b/drivers/crypto/nx/nx-aes-gcm.c
@@ -414,7 +414,7 @@ mac:
itag, req->src, req->assoclen + nbytes,
crypto_aead_authsize(crypto_aead_reqtfm(req)),
SCATTERWALK_FROM_SG);
- rc = memcmp(itag, otag,
+ rc = crypto_memneq(itag, otag,
crypto_aead_authsize(crypto_aead_reqtfm(req))) ?
-EBADMSG : 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 079/305] crypto: talitos - Fix timing leak in ESP ICV verification
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (77 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 078/305] crypto: nx - Fix timing leak in GCM and CCM decryption Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 080/305] ASoC: wm8962: correct addresses for HPF_C_0/1 Kamal Mostafa
` (225 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Gstir, Herbert Xu, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Gstir <david@sigma-star.at>
commit 79960943fdc114fd4583c9ab164b5c89da7aa601 upstream.
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[ kamal: backport to 4.2-stable: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/crypto/talitos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 83aca95..95606c1 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1025,7 +1025,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev,
icvdata = &edesc->link_tbl[0];
sg = sg_last(req->dst, edesc->dst_nents ? : 1);
- err = memcmp(icvdata, (char *)sg_virt(sg) + sg->length -
+ err = crypto_memneq(icvdata, (char *)sg_virt(sg) + sg->length -
ctx->authsize, ctx->authsize) ? -EBADMSG : 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 080/305] ASoC: wm8962: correct addresses for HPF_C_0/1
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (78 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 079/305] crypto: talitos - Fix timing leak in ESP ICV verification Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 081/305] rtlwifi: rtl8821ae: Fix lockups on boot Kamal Mostafa
` (224 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sachin Pandhare, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sachin Pandhare <sachinpandhare@gmail.com>
commit e9f96bc53c1b959859599cb30ce6fd4fbb4448c2 upstream.
>From datasheet:
R17408 (4400h) HPF_C_1
R17409 (4401h) HPF_C_0
17048 -> 17408 (0x4400)
17049 -> 17409 (0x4401)
Signed-off-by: Sachin Pandhare <sachinpandhare@gmail.com>
Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/wm8962.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/wm8962.c b/sound/soc/codecs/wm8962.c
index c5748fd..18cbd9c 100644
--- a/sound/soc/codecs/wm8962.c
+++ b/sound/soc/codecs/wm8962.c
@@ -365,8 +365,8 @@ static struct reg_default wm8962_reg[] = {
{ 16924, 0x0059 }, /* R16924 - HDBASS_PG_1 */
{ 16925, 0x999A }, /* R16925 - HDBASS_PG_0 */
- { 17048, 0x0083 }, /* R17408 - HPF_C_1 */
- { 17049, 0x98AD }, /* R17409 - HPF_C_0 */
+ { 17408, 0x0083 }, /* R17408 - HPF_C_1 */
+ { 17409, 0x98AD }, /* R17409 - HPF_C_0 */
{ 17920, 0x007F }, /* R17920 - ADCL_RETUNE_C1_1 */
{ 17921, 0xFFFF }, /* R17921 - ADCL_RETUNE_C1_0 */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 081/305] rtlwifi: rtl8821ae: Fix lockups on boot
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (79 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 080/305] ASoC: wm8962: correct addresses for HPF_C_0/1 Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 082/305] mac80211: mesh: fix call_rcu() usage Kamal Mostafa
` (223 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Larry Finger, Kalle Valo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Larry Finger <Larry.Finger@lwfinger.net>
commit eeec5d0ef7ee54a75e09e861c3cc44177b8752c7 upstream.
In commit 54328e64047a5 ("rtlwifi: rtl8821ae: Fix system lockups on boot"),
an attempt was made to fix a regression introduced in commit 1277fa2ab2f9
("rtlwifi: Remove the clear interrupt routine from all drivers").
Unfortunately, there were logic errors in that patch that prevented
affected boxes from booting even after that patch was applied.
The actual cause of the original problem is unknown as none of the
developers have systems that are affected.
Fixes: 54328e64047a ("rtlwifi: rtl8821ae: Fix system lockups on boot")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/wireless/rtlwifi/rtl8821ae/hw.c | 2 +-
drivers/net/wireless/rtlwifi/rtl8821ae/sw.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
index 6e9418e..bbb789f 100644
--- a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
@@ -2272,7 +2272,7 @@ void rtl8821ae_enable_interrupt(struct ieee80211_hw *hw)
struct rtl_priv *rtlpriv = rtl_priv(hw);
struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
- if (!rtlpci->int_clear)
+ if (rtlpci->int_clear)
rtl8821ae_clear_interrupt(hw);/*clear it here first*/
rtl_write_dword(rtlpriv, REG_HIMR, rtlpci->irq_mask[0] & 0xFFFFFFFF);
diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c b/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c
index 8ee141a..142bdff 100644
--- a/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c
@@ -448,7 +448,7 @@ MODULE_PARM_DESC(fwlps, "Set to 1 to use FW control power save (default 1)\n");
MODULE_PARM_DESC(msi, "Set to 1 to use MSI interrupts mode (default 1)\n");
MODULE_PARM_DESC(debug, "Set debug level (0-5) (default 0)");
MODULE_PARM_DESC(disable_watchdog, "Set to 1 to disable the watchdog (default 0)\n");
-MODULE_PARM_DESC(int_clear, "Set to 1 to disable interrupt clear before set (default 0)\n");
+MODULE_PARM_DESC(int_clear, "Set to 0 to disable interrupt clear before set (default 1)\n");
static SIMPLE_DEV_PM_OPS(rtlwifi_pm_ops, rtl_pci_suspend, rtl_pci_resume);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 082/305] mac80211: mesh: fix call_rcu() usage
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (80 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 081/305] rtlwifi: rtl8821ae: Fix lockups on boot Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 083/305] advansys: fix big-endian builds Kamal Mostafa
` (222 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Johannes Berg, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Johannes Berg <johannes.berg@intel.com>
commit c2e703a55245bfff3db53b1f7cbe59f1ee8a4339 upstream.
When using call_rcu(), the called function may be delayed quite
significantly, and without a matching rcu_barrier() there's no
way to be sure it has finished.
Therefore, global state that could be gone/freed/reused should
never be touched in the callback.
Fix this in mesh by moving the atomic_dec() into the caller;
that's not really a problem since we already unlinked the path
and it will be destroyed anyway.
This fixes a crash Jouni observed when running certain tests in
a certain order, in which the mesh interface was torn down, the
memory reused for a function pointer (work struct) and running
that then crashed since the pointer had been decremented by 1,
resulting in an invalid instruction byte stream.
Fixes: eb2b9311fd00 ("mac80211: mesh path table implementation")
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/mac80211/mesh_pathtbl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index b890e22..b3b44a5 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -779,10 +779,8 @@ void mesh_plink_broken(struct sta_info *sta)
static void mesh_path_node_reclaim(struct rcu_head *rp)
{
struct mpath_node *node = container_of(rp, struct mpath_node, rcu);
- struct ieee80211_sub_if_data *sdata = node->mpath->sdata;
del_timer_sync(&node->mpath->timer);
- atomic_dec(&sdata->u.mesh.mpaths);
kfree(node->mpath);
kfree(node);
}
@@ -790,8 +788,9 @@ static void mesh_path_node_reclaim(struct rcu_head *rp)
/* needs to be called with the corresponding hashwlock taken */
static void __mesh_path_del(struct mesh_table *tbl, struct mpath_node *node)
{
- struct mesh_path *mpath;
- mpath = node->mpath;
+ struct mesh_path *mpath = node->mpath;
+ struct ieee80211_sub_if_data *sdata = node->mpath->sdata;
+
spin_lock(&mpath->state_lock);
mpath->flags |= MESH_PATH_RESOLVING;
if (mpath->is_gate)
@@ -799,6 +798,7 @@ static void __mesh_path_del(struct mesh_table *tbl, struct mpath_node *node)
hlist_del_rcu(&node->list);
call_rcu(&node->rcu, mesh_path_node_reclaim);
spin_unlock(&mpath->state_lock);
+ atomic_dec(&sdata->u.mesh.mpaths);
atomic_dec(&tbl->entries);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 083/305] advansys: fix big-endian builds
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (81 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 082/305] mac80211: mesh: fix call_rcu() usage Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 084/305] mac80211: ensure we don't update tx power on a non-running sdata Kamal Mostafa
` (221 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Martin K. Petersen, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 757b22f9d56fb4e510782b29da752824daddf3c8 upstream.
Building the advansys driver in a big-endian configuration such as
ARM allmodconfig shows a warning:
drivers/scsi/advansys.c: In function 'adv_build_req':
include/uapi/linux/byteorder/big_endian.h:32:26: warning: large integer implicitly truncated to unsigned type [-Woverflow]
#define __cpu_to_le32(x) ((__force __le32)__swab32((x)))
drivers/scsi/advansys.c:7806:22: note: in expansion of macro 'cpu_to_le32'
scsiqp->sense_len = cpu_to_le32(SCSI_SENSE_BUFFERSIZE);
It turns out that the commit that introduced this used the cpu_to_le32()
incorrectly on an 8-bit field, which results in the sense_len to always
be set to zero, as the SCSI_SENSE_BUFFERSIZE value gets moved to upper
byte of the 32-bit intermediate.
This removes the cpu_to_le32() call to restore the original version.
I found this only by looking at the compiler output and have not done a
full review for possible further endianess bugs in the same driver.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 811ddc057aac ("advansys: use DMA-API for mapping sense buffer")
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/advansys.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/advansys.c b/drivers/scsi/advansys.c
index 4305178..1c1cd65 100644
--- a/drivers/scsi/advansys.c
+++ b/drivers/scsi/advansys.c
@@ -7803,7 +7803,7 @@ adv_build_req(struct asc_board *boardp, struct scsi_cmnd *scp,
return ASC_BUSY;
}
scsiqp->sense_addr = cpu_to_le32(sense_addr);
- scsiqp->sense_len = cpu_to_le32(SCSI_SENSE_BUFFERSIZE);
+ scsiqp->sense_len = SCSI_SENSE_BUFFERSIZE;
/* Build ADV_SCSI_REQ_Q */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 084/305] mac80211: ensure we don't update tx power on a non-running sdata
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (82 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 083/305] advansys: fix big-endian builds Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 085/305] drm/i915: Mark uneven memory banks on gen4 desktop as unknown swizzling Kamal Mostafa
` (220 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Emmanuel Grumbach, Johannes Berg, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit 5ad11b50fda1306b5317124f97f0a7a4c022b022 upstream.
We can't update the Tx power on the device unless it is
running.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=101521.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/mac80211/iface.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 553ac6d..436c423 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -76,7 +76,8 @@ bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata)
void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata,
bool update_bss)
{
- if (__ieee80211_recalc_txpower(sdata) || update_bss)
+ if (__ieee80211_recalc_txpower(sdata) ||
+ (update_bss && ieee80211_sdata_running(sdata)))
ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 085/305] drm/i915: Mark uneven memory banks on gen4 desktop as unknown swizzling
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (83 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 084/305] mac80211: ensure we don't update tx power on a non-running sdata Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 086/305] ring-buffer: Update read stamp with first real commit on page Kamal Mostafa
` (219 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chris Wilson, Matti Hämäläinen, Daniel Vetter,
Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit 0b466dc238cb660bbdb9ef6e121e1757057484c3 upstream.
We have varied reports of swizzling corruption on gen4 desktop, and
confirmation that one at least is triggered by uneven memory banks
(L-shaped memory). The implication is that the swizzling varies between
the paired channels and the remainder of memory on the single channel. As
the object then has unpredictable swizzling (it will vary depending on
exact page allocation and may even change during the object's lifetime as
the pages are replaced), we have to report to userspace that the swizzling
is unknown.
However, some existing userspace is buggy when it meets an unknown
swizzling configuration and so we need to tell another white lie and
mark the swizzling as NONE but report it as UNKNOWN through the extended
get-tiling-ioctl. See
commit 5eb3e5a5e11d14f9deb2a4b83555443b69ab9940
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Sun Jun 28 09:19:26 2015 +0100
drm/i915: Declare the swizzling unknown for L-shaped configurations
for the previous example where we found that telling the truth to
userspace just ends up in a world of hurt.
Also since we don't truly know what the swizzling is on the pages, we
need to keep them pinned to prevent swapping as the reports also
suggest that some gen4 devices have previously undetected bit17
swizzling.
v2: Combine unknown + quirk patches to prevent userspace ever seeing
unknown swizzling through the normal get-tiling-ioctl. Also use the same
path for the existing uneven bank detection for mobile gen4.
Reported-by: Matti Hämäläinen <ccr@tnsp.org>
Tested-by: Matti Hämäläinen <ccr@tnsp.org>
References: https://bugs.freedesktop.org/show_bug.cgi?id=90725
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Matti Hämäläinen <ccr@tnsp.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1447927085-31726-1-git-send-email-chris@chris-wilson.co.uk
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
[ kamal: backport to 4.2-stable: applied to i915_gem_tiling.c ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/i915_gem_tiling.c | 36 +++++++++++++++++++++++++---------
1 file changed, 27 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem_tiling.c b/drivers/gpu/drm/i915/i915_gem_tiling.c
index d19c9db..f19bd4f 100644
--- a/drivers/gpu/drm/i915/i915_gem_tiling.c
+++ b/drivers/gpu/drm/i915/i915_gem_tiling.c
@@ -180,11 +180,10 @@ i915_gem_detect_bit_6_swizzle(struct drm_device *dev)
}
/* check for L-shaped memory aka modified enhanced addressing */
- if (IS_GEN4(dev)) {
- uint32_t ddc2 = I915_READ(DCC2);
-
- if (!(ddc2 & DCC2_MODIFIED_ENHANCED_DISABLE))
- dev_priv->quirks |= QUIRK_PIN_SWIZZLED_PAGES;
+ if (IS_GEN4(dev) &&
+ !(I915_READ(DCC2) & DCC2_MODIFIED_ENHANCED_DISABLE)) {
+ swizzle_x = I915_BIT_6_SWIZZLE_UNKNOWN;
+ swizzle_y = I915_BIT_6_SWIZZLE_UNKNOWN;
}
if (dcc == 0xffffffff) {
@@ -213,16 +212,35 @@ i915_gem_detect_bit_6_swizzle(struct drm_device *dev)
* matching, which was the case for the swizzling required in
* the table above, or from the 1-ch value being less than
* the minimum size of a rank.
+ *
+ * Reports indicate that the swizzling actually
+ * varies depending upon page placement inside the
+ * channels, i.e. we see swizzled pages where the
+ * banks of memory are paired and unswizzled on the
+ * uneven portion, so leave that as unknown.
*/
- if (I915_READ16(C0DRB3) != I915_READ16(C1DRB3)) {
- swizzle_x = I915_BIT_6_SWIZZLE_NONE;
- swizzle_y = I915_BIT_6_SWIZZLE_NONE;
- } else {
+ if (I915_READ16(C0DRB3) == I915_READ16(C1DRB3)) {
swizzle_x = I915_BIT_6_SWIZZLE_9_10;
swizzle_y = I915_BIT_6_SWIZZLE_9;
}
}
+ if (swizzle_x == I915_BIT_6_SWIZZLE_UNKNOWN ||
+ swizzle_y == I915_BIT_6_SWIZZLE_UNKNOWN) {
+ /* Userspace likes to explode if it sees unknown swizzling,
+ * so lie. We will finish the lie when reporting through
+ * the get-tiling-ioctl by reporting the physical swizzle
+ * mode as unknown instead.
+ *
+ * As we don't strictly know what the swizzling is, it may be
+ * bit17 dependent, and so we need to also prevent the pages
+ * from being moved.
+ */
+ dev_priv->quirks |= QUIRK_PIN_SWIZZLED_PAGES;
+ swizzle_x = I915_BIT_6_SWIZZLE_NONE;
+ swizzle_y = I915_BIT_6_SWIZZLE_NONE;
+ }
+
dev_priv->mm.bit_6_swizzle_x = swizzle_x;
dev_priv->mm.bit_6_swizzle_y = swizzle_y;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 086/305] ring-buffer: Update read stamp with first real commit on page
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (84 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 085/305] drm/i915: Mark uneven memory banks on gen4 desktop as unknown swizzling Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 087/305] drm/i915: Don't override output type for DDI HDMI Kamal Mostafa
` (218 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Steven Rostedt, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
commit b81f472a208d3e2b4392faa6d17037a89442f4ce upstream.
Do not update the read stamp after swapping out the reader page from the
write buffer. If the reader page is swapped out of the buffer before an
event is written to it, then the read_stamp may get an out of date
timestamp, as the page timestamp is updated on the first commit to that
page.
rb_get_reader_page() only returns a page if it has an event on it, otherwise
it will return NULL. At that point, check if the page being returned has
events and has not been read yet. Then at that point update the read_stamp
to match the time stamp of the reader page.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/trace/ring_buffer.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 6260717..40718df 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1943,12 +1943,6 @@ rb_set_commit_to_write(struct ring_buffer_per_cpu *cpu_buffer)
goto again;
}
-static void rb_reset_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
-{
- cpu_buffer->read_stamp = cpu_buffer->reader_page->page->time_stamp;
- cpu_buffer->reader_page->read = 0;
-}
-
static void rb_inc_iter(struct ring_buffer_iter *iter)
{
struct ring_buffer_per_cpu *cpu_buffer = iter->cpu_buffer;
@@ -3586,7 +3580,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
/* Finally update the reader page to the new head */
cpu_buffer->reader_page = reader;
- rb_reset_reader_page(cpu_buffer);
+ cpu_buffer->reader_page->read = 0;
if (overwrite != cpu_buffer->last_overrun) {
cpu_buffer->lost_events = overwrite - cpu_buffer->last_overrun;
@@ -3596,6 +3590,10 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
goto again;
out:
+ /* Update the read_stamp on the first event */
+ if (reader && reader->read == 0)
+ cpu_buffer->read_stamp = reader->page->time_stamp;
+
arch_spin_unlock(&cpu_buffer->lock);
local_irq_restore(flags);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 087/305] drm/i915: Don't override output type for DDI HDMI
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (85 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 086/305] ring-buffer: Update read stamp with first real commit on page Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 088/305] block: Always check queue limits for cloned requests Kamal Mostafa
` (217 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Iwai, Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit 2540058f7a9d9a843b4d9a28d4f8168dd034d030 upstream.
Currently a DDI port may register the DP hotplug handler even though
it's used with HDMI, and the DP HPD handler overrides the encoder
type forcibly to DP. This caused the inconsistency on a machine
connected with a HDMI monitor; upon a hotplug event, the DDI port is
suddenly switched to be handled as a DP although the same monitor is
kept connected, and this leads to the erroneous blank output.
This patch papers over the bug by excluding the previous HDMI encoder
type from this override. This should be fixed more fundamentally,
e.g. by moving the encoder type reset from the HPD or by having
individual encoder objects for HDMI and DP. But since the bug has
been present for a long time (3.17), it's better to have a
quick-n-dirty fix for now, and keep working on a cleaner fix.
Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=955190
Fixes: 0e32b39ceed6 ('drm/i915: add DP 1.2 MST support (v0.7)')
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1447931396-19147-1-git-send-email-tiwai@suse.de
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/intel_dp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
index ca2d923..da3c653 100644
--- a/drivers/gpu/drm/i915/intel_dp.c
+++ b/drivers/gpu/drm/i915/intel_dp.c
@@ -4947,7 +4947,8 @@ intel_dp_hpd_pulse(struct intel_digital_port *intel_dig_port, bool long_hpd)
enum intel_display_power_domain power_domain;
enum irqreturn ret = IRQ_NONE;
- if (intel_dig_port->base.type != INTEL_OUTPUT_EDP)
+ if (intel_dig_port->base.type != INTEL_OUTPUT_EDP &&
+ intel_dig_port->base.type != INTEL_OUTPUT_HDMI)
intel_dig_port->base.type = INTEL_OUTPUT_DISPLAYPORT;
if (long_hpd && intel_dig_port->base.type == INTEL_OUTPUT_EDP) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 088/305] block: Always check queue limits for cloned requests
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (86 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 087/305] drm/i915: Don't override output type for DDI HDMI Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 089/305] direct-io: Fix negative return from dio read beyond eof Kamal Mostafa
` (216 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mike Snitzer, Ewan Milne, Jeff Moyer, Hannes Reinecke,
Jens Axboe, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hannes Reinecke <hare@suse.de>
commit bf4e6b4e757488dee1b6a581f49c7ac34cd217f8 upstream.
When a cloned request is retried on other queues it always needs
to be checked against the queue limits of that queue.
Otherwise the calculations for nr_phys_segments might be wrong,
leading to a crash in scsi_init_sgtable().
To clarify this the patch renames blk_rq_check_limits()
to blk_cloned_rq_check_limits() and removes the symbol
export, as the new function should only be used for
cloned requests and never exported.
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Ewan Milne <emilne@redhat.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Fixes: e2a60da74 ("block: Clean up special command handling logic")
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
block/blk-core.c | 21 +++++++--------------
include/linux/blkdev.h | 1 -
2 files changed, 7 insertions(+), 15 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index 1955ed3..56c08e1 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -2023,7 +2023,8 @@ void submit_bio(int rw, struct bio *bio)
EXPORT_SYMBOL(submit_bio);
/**
- * blk_rq_check_limits - Helper function to check a request for the queue limit
+ * blk_cloned_rq_check_limits - Helper function to check a cloned request
+ * for new the queue limits
* @q: the queue
* @rq: the request being checked
*
@@ -2034,20 +2035,13 @@ EXPORT_SYMBOL(submit_bio);
* after it is inserted to @q, it should be checked against @q before
* the insertion using this generic function.
*
- * This function should also be useful for request stacking drivers
- * in some cases below, so export this function.
* Request stacking drivers like request-based dm may change the queue
- * limits while requests are in the queue (e.g. dm's table swapping).
- * Such request stacking drivers should check those requests against
- * the new queue limits again when they dispatch those requests,
- * although such checkings are also done against the old queue limits
- * when submitting requests.
+ * limits when retrying requests on other queues. Those requests need
+ * to be checked against the new queue limits again during dispatch.
*/
-int blk_rq_check_limits(struct request_queue *q, struct request *rq)
+static int blk_cloned_rq_check_limits(struct request_queue *q,
+ struct request *rq)
{
- if (!rq_mergeable(rq))
- return 0;
-
if (blk_rq_sectors(rq) > blk_queue_get_max_sectors(q, rq->cmd_flags)) {
printk(KERN_ERR "%s: over max size limit.\n", __func__);
return -EIO;
@@ -2067,7 +2061,6 @@ int blk_rq_check_limits(struct request_queue *q, struct request *rq)
return 0;
}
-EXPORT_SYMBOL_GPL(blk_rq_check_limits);
/**
* blk_insert_cloned_request - Helper for stacking drivers to submit a request
@@ -2079,7 +2072,7 @@ int blk_insert_cloned_request(struct request_queue *q, struct request *rq)
unsigned long flags;
int where = ELEVATOR_INSERT_BACK;
- if (blk_rq_check_limits(q, rq))
+ if (blk_cloned_rq_check_limits(q, rq))
return -EIO;
if (rq->rq_disk &&
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index d4068c1..f8d6f12 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -772,7 +772,6 @@ extern void blk_rq_set_block_pc(struct request *);
extern void blk_requeue_request(struct request_queue *, struct request *);
extern void blk_add_request_payload(struct request *rq, struct page *page,
unsigned int len);
-extern int blk_rq_check_limits(struct request_queue *q, struct request *rq);
extern int blk_lld_busy(struct request_queue *q);
extern int blk_rq_prep_clone(struct request *rq, struct request *rq_src,
struct bio_set *bs, gfp_t gfp_mask,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 089/305] direct-io: Fix negative return from dio read beyond eof
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (87 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 088/305] block: Always check queue limits for cloned requests Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 090/305] drm/amdgpu: fix userptr flags check Kamal Mostafa
` (215 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Steven Whitehouse, Jan Kara, Jens Axboe, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jan Kara <jack@suse.cz>
commit 74cedf9b6c603f2278a05bc91b140b32b434d0b5 upstream.
Assume a filesystem with 4KB blocks. When a file has size 1000 bytes and
we issue direct IO read at offset 1024, blockdev_direct_IO() reads the
tail of the last block and the logic for handling short DIO reads in
dio_complete() results in a return value -24 (1000 - 1024) which
obviously confuses userspace.
Fix the problem by bailing out early once we sample i_size and can
reliably check that direct IO read starts beyond i_size.
Reported-by: Avi Kivity <avi@scylladb.com>
Fixes: 9fe55eea7e4b444bafc42fa0000cc2d1d2847275
CC: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/direct-io.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/fs/direct-io.c b/fs/direct-io.c
index 745d234..6bc4bac 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -1159,6 +1159,15 @@ do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
}
}
+ /* Once we sampled i_size check for reads beyond EOF */
+ dio->i_size = i_size_read(inode);
+ if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
+ if (dio->flags & DIO_LOCKING)
+ mutex_unlock(&inode->i_mutex);
+ kmem_cache_free(dio_cache, dio);
+ goto out;
+ }
+
/*
* For file extending writes updating i_size before data writeouts
* complete can expose uninitialized blocks in dumb filesystems.
@@ -1212,7 +1221,6 @@ do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
sdio.next_block_for_io = -1;
dio->iocb = iocb;
- dio->i_size = i_size_read(inode);
spin_lock_init(&dio->bio_lock);
dio->refcount = 1;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 090/305] drm/amdgpu: fix userptr flags check
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (88 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 089/305] direct-io: Fix negative return from dio read beyond eof Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 091/305] virtio-gpu: use no-merge for fill-modes Kamal Mostafa
` (214 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christian König, Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@amd.com>
commit 585116c5fafe578e89c146c9839c95ac75acfb9d upstream.
That got messed up while porting it from Radeon.
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
index 4afc507..35f5e3d 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
@@ -241,8 +241,9 @@ int amdgpu_gem_userptr_ioctl(struct drm_device *dev, void *data,
AMDGPU_GEM_USERPTR_REGISTER))
return -EINVAL;
- if (!(args->flags & AMDGPU_GEM_USERPTR_ANONONLY) ||
- !(args->flags & AMDGPU_GEM_USERPTR_REGISTER)) {
+ if (!(args->flags & AMDGPU_GEM_USERPTR_READONLY) && (
+ !(args->flags & AMDGPU_GEM_USERPTR_ANONONLY) ||
+ !(args->flags & AMDGPU_GEM_USERPTR_REGISTER))) {
/* if we want to write to it we must require anonymous
memory and install a MMU notifier */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 091/305] virtio-gpu: use no-merge for fill-modes
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (89 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 090/305] drm/amdgpu: fix userptr flags check Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 092/305] Fix a memory leak in scsi_host_dev_release() Kamal Mostafa
` (213 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marc-André Lureau, Dave Airlie, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
commit d6d38d9d795edc0f31c6c2d4e6743e66564d6c20 upstream.
Avoid the sticky preferred mode bit by using the no-merge version of the
function (this allows gnome-shell to resize to lower resolutions than
the default resolution)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/virtio/virtgpu_display.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_display.c b/drivers/gpu/drm/virtio/virtgpu_display.c
index 4e160ef..54b70f1 100644
--- a/drivers/gpu/drm/virtio/virtgpu_display.c
+++ b/drivers/gpu/drm/virtio/virtgpu_display.c
@@ -361,7 +361,7 @@ static const struct drm_connector_funcs virtio_gpu_connector_funcs = {
.save = virtio_gpu_conn_save,
.restore = virtio_gpu_conn_restore,
.detect = virtio_gpu_conn_detect,
- .fill_modes = drm_helper_probe_single_connector_modes,
+ .fill_modes = drm_helper_probe_single_connector_modes_nomerge,
.destroy = virtio_gpu_conn_destroy,
.reset = drm_atomic_helper_connector_reset,
.atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 092/305] Fix a memory leak in scsi_host_dev_release()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (90 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 091/305] virtio-gpu: use no-merge for fill-modes Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 093/305] wan/x25: Fix use-after-free in x25_asy_open_tty() Kamal Mostafa
` (212 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bart Van Assche, Christoph Hellwig, Hannes Reinecke,
Martin K. Petersen, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Bart Van Assche <bart.vanassche@sandisk.com>
commit b49493f99690c8eaacfbc635bafaad629ea2c036 upstream.
Avoid that kmemleak reports the following memory leak if a
SCSI LLD calls scsi_host_alloc() and scsi_host_put() but neither
scsi_host_add() nor scsi_host_remove(). The following shell
command triggers that scenario:
for ((i=0; i<2; i++)); do
srp_daemon -oac |
while read line; do
echo $line >/sys/class/infiniband_srp/srp-mlx4_0-1/add_target
done
done
unreferenced object 0xffff88021b24a220 (size 8):
comm "srp_daemon", pid 56421, jiffies 4295006762 (age 4240.750s)
hex dump (first 8 bytes):
68 6f 73 74 35 38 00 a5 host58..
backtrace:
[<ffffffff8151014a>] kmemleak_alloc+0x7a/0xc0
[<ffffffff81165c1e>] __kmalloc_track_caller+0xfe/0x160
[<ffffffff81260d2b>] kvasprintf+0x5b/0x90
[<ffffffff81260e2d>] kvasprintf_const+0x8d/0xb0
[<ffffffff81254b0c>] kobject_set_name_vargs+0x3c/0xa0
[<ffffffff81337e3c>] dev_set_name+0x3c/0x40
[<ffffffff81355757>] scsi_host_alloc+0x327/0x4b0
[<ffffffffa03edc8e>] srp_create_target+0x4e/0x8a0 [ib_srp]
[<ffffffff8133778b>] dev_attr_store+0x1b/0x20
[<ffffffff811f27fa>] sysfs_kf_write+0x4a/0x60
[<ffffffff811f1e8e>] kernfs_fop_write+0x14e/0x180
[<ffffffff81176eef>] __vfs_write+0x2f/0xf0
[<ffffffff811771e4>] vfs_write+0xa4/0x100
[<ffffffff81177c64>] SyS_write+0x54/0xc0
[<ffffffff8151b257>] entry_SYSCALL_64_fastpath+0x12/0x6f
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/hosts.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
index 8bb173e..7d647a3 100644
--- a/drivers/scsi/hosts.c
+++ b/drivers/scsi/hosts.c
@@ -326,6 +326,17 @@ static void scsi_host_dev_release(struct device *dev)
kfree(queuedata);
}
+ if (shost->shost_state == SHOST_CREATED) {
+ /*
+ * Free the shost_dev device name here if scsi_host_alloc()
+ * and scsi_host_put() have been called but neither
+ * scsi_host_add() nor scsi_host_remove() has been called.
+ * This avoids that the memory allocated for the shost_dev
+ * name is leaked.
+ */
+ kfree(dev_name(&shost->shost_dev));
+ }
+
scsi_destroy_command_freelist(shost);
if (shost_use_blk_mq(shost)) {
if (shost->tag_set.tags)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 093/305] wan/x25: Fix use-after-free in x25_asy_open_tty()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (91 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 092/305] Fix a memory leak in scsi_host_dev_release() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 094/305] mac80211: do not actively scan DFS channels Kamal Mostafa
` (211 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Hurley, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Hurley <peter@hurleysoftware.com>
commit ee9159ddce14bc1dec9435ae4e3bd3153e783706 upstream.
The N_X25 line discipline may access the previous line discipline's closed
and already-freed private data on open [1].
The tty->disc_data field _never_ refers to valid data on entry to the
line discipline's open() method. Rather, the ldisc is expected to
initialize that field for its own use for the lifetime of the instance
(ie. from open() to close() only).
[1]
[ 634.336761] ==================================================================
[ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0
[ 634.339558] Read of size 4 by task syzkaller_execu/8981
[ 634.340359] =============================================================================
[ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected
...
[ 634.405018] Call Trace:
[ 634.405277] dump_stack (lib/dump_stack.c:52)
[ 634.405775] print_trailer (mm/slub.c:655)
[ 634.406361] object_err (mm/slub.c:662)
[ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236)
[ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279)
[ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1))
[ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447)
[ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567)
[ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879)
[ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607)
[ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613)
[ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/wan/x25_asy.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c
index 5c47b01..cd39025 100644
--- a/drivers/net/wan/x25_asy.c
+++ b/drivers/net/wan/x25_asy.c
@@ -549,16 +549,12 @@ static void x25_asy_receive_buf(struct tty_struct *tty,
static int x25_asy_open_tty(struct tty_struct *tty)
{
- struct x25_asy *sl = tty->disc_data;
+ struct x25_asy *sl;
int err;
if (tty->ops->write == NULL)
return -EOPNOTSUPP;
- /* First make sure we're not already connected. */
- if (sl && sl->magic == X25_ASY_MAGIC)
- return -EEXIST;
-
/* OK. Find a free X.25 channel to use. */
sl = x25_asy_alloc();
if (sl == NULL)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 094/305] mac80211: do not actively scan DFS channels
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (92 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 093/305] wan/x25: Fix use-after-free in x25_asy_open_tty() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 095/305] PM / Domains: Fix bad of_node_put() in failure paths of genpd_dev_pm_attach() Kamal Mostafa
` (210 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Antonio Quartulli, Johannes Berg, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Antonio Quartulli <antonio@meshcoding.com>
commit 4e39ccac0d678eacb5dd6ffc5057531af33c12d6 upstream.
DFS channels should not be actively scanned as we can't be sure
if we are allowed or not.
If the current channel is in the DFS band, active scan might be
performed after CSA, but we have no guarantee about other channels,
therefore it is safer to prevent active scanning at all.
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/mac80211/scan.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 11d0901..9c1cccd 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -599,8 +599,8 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
/* We need to ensure power level is at max for scanning. */
ieee80211_hw_config(local, 0);
- if ((req->channels[0]->flags &
- IEEE80211_CHAN_NO_IR) ||
+ if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR |
+ IEEE80211_CHAN_RADAR)) ||
!req->n_ssids) {
next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
} else {
@@ -647,7 +647,7 @@ ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
* TODO: channel switching also consumes quite some time,
* add that delay as well to get a better estimation
*/
- if (chan->flags & IEEE80211_CHAN_NO_IR)
+ if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR))
return IEEE80211_PASSIVE_CHANNEL_TIME;
return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
}
@@ -779,7 +779,8 @@ static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
*
* In any case, it is not necessary for a passive scan.
*/
- if (chan->flags & IEEE80211_CHAN_NO_IR || !scan_req->n_ssids) {
+ if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) ||
+ !scan_req->n_ssids) {
*next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
local->next_scan_state = SCAN_DECISION;
return;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 095/305] PM / Domains: Fix bad of_node_put() in failure paths of genpd_dev_pm_attach()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (93 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 094/305] mac80211: do not actively scan DFS channels Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 096/305] drm: Fix an unwanted master inheritance v2 Kamal Mostafa
` (209 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Anholt, Rafael J. Wysocki, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Eric Anholt <eric@anholt.net>
commit 265e2cf672aaa9421e7012b4aa30c0ed80f1a447 upstream.
It looks like these meant to be unreffing the
of_parse_phandle_with_args() node, since the error paths above it
don't do of_node_put. That function returns a new ref in pd_args.np,
though, not a new ref on dev->of_node. Also, it would have leaked the
ref in the success case.
Fixes "ERROR: Bad of_node_put()" on bcm2835 in the -EPROBE_DEFER case.
Fixes: aa42240ab254 (PM / Domains: Add generic OF-based PM domain look-up)
Signed-off-by: Eric Anholt <eric@anholt.net>
Acked-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/base/power/domain.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
index 0ee43c1..6e5ac0a 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -2216,10 +2216,10 @@ int genpd_dev_pm_attach(struct device *dev)
}
pd = of_genpd_get_from_provider(&pd_args);
+ of_node_put(pd_args.np);
if (IS_ERR(pd)) {
dev_dbg(dev, "%s() failed to find PM domain: %ld\n",
__func__, PTR_ERR(pd));
- of_node_put(dev->of_node);
return PTR_ERR(pd);
}
@@ -2237,7 +2237,6 @@ int genpd_dev_pm_attach(struct device *dev)
if (ret < 0) {
dev_err(dev, "failed to add to PM domain %s: %d",
pd->name, ret);
- of_node_put(dev->of_node);
return ret;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 096/305] drm: Fix an unwanted master inheritance v2
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (94 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 095/305] PM / Domains: Fix bad of_node_put() in failure paths of genpd_dev_pm_attach() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 097/305] sched/core: Clear the root_domain cpumasks in init_rootdomain() Kamal Mostafa
` (208 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Thomas Hellstrom, Dave Airlie, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Thomas Hellstrom <thellstrom@vmware.com>
commit a0af2e538c80f3e47f1d6ddf120a153ad909e8ad upstream.
A client calling drmSetMaster() using a file descriptor that was opened
when another client was master would inherit the latter client's master
object and all its authenticated clients.
This is unwanted behaviour, and when this happens, instead allocate a
brand new master object for the client calling drmSetMaster().
Fixes a BUG() throw in vmw_master_set().
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/drm_drv.c | 5 +++
drivers/gpu/drm/drm_fops.c | 84 ++++++++++++++++++++++++++++++----------------
include/drm/drmP.h | 6 ++++
3 files changed, 67 insertions(+), 28 deletions(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index b7bf4ce..572998d 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -163,6 +163,11 @@ int drm_setmaster_ioctl(struct drm_device *dev, void *data,
goto out_unlock;
}
+ if (!file_priv->allowed_master) {
+ ret = drm_new_set_master(dev, file_priv);
+ goto out_unlock;
+ }
+
file_priv->minor->master = drm_master_get(file_priv->master);
file_priv->is_master = 1;
if (dev->driver->master_set) {
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index c59ce4d..6b5625e 100644
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
@@ -126,6 +126,60 @@ static int drm_cpu_valid(void)
}
/**
+ * drm_new_set_master - Allocate a new master object and become master for the
+ * associated master realm.
+ *
+ * @dev: The associated device.
+ * @fpriv: File private identifying the client.
+ *
+ * This function must be called with dev::struct_mutex held.
+ * Returns negative error code on failure. Zero on success.
+ */
+int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv)
+{
+ struct drm_master *old_master;
+ int ret;
+
+ lockdep_assert_held_once(&dev->master_mutex);
+
+ /* create a new master */
+ fpriv->minor->master = drm_master_create(fpriv->minor);
+ if (!fpriv->minor->master)
+ return -ENOMEM;
+
+ /* take another reference for the copy in the local file priv */
+ old_master = fpriv->master;
+ fpriv->master = drm_master_get(fpriv->minor->master);
+
+ if (dev->driver->master_create) {
+ ret = dev->driver->master_create(dev, fpriv->master);
+ if (ret)
+ goto out_err;
+ }
+ if (dev->driver->master_set) {
+ ret = dev->driver->master_set(dev, fpriv, true);
+ if (ret)
+ goto out_err;
+ }
+
+ fpriv->is_master = 1;
+ fpriv->allowed_master = 1;
+ fpriv->authenticated = 1;
+ if (old_master)
+ drm_master_put(&old_master);
+
+ return 0;
+
+out_err:
+ /* drop both references and restore old master on failure */
+ drm_master_put(&fpriv->minor->master);
+ drm_master_put(&fpriv->master);
+ fpriv->master = old_master;
+
+ return ret;
+}
+
+/**
* Called whenever a process opens /dev/drm.
*
* \param filp file pointer.
@@ -189,35 +243,9 @@ static int drm_open_helper(struct file *filp, struct drm_minor *minor)
mutex_lock(&dev->master_mutex);
if (drm_is_primary_client(priv) && !priv->minor->master) {
/* create a new master */
- priv->minor->master = drm_master_create(priv->minor);
- if (!priv->minor->master) {
- ret = -ENOMEM;
+ ret = drm_new_set_master(dev, priv);
+ if (ret)
goto out_close;
- }
-
- priv->is_master = 1;
- /* take another reference for the copy in the local file priv */
- priv->master = drm_master_get(priv->minor->master);
- priv->authenticated = 1;
-
- if (dev->driver->master_create) {
- ret = dev->driver->master_create(dev, priv->master);
- if (ret) {
- /* drop both references if this fails */
- drm_master_put(&priv->minor->master);
- drm_master_put(&priv->master);
- goto out_close;
- }
- }
- if (dev->driver->master_set) {
- ret = dev->driver->master_set(dev, priv, true);
- if (ret) {
- /* drop both references if this fails */
- drm_master_put(&priv->minor->master);
- drm_master_put(&priv->master);
- goto out_close;
- }
- }
} else if (drm_is_primary_client(priv)) {
/* get a reference to the master */
priv->master = drm_master_get(priv->minor->master);
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
index 5aa5197..ee28f59 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -299,6 +299,11 @@ struct drm_file {
unsigned universal_planes:1;
/* true if client understands atomic properties */
unsigned atomic:1;
+ /*
+ * This client is allowed to gain master privileges for @master.
+ * Protected by struct drm_device::master_mutex.
+ */
+ unsigned allowed_master:1;
struct pid *pid;
kuid_t uid;
@@ -898,6 +903,7 @@ extern int drm_open(struct inode *inode, struct file *filp);
extern ssize_t drm_read(struct file *filp, char __user *buffer,
size_t count, loff_t *offset);
extern int drm_release(struct inode *inode, struct file *filp);
+extern int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv);
/* Mapping support (drm_vm.h) */
extern unsigned int drm_poll(struct file *filp, struct poll_table_struct *wait);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 097/305] sched/core: Clear the root_domain cpumasks in init_rootdomain()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (95 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 096/305] drm: Fix an unwanted master inheritance v2 Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 098/305] ARM/arm64: KVM: correct PTE uncachedness check Kamal Mostafa
` (207 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Xunlei Pang, Peter Zijlstra (Intel),
Linus Torvalds, Mike Galbraith, Steven Rostedt, Thomas Gleixner,
Ingo Molnar, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Xunlei Pang <xlpang@redhat.com>
commit 8295c69925ad53ec32ca54ac9fc194ff21bc40e2 upstream.
root_domain::rto_mask allocated through alloc_cpumask_var()
contains garbage data, this may cause problems. For instance,
When doing pull_rt_task(), it may do useless iterations if
rto_mask retains some extra garbage bits. Worse still, this
violates the isolated domain rule for clustered scheduling
using cpuset, because the tasks(with all the cpus allowed)
belongs to one root domain can be pulled away into another
root domain.
The patch cleans the garbage by using zalloc_cpumask_var()
instead of alloc_cpumask_var() for root_domain::rto_mask
allocation, thereby addressing the issues.
Do the same thing for root_domain's other cpumask memembers:
dlo_mask, span, and online.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1449057179-29321-1-git-send-email-xlpang@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/sched/core.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 6776631..87c3bb8 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -5718,13 +5718,13 @@ static int init_rootdomain(struct root_domain *rd)
{
memset(rd, 0, sizeof(*rd));
- if (!alloc_cpumask_var(&rd->span, GFP_KERNEL))
+ if (!zalloc_cpumask_var(&rd->span, GFP_KERNEL))
goto out;
- if (!alloc_cpumask_var(&rd->online, GFP_KERNEL))
+ if (!zalloc_cpumask_var(&rd->online, GFP_KERNEL))
goto free_span;
- if (!alloc_cpumask_var(&rd->dlo_mask, GFP_KERNEL))
+ if (!zalloc_cpumask_var(&rd->dlo_mask, GFP_KERNEL))
goto free_online;
- if (!alloc_cpumask_var(&rd->rto_mask, GFP_KERNEL))
+ if (!zalloc_cpumask_var(&rd->rto_mask, GFP_KERNEL))
goto free_dlo_mask;
init_dl_bw(&rd->dl_bw);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 098/305] ARM/arm64: KVM: correct PTE uncachedness check
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (96 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 097/305] sched/core: Clear the root_domain cpumasks in init_rootdomain() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 099/305] drm/amdgpu: partially revert "drm/amdgpu: fix VM_CONTEXT*_PAGE_TABLE_END_ADDR" v2 Kamal Mostafa
` (206 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ard Biesheuvel, Marc Zyngier, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 0de58f852875a0f0dcfb120bb8433e4e73c7803b upstream.
Commit e6fab5442345 ("ARM/arm64: KVM: test properly for a PTE's
uncachedness") modified the logic to test whether a HYP or stage-2
mapping needs flushing, from [incorrectly] interpreting the page table
attributes to [incorrectly] checking whether the PFN that backs the
mapping is covered by host system RAM. The PFN number is part of the
output of the translation, not the input, so we have to use pte_pfn()
on the contents of the PTE, not __phys_to_pfn() on the HYP virtual
address or stage-2 intermediate physical address.
Fixes: e6fab5442345 ("ARM/arm64: KVM: test properly for a PTE's uncachedness")
Tested-by: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/kvm/mmu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 7dace90..61d96a6 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -218,7 +218,7 @@ static void unmap_ptes(struct kvm *kvm, pmd_t *pmd,
kvm_tlb_flush_vmid_ipa(kvm, addr);
/* No need to invalidate the cache for device mappings */
- if (!kvm_is_device_pfn(__phys_to_pfn(addr)))
+ if (!kvm_is_device_pfn(pte_pfn(old_pte)))
kvm_flush_dcache_pte(old_pte);
put_page(virt_to_page(pte));
@@ -310,7 +310,7 @@ static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd,
pte = pte_offset_kernel(pmd, addr);
do {
- if (!pte_none(*pte) && !kvm_is_device_pfn(__phys_to_pfn(addr)))
+ if (!pte_none(*pte) && !kvm_is_device_pfn(pte_pfn(*pte)))
kvm_flush_dcache_pte(*pte);
} while (pte++, addr += PAGE_SIZE, addr != end);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 099/305] drm/amdgpu: partially revert "drm/amdgpu: fix VM_CONTEXT*_PAGE_TABLE_END_ADDR" v2
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (97 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 098/305] ARM/arm64: KVM: correct PTE uncachedness check Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 100/305] x86/mpx: Fix instruction decoder condition Kamal Mostafa
` (205 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christian König, Anatoli Antonovitch, Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@amd.com>
commit 9c97b5ab4a91c18c2e7654f044cbff446cfd979b upstream.
The gtt_end is already inclusive, we don't need to subtract one here.
v2 (chk): keep the fix for the VM code, cause here it really applies.
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Anatoli Antonovitch <anatoli.antonovitch@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 2 +-
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
index 2341c59..c735b86 100644
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
@@ -486,7 +486,7 @@ static int gmc_v7_0_gart_enable(struct amdgpu_device *adev)
WREG32(mmVM_L2_CNTL3, tmp);
/* setup context0 */
WREG32(mmVM_CONTEXT0_PAGE_TABLE_START_ADDR, adev->mc.gtt_start >> 12);
- WREG32(mmVM_CONTEXT0_PAGE_TABLE_END_ADDR, (adev->mc.gtt_end >> 12) - 1);
+ WREG32(mmVM_CONTEXT0_PAGE_TABLE_END_ADDR, adev->mc.gtt_end >> 12);
WREG32(mmVM_CONTEXT0_PAGE_TABLE_BASE_ADDR, adev->gart.table_addr >> 12);
WREG32(mmVM_CONTEXT0_PROTECTION_FAULT_DEFAULT_ADDR,
(u32)(adev->dummy_page.addr >> 12));
diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
index ccdf8d1..e41ff6a 100644
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
@@ -591,7 +591,7 @@ static int gmc_v8_0_gart_enable(struct amdgpu_device *adev)
WREG32(mmVM_L2_CNTL4, tmp);
/* setup context0 */
WREG32(mmVM_CONTEXT0_PAGE_TABLE_START_ADDR, adev->mc.gtt_start >> 12);
- WREG32(mmVM_CONTEXT0_PAGE_TABLE_END_ADDR, (adev->mc.gtt_end >> 12) - 1);
+ WREG32(mmVM_CONTEXT0_PAGE_TABLE_END_ADDR, adev->mc.gtt_end >> 12);
WREG32(mmVM_CONTEXT0_PAGE_TABLE_BASE_ADDR, adev->gart.table_addr >> 12);
WREG32(mmVM_CONTEXT0_PROTECTION_FAULT_DEFAULT_ADDR,
(u32)(adev->dummy_page.addr >> 12));
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 100/305] x86/mpx: Fix instruction decoder condition
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (98 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 099/305] drm/amdgpu: partially revert "drm/amdgpu: fix VM_CONTEXT*_PAGE_TABLE_END_ADDR" v2 Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 101/305] x86/signal: Fix restart_syscall number for x32 tasks Kamal Mostafa
` (204 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dave Hansen, x86, Dave Hansen, Thomas Gleixner, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dave Hansen <dave.hansen@linux.intel.com>
commit 8e8efe0379bd93e8219ca0fc6fa80b5dd85b09cb upstream.
MPX decodes instructions in order to tell which bounds register
was violated. Part of this decoding involves looking at the "REX
prefix" which is a special instrucion prefix used to retrofit
support for new registers in to old instructions.
The X86_REX_*() macros are defined to return actual bit values:
#define X86_REX_R(rex) ((rex) & 4)
*not* boolean values. However, the MPX code was checking for
them like they were booleans. This might have led to us
mis-decoding the "REX prefix" and giving false information out to
userspace about bounds violations. X86_REX_B() actually is bit 1,
so this is really only broken for the X86_REX_X() case.
Fix the conditionals up to tolerate the non-boolean values.
Fixes: fcc7ffd67991 "x86, mpx: Decode MPX instruction to get bound violation information"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: x86@kernel.org
Cc: Dave Hansen <dave@sr71.net>
Link: http://lkml.kernel.org/r/20151201003113.D800C1E0@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/mm/mpx.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
index c28f618..27f8393 100644
--- a/arch/x86/mm/mpx.c
+++ b/arch/x86/mm/mpx.c
@@ -138,19 +138,19 @@ static int get_reg_offset(struct insn *insn, struct pt_regs *regs,
switch (type) {
case REG_TYPE_RM:
regno = X86_MODRM_RM(insn->modrm.value);
- if (X86_REX_B(insn->rex_prefix.value) == 1)
+ if (X86_REX_B(insn->rex_prefix.value))
regno += 8;
break;
case REG_TYPE_INDEX:
regno = X86_SIB_INDEX(insn->sib.value);
- if (X86_REX_X(insn->rex_prefix.value) == 1)
+ if (X86_REX_X(insn->rex_prefix.value))
regno += 8;
break;
case REG_TYPE_BASE:
regno = X86_SIB_BASE(insn->sib.value);
- if (X86_REX_B(insn->rex_prefix.value) == 1)
+ if (X86_REX_B(insn->rex_prefix.value))
regno += 8;
break;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 101/305] x86/signal: Fix restart_syscall number for x32 tasks
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (99 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 100/305] x86/mpx: Fix instruction decoder condition Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 102/305] ovl: fix permission checking for setattr Kamal Mostafa
` (203 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dmitry V. Levin, Elvira Khabirova, Thomas Gleixner, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Dmitry V. Levin" <ldv@altlinux.org>
commit 22eab1108781eff09961ae7001704f7bd8fb1dce upstream.
When restarting a syscall with regs->ax == -ERESTART_RESTARTBLOCK,
regs->ax is assigned to a restart_syscall number. For x32 tasks, this
syscall number must have __X32_SYSCALL_BIT set, otherwise it will be
an x86_64 syscall number instead of a valid x32 syscall number. This
issue has been there since the introduction of x32.
Reported-by: strace/tests/restart_syscall.test
Reported-and-tested-by: Elvira Khabirova <lineprinter0@gmail.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: Elvira Khabirova <lineprinter0@gmail.com>
Link: http://lkml.kernel.org/r/20151130215436.GA25996@altlinux.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kernel/signal.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 71820c4..ce10cbc 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -685,12 +685,15 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs)
signal_setup_done(failed, ksig, stepping);
}
-#ifdef CONFIG_X86_32
-#define NR_restart_syscall __NR_restart_syscall
-#else /* !CONFIG_X86_32 */
-#define NR_restart_syscall \
- test_thread_flag(TIF_IA32) ? __NR_ia32_restart_syscall : __NR_restart_syscall
-#endif /* CONFIG_X86_32 */
+static inline unsigned long get_nr_restart_syscall(const struct pt_regs *regs)
+{
+#if defined(CONFIG_X86_32) || !defined(CONFIG_X86_64)
+ return __NR_restart_syscall;
+#else /* !CONFIG_X86_32 && CONFIG_X86_64 */
+ return test_thread_flag(TIF_IA32) ? __NR_ia32_restart_syscall :
+ __NR_restart_syscall | (regs->orig_ax & __X32_SYSCALL_BIT);
+#endif /* CONFIG_X86_32 || !CONFIG_X86_64 */
+}
/*
* Note that 'init' is a special process: it doesn't get signals it doesn't
@@ -719,7 +722,7 @@ static void do_signal(struct pt_regs *regs)
break;
case -ERESTART_RESTARTBLOCK:
- regs->ax = NR_restart_syscall;
+ regs->ax = get_nr_restart_syscall(regs);
regs->ip -= 2;
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 102/305] ovl: fix permission checking for setattr
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (100 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 101/305] x86/signal: Fix restart_syscall number for x32 tasks Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 103/305] Don't reset ->total_link_count on nested calls of vfs_path_lookup() Kamal Mostafa
` (202 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Miklos Szeredi, Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Miklos Szeredi <miklos@szeredi.hu>
commit acff81ec2c79492b180fade3c2894425cd35a545 upstream.
[Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
(with the former being always safe and the latter failing in case of
insufficient permissions) it tries to combine these two. Note that copyup
itself will have to do ->setattr() anyway; _that_ is where the elevated
capabilities are right. Having these two ->setattr() (one to set verbatim
copy of metadata, another to do what overlayfs ->setattr() had been asked
to do in the first place) combined is where it breaks.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/overlayfs/inode.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index ec0c2a0..9612849 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -49,13 +49,13 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr)
if (err)
goto out;
- upperdentry = ovl_dentry_upper(dentry);
- if (upperdentry) {
+ err = ovl_copy_up(dentry);
+ if (!err) {
+ upperdentry = ovl_dentry_upper(dentry);
+
mutex_lock(&upperdentry->d_inode->i_mutex);
err = notify_change(upperdentry, attr, NULL);
mutex_unlock(&upperdentry->d_inode->i_mutex);
- } else {
- err = ovl_copy_up_last(dentry, attr, false);
}
ovl_drop_write(dentry);
out:
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 103/305] Don't reset ->total_link_count on nested calls of vfs_path_lookup()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (101 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 102/305] ovl: fix permission checking for setattr Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 104/305] net: mvneta: fix bit assignment in MVNETA_RXQ_CONFIG_REG Kamal Mostafa
` (201 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 2788cc47f4593cca2c3c73c7bb82cd32b88c8ef7 upstream.
we already zero it on outermost set_nameidata(), so initialization in
path_init() is pointless and wrong. The same DoS exists on pre-4.2
kernels, but there a slightly different fix will be needed.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/namei.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index 36df481..f39a798 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1999,7 +1999,6 @@ static const char *path_init(struct nameidata *nd, unsigned flags)
nd->last_type = LAST_ROOT; /* if there are only slashes... */
nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT;
nd->depth = 0;
- nd->total_link_count = 0;
if (flags & LOOKUP_ROOT) {
struct dentry *root = nd->root.dentry;
struct inode *inode = root->d_inode;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 104/305] net: mvneta: fix bit assignment in MVNETA_RXQ_CONFIG_REG
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (102 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 103/305] Don't reset ->total_link_count on nested calls of vfs_path_lookup() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 105/305] net: mvneta: fix bit assignment for RX packet irq enable Kamal Mostafa
` (200 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcin Wojtas, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marcin Wojtas <mw@semihalf.com>
commit e5bdf689d32fcf3aaf548c71e715b303ba20b5d1 upstream.
MVNETA_RXQ_HW_BUF_ALLOC bit which controls enabling hardware buffer
allocation was mistakenly set as BIT(1). This commit fixes the assignment.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Fixes: c5aff18204da ("net: mvneta: driver for Marvell Armada 370/XP network
unit")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/marvell/mvneta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
index 7e788073..1e0d38b 100644
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -35,7 +35,7 @@
/* Registers */
#define MVNETA_RXQ_CONFIG_REG(q) (0x1400 + ((q) << 2))
-#define MVNETA_RXQ_HW_BUF_ALLOC BIT(1)
+#define MVNETA_RXQ_HW_BUF_ALLOC BIT(0)
#define MVNETA_RXQ_PKT_OFFSET_ALL_MASK (0xf << 8)
#define MVNETA_RXQ_PKT_OFFSET_MASK(offs) ((offs) << 8)
#define MVNETA_RXQ_THRESHOLD_REG(q) (0x14c0 + ((q) << 2))
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 105/305] net: mvneta: fix bit assignment for RX packet irq enable
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (103 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 104/305] net: mvneta: fix bit assignment in MVNETA_RXQ_CONFIG_REG Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 106/305] net: mvneta: add configuration for MBUS windows access protection Kamal Mostafa
` (199 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcin Wojtas, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marcin Wojtas <mw@semihalf.com>
commit dc1aadf6f1e7609590fadf7a0252413732289b2e upstream.
A value originally defined in the driver was inappropriate. Even though
the ingress was somehow working, writing MVNETA_RXQ_INTR_ENABLE_ALL_MASK
to MVNETA_INTR_ENABLE didn't make any effect, because the bits [31:16]
are reserved and read-only.
This commit updates MVNETA_RXQ_INTR_ENABLE_ALL_MASK to be compliant with
the controller's documentation.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Fixes: c5aff18204da ("net: mvneta: driver for Marvell Armada 370/XP network
unit")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/marvell/mvneta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
index 1e0d38b..82f63e9 100644
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -156,7 +156,7 @@
#define MVNETA_INTR_ENABLE 0x25b8
#define MVNETA_TXQ_INTR_ENABLE_ALL_MASK 0x0000ff00
-#define MVNETA_RXQ_INTR_ENABLE_ALL_MASK 0xff000000 // note: neta says it's 0x000000FF
+#define MVNETA_RXQ_INTR_ENABLE_ALL_MASK 0x000000ff
#define MVNETA_RXQ_CMD 0x2680
#define MVNETA_RXQ_DISABLE_SHIFT 8
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 106/305] net: mvneta: add configuration for MBUS windows access protection
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (104 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 105/305] net: mvneta: fix bit assignment for RX packet irq enable Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 107/305] iwlwifi: mvm: don't overwrite the key indices in D3 entry Kamal Mostafa
` (198 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcin Wojtas, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marcin Wojtas <mw@semihalf.com>
commit db6ba9a5371f173489df126739d0a1c2a50f347b upstream.
This commit adds missing configuration of MBUS windows access protection
in mvneta_conf_mbus_windows function - a dedicated variable for that
purpose remained there unused since v3.8 initial mvneta support. Because
of that the register contents were inherited from the bootloader.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Reviewed-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Fixes: c5aff18204da ("net: mvneta: driver for Marvell Armada 370/XP network
unit")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/marvell/mvneta.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
index 82f63e9..060af9b 100644
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -61,6 +61,7 @@
#define MVNETA_WIN_SIZE(w) (0x2204 + ((w) << 3))
#define MVNETA_WIN_REMAP(w) (0x2280 + ((w) << 2))
#define MVNETA_BASE_ADDR_ENABLE 0x2290
+#define MVNETA_ACCESS_PROTECT_ENABLE 0x2294
#define MVNETA_PORT_CONFIG 0x2400
#define MVNETA_UNI_PROMISC_MODE BIT(0)
#define MVNETA_DEF_RXQ(q) ((q) << 1)
@@ -2975,6 +2976,7 @@ static void mvneta_conf_mbus_windows(struct mvneta_port *pp,
}
mvreg_write(pp, MVNETA_BASE_ADDR_ENABLE, win_enable);
+ mvreg_write(pp, MVNETA_ACCESS_PROTECT_ENABLE, win_protect);
}
/* Power up the port */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 107/305] iwlwifi: mvm: don't overwrite the key indices in D3 entry
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (105 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 106/305] net: mvneta: add configuration for MBUS windows access protection Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 108/305] mac80211: fix off-channel mgmt-tx uninitialized variable usage Kamal Mostafa
` (197 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Luca Coelho, Emmanuel Grumbach, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Luca Coelho <luciano.coelho@intel.com>
commit d6ee54a9d7c807cdb8eb77d7f019cce344c2162c upstream.
When entering D3, we need to use hardcoded key indices because the
firmware requires that. To do so, we are overwriting the HW key index
in the keyconf structure, which makes it impossible to reuse the
indices that were used before entering D3. Additionally, we overwrite
all the non-PTK keys with index 1, because the firmware only allows
one non-PTK key to be set. This is bad, because when we resume, we
may try to set more than one key with index 1, which will obviously
fail.
To fix this, allow the callers to set a pre-defined index to use in
iwl_mvm_set_sta_key() instead of relying on the hw_key_idx value from
the keyconf struct (which requires overwriting it). In normal cases,
the caller can pass STA_KEY_IDX_INVALID, which will cause a new key
offset to be chosen. During HW_RESTART, we pass the offset that is in
use. And during D3 entry, we pass the hardcoded indices we need to
use.
Additionally, don't clear the fw_key_table in D3 entry, so that the
flags are still set with the pre-D3 values when exiting D3.
fixes=I3165c22362483f0152d9ec1d2a987fb5529727c1
Fixes: b546dcd6b742 ("iwlwifi: mvm: don't reset key index on HW restart")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/wireless/iwlwifi/mvm/d3.c | 8 ++----
drivers/net/wireless/iwlwifi/mvm/mac80211.c | 11 ++++++--
drivers/net/wireless/iwlwifi/mvm/sta.c | 44 ++++++++++++++++++-----------
drivers/net/wireless/iwlwifi/mvm/sta.h | 4 +--
4 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/mvm/d3.c b/drivers/net/wireless/iwlwifi/mvm/d3.c
index f60b89b..051bc800 100644
--- a/drivers/net/wireless/iwlwifi/mvm/d3.c
+++ b/drivers/net/wireless/iwlwifi/mvm/d3.c
@@ -309,9 +309,9 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw,
* to transmit packets to the AP, i.e. the PTK.
*/
if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
- key->hw_key_idx = 0;
mvm->ptk_ivlen = key->iv_len;
mvm->ptk_icvlen = key->icv_len;
+ ret = iwl_mvm_set_sta_key(mvm, vif, sta, key, 0);
} else {
/*
* firmware only supports TSC/RSC for a single key,
@@ -319,12 +319,11 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw,
* with new ones -- this relies on mac80211 doing
* list_add_tail().
*/
- key->hw_key_idx = 1;
mvm->gtk_ivlen = key->iv_len;
mvm->gtk_icvlen = key->icv_len;
+ ret = iwl_mvm_set_sta_key(mvm, vif, sta, key, 1);
}
- ret = iwl_mvm_set_sta_key(mvm, vif, sta, key, true);
data->error = ret != 0;
out_unlock:
mutex_unlock(&mvm->mutex);
@@ -772,9 +771,6 @@ static int iwl_mvm_switch_to_d3(struct iwl_mvm *mvm)
*/
set_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status);
- /* We reprogram keys and shouldn't allocate new key indices */
- memset(mvm->fw_key_table, 0, sizeof(mvm->fw_key_table));
-
mvm->ptk_ivlen = 0;
mvm->ptk_icvlen = 0;
mvm->ptk_ivlen = 0;
diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
index f82019c..713e1bb 100644
--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
@@ -2872,6 +2872,7 @@ static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
{
struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
int ret;
+ u8 key_offset;
if (iwlwifi_mod_params.sw_crypto) {
IWL_DEBUG_MAC80211(mvm, "leave - hwcrypto disabled\n");
@@ -2936,10 +2937,14 @@ static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
break;
}
+ /* in HW restart reuse the index, otherwise request a new one */
+ if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status))
+ key_offset = key->hw_key_idx;
+ else
+ key_offset = STA_KEY_IDX_INVALID;
+
IWL_DEBUG_MAC80211(mvm, "set hwcrypto key\n");
- ret = iwl_mvm_set_sta_key(mvm, vif, sta, key,
- test_bit(IWL_MVM_STATUS_IN_HW_RESTART,
- &mvm->status));
+ ret = iwl_mvm_set_sta_key(mvm, vif, sta, key, key_offset);
if (ret) {
IWL_WARN(mvm, "set key failed\n");
/*
diff --git a/drivers/net/wireless/iwlwifi/mvm/sta.c b/drivers/net/wireless/iwlwifi/mvm/sta.c
index 26f076e..b00aca7 100644
--- a/drivers/net/wireless/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/iwlwifi/mvm/sta.c
@@ -1188,7 +1188,8 @@ static u8 iwl_mvm_get_key_sta_id(struct ieee80211_vif *vif,
static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm,
struct iwl_mvm_sta *mvm_sta,
struct ieee80211_key_conf *keyconf, bool mcast,
- u32 tkip_iv32, u16 *tkip_p1k, u32 cmd_flags)
+ u32 tkip_iv32, u16 *tkip_p1k, u32 cmd_flags,
+ u8 key_offset)
{
struct iwl_mvm_add_sta_key_cmd cmd = {};
__le16 key_flags;
@@ -1230,7 +1231,7 @@ static int iwl_mvm_send_sta_key(struct iwl_mvm *mvm,
if (mcast)
key_flags |= cpu_to_le16(STA_KEY_MULTICAST);
- cmd.key_offset = keyconf->hw_key_idx;
+ cmd.key_offset = key_offset;
cmd.key_flags = key_flags;
cmd.sta_id = sta_id;
@@ -1323,6 +1324,7 @@ static int __iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
struct ieee80211_vif *vif,
struct ieee80211_sta *sta,
struct ieee80211_key_conf *keyconf,
+ u8 key_offset,
bool mcast)
{
struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta);
@@ -1338,17 +1340,17 @@ static int __iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
ieee80211_get_key_rx_seq(keyconf, 0, &seq);
ieee80211_get_tkip_rx_p1k(keyconf, addr, seq.tkip.iv32, p1k);
ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
- seq.tkip.iv32, p1k, 0);
+ seq.tkip.iv32, p1k, 0, key_offset);
break;
case WLAN_CIPHER_SUITE_CCMP:
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
- 0, NULL, 0);
+ 0, NULL, 0, key_offset);
break;
default:
ret = iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
- 0, NULL, 0);
+ 0, NULL, 0, key_offset);
}
return ret;
@@ -1396,7 +1398,7 @@ int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
struct ieee80211_vif *vif,
struct ieee80211_sta *sta,
struct ieee80211_key_conf *keyconf,
- bool have_key_offset)
+ u8 key_offset)
{
bool mcast = !(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE);
u8 sta_id;
@@ -1433,18 +1435,25 @@ int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
if (WARN_ON_ONCE(iwl_mvm_sta_from_mac80211(sta)->vif != vif))
return -EINVAL;
- if (!have_key_offset) {
- /*
- * The D3 firmware hardcodes the PTK offset to 0, so we have to
- * configure it there. As a result, this workaround exists to
- * let the caller set the key offset (hw_key_idx), see d3.c.
- */
- keyconf->hw_key_idx = iwl_mvm_set_fw_key_idx(mvm);
- if (keyconf->hw_key_idx == STA_KEY_IDX_INVALID)
+ /* If the key_offset is not pre-assigned, we need to find a
+ * new offset to use. In normal cases, the offset is not
+ * pre-assigned, but during HW_RESTART we want to reuse the
+ * same indices, so we pass them when this function is called.
+ *
+ * In D3 entry, we need to hardcoded the indices (because the
+ * firmware hardcodes the PTK offset to 0). In this case, we
+ * need to make sure we don't overwrite the hw_key_idx in the
+ * keyconf structure, because otherwise we cannot configure
+ * the original ones back when resuming.
+ */
+ if (key_offset == STA_KEY_IDX_INVALID) {
+ key_offset = iwl_mvm_set_fw_key_idx(mvm);
+ if (key_offset == STA_KEY_IDX_INVALID)
return -ENOSPC;
+ keyconf->hw_key_idx = key_offset;
}
- ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf, mcast);
+ ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf, key_offset, mcast);
if (ret) {
__clear_bit(keyconf->hw_key_idx, mvm->fw_key_table);
goto end;
@@ -1458,7 +1467,8 @@ int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
*/
if (keyconf->cipher == WLAN_CIPHER_SUITE_WEP40 ||
keyconf->cipher == WLAN_CIPHER_SUITE_WEP104) {
- ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf, !mcast);
+ ret = __iwl_mvm_set_sta_key(mvm, vif, sta, keyconf,
+ key_offset, !mcast);
if (ret) {
__clear_bit(keyconf->hw_key_idx, mvm->fw_key_table);
__iwl_mvm_remove_sta_key(mvm, sta_id, keyconf, mcast);
@@ -1558,7 +1568,7 @@ void iwl_mvm_update_tkip_key(struct iwl_mvm *mvm,
mvm_sta = iwl_mvm_sta_from_mac80211(sta);
iwl_mvm_send_sta_key(mvm, mvm_sta, keyconf, mcast,
- iv32, phase1key, CMD_ASYNC);
+ iv32, phase1key, CMD_ASYNC, keyconf->hw_key_idx);
rcu_read_unlock();
}
diff --git a/drivers/net/wireless/iwlwifi/mvm/sta.h b/drivers/net/wireless/iwlwifi/mvm/sta.h
index 748f5dc..b3e424f 100644
--- a/drivers/net/wireless/iwlwifi/mvm/sta.h
+++ b/drivers/net/wireless/iwlwifi/mvm/sta.h
@@ -365,8 +365,8 @@ int iwl_mvm_rm_sta_id(struct iwl_mvm *mvm,
int iwl_mvm_set_sta_key(struct iwl_mvm *mvm,
struct ieee80211_vif *vif,
struct ieee80211_sta *sta,
- struct ieee80211_key_conf *key,
- bool have_key_offset);
+ struct ieee80211_key_conf *keyconf,
+ u8 key_offset);
int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm,
struct ieee80211_vif *vif,
struct ieee80211_sta *sta,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 108/305] mac80211: fix off-channel mgmt-tx uninitialized variable usage
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (106 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 107/305] iwlwifi: mvm: don't overwrite the key indices in D3 entry Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 109/305] drm/rockchip: unset pgoff when mmap'ing gems Kamal Mostafa
` (196 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Johannes Berg, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Johannes Berg <johannes.berg@intel.com>
commit c1df932c0574c13ab3ce72e969c9647ff3aaad68 upstream.
In the last change here, I neglected to update the cookie in one code
path: when a mgmt-tx has no real cookie sent to userspace as it doesn't
wait for a response, but is off-channel. The original code used the SKB
pointer as the cookie and always assigned the cookie to the TX SKB in
ieee80211_start_roc_work(), but my change turned this around and made
the code rely on a valid cookie being passed in.
Unfortunately, the off-channel no-wait TX path wasn't assigning one at
all, resulting in an uninitialized stack value being used. This wasn't
handed back to userspace as a cookie (since in the no-wait case there
isn't a cookie), but it was tested for non-zero to distinguish between
mgmt-tx and off-channel.
Fix this by assigning a dummy non-zero cookie unconditionally, and get
rid of a misleading comment and some dead code while at it. I'll clean
up the ACK SKB handling separately later.
Fixes: 3b79af973cf4 ("mac80211: stop using pointers as userspace cookies")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/mac80211/cfg.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index bf7023f..5f8bbee 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3439,8 +3439,12 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
goto out_unlock;
}
} else {
- /* for cookie below */
- ack_skb = skb;
+ /* Assign a dummy non-zero cookie, it's not sent to
+ * userspace in this case but we rely on its value
+ * internally in the need_offchan case to distinguish
+ * mgmt-tx from remain-on-channel.
+ */
+ *cookie = 0xffffffff;
}
if (!need_offchan) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 109/305] drm/rockchip: unset pgoff when mmap'ing gems
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (107 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 108/305] mac80211: fix off-channel mgmt-tx uninitialized variable usage Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 110/305] remoteproc: avoid stack overflow in debugfs file Kamal Mostafa
` (195 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Heiko Stuebner, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Heiko Stuebner <heiko@sntech.de>
commit a8594f20cafadb6ba58f915dea5f2c94a9333b1a upstream.
Commit 371f0f085f629 ("ARM: 8426/1: dma-mapping: add missing range check
in dma_mmap()") introduced offset-checking for mappings, which collides
with the fake-offset the drm sets for gems.
Other drm-drivers set this offset to 0 before doing the mapping, so
this looks like the correct way to go for rockchip as well.
Fixes: 371f0f085f629 ("ARM: 8426/1: dma-mapping: add missing range check in dma_mmap()")
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
index eba5f8a..2d1daac 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
@@ -67,6 +67,7 @@ static int rockchip_drm_gem_object_mmap(struct drm_gem_object *obj,
* VM_PFNMAP flag that was set by drm_gem_mmap_obj()/drm_gem_mmap().
*/
vma->vm_flags &= ~VM_PFNMAP;
+ vma->vm_pgoff = 0;
ret = dma_mmap_attrs(drm->dev, vma, rk_obj->kvaddr, rk_obj->dma_addr,
obj->size, &rk_obj->dma_attrs);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 110/305] remoteproc: avoid stack overflow in debugfs file
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (108 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 109/305] drm/rockchip: unset pgoff when mmap'ing gems Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 111/305] sched/rt: Hide the push_irq_work_func() declaration Kamal Mostafa
` (194 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Ohad Ben-Cohen, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 92792e48e2ae6051af30468a87994b5432da2f06 upstream.
Recent gcc versions warn about reading from a negative offset of
an on-stack array:
drivers/remoteproc/remoteproc_debugfs.c: In function 'rproc_recovery_write':
drivers/remoteproc/remoteproc_debugfs.c:167:9: warning: 'buf[4294967295u]' may be used uninitialized in this function [-Wmaybe-uninitialized]
I don't see anything in sys_write() that prevents us from
being called with a zero 'count' argument, so we should
add an extra check in rproc_recovery_write() to prevent the
access and avoid the warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 2e37abb89a2e ("remoteproc: create a 'recovery' debugfs entry")
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/remoteproc/remoteproc_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/remoteproc/remoteproc_debugfs.c b/drivers/remoteproc/remoteproc_debugfs.c
index 9d30809..916af50 100644
--- a/drivers/remoteproc/remoteproc_debugfs.c
+++ b/drivers/remoteproc/remoteproc_debugfs.c
@@ -156,7 +156,7 @@ rproc_recovery_write(struct file *filp, const char __user *user_buf,
char buf[10];
int ret;
- if (count > sizeof(buf))
+ if (count < 1 || count > sizeof(buf))
return count;
ret = copy_from_user(buf, user_buf, count);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 111/305] sched/rt: Hide the push_irq_work_func() declaration
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (109 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 110/305] remoteproc: avoid stack overflow in debugfs file Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 112/305] drm: imx: convert to drm_crtc_send_vblank_event() Kamal Mostafa
` (193 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Peter Zijlstra (Intel),
Linus Torvalds, Thomas Gleixner, Ingo Molnar, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 89b411081d70fe3772efa4665279293269c1150d upstream.
The push_irq_work_func() function is conditionally defined only
when both CONFIG_SMP and HAVE_RT_PUSH_IPI are defined, but the
forward declaration remains visibile without HAVE_RT_PUSH_IPI,
causing a gcc warning in ARM64 allnoconfig:
kernel/sched/rt.c:68:13: warning: 'push_irq_work_func' declared 'static' but never defined [-Wunused-function]
This changes the code to use the same condition for both the
declaration and the function definition, which gets rid of the
warning.
As Peter Zijlstra, we can possibly get rid of the whole HAVE_RT_PUSH_IPI
thing after:
8053871d0f7f ("smp: Fix smp_call_function_single_async() locking")
Until that is done, this patch can be used to avoid the warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: b6366f048e0c ("sched/rt: Use IPI to trigger RT task push migration instead of pulling")
Link: http://lkml.kernel.org/r/3828565.oKfGk7yNIT@wuerfel
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/sched/rt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 0d193a24..00426df 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -64,7 +64,7 @@ static void start_rt_bandwidth(struct rt_bandwidth *rt_b)
raw_spin_unlock(&rt_b->rt_runtime_lock);
}
-#ifdef CONFIG_SMP
+#if defined(CONFIG_SMP) && defined(HAVE_RT_PUSH_IPI)
static void push_irq_work_func(struct irq_work *work);
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 112/305] drm: imx: convert to drm_crtc_send_vblank_event()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (110 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 111/305] sched/rt: Hide the push_irq_work_func() declaration Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 113/305] sched/wait: Fix signal handling in bit wait helpers Kamal Mostafa
` (192 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Russell King, Philipp Zabel, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Russell King <rmk+kernel@arm.linux.org.uk>
commit 69d21fc0a21196e9c5b259505c0135a88002f9d2 upstream.
ipu_crtc_handle_pageflip() was calling drm_send_vblank_event() with
a pipe argument of -1. Commit cc1ef118fc09 ("drm/irq: Make pipe
unsigned and name consistent") now makes this error obvious, as we
now may get a warning from:
if (WARN_ON(pipe >= dev->num_crtcs))
in drm_vblank_count_and_time(). Prior to this change, we would end
up making out-of-bounds array accesses via:
struct drm_vblank_crtc *vblank = &dev->vblank[crtc];
and
*vblanktime = vblanktimestamp(dev, pipe, cur_vblank);
So, this has been broken for a very long time, and is not a result
of the above commit. Since we don't care about the staging versions,
I've tagged this with the earliest mainline commit where we do care,
even though this commit did not introduce the bug.
Fixes: 6556f7f82b9c ("drm: imx: Move imx-drm driver out of staging")
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/imx/ipuv3-crtc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/imx/ipuv3-crtc.c b/drivers/gpu/drm/imx/ipuv3-crtc.c
index 7bc8301..7ce1df0 100644
--- a/drivers/gpu/drm/imx/ipuv3-crtc.c
+++ b/drivers/gpu/drm/imx/ipuv3-crtc.c
@@ -212,7 +212,8 @@ static void ipu_crtc_handle_pageflip(struct ipu_crtc *ipu_crtc)
spin_lock_irqsave(&drm->event_lock, flags);
if (ipu_crtc->page_flip_event)
- drm_send_vblank_event(drm, -1, ipu_crtc->page_flip_event);
+ drm_crtc_send_vblank_event(&ipu_crtc->base,
+ ipu_crtc->page_flip_event);
ipu_crtc->page_flip_event = NULL;
imx_drm_crtc_vblank_put(ipu_crtc->imx_crtc);
spin_unlock_irqrestore(&drm->event_lock, flags);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 113/305] sched/wait: Fix signal handling in bit wait helpers
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (111 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 112/305] drm: imx: convert to drm_crtc_send_vblank_event() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 114/305] ACPI / property: fix compile error for acpi_node_get_property_reference() when CONFIG_ACPI=n Kamal Mostafa
` (191 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Zijlstra (Intel),
Linus Torvalds, Mike Galbraith, Thomas Gleixner, mark.rutland,
neilb, oleg, Ingo Molnar, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Zijlstra <peterz@infradead.org>
commit 68985633bccb6066bf1803e316fbc6c1f5b796d6 upstream.
Vladimir reported getting RCU stall warnings and bisected it back to
commit:
743162013d40 ("sched: Remove proliferation of wait_on_bit() action functions")
That commit inadvertently reversed the calls to schedule() and signal_pending(),
thereby not handling the case where the signal receives while we sleep.
Reported-by: Vladimir Murzin <vladimir.murzin@arm.com>
Tested-by: Vladimir Murzin <vladimir.murzin@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: mark.rutland@arm.com
Cc: neilb@suse.de
Cc: oleg@redhat.com
Fixes: 743162013d40 ("sched: Remove proliferation of wait_on_bit() action functions")
Fixes: cbbce8220949 ("SCHED: add some "wait..on_bit...timeout()" interfaces.")
Link: http://lkml.kernel.org/r/20151201130404.GL3816@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/sched/wait.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
index 052e026..f10bd87 100644
--- a/kernel/sched/wait.c
+++ b/kernel/sched/wait.c
@@ -583,18 +583,18 @@ EXPORT_SYMBOL(wake_up_atomic_t);
__sched int bit_wait(struct wait_bit_key *word)
{
- if (signal_pending_state(current->state, current))
- return 1;
schedule();
+ if (signal_pending(current))
+ return -EINTR;
return 0;
}
EXPORT_SYMBOL(bit_wait);
__sched int bit_wait_io(struct wait_bit_key *word)
{
- if (signal_pending_state(current->state, current))
- return 1;
io_schedule();
+ if (signal_pending(current))
+ return -EINTR;
return 0;
}
EXPORT_SYMBOL(bit_wait_io);
@@ -602,11 +602,11 @@ EXPORT_SYMBOL(bit_wait_io);
__sched int bit_wait_timeout(struct wait_bit_key *word)
{
unsigned long now = READ_ONCE(jiffies);
- if (signal_pending_state(current->state, current))
- return 1;
if (time_after_eq(now, word->timeout))
return -EAGAIN;
schedule_timeout(word->timeout - now);
+ if (signal_pending(current))
+ return -EINTR;
return 0;
}
EXPORT_SYMBOL_GPL(bit_wait_timeout);
@@ -614,11 +614,11 @@ EXPORT_SYMBOL_GPL(bit_wait_timeout);
__sched int bit_wait_io_timeout(struct wait_bit_key *word)
{
unsigned long now = READ_ONCE(jiffies);
- if (signal_pending_state(current->state, current))
- return 1;
if (time_after_eq(now, word->timeout))
return -EAGAIN;
io_schedule_timeout(word->timeout - now);
+ if (signal_pending(current))
+ return -EINTR;
return 0;
}
EXPORT_SYMBOL_GPL(bit_wait_io_timeout);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 114/305] ACPI / property: fix compile error for acpi_node_get_property_reference() when CONFIG_ACPI=n
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (112 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 113/305] sched/wait: Fix signal handling in bit wait helpers Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 115/305] ipv4: igmp: Allow removing groups from a removed interface Kamal Mostafa
` (190 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hanjun Guo, Rafael J. Wysocki, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hanjun Guo <hanjun.guo@linaro.org>
commit 64031e3e8a5c042840c5123af695eec89f9e6a24 upstream.
In commit 60ba032ed76e ("ACPI / property: Drop size_prop from
acpi_dev_get_property_reference()"), the argument "const char *cells_name"
was dropped, but forgot to update the stub function in no-ACPI case,
it will lead to compile error when CONFIG_ACPI=n, easliy remove
"const char *cells_name" to fix it.
Fixes: 60ba032ed76e "ACPI / property: Drop size_prop from acpi_dev_get_property_reference()"
Reported-by: Kejian Yan <yankejian@huawei.com>
Signed-off-by: Hanjun Guo <hanjun.guo@linaro.org>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/acpi.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/acpi.h b/include/linux/acpi.h
index b92ec06..242c84d 100644
--- a/include/linux/acpi.h
+++ b/include/linux/acpi.h
@@ -784,8 +784,8 @@ static inline int acpi_dev_get_property_array(struct acpi_device *adev,
return -ENXIO;
}
static inline int acpi_dev_get_property_reference(struct acpi_device *adev,
- const char *name, const char *cells_name,
- size_t index, struct acpi_reference_args *args)
+ const char *name, size_t index,
+ struct acpi_reference_args *args)
{
return -ENXIO;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 115/305] ipv4: igmp: Allow removing groups from a removed interface
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (113 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 114/305] ACPI / property: fix compile error for acpi_node_get_property_reference() when CONFIG_ACPI=n Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 116/305] isdn: Partially revert debug format string usage clean up Kamal Mostafa
` (189 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrew Lunn, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Andrew Lunn <andrew@lunn.ch>
commit 4eba7bb1d72d9bde67d810d09bf62dc207b63c5c upstream.
When a multicast group is joined on a socket, a struct ip_mc_socklist
is appended to the sockets mc_list containing information about the
joined group.
If the interface is hot unplugged, this entry becomes stale. Prior to
commit 52ad353a5344f ("igmp: fix the problem when mc leave group") it
was possible to remove the stale entry by performing a
IP_DROP_MEMBERSHIP, passing either the old ifindex or ip address on
the interface. However, this fix enforces that the interface must
still exist. Thus with time, the number of stale entries grows, until
sysctl_igmp_max_memberships is reached and then it is not possible to
join and more groups.
The previous patch fixes an issue where a IP_DROP_MEMBERSHIP is
performed without specifying the interface, either by ifindex or ip
address. However here we do supply one of these. So loosen the
restriction on device existence to only apply when the interface has
not been specified. This then restores the ability to clean up the
stale entries.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Fixes: 52ad353a5344f "(igmp: fix the problem when mc leave group")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/igmp.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 53d5252..2a2b6a4 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -2102,7 +2102,7 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
ASSERT_RTNL();
in_dev = ip_mc_find_dev(net, imr);
- if (!in_dev) {
+ if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) {
ret = -ENODEV;
goto out;
}
@@ -2123,7 +2123,8 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
*imlp = iml->next_rcu;
- ip_mc_dec_group(in_dev, group);
+ if (in_dev)
+ ip_mc_dec_group(in_dev, group);
/* decrease mem now to avoid the memleak warning */
atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 116/305] isdn: Partially revert debug format string usage clean up
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (114 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 115/305] ipv4: igmp: Allow removing groups from a removed interface Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 117/305] sched/core: Remove false-positive warning from wake_up_process() Kamal Mostafa
` (188 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kees Cook, Karsten Keil, Christoph Biedl, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
commit 19cebbcb04c8277bb8a7905957c8af11967c4e28 upstream.
Commit 35a4a57 ("isdn: clean up debug format string usage") introduced
a safeguard to avoid accidential format string interpolation of data
when calling debugl1 or HiSax_putstatus. This did however not take into
account VHiSax_putstatus (called by HiSax_putstatus) does *not* call
vsprintf if the head parameter is NULL - the format string is treated
as plain text then instead. As a result, the string "%s" is processed
literally, and the actual information is lost. This affects the isdnlog
userspace program which stopped logging information since that commit.
So revert the HiSax_putstatus invocations to the previous state.
Fixes: 35a4a5733b0a ("isdn: clean up debug format string usage")
Cc: Kees Cook <keescook@chromium.org>
Cc: Karsten Keil <isdn@linux-pingi.de>
Signed-off-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/isdn/hisax/config.c | 2 +-
drivers/isdn/hisax/hfc_pci.c | 2 +-
drivers/isdn/hisax/hfc_sx.c | 2 +-
drivers/isdn/hisax/q931.c | 6 +++---
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/isdn/hisax/config.c b/drivers/isdn/hisax/config.c
index b33f53b..bf04d2a 100644
--- a/drivers/isdn/hisax/config.c
+++ b/drivers/isdn/hisax/config.c
@@ -1896,7 +1896,7 @@ static void EChannel_proc_rcv(struct hisax_d_if *d_if)
ptr--;
*ptr++ = '\n';
*ptr = 0;
- HiSax_putstatus(cs, NULL, "%s", cs->dlog);
+ HiSax_putstatus(cs, NULL, cs->dlog);
} else
HiSax_putstatus(cs, "LogEcho: ",
"warning Frame too big (%d)",
diff --git a/drivers/isdn/hisax/hfc_pci.c b/drivers/isdn/hisax/hfc_pci.c
index 4a48255..90449e1 100644
--- a/drivers/isdn/hisax/hfc_pci.c
+++ b/drivers/isdn/hisax/hfc_pci.c
@@ -901,7 +901,7 @@ Begin:
ptr--;
*ptr++ = '\n';
*ptr = 0;
- HiSax_putstatus(cs, NULL, "%s", cs->dlog);
+ HiSax_putstatus(cs, NULL, cs->dlog);
} else
HiSax_putstatus(cs, "LogEcho: ", "warning Frame too big (%d)", total - 3);
}
diff --git a/drivers/isdn/hisax/hfc_sx.c b/drivers/isdn/hisax/hfc_sx.c
index b1fad81..13b2151 100644
--- a/drivers/isdn/hisax/hfc_sx.c
+++ b/drivers/isdn/hisax/hfc_sx.c
@@ -674,7 +674,7 @@ receive_emsg(struct IsdnCardState *cs)
ptr--;
*ptr++ = '\n';
*ptr = 0;
- HiSax_putstatus(cs, NULL, "%s", cs->dlog);
+ HiSax_putstatus(cs, NULL, cs->dlog);
} else
HiSax_putstatus(cs, "LogEcho: ", "warning Frame too big (%d)", skb->len);
}
diff --git a/drivers/isdn/hisax/q931.c b/drivers/isdn/hisax/q931.c
index b420f8b..ba4beb2 100644
--- a/drivers/isdn/hisax/q931.c
+++ b/drivers/isdn/hisax/q931.c
@@ -1179,7 +1179,7 @@ LogFrame(struct IsdnCardState *cs, u_char *buf, int size)
dp--;
*dp++ = '\n';
*dp = 0;
- HiSax_putstatus(cs, NULL, "%s", cs->dlog);
+ HiSax_putstatus(cs, NULL, cs->dlog);
} else
HiSax_putstatus(cs, "LogFrame: ", "warning Frame too big (%d)", size);
}
@@ -1246,7 +1246,7 @@ dlogframe(struct IsdnCardState *cs, struct sk_buff *skb, int dir)
}
if (finish) {
*dp = 0;
- HiSax_putstatus(cs, NULL, "%s", cs->dlog);
+ HiSax_putstatus(cs, NULL, cs->dlog);
return;
}
if ((0xfe & buf[0]) == PROTO_DIS_N0) { /* 1TR6 */
@@ -1509,5 +1509,5 @@ dlogframe(struct IsdnCardState *cs, struct sk_buff *skb, int dir)
dp += sprintf(dp, "Unknown protocol %x!", buf[0]);
}
*dp = 0;
- HiSax_putstatus(cs, NULL, "%s", cs->dlog);
+ HiSax_putstatus(cs, NULL, cs->dlog);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 117/305] sched/core: Remove false-positive warning from wake_up_process()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (115 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 116/305] isdn: Partially revert debug format string usage clean up Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 118/305] gpio: omap: drop omap1 mpuio specific irq_mask/unmask callbacks Kamal Mostafa
` (187 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sasha Levin, Peter Zijlstra (Intel),
Mike Galbraith, Thomas Gleixner, oleg, Ingo Molnar,
Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sasha Levin <sasha.levin@oracle.com>
commit 119d6f6a3be8b424b200dcee56e74484d5445f7e upstream.
Because wakeups can (fundamentally) be late, a task might not be in
the expected state. Therefore testing against a task's state is racy,
and can yield false positives.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: oleg@redhat.com
Fixes: 9067ac85d533 ("wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task")
Link: http://lkml.kernel.org/r/1448933660-23082-1-git-send-email-sasha.levin@oracle.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/sched/core.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 87c3bb8..99cc1f4 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1972,7 +1972,6 @@ out:
*/
int wake_up_process(struct task_struct *p)
{
- WARN_ON(task_is_stopped_or_traced(p));
return try_to_wake_up(p, TASK_NORMAL, 0);
}
EXPORT_SYMBOL(wake_up_process);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 118/305] gpio: omap: drop omap1 mpuio specific irq_mask/unmask callbacks
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (116 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 117/305] sched/core: Remove false-positive warning from wake_up_process() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 119/305] SUNRPC: Fix callback channel Kamal Mostafa
` (186 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tony Lindgren, Grygorii Strashko, Linus Walleij, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Grygorii Strashko <grygorii.strashko@ti.com>
commit 000255b7dfc3119c13f388f179d6fc19cd00eada upstream.
Originally OMAP MPUIO GPIO irqchip was implemented using Generic irq
chip, but after set of reworks Generic irq chip code was replaced by
common OMAP GPIO implementation and finally removed by
commit d2d05c65c40e ("gpio: omap: Fix regression for MPUIO interrupts").
Unfortunately, above commit left .irq_mask/unmask callbacks assigned
as below for MPUIO GPIO case:
irqc->irq_mask = irq_gc_mask_set_bit;
irqc->irq_unmask = irq_gc_mask_clr_bit;
This now causes boot failure on OMAP1 platforms, after
commit 450fa54cfd66 ("gpio: omap: convert to use generic irq handler")
which forces these callbacks to be called during GPIO IRQs mapping
from gpiochip_irq_map:
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c0004000
[00000000] *pgd=00000000
Internal error: Oops: 75 [#1] ARM
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 4.4.0-rc1-e3-los_afe0c+-00002-g25379c0-dirty #1
Hardware name: Amstrad E3 (Delta)
task: c1836000 ti: c1838000 task.ti: c1838000
PC is at irq_gc_mask_set_bit+0x1c/0x60
LR is at __irq_do_set_handler+0x118/0x15c
pc : [<c004848c>] lr : [<c0047d4c>] psr: 600000d3
sp : c1839c90 ip : c1862c64 fp : c1839c9c
r10: 00000000 r9 : c0411950 r8 : c0411bbc
r7 : 00000000 r6 : c185c310 r5 : c00444e8 r4 : c185c300
r3 : c1854b50 r2 : 00000000 r1 : 00000000 r0 : c185c310
Flags: nZCv IRQs off FIQs off Mode SVC_32 ISA ARM Segment kernel
Control: 0000317f Table: 10004000 DAC: 00000057
Process swapper (pid: 1, stack limit = 0xc1838190)
Stack: (0xc1839c90 to 0xc183a000)
[...]
Backtrace:
[<c0048470>] (irq_gc_mask_set_bit) from [<c0047d4c>] (__irq_do_set_handler+0x118/0x15c)
[<c0047c34>] (__irq_do_set_handler) from [<c0047dd4>] (__irq_set_handler+0x44/0x5c)
r6:00000000 r5:c00444e8 r4:c185c300
[<c0047d90>] (__irq_set_handler) from [<c0047e1c>] (irq_set_chip_and_handler_name+0x30/0x34)
r7:00000050 r6:00000000 r5:c00444e8 r4:00000050
[<c0047dec>] (irq_set_chip_and_handler_name) from [<c01b345c>] (gpiochip_irq_map+0x3c/0x8c)
r7:00000050 r6:00000000 r5:00000050 r4:c1862c64
[<c01b3420>] (gpiochip_irq_map) from [<c0049670>] (irq_domain_associate+0x7c/0x1c4)
r5:c185c310 r4:c185cb00
[<c00495f4>] (irq_domain_associate) from [<c0049894>] (irq_domain_add_simple+0x98/0xc0)
r8:c0411bbc r7:c185cb00 r6:00000050 r5:00000010 r4:00000001
[<c00497fc>] (irq_domain_add_simple) from [<c01b3328>] (_gpiochip_irqchip_add+0x64/0x10c)
r7:c1862c64 r6:c0419280 r5:c1862c64 r4:c1854b50
[<c01b32c4>] (_gpiochip_irqchip_add) from [<c01b79f4>] (omap_gpio_probe+0x2fc/0x63c)
r5:c1854b50 r4:c1862c10
[<c01b76f8>] (omap_gpio_probe) from [<c01fcf58>] (platform_drv_probe+0x2c/0x64)
r10:00000000 r9:c03e45e8 r8:00000000 r7:c0419294 r6:c0411984 r5:c0419294
r4:c0411950
[<c01fcf2c>] (platform_drv_probe) from [<c01fb668>] (really_probe+0x160/0x29c)
Hence, fix it by remove obsolete callbacks assignment. After this
change omap_gpio_mask_irq()/omap_gpio_unmask_irq() will be used
for MPUIO IRQs masking, but this now happens anyway from
omap_gpio_irq_startup/shutdown().
Cc: Tony Lindgren <tony@atomide.com>
Fixes: commit d2d05c65c40e ("gpio: omap: Fix regression for MPUIO interrupts")
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Santosh Shilimkar <ssantosh@kernel.org>
Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpio/gpio-omap.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
index 61a731f..5dc94b4 100644
--- a/drivers/gpio/gpio-omap.c
+++ b/drivers/gpio/gpio-omap.c
@@ -1118,8 +1118,6 @@ static int omap_gpio_chip_init(struct gpio_bank *bank, struct irq_chip *irqc)
/* MPUIO is a bit different, reading IRQ status clears it */
if (bank->is_mpuio) {
irqc->irq_ack = dummy_irq_chip.irq_ack;
- irqc->irq_mask = irq_gc_mask_set_bit;
- irqc->irq_unmask = irq_gc_mask_clr_bit;
if (!bank->regs->wkup_en)
irqc->irq_set_wake = NULL;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 119/305] SUNRPC: Fix callback channel
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (117 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 118/305] gpio: omap: drop omap1 mpuio specific irq_mask/unmask callbacks Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 120/305] cuse: fix memory leak Kamal Mostafa
` (185 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Benjamin Coddington, Trond Myklebust, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Trond Myklebust <trond.myklebust@primarydata.com>
commit 756b9b37cfb2e3dc76b2e43a8c097402ac736e07 upstream.
The NFSv4.1 callback channel is currently broken because the receive
message will keep shrinking because the backchannel receive buffer size
never gets reset.
The easiest solution to this problem is instead of changing the receive
buffer, to rather adjust the copied request.
Fixes: 38b7631fbe42 ("nfs4: limit callback decoding to received bytes")
Cc: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/nfs/callback_xdr.c | 7 ++-----
net/sunrpc/backchannel_rqst.c | 8 --------
net/sunrpc/svc.c | 12 ++++++++++++
3 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index 1c8213e..6b1697a 100644
--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -76,8 +76,7 @@ static __be32 *read_buf(struct xdr_stream *xdr, int nbytes)
p = xdr_inline_decode(xdr, nbytes);
if (unlikely(p == NULL))
- printk(KERN_WARNING "NFS: NFSv4 callback reply buffer overflowed "
- "or truncated request.\n");
+ printk(KERN_WARNING "NFS: NFSv4 callback reply buffer overflowed!\n");
return p;
}
@@ -893,7 +892,6 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp, void *argp, void *r
struct cb_compound_hdr_arg hdr_arg = { 0 };
struct cb_compound_hdr_res hdr_res = { NULL };
struct xdr_stream xdr_in, xdr_out;
- struct xdr_buf *rq_arg = &rqstp->rq_arg;
__be32 *p, status;
struct cb_process_state cps = {
.drc_status = 0,
@@ -905,8 +903,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp, void *argp, void *r
dprintk("%s: start\n", __func__);
- rq_arg->len = rq_arg->head[0].iov_len + rq_arg->page_len;
- xdr_init_decode(&xdr_in, rq_arg, rq_arg->head[0].iov_base);
+ xdr_init_decode(&xdr_in, &rqstp->rq_arg, rqstp->rq_arg.head[0].iov_base);
p = (__be32*)((char *)rqstp->rq_res.head[0].iov_base + rqstp->rq_res.head[0].iov_len);
xdr_init_encode(&xdr_out, &rqstp->rq_res, p);
diff --git a/net/sunrpc/backchannel_rqst.c b/net/sunrpc/backchannel_rqst.c
index d92cee1..6255d14 100644
--- a/net/sunrpc/backchannel_rqst.c
+++ b/net/sunrpc/backchannel_rqst.c
@@ -333,20 +333,12 @@ void xprt_complete_bc_request(struct rpc_rqst *req, uint32_t copied)
{
struct rpc_xprt *xprt = req->rq_xprt;
struct svc_serv *bc_serv = xprt->bc_serv;
- struct xdr_buf *rq_rcv_buf = &req->rq_rcv_buf;
spin_lock(&xprt->bc_pa_lock);
list_del(&req->rq_bc_pa_list);
xprt_dec_alloc_count(xprt, 1);
spin_unlock(&xprt->bc_pa_lock);
- if (copied <= rq_rcv_buf->head[0].iov_len) {
- rq_rcv_buf->head[0].iov_len = copied;
- rq_rcv_buf->page_len = 0;
- } else {
- rq_rcv_buf->page_len = copied - rq_rcv_buf->head[0].iov_len;
- }
-
req->rq_private_buf.len = copied;
set_bit(RPC_BC_PA_IN_USE, &req->rq_bc_pa_state);
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index cebf22d..12d5990 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -1366,7 +1366,19 @@ bc_svc_process(struct svc_serv *serv, struct rpc_rqst *req,
memcpy(&rqstp->rq_addr, &req->rq_xprt->addr, rqstp->rq_addrlen);
memcpy(&rqstp->rq_arg, &req->rq_rcv_buf, sizeof(rqstp->rq_arg));
memcpy(&rqstp->rq_res, &req->rq_snd_buf, sizeof(rqstp->rq_res));
+
+ /* Adjust the argument buffer length */
rqstp->rq_arg.len = req->rq_private_buf.len;
+ if (rqstp->rq_arg.len <= rqstp->rq_arg.head[0].iov_len) {
+ rqstp->rq_arg.head[0].iov_len = rqstp->rq_arg.len;
+ rqstp->rq_arg.page_len = 0;
+ } else if (rqstp->rq_arg.len <= rqstp->rq_arg.head[0].iov_len +
+ rqstp->rq_arg.page_len)
+ rqstp->rq_arg.page_len = rqstp->rq_arg.len -
+ rqstp->rq_arg.head[0].iov_len;
+ else
+ rqstp->rq_arg.len = rqstp->rq_arg.head[0].iov_len +
+ rqstp->rq_arg.page_len;
/* reset result send buffer "put" position */
resv->iov_len = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 120/305] cuse: fix memory leak
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (118 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 119/305] SUNRPC: Fix callback channel Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 121/305] fuse: break infinite loop in fuse_fill_write_pages() Kamal Mostafa
` (184 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Miklos Szeredi, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Miklos Szeredi <miklos@szeredi.hu>
commit 2c5816b4beccc8ba709144539f6fdd764f8fa49c upstream.
The problem is that fuse_dev_alloc() acquires an extra reference to cc.fc,
and the original ref count is never dropped.
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Fixes: cc080e9e9be1 ("fuse: introduce per-instance fuse_dev structure")
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/fuse/cuse.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c
index eae2c11..8e3ee19 100644
--- a/fs/fuse/cuse.c
+++ b/fs/fuse/cuse.c
@@ -549,6 +549,8 @@ static int cuse_channel_release(struct inode *inode, struct file *file)
unregister_chrdev_region(cc->cdev->dev, 1);
cdev_del(cc->cdev);
}
+ /* Base reference is now owned by "fud" */
+ fuse_conn_put(&cc->fc);
rc = fuse_dev_release(inode, file); /* puts the base reference */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 121/305] fuse: break infinite loop in fuse_fill_write_pages()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (119 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 120/305] cuse: fix memory leak Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 122/305] usb: gadget: pxa27x: fix suspend callback Kamal Mostafa
` (183 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrew Morton, Maxim Patlasov, Konstantin Khlebnikov,
Roman Gushchin, Miklos Szeredi, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Roman Gushchin <klamm@yandex-team.ru>
commit 3ca8138f014a913f98e6ef40e939868e1e9ea876 upstream.
I got a report about unkillable task eating CPU. Further
investigation shows, that the problem is in the fuse_fill_write_pages()
function. If iov's first segment has zero length, we get an infinite
loop, because we never reach iov_iter_advance() call.
Fix this by calling iov_iter_advance() before repeating an attempt to
copy data from userspace.
A similar problem is described in 124d3b7041f ("fix writev regression:
pan hanging unkillable and un-straceable"). If zero-length segmend
is followed by segment with invalid address,
iov_iter_fault_in_readable() checks only first segment (zero-length),
iov_iter_copy_from_user_atomic() skips it, fails at second and
returns zero -> goto again without skipping zero-length segment.
Patch calls iov_iter_advance() before goto again: we'll skip zero-length
segment at second iteraction and iov_iter_fault_in_readable() will detect
invalid address.
Special thanks to Konstantin Khlebnikov, who helped a lot with the commit
description.
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Maxim Patlasov <mpatlasov@parallels.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Roman Gushchin <klamm@yandex-team.ru>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Fixes: ea9b9907b82a ("fuse: implement perform_write")
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/fuse/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index f523f2f..195476a 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1049,6 +1049,7 @@ static ssize_t fuse_fill_write_pages(struct fuse_req *req,
tmp = iov_iter_copy_from_user_atomic(page, ii, offset, bytes);
flush_dcache_page(page);
+ iov_iter_advance(ii, tmp);
if (!tmp) {
unlock_page(page);
page_cache_release(page);
@@ -1061,7 +1062,6 @@ static ssize_t fuse_fill_write_pages(struct fuse_req *req,
req->page_descs[req->num_pages].length = tmp;
req->num_pages++;
- iov_iter_advance(ii, tmp);
count += tmp;
pos += tmp;
offset += tmp;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 122/305] usb: gadget: pxa27x: fix suspend callback
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (120 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 121/305] fuse: break infinite loop in fuse_fill_write_pages() Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 123/305] iio: fix some warning messages Kamal Mostafa
` (182 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Felipe Balbi, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Felipe Balbi <balbi@ti.com>
commit 391e6dcb37857d5659b53def2f41e2f56850d33c upstream.
pxa27x disconnects pullups on suspend but doesn't
notify the gadget driver about it, so gadget driver
can't disable the endpoints it was using.
This causes problems on resume because gadget core
will think endpoints are still enabled and just
ignore the following usb_ep_enable().
Fix this problem by calling
gadget_driver->disconnect().
Tested-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/gadget/udc/pxa27x_udc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/gadget/udc/pxa27x_udc.c b/drivers/usb/gadget/udc/pxa27x_udc.c
index b51226a..7a45470 100644
--- a/drivers/usb/gadget/udc/pxa27x_udc.c
+++ b/drivers/usb/gadget/udc/pxa27x_udc.c
@@ -2535,6 +2535,9 @@ static int pxa_udc_suspend(struct platform_device *_dev, pm_message_t state)
udc->pullup_resume = udc->pullup_on;
dplus_pullup(udc, 0);
+ if (udc->driver)
+ udc->driver->disconnect(&udc->gadget);
+
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 123/305] iio: fix some warning messages
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (121 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 122/305] usb: gadget: pxa27x: fix suspend callback Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 124/305] iio: adc: spmi-vadc: add missing of_node_put Kamal Mostafa
` (181 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dan Carpenter, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 231bfe53c57e89857753c940192acba933cba56c upstream.
WARN_ON() only takes a condition argument. I have changed these to
WARN() instead.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/industrialio-buffer.c | 2 +-
drivers/iio/industrialio-core.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c
index b3fda9e..ccb7747 100644
--- a/drivers/iio/industrialio-buffer.c
+++ b/drivers/iio/industrialio-buffer.c
@@ -289,7 +289,7 @@ static int iio_scan_mask_set(struct iio_dev *indio_dev,
if (trialmask == NULL)
return -ENOMEM;
if (!indio_dev->masklength) {
- WARN_ON("Trying to set scanmask prior to registering buffer\n");
+ WARN(1, "Trying to set scanmask prior to registering buffer\n");
goto err_invalid_mask;
}
bitmap_copy(trialmask, buffer->scan_mask, indio_dev->masklength);
diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
index 3524b0d..30e116b 100644
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -637,7 +637,7 @@ int __iio_device_attr_init(struct device_attribute *dev_attr,
break;
case IIO_SEPARATE:
if (!chan->indexed) {
- WARN_ON("Differential channels must be indexed\n");
+ WARN(1, "Differential channels must be indexed\n");
ret = -EINVAL;
goto error_free_full_postfix;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 124/305] iio: adc: spmi-vadc: add missing of_node_put
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (122 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 123/305] iio: fix some warning messages Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 125/305] USB: cp210x: Remove CP2110 ID from compatibility list Kamal Mostafa
` (180 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Julia Lawall, Jonathan Cameron, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Julia Lawall <Julia.Lawall@lip6.fr>
commit d4c65fe4ed69a62a30a680789322ed677e3438af upstream.
for_each_available_child_of_node performs an of_node_get on each iteration,
so a break out of the loop requires an of_node_put.
A simplified version of the semantic patch that fixes this problem is as
follows (http://coccinelle.lip6.fr):
// <smpl>
@@
expression root,e;
local idexpression child;
@@
for_each_available_child_of_node(root, child) {
... when != of_node_put(child)
when != e = child
(
return child;
|
+ of_node_put(child);
? return ...;
)
...
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/iio/adc/qcom-spmi-vadc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/adc/qcom-spmi-vadc.c b/drivers/iio/adc/qcom-spmi-vadc.c
index 0c4618b..c2babe5 100644
--- a/drivers/iio/adc/qcom-spmi-vadc.c
+++ b/drivers/iio/adc/qcom-spmi-vadc.c
@@ -839,8 +839,10 @@ static int vadc_get_dt_data(struct vadc_priv *vadc, struct device_node *node)
for_each_available_child_of_node(node, child) {
ret = vadc_get_dt_channel_data(vadc->dev, &prop, child);
- if (ret)
+ if (ret) {
+ of_node_put(child);
return ret;
+ }
vadc->chan_props[index] = prop;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 125/305] USB: cp210x: Remove CP2110 ID from compatibility list
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (123 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 124/305] iio: adc: spmi-vadc: add missing of_node_put Kamal Mostafa
@ 2016-01-15 23:58 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 126/305] USB: cdc_acm: Ignore Infineon Flash Loader utility Kamal Mostafa
` (179 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:58 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Konstantin Shkolnyy, Johan Hovold, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Konstantin Shkolnyy <konstantin.shkolnyy@gmail.com>
commit 7c90e610b60cd1ed6abafd806acfaedccbbe52d1 upstream.
CP2110 ID (0x10c4, 0xea80) doesn't belong here because it's a HID
and completely different from CP210x devices.
Signed-off-by: Konstantin Shkolnyy <konstantin.shkolnyy@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/serial/cp210x.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
index eac7cca..7d4f51a 100644
--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -132,7 +132,6 @@ static const struct usb_device_id id_table[] = {
{ USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */
{ USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */
{ USB_DEVICE(0x10C4, 0xEA70) }, /* Silicon Labs factory default */
- { USB_DEVICE(0x10C4, 0xEA80) }, /* Silicon Labs factory default */
{ USB_DEVICE(0x10C4, 0xEA71) }, /* Infinity GPS-MIC-1 Radio Monophone */
{ USB_DEVICE(0x10C4, 0xF001) }, /* Elan Digital Systems USBscope50 */
{ USB_DEVICE(0x10C4, 0xF002) }, /* Elan Digital Systems USBwave12 */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 126/305] USB: cdc_acm: Ignore Infineon Flash Loader utility
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (124 preceding siblings ...)
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 125/305] USB: cp210x: Remove CP2110 ID from compatibility list Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 127/305] USB: serial: Another Infineon flash loader USB ID Kamal Mostafa
` (178 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jonas Jonsson, Johan Hovold, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jonas Jonsson <jonas@ludd.ltu.se>
commit f33a7f72e5fc033daccbb8d4753d7c5c41a4d67b upstream.
Some modems, such as the Telit UE910, are using an Infineon Flash Loader
utility. It has two interfaces, 2/2/0 (Abstract Modem) and 10/0/0 (CDC
Data). The latter can be used as a serial interface to upgrade the
firmware of the modem. However, that isn't possible when the cdc-acm
driver takes control of the device.
The following is an explanation of the behaviour by Daniele Palmas during
discussion on linux-usb.
"This is what happens when the device is turned on (without modifying
the drivers):
[155492.352031] usb 1-3: new high-speed USB device number 27 using ehci-pci
[155492.485429] usb 1-3: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[155492.485436] usb 1-3: New USB device found, idVendor=058b, idProduct=0041
[155492.485439] usb 1-3: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[155492.485952] cdc_acm 1-3:1.0: ttyACM0: USB ACM device
This is the flashing device that is caught by the cdc-acm driver. Once
the ttyACM appears, the application starts sending a magic string
(simple write on the file descriptor) to keep the device in flashing
mode. If this magic string is not properly received in a certain time
interval, the modem goes on in normal operative mode:
[155493.748094] usb 1-3: USB disconnect, device number 27
[155494.916025] usb 1-3: new high-speed USB device number 28 using ehci-pci
[155495.059978] usb 1-3: New USB device found, idVendor=1bc7, idProduct=0021
[155495.059983] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[155495.059986] usb 1-3: Product: 6 CDC-ACM + 1 CDC-ECM
[155495.059989] usb 1-3: Manufacturer: Telit
[155495.059992] usb 1-3: SerialNumber: 359658044004697
[155495.138958] cdc_acm 1-3:1.0: ttyACM0: USB ACM device
[155495.140832] cdc_acm 1-3:1.2: ttyACM1: USB ACM device
[155495.142827] cdc_acm 1-3:1.4: ttyACM2: USB ACM device
[155495.144462] cdc_acm 1-3:1.6: ttyACM3: USB ACM device
[155495.145967] cdc_acm 1-3:1.8: ttyACM4: USB ACM device
[155495.147588] cdc_acm 1-3:1.10: ttyACM5: USB ACM device
[155495.154322] cdc_ether 1-3:1.12 wwan0: register 'cdc_ether' at usb-0000:00:1a.7-3, Mobile Broadband Network Device, 00:00:11:12:13:14
Using the cdc-acm driver, the string, though being sent in the same way
than using the usb-serial-simple driver (I can confirm that the data is
passing properly since I used an hw usb sniffer), does not make the
device to stay in flashing mode."
Signed-off-by: Jonas Jonsson <jonas@ludd.ltu.se>
Tested-by: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/class/cdc-acm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index b30e742..26ca4f9 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1838,6 +1838,11 @@ static const struct usb_device_id acm_ids[] = {
},
#endif
+ /* Exclude Infineon Flash Loader utility */
+ { USB_DEVICE(0x058b, 0x0041),
+ .driver_info = IGNORE_DEVICE,
+ },
+
/* control interfaces without any protocol set */
{ USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM,
USB_CDC_PROTO_NONE) },
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 127/305] USB: serial: Another Infineon flash loader USB ID
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (125 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 126/305] USB: cdc_acm: Ignore Infineon Flash Loader utility Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 128/305] ext4: Fix handling of extended tv_sec Kamal Mostafa
` (177 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jonas Jonsson, Johan Hovold, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jonas Jonsson <jonas@ludd.ltu.se>
commit a0e80fbd56b4573de997c9a088a33abbc1121400 upstream.
The flash loader has been seen on a Telit UE910 modem. The flash loader
is a bit special, it presents both an ACM and CDC Data interface but
only the latter is useful. Unless a magic string is sent to the device
it will disappear and the regular modem device appears instead.
Signed-off-by: Jonas Jonsson <jonas@ludd.ltu.se>
Tested-by: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/serial/usb-serial-simple.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c
index 3658662..a204782 100644
--- a/drivers/usb/serial/usb-serial-simple.c
+++ b/drivers/usb/serial/usb-serial-simple.c
@@ -53,6 +53,7 @@ DEVICE(funsoft, FUNSOFT_IDS);
/* Infineon Flashloader driver */
#define FLASHLOADER_IDS() \
+ { USB_DEVICE_INTERFACE_CLASS(0x058b, 0x0041, USB_CLASS_CDC_DATA) }, \
{ USB_DEVICE(0x8087, 0x0716) }
DEVICE(flashloader, FLASHLOADER_IDS);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 128/305] ext4: Fix handling of extended tv_sec
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (126 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 127/305] USB: serial: Another Infineon flash loader USB ID Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 129/305] jbd2: Fix unreclaimed pages after truncate in data=journal mode Kamal Mostafa
` (176 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Turner, Theodore Ts'o, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Turner <novalis@novalis.org>
commit a4dad1ae24f850410c4e60f22823cba1289b8d52 upstream.
In ext4, the bottom two bits of {a,c,m}time_extra are used to extend
the {a,c,m}time fields, deferring the year 2038 problem to the year
2446.
When decoding these extended fields, for times whose bottom 32 bits
would represent a negative number, sign extension causes the 64-bit
extended timestamp to be negative as well, which is not what's
intended. This patch corrects that issue, so that the only negative
{a,c,m}times are those between 1901 and 1970 (as per 32-bit signed
timestamps).
Some older kernels might have written pre-1970 dates with 1,1 in the
extra bits. This patch treats those incorrectly-encoded dates as
pre-1970, instead of post-2311, until kernel 4.20 is released.
Hopefully by then e2fsck will have fixed up the bad data.
Also add a comment explaining the encoding of ext4's extra {a,c,m}time
bits.
Signed-off-by: David Turner <novalis@novalis.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Mark Harris <mh8928@yahoo.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=23732
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext4/ext4.h | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 44 insertions(+), 7 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index f5e9f04..de57be0 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -26,6 +26,7 @@
#include <linux/seqlock.h>
#include <linux/mutex.h>
#include <linux/timer.h>
+#include <linux/version.h>
#include <linux/wait.h>
#include <linux/blockgroup_lock.h>
#include <linux/percpu_counter.h>
@@ -723,19 +724,55 @@ struct move_extent {
<= (EXT4_GOOD_OLD_INODE_SIZE + \
(einode)->i_extra_isize)) \
+/*
+ * We use an encoding that preserves the times for extra epoch "00":
+ *
+ * extra msb of adjust for signed
+ * epoch 32-bit 32-bit tv_sec to
+ * bits time decoded 64-bit tv_sec 64-bit tv_sec valid time range
+ * 0 0 1 -0x80000000..-0x00000001 0x000000000 1901-12-13..1969-12-31
+ * 0 0 0 0x000000000..0x07fffffff 0x000000000 1970-01-01..2038-01-19
+ * 0 1 1 0x080000000..0x0ffffffff 0x100000000 2038-01-19..2106-02-07
+ * 0 1 0 0x100000000..0x17fffffff 0x100000000 2106-02-07..2174-02-25
+ * 1 0 1 0x180000000..0x1ffffffff 0x200000000 2174-02-25..2242-03-16
+ * 1 0 0 0x200000000..0x27fffffff 0x200000000 2242-03-16..2310-04-04
+ * 1 1 1 0x280000000..0x2ffffffff 0x300000000 2310-04-04..2378-04-22
+ * 1 1 0 0x300000000..0x37fffffff 0x300000000 2378-04-22..2446-05-10
+ *
+ * Note that previous versions of the kernel on 64-bit systems would
+ * incorrectly use extra epoch bits 1,1 for dates between 1901 and
+ * 1970. e2fsck will correct this, assuming that it is run on the
+ * affected filesystem before 2242.
+ */
+
static inline __le32 ext4_encode_extra_time(struct timespec *time)
{
- return cpu_to_le32((sizeof(time->tv_sec) > 4 ?
- (time->tv_sec >> 32) & EXT4_EPOCH_MASK : 0) |
- ((time->tv_nsec << EXT4_EPOCH_BITS) & EXT4_NSEC_MASK));
+ u32 extra = sizeof(time->tv_sec) > 4 ?
+ ((time->tv_sec - (s32)time->tv_sec) >> 32) & EXT4_EPOCH_MASK : 0;
+ return cpu_to_le32(extra | (time->tv_nsec << EXT4_EPOCH_BITS));
}
static inline void ext4_decode_extra_time(struct timespec *time, __le32 extra)
{
- if (sizeof(time->tv_sec) > 4)
- time->tv_sec |= (__u64)(le32_to_cpu(extra) & EXT4_EPOCH_MASK)
- << 32;
- time->tv_nsec = (le32_to_cpu(extra) & EXT4_NSEC_MASK) >> EXT4_EPOCH_BITS;
+ if (unlikely(sizeof(time->tv_sec) > 4 &&
+ (extra & cpu_to_le32(EXT4_EPOCH_MASK)))) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,20,0)
+ /* Handle legacy encoding of pre-1970 dates with epoch
+ * bits 1,1. We assume that by kernel version 4.20,
+ * everyone will have run fsck over the affected
+ * filesystems to correct the problem. (This
+ * backwards compatibility may be removed before this
+ * time, at the discretion of the ext4 developers.)
+ */
+ u64 extra_bits = le32_to_cpu(extra) & EXT4_EPOCH_MASK;
+ if (extra_bits == 3 && ((time->tv_sec) & 0x80000000) != 0)
+ extra_bits = 0;
+ time->tv_sec += extra_bits << 32;
+#else
+ time->tv_sec += (u64)(le32_to_cpu(extra) & EXT4_EPOCH_MASK) << 32;
+#endif
+ }
+ time->tv_nsec = (le32_to_cpu(extra) & EXT4_NSEC_MASK) >> EXT4_EPOCH_BITS;
}
#define EXT4_INODE_SET_XTIME(xtime, inode, raw_inode) \
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 129/305] jbd2: Fix unreclaimed pages after truncate in data=journal mode
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (127 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 128/305] ext4: Fix handling of extended tv_sec Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 130/305] drm/ttm: Fixed a read/write lock imbalance Kamal Mostafa
` (175 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jan Kara, Theodore Ts'o, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jan Kara <jack@suse.cz>
commit bc23f0c8d7ccd8d924c4e70ce311288cb3e61ea8 upstream.
Ted and Namjae have reported that truncated pages don't get timely
reclaimed after being truncated in data=journal mode. The following test
triggers the issue easily:
for (i = 0; i < 1000; i++) {
pwrite(fd, buf, 1024*1024, 0);
fsync(fd);
fsync(fd);
ftruncate(fd, 0);
}
The reason is that journal_unmap_buffer() finds that truncated buffers
are not journalled (jh->b_transaction == NULL), they are part of
checkpoint list of a transaction (jh->b_cp_transaction != NULL) and have
been already written out (!buffer_dirty(bh)). We clean such buffers but
we leave them in the checkpoint list. Since checkpoint transaction holds
a reference to the journal head, these buffers cannot be released until
the checkpoint transaction is cleaned up. And at that point we don't
call release_buffer_page() anymore so pages detached from mapping are
lingering in the system waiting for reclaim to find them and free them.
Fix the problem by removing buffers from transaction checkpoint lists
when journal_unmap_buffer() finds out they don't have to be there
anymore.
Reported-and-tested-by: Namjae Jeon <namjae.jeon@samsung.com>
Fixes: de1b794130b130e77ffa975bb58cb843744f9ae5
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/jbd2/transaction.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index f3d0617..91a571b 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -2108,6 +2108,7 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
if (!buffer_dirty(bh)) {
/* bdflush has written it. We can drop it now */
+ __jbd2_journal_remove_checkpoint(jh);
goto zap_buffer;
}
@@ -2137,6 +2138,7 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
/* The orphan record's transaction has
* committed. We can cleanse this buffer */
clear_buffer_jbddirty(bh);
+ __jbd2_journal_remove_checkpoint(jh);
goto zap_buffer;
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 130/305] drm/ttm: Fixed a read/write lock imbalance
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (128 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 129/305] jbd2: Fix unreclaimed pages after truncate in data=journal mode Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 131/305] ext4: fix an endianness bug in ext4_encrypted_zeroout() Kamal Mostafa
` (174 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Thomas Hellstrom, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Thomas Hellstrom <thellstrom@vmware.com>
commit 025af189fb44250206dd8a32fa4a682392af3301 upstream.
In ttm_write_lock(), the uninterruptible path should call
__ttm_write_lock() not __ttm_read_lock(). This fixes a vmwgfx hang
on F23 start up.
syeh: Extracted this from one of Thomas' internal patches.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Sinclair Yeh <syeh@vmware.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/ttm/ttm_lock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/ttm/ttm_lock.c b/drivers/gpu/drm/ttm/ttm_lock.c
index 6a95454..f154fb1 100644
--- a/drivers/gpu/drm/ttm/ttm_lock.c
+++ b/drivers/gpu/drm/ttm/ttm_lock.c
@@ -180,7 +180,7 @@ int ttm_write_lock(struct ttm_lock *lock, bool interruptible)
spin_unlock(&lock->lock);
}
} else
- wait_event(lock->queue, __ttm_read_lock(lock));
+ wait_event(lock->queue, __ttm_write_lock(lock));
return ret;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 131/305] ext4: fix an endianness bug in ext4_encrypted_zeroout()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (129 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 130/305] drm/ttm: Fixed a read/write lock imbalance Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 132/305] ext4: fix an endianness bug in ext4_encrypted_follow_link() Kamal Mostafa
` (173 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Al Viro, Theodore Ts'o, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@ZenIV.linux.org.uk>
commit e2c9e0b28e146c9a3bce21408f3c02e24ac7ac31 upstream.
ex->ee_block is not host-endian (note that accesses of other fields
of *ex right next to that line go through the helpers that do proper
conversion from little-endian to host-endian; it might make sense
to add similar for ->ee_block to avoid reintroducing that kind of
bugs...)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext4/crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
index 54a5169..b44c4e5 100644
--- a/fs/ext4/crypto.c
+++ b/fs/ext4/crypto.c
@@ -407,7 +407,7 @@ int ext4_encrypted_zeroout(struct inode *inode, struct ext4_extent *ex)
struct ext4_crypto_ctx *ctx;
struct page *ciphertext_page = NULL;
struct bio *bio;
- ext4_lblk_t lblk = ex->ee_block;
+ ext4_lblk_t lblk = le32_to_cpu(ex->ee_block);
ext4_fsblk_t pblk = ext4_ext_pblock(ex);
unsigned int len = ext4_ext_get_actual_len(ex);
int err = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 132/305] ext4: fix an endianness bug in ext4_encrypted_follow_link()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (130 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 131/305] ext4: fix an endianness bug in ext4_encrypted_zeroout() Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 133/305] AHCI: Fix softreset failed issue of Port Multiplier Kamal Mostafa
` (172 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Al Viro, Theodore Ts'o, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@ZenIV.linux.org.uk>
commit 5a1c7f47da9b32d0671e776b0f388095b7f91e2e upstream.
applying le32_to_cpu() to 16bit value is a bad idea...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext4/symlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/symlink.c b/fs/ext4/symlink.c
index c677f2c..3627fd7 100644
--- a/fs/ext4/symlink.c
+++ b/fs/ext4/symlink.c
@@ -52,7 +52,7 @@ static const char *ext4_encrypted_follow_link(struct dentry *dentry, void **cook
/* Symlink is encrypted */
sd = (struct ext4_encrypted_symlink_data *)caddr;
cstr.name = sd->encrypted_path;
- cstr.len = le32_to_cpu(sd->len);
+ cstr.len = le16_to_cpu(sd->len);
if ((cstr.len +
sizeof(struct ext4_encrypted_symlink_data) - 1) >
max_size) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 133/305] AHCI: Fix softreset failed issue of Port Multiplier
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (131 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 132/305] ext4: fix an endianness bug in ext4_encrypted_follow_link() Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 134/305] sata_sil: disable trim Kamal Mostafa
` (171 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Xiangliang Yu, Tejun Heo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Xiangliang Yu <Xiangliang.Yu@amd.com>
commit 023113d24ef9e1d2b44cb2446872b17e2b01d8b1 upstream.
Current code doesn't update port value of Port Multiplier(PM) when
sending FIS of softreset to device, command will fail if FBS is
enabled.
There are two ways to fix the issue: the first is to disable FBS
before sending softreset command to PM device and the second is
to update port value of PM when sending command.
For the first way, i can't find any related rule in AHCI Spec. The
second way can avoid disabling FBS and has better performance.
Signed-off-by: Xiangliang Yu <Xiangliang.Yu@amd.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/ata/libahci.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
index d256a66..98c482a 100644
--- a/drivers/ata/libahci.c
+++ b/drivers/ata/libahci.c
@@ -1266,6 +1266,15 @@ static int ahci_exec_polled_cmd(struct ata_port *ap, int pmp,
ata_tf_to_fis(tf, pmp, is_cmd, fis);
ahci_fill_cmd_slot(pp, 0, cmd_fis_len | flags | (pmp << 12));
+ /* set port value for softreset of Port Multiplier */
+ if (pp->fbs_enabled && pp->fbs_last_dev != pmp) {
+ tmp = readl(port_mmio + PORT_FBS);
+ tmp &= ~(PORT_FBS_DEV_MASK | PORT_FBS_DEC);
+ tmp |= pmp << PORT_FBS_DEV_OFFSET;
+ writel(tmp, port_mmio + PORT_FBS);
+ pp->fbs_last_dev = pmp;
+ }
+
/* issue & wait */
writel(1, port_mmio + PORT_CMD_ISSUE);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 134/305] sata_sil: disable trim
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (132 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 133/305] AHCI: Fix softreset failed issue of Port Multiplier Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 135/305] usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter JMicron Kamal Mostafa
` (170 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mikulas Patocka, Tejun Heo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit d98f1cd0a3b70ea91f1dfda3ac36c3b2e1a4d5e2 upstream.
When I connect an Intel SSD to SATA SIL controller (PCI ID 1095:3114), any
TRIM command results in I/O errors being reported in the log. There is
other similar error reported with TRIM and the SIL controller:
https://bugs.centos.org/view.php?id=5880
Apparently the controller doesn't support TRIM commands. This patch
disables TRIM support on the SATA SIL controller.
ata7.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
ata7.00: BMDMA2 stat 0x50001
ata7.00: failed command: DATA SET MANAGEMENT
ata7.00: cmd 06/01:01:00:00:00/00:00:00:00:00/a0 tag 0 dma 512 out
res 51/04:01:00:00:00/00:00:00:00:00/a0 Emask 0x1 (device error)
ata7.00: status: { DRDY ERR }
ata7.00: error: { ABRT }
ata7.00: device reported invalid CHS sector 0
sd 8:0:0:0: [sdb] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
sd 8:0:0:0: [sdb] tag#0 Sense Key : Illegal Request [current] [descriptor]
sd 8:0:0:0: [sdb] tag#0 Add. Sense: Unaligned write command
sd 8:0:0:0: [sdb] tag#0 CDB: Write same(16) 93 08 00 00 00 00 00 21 95 88 00 20 00 00 00 00
blk_update_request: I/O error, dev sdb, sector 2200968
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/ata/sata_sil.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/ata/sata_sil.c b/drivers/ata/sata_sil.c
index dea6edc..29bcff0 100644
--- a/drivers/ata/sata_sil.c
+++ b/drivers/ata/sata_sil.c
@@ -630,6 +630,9 @@ static void sil_dev_config(struct ata_device *dev)
unsigned int n, quirks = 0;
unsigned char model_num[ATA_ID_PROD_LEN + 1];
+ /* This controller doesn't support trim */
+ dev->horkage |= ATA_HORKAGE_NOTRIM;
+
ata_id_c_string(dev->id, model_num, ATA_ID_PROD, sizeof(model_num));
for (n = 0; sil_blacklist[n].product; n++)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 135/305] usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter JMicron
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (133 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 134/305] sata_sil: disable trim Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 136/305] staging: lustre: echo_copy.._lsm() dereferences userland pointers directly Kamal Mostafa
` (169 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dmitry Katsubo, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dmitry Katsubo <dmitry.katsubo@gmail.com>
commit 9fa62b1a31c96715aef34f25000e882ed4ac4876 upstream.
The patch extends the family of SATA-to-USB JMicron adapters that need
FUA to be disabled and applies the same policy for uas driver.
See details in http://unix.stackexchange.com/questions/237204/
Signed-off-by: Dmitry Katsubo <dmitry.katsubo@gmail.com>
Tested-by: Dmitry Katsubo <dmitry.katsubo@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/storage/uas.c | 4 ++++
drivers/usb/storage/unusual_devs.h | 2 +-
drivers/usb/storage/unusual_uas.h | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
index f689219..43b1caf 100644
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -796,6 +796,10 @@ static int uas_slave_configure(struct scsi_device *sdev)
if (devinfo->flags & US_FL_NO_REPORT_OPCODES)
sdev->no_report_opcodes = 1;
+ /* A few buggy USB-ATA bridges don't understand FUA */
+ if (devinfo->flags & US_FL_BROKEN_FUA)
+ sdev->broken_fua = 1;
+
scsi_change_queue_depth(sdev, devinfo->qdepth - 2);
return 0;
}
diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
index 6b24791..7ffe420 100644
--- a/drivers/usb/storage/unusual_devs.h
+++ b/drivers/usb/storage/unusual_devs.h
@@ -1987,7 +1987,7 @@ UNUSUAL_DEV( 0x14cd, 0x6600, 0x0201, 0x0201,
US_FL_IGNORE_RESIDUE ),
/* Reported by Michael Büsch <m@bues.ch> */
-UNUSUAL_DEV( 0x152d, 0x0567, 0x0114, 0x0114,
+UNUSUAL_DEV( 0x152d, 0x0567, 0x0114, 0x0116,
"JMicron",
"USB to ATA/ATAPI Bridge",
USB_SC_DEVICE, USB_PR_DEVICE, NULL,
diff --git a/drivers/usb/storage/unusual_uas.h b/drivers/usb/storage/unusual_uas.h
index c85ea53..ccc113e 100644
--- a/drivers/usb/storage/unusual_uas.h
+++ b/drivers/usb/storage/unusual_uas.h
@@ -132,7 +132,7 @@ UNUSUAL_DEV(0x152d, 0x0567, 0x0000, 0x9999,
"JMicron",
"JMS567",
USB_SC_DEVICE, USB_PR_DEVICE, NULL,
- US_FL_NO_REPORT_OPCODES),
+ US_FL_BROKEN_FUA | US_FL_NO_REPORT_OPCODES),
/* Reported-by: Hans de Goede <hdegoede@redhat.com> */
UNUSUAL_DEV(0x2109, 0x0711, 0x0000, 0x9999,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 136/305] staging: lustre: echo_copy.._lsm() dereferences userland pointers directly
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (134 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 135/305] usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter JMicron Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 137/305] irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB Kamal Mostafa
` (168 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Al Viro, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@ZenIV.linux.org.uk>
commit 9225c0b7b976dd9ceac2b80727a60d8fcb906a62 upstream.
missing get_user()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/staging/lustre/lustre/obdecho/echo_client.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/drivers/staging/lustre/lustre/obdecho/echo_client.c b/drivers/staging/lustre/lustre/obdecho/echo_client.c
index 0222fd2..a3783a2 100644
--- a/drivers/staging/lustre/lustre/obdecho/echo_client.c
+++ b/drivers/staging/lustre/lustre/obdecho/echo_client.c
@@ -1268,6 +1268,7 @@ static int
echo_copyout_lsm(struct lov_stripe_md *lsm, void *_ulsm, int ulsm_nob)
{
struct lov_stripe_md *ulsm = _ulsm;
+ struct lov_oinfo **p;
int nob, i;
nob = offsetof(struct lov_stripe_md, lsm_oinfo[lsm->lsm_stripe_count]);
@@ -1277,9 +1278,10 @@ echo_copyout_lsm(struct lov_stripe_md *lsm, void *_ulsm, int ulsm_nob)
if (copy_to_user(ulsm, lsm, sizeof(*ulsm)))
return -EFAULT;
- for (i = 0; i < lsm->lsm_stripe_count; i++) {
- if (copy_to_user(ulsm->lsm_oinfo[i], lsm->lsm_oinfo[i],
- sizeof(lsm->lsm_oinfo[0])))
+ for (i = 0, p = lsm->lsm_oinfo; i < lsm->lsm_stripe_count; i++, p++) {
+ struct lov_oinfo __user *up;
+ if (get_user(up, ulsm->lsm_oinfo + i) ||
+ copy_to_user(up, *p, sizeof(struct lov_oinfo)))
return -EFAULT;
}
return 0;
@@ -1287,9 +1289,10 @@ echo_copyout_lsm(struct lov_stripe_md *lsm, void *_ulsm, int ulsm_nob)
static int
echo_copyin_lsm(struct echo_device *ed, struct lov_stripe_md *lsm,
- void *ulsm, int ulsm_nob)
+ struct lov_stripe_md __user *ulsm, int ulsm_nob)
{
struct echo_client_obd *ec = ed->ed_ec;
+ struct lov_oinfo **p;
int i;
if (ulsm_nob < sizeof(*lsm))
@@ -1304,12 +1307,10 @@ echo_copyin_lsm(struct echo_device *ed, struct lov_stripe_md *lsm,
((__u64)lsm->lsm_stripe_size * lsm->lsm_stripe_count > ~0UL))
return -EINVAL;
-
- for (i = 0; i < lsm->lsm_stripe_count; i++) {
- if (copy_from_user(lsm->lsm_oinfo[i],
- ((struct lov_stripe_md *)ulsm)-> \
- lsm_oinfo[i],
- sizeof(lsm->lsm_oinfo[0])))
+ for (i = 0, p = lsm->lsm_oinfo; i < lsm->lsm_stripe_count; i++, p++) {
+ struct lov_oinfo __user *up;
+ if (get_user(up, ulsm->lsm_oinfo + i) ||
+ copy_from_user(*p, up, sizeof(struct lov_oinfo)))
return -EFAULT;
}
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 137/305] irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (135 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 136/305] staging: lustre: echo_copy.._lsm() dereferences userland pointers directly Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 138/305] usb: core : hub: Fix BOS 'NULL pointer' kernel panic Kamal Mostafa
` (167 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guillaume Delbergue, Arnd Bergmann, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Guillaume Delbergue <guillaume.delbergue@greensocs.com>
commit d5d4fdd86f5759924fe54efa793e22eccf508db6 upstream.
This patch is specifically for PCI support on the Versatile PB board using
a DT. Currently, the dynamic IRQ mapping is broken when using DTs. For
example, on QEMU, the SCSI driver is unable to request the IRQ. To fix
this issue, this patch replaces the current dynamic mechanism with a
static value as is done in the non-DT case.
Signed-off-by: Guillaume Delbergue <guillaume.delbergue@greensocs.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/irqchip/irq-versatile-fpga.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/irqchip/irq-versatile-fpga.c b/drivers/irqchip/irq-versatile-fpga.c
index 888111b..18822f0 100644
--- a/drivers/irqchip/irq-versatile-fpga.c
+++ b/drivers/irqchip/irq-versatile-fpga.c
@@ -210,7 +210,12 @@ int __init fpga_irq_of_init(struct device_node *node,
parent_irq = -1;
}
+#ifdef CONFIG_ARCH_VERSATILE
+ fpga_irq_init(base, node->name, IRQ_SIC_START, parent_irq, valid_mask,
+ node);
+#else
fpga_irq_init(base, node->name, 0, parent_irq, valid_mask, node);
+#endif
writel(clear_mask, base + IRQ_ENABLE_CLEAR);
writel(clear_mask, base + FIQ_ENABLE_CLEAR);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 138/305] usb: core : hub: Fix BOS 'NULL pointer' kernel panic
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (136 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 137/305] irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 139/305] USB: whci-hcd: add check for dma mapping error Kamal Mostafa
` (166 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hans Yang, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hans Yang <hansy@nvidia.com>
commit 464ad8c43a9ead98c2b0eaed86bea727f2ad106e upstream.
When a USB 3.0 mass storage device is disconnected in transporting
state, storage device driver may handle it as a transport error and
reset the device by invoking usb_reset_and_verify_device()
and following could happen:
in usb_reset_and_verify_device():
udev->bos = NULL;
For U1/U2 enabled devices, driver will disable LPM, and in some
conditions:
from usb_unlocked_disable_lpm()
--> usb_disable_lpm()
--> usb_enable_lpm()
udev->bos->ss_cap->bU1devExitLat;
And it causes 'NULL pointer' and 'kernel panic':
[ 157.976257] Unable to handle kernel NULL pointer dereference
at virtual address 00000010
...
[ 158.026400] PC is at usb_enable_link_state+0x34/0x2e0
[ 158.031442] LR is at usb_enable_lpm+0x98/0xac
...
[ 158.137368] [<ffffffc0006a1cac>] usb_enable_link_state+0x34/0x2e0
[ 158.143451] [<ffffffc0006a1fec>] usb_enable_lpm+0x94/0xac
[ 158.148840] [<ffffffc0006a20e8>] usb_disable_lpm+0xa8/0xb4
...
[ 158.214954] Kernel panic - not syncing: Fatal exception
This commit moves 'udev->bos = NULL' behind usb_unlocked_disable_lpm()
to prevent from NULL pointer access.
Issue can be reproduced by following setup:
1) A SS pen drive behind a SS hub connected to the host.
2) Transporting data between the pen drive and the host.
3) Abruptly disconnect hub and pen drive from host.
4) With a chance it crashes.
Signed-off-by: Hans Yang <hansy@nvidia.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/core/hub.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 73dfa19..253b08b 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5313,9 +5313,6 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
if (udev->usb2_hw_lpm_enabled == 1)
usb_set_usb2_hardware_lpm(udev, 0);
- bos = udev->bos;
- udev->bos = NULL;
-
/* Disable LPM and LTM while we reset the device and reinstall the alt
* settings. Device-initiated LPM settings, and system exit latency
* settings are cleared when the device is reset, so we have to set
@@ -5324,15 +5321,18 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
ret = usb_unlocked_disable_lpm(udev);
if (ret) {
dev_err(&udev->dev, "%s Failed to disable LPM\n.", __func__);
- goto re_enumerate;
+ goto re_enumerate_no_bos;
}
ret = usb_disable_ltm(udev);
if (ret) {
dev_err(&udev->dev, "%s Failed to disable LTM\n.",
__func__);
- goto re_enumerate;
+ goto re_enumerate_no_bos;
}
+ bos = udev->bos;
+ udev->bos = NULL;
+
for (i = 0; i < SET_CONFIG_TRIES; ++i) {
/* ep0 maxpacket size may change; let the HCD know about it.
@@ -5429,10 +5429,11 @@ done:
return 0;
re_enumerate:
- /* LPM state doesn't matter when we're about to destroy the device. */
- hub_port_logical_disconnect(parent_hub, port1);
usb_release_bos_descriptor(udev);
udev->bos = bos;
+re_enumerate_no_bos:
+ /* LPM state doesn't matter when we're about to destroy the device. */
+ hub_port_logical_disconnect(parent_hub, port1);
return -ENODEV;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 139/305] USB: whci-hcd: add check for dma mapping error
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (137 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 138/305] usb: core : hub: Fix BOS 'NULL pointer' kernel panic Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 140/305] usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message Kamal Mostafa
` (165 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alexey Khoroshilov, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alexey Khoroshilov <khoroshilov@ispras.ru>
commit f9fa1887dcf26bd346665a6ae3d3f53dec54cba1 upstream.
qset_fill_page_list() do not check for dma mapping errors.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/whci/qset.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/host/whci/qset.c b/drivers/usb/host/whci/qset.c
index dc31c42..9f1c053 100644
--- a/drivers/usb/host/whci/qset.c
+++ b/drivers/usb/host/whci/qset.c
@@ -377,6 +377,10 @@ static int qset_fill_page_list(struct whc *whc, struct whc_std *std, gfp_t mem_f
if (std->pl_virt == NULL)
return -ENOMEM;
std->dma_addr = dma_map_single(whc->wusbhc.dev, std->pl_virt, pl_len, DMA_TO_DEVICE);
+ if (dma_mapping_error(whc->wusbhc.dev, std->dma_addr)) {
+ kfree(std->pl_virt);
+ return -EFAULT;
+ }
for (p = 0; p < std->num_pointers; p++) {
std->pl_virt[p].buf_ptr = cpu_to_le64(dma_addr);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 140/305] usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (138 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 139/305] USB: whci-hcd: add check for dma mapping error Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 141/305] dm btree: fix leak of bufio-backed block in btree_split_sibling error path Kamal Mostafa
` (164 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ben Hutchings, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 5377adb092664d336ac212499961cac5e8728794 upstream.
usb_parse_ss_endpoint_companion() now decodes the burst multiplier
correctly in order to check that it's <= 3, but still uses the wrong
expression if warning that it's > 3.
Fixes: ff30cbc8da42 ("usb: Use the USB_SS_MULT() macro to get the ...")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/core/config.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
index b9ddf0c..894894f 100644
--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -115,7 +115,8 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
USB_SS_MULT(desc->bmAttributes) > 3) {
dev_warn(ddev, "Isoc endpoint has Mult of %d in "
"config %d interface %d altsetting %d ep %d: "
- "setting to 3\n", desc->bmAttributes + 1,
+ "setting to 3\n",
+ USB_SS_MULT(desc->bmAttributes),
cfgno, inum, asnum, ep->desc.bEndpointAddress);
ep->ss_ep_comp.bmAttributes = 2;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 141/305] dm btree: fix leak of bufio-backed block in btree_split_sibling error path
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (139 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 140/305] usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 142/305] dm thin metadata: fix bug in dm_thin_remove_range() Kamal Mostafa
` (163 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mike Snitzer <snitzer@redhat.com>
commit 30ce6e1cc5a0f781d60227e9096c86e188d2c2bd upstream.
The block allocated at the start of btree_split_sibling() is never
released if later insert_at() fails.
Fix this by releasing the previously allocated bufio block using
unlock_block().
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/persistent-data/dm-btree.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
index d6e4703..7ba85e2 100644
--- a/drivers/md/persistent-data/dm-btree.c
+++ b/drivers/md/persistent-data/dm-btree.c
@@ -471,8 +471,10 @@ static int btree_split_sibling(struct shadow_spine *s, dm_block_t root,
r = insert_at(sizeof(__le64), pn, parent_index + 1,
le64_to_cpu(rn->keys[0]), &location);
- if (r)
+ if (r) {
+ unlock_block(s->info, right);
return r;
+ }
if (key < le64_to_cpu(rn->keys[0])) {
unlock_block(s->info, right);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 142/305] dm thin metadata: fix bug in dm_thin_remove_range()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (140 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 141/305] dm btree: fix leak of bufio-backed block in btree_split_sibling error path Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 143/305] SCSI: Fix NULL pointer dereference in runtime PM Kamal Mostafa
` (162 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Joe Thornber, Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Joe Thornber <ejt@redhat.com>
commit 993ceab91986e2e737ce9a3e23bebc8cce649240 upstream.
dm_btree_remove_leaves() only unmaps a contiguous region so we need a
loop, in __remove_range(), to handle ranges that contain multiple
regions.
A new btree function, dm_btree_lookup_next(), is introduced which is
more efficiently able to skip over regions of the thin device which
aren't mapped. __remove_range() uses dm_btree_lookup_next() for each
iteration of __remove_range()'s loop.
Also, improve description of dm_btree_remove_leaves().
Fixes: 6550f075 ("dm thin metadata: add dm_thin_remove_range()")
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/dm-thin-metadata.c | 28 +++++++++---
drivers/md/persistent-data/dm-btree.c | 81 +++++++++++++++++++++++++++++++++++
drivers/md/persistent-data/dm-btree.h | 14 ++++--
3 files changed, 115 insertions(+), 8 deletions(-)
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
index 6ba47cf..53a7d58 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -1530,7 +1530,7 @@ static int __remove(struct dm_thin_device *td, dm_block_t block)
static int __remove_range(struct dm_thin_device *td, dm_block_t begin, dm_block_t end)
{
int r;
- unsigned count;
+ unsigned count, total_count = 0;
struct dm_pool_metadata *pmd = td->pmd;
dm_block_t keys[1] = { td->id };
__le64 value;
@@ -1553,11 +1553,29 @@ static int __remove_range(struct dm_thin_device *td, dm_block_t begin, dm_block_
if (r)
return r;
- r = dm_btree_remove_leaves(&pmd->bl_info, mapping_root, &begin, end, &mapping_root, &count);
- if (r)
- return r;
+ /*
+ * Remove leaves stops at the first unmapped entry, so we have to
+ * loop round finding mapped ranges.
+ */
+ while (begin < end) {
+ r = dm_btree_lookup_next(&pmd->bl_info, mapping_root, &begin, &begin, &value);
+ if (r == -ENODATA)
+ break;
+
+ if (r)
+ return r;
+
+ if (begin >= end)
+ break;
+
+ r = dm_btree_remove_leaves(&pmd->bl_info, mapping_root, &begin, end, &mapping_root, &count);
+ if (r)
+ return r;
+
+ total_count += count;
+ }
- td->mapped_blocks -= count;
+ td->mapped_blocks -= total_count;
td->changed = 1;
/*
diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
index 7ba85e2..40bbd51 100644
--- a/drivers/md/persistent-data/dm-btree.c
+++ b/drivers/md/persistent-data/dm-btree.c
@@ -63,6 +63,11 @@ int lower_bound(struct btree_node *n, uint64_t key)
return bsearch(n, key, 0);
}
+static int upper_bound(struct btree_node *n, uint64_t key)
+{
+ return bsearch(n, key, 1);
+}
+
void inc_children(struct dm_transaction_manager *tm, struct btree_node *n,
struct dm_btree_value_type *vt)
{
@@ -390,6 +395,82 @@ int dm_btree_lookup(struct dm_btree_info *info, dm_block_t root,
}
EXPORT_SYMBOL_GPL(dm_btree_lookup);
+static int dm_btree_lookup_next_single(struct dm_btree_info *info, dm_block_t root,
+ uint64_t key, uint64_t *rkey, void *value_le)
+{
+ int r, i;
+ uint32_t flags, nr_entries;
+ struct dm_block *node;
+ struct btree_node *n;
+
+ r = bn_read_lock(info, root, &node);
+ if (r)
+ return r;
+
+ n = dm_block_data(node);
+ flags = le32_to_cpu(n->header.flags);
+ nr_entries = le32_to_cpu(n->header.nr_entries);
+
+ if (flags & INTERNAL_NODE) {
+ i = lower_bound(n, key);
+ if (i < 0 || i >= nr_entries) {
+ r = -ENODATA;
+ goto out;
+ }
+
+ r = dm_btree_lookup_next_single(info, value64(n, i), key, rkey, value_le);
+ if (r == -ENODATA && i < (nr_entries - 1)) {
+ i++;
+ r = dm_btree_lookup_next_single(info, value64(n, i), key, rkey, value_le);
+ }
+
+ } else {
+ i = upper_bound(n, key);
+ if (i < 0 || i >= nr_entries) {
+ r = -ENODATA;
+ goto out;
+ }
+
+ *rkey = le64_to_cpu(n->keys[i]);
+ memcpy(value_le, value_ptr(n, i), info->value_type.size);
+ }
+out:
+ dm_tm_unlock(info->tm, node);
+ return r;
+}
+
+int dm_btree_lookup_next(struct dm_btree_info *info, dm_block_t root,
+ uint64_t *keys, uint64_t *rkey, void *value_le)
+{
+ unsigned level;
+ int r = -ENODATA;
+ __le64 internal_value_le;
+ struct ro_spine spine;
+
+ init_ro_spine(&spine, info);
+ for (level = 0; level < info->levels - 1u; level++) {
+ r = btree_lookup_raw(&spine, root, keys[level],
+ lower_bound, rkey,
+ &internal_value_le, sizeof(uint64_t));
+ if (r)
+ goto out;
+
+ if (*rkey != keys[level]) {
+ r = -ENODATA;
+ goto out;
+ }
+
+ root = le64_to_cpu(internal_value_le);
+ }
+
+ r = dm_btree_lookup_next_single(info, root, keys[level], rkey, value_le);
+out:
+ exit_ro_spine(&spine);
+ return r;
+}
+
+EXPORT_SYMBOL_GPL(dm_btree_lookup_next);
+
/*
* Splits a node by creating a sibling node and shifting half the nodes
* contents across. Assumes there is a parent node, and it has room for
diff --git a/drivers/md/persistent-data/dm-btree.h b/drivers/md/persistent-data/dm-btree.h
index 11d8cf7..c74301f 100644
--- a/drivers/md/persistent-data/dm-btree.h
+++ b/drivers/md/persistent-data/dm-btree.h
@@ -110,6 +110,13 @@ int dm_btree_lookup(struct dm_btree_info *info, dm_block_t root,
uint64_t *keys, void *value_le);
/*
+ * Tries to find the first key where the bottom level key is >= to that
+ * given. Useful for skipping empty sections of the btree.
+ */
+int dm_btree_lookup_next(struct dm_btree_info *info, dm_block_t root,
+ uint64_t *keys, uint64_t *rkey, void *value_le);
+
+/*
* Insertion (or overwrite an existing value). O(ln(n))
*/
int dm_btree_insert(struct dm_btree_info *info, dm_block_t root,
@@ -135,9 +142,10 @@ int dm_btree_remove(struct dm_btree_info *info, dm_block_t root,
uint64_t *keys, dm_block_t *new_root);
/*
- * Removes values between 'keys' and keys2, where keys2 is keys with the
- * final key replaced with 'end_key'. 'end_key' is the one-past-the-end
- * value. 'keys' may be altered.
+ * Removes a _contiguous_ run of values starting from 'keys' and not
+ * reaching keys2 (where keys2 is keys with the final key replaced with
+ * 'end_key'). 'end_key' is the one-past-the-end value. 'keys' may be
+ * altered.
*/
int dm_btree_remove_leaves(struct dm_btree_info *info, dm_block_t root,
uint64_t *keys, uint64_t end_key,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 143/305] SCSI: Fix NULL pointer dereference in runtime PM
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (141 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 142/305] dm thin metadata: fix bug in dm_thin_remove_range() Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 144/305] perf: Fix PERF_EVENT_IOC_PERIOD deadlock Kamal Mostafa
` (161 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ken Xue, Xiangliang Yu, James E.J. Bottomley, Jens Axboe,
Michael Terry, Jens Axboe, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ken Xue <ken.xue@amd.com>
commit 4fd41a8552afc01054d9d9fc7f1a63c324867d27 upstream.
The routines in scsi_pm.c assume that if a runtime-PM callback is
invoked for a SCSI device, it can only mean that the device's driver
has asked the block layer to handle the runtime power management (by
calling blk_pm_runtime_init(), which among other things sets q->dev).
However, this assumption turns out to be wrong for things like the ses
driver. Normally ses devices are not allowed to do runtime PM, but
userspace can override this setting. If this happens, the kernel gets
a NULL pointer dereference when blk_post_runtime_resume() tries to use
the uninitialized q->dev pointer.
This patch fixes the problem by checking q->dev in block layer before
handle runtime PM. Since ses doesn't define any PM callbacks and call
blk_pm_runtime_init(), the crash won't occur.
This fixes Bugzilla #101371.
https://bugzilla.kernel.org/show_bug.cgi?id=101371
More discussion can be found from below link.
http://marc.info/?l=linux-scsi&m=144163730531875&w=2
Signed-off-by: Ken Xue <Ken.Xue@amd.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Xiangliang Yu <Xiangliang.Yu@amd.com>
Cc: James E.J. Bottomley <JBottomley@odin.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Michael Terry <Michael.terry@canonical.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
block/blk-core.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/block/blk-core.c b/block/blk-core.c
index 56c08e1..4a9b995 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -3273,6 +3273,9 @@ int blk_pre_runtime_suspend(struct request_queue *q)
{
int ret = 0;
+ if (!q->dev)
+ return ret;
+
spin_lock_irq(q->queue_lock);
if (q->nr_pending) {
ret = -EBUSY;
@@ -3300,6 +3303,9 @@ EXPORT_SYMBOL(blk_pre_runtime_suspend);
*/
void blk_post_runtime_suspend(struct request_queue *q, int err)
{
+ if (!q->dev)
+ return;
+
spin_lock_irq(q->queue_lock);
if (!err) {
q->rpm_status = RPM_SUSPENDED;
@@ -3324,6 +3330,9 @@ EXPORT_SYMBOL(blk_post_runtime_suspend);
*/
void blk_pre_runtime_resume(struct request_queue *q)
{
+ if (!q->dev)
+ return;
+
spin_lock_irq(q->queue_lock);
q->rpm_status = RPM_RESUMING;
spin_unlock_irq(q->queue_lock);
@@ -3346,6 +3355,9 @@ EXPORT_SYMBOL(blk_pre_runtime_resume);
*/
void blk_post_runtime_resume(struct request_queue *q, int err)
{
+ if (!q->dev)
+ return;
+
spin_lock_irq(q->queue_lock);
if (!err) {
q->rpm_status = RPM_ACTIVE;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 144/305] perf: Fix PERF_EVENT_IOC_PERIOD deadlock
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (142 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 143/305] SCSI: Fix NULL pointer dereference in runtime PM Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 145/305] xhci: Fix memory leak in xhci_pme_acpi_rtd3_enable() Kamal Mostafa
` (160 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Zijlstra (Intel),
Alexander Potapenko, Arnaldo Carvalho de Melo,
Arnaldo Carvalho de Melo, Eric Dumazet, Jiri Olsa,
Kostya Serebryany, Linus Torvalds, Sasha Levin, Stephane Eranian,
Thomas Gleixner, Vince Weaver, Ingo Molnar, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Zijlstra <peterz@infradead.org>
commit 642c2d671ceff40e9453203ea0c66e991e11e249 upstream.
Dmitry reported a fairly silly recursive lock deadlock for
PERF_EVENT_IOC_PERIOD, fix this by explicitly doing the inactive part of
__perf_event_period() instead of calling that function.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Potapenko <glider@google.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: c7999c6f3fed ("perf: Fix PERF_EVENT_IOC_PERIOD migration race")
Link: http://lkml.kernel.org/r/20151130115615.GJ17308@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/events/core.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index c06fa66..d86859f 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -4034,7 +4034,14 @@ retry:
goto retry;
}
- __perf_event_period(&pe);
+ if (event->attr.freq) {
+ event->attr.sample_freq = value;
+ } else {
+ event->attr.sample_period = value;
+ event->hw.sample_period = value;
+ }
+
+ local64_set(&event->hw.period_left, 0);
raw_spin_unlock_irq(&ctx->lock);
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 145/305] xhci: Fix memory leak in xhci_pme_acpi_rtd3_enable()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (143 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 144/305] perf: Fix PERF_EVENT_IOC_PERIOD deadlock Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 146/305] usb: xhci: fix config fail of FS hub behind a HS hub with MTT Kamal Mostafa
` (159 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mika Westerberg, Mathias Nyman, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit 84ed91526f9881886d70a082032236edaa20e7d4 upstream.
There is a memory leak because acpi_evaluate_dsm() actually returns an
object which the caller is supposed to release. Fix this by calling
ACPI_FREE() for the returned object (this expands to kfree() so passing
NULL there is fine as well).
While there correct indentation in !CONFIG_ACPI case.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/xhci-pci.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
index c47d3e4..c92235a 100644
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -188,10 +188,14 @@ static void xhci_pme_acpi_rtd3_enable(struct pci_dev *dev)
0xb7, 0x0c, 0x34, 0xac, 0x01, 0xe9, 0xbf, 0x45,
0xb7, 0xe6, 0x2b, 0x34, 0xec, 0x93, 0x1e, 0x23,
};
- acpi_evaluate_dsm(ACPI_HANDLE(&dev->dev), intel_dsm_uuid, 3, 1, NULL);
+ union acpi_object *obj;
+
+ obj = acpi_evaluate_dsm(ACPI_HANDLE(&dev->dev), intel_dsm_uuid, 3, 1,
+ NULL);
+ ACPI_FREE(obj);
}
#else
- static void xhci_pme_acpi_rtd3_enable(struct pci_dev *dev) { }
+static void xhci_pme_acpi_rtd3_enable(struct pci_dev *dev) { }
#endif /* CONFIG_ACPI */
/* called during probe() after chip reset completes */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 146/305] usb: xhci: fix config fail of FS hub behind a HS hub with MTT
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (144 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 145/305] xhci: Fix memory leak in xhci_pme_acpi_rtd3_enable() Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 147/305] jbd2: fix null committed data return in undo_access Kamal Mostafa
` (158 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chunfeng Yun, Mathias Nyman, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
commit 096b110a3dd3c868e4610937c80d2e3f3357c1a9 upstream.
if a full speed hub connects to a high speed hub which
supports MTT, the MTT field of its slot context will be set
to 1 when xHCI driver setups an xHCI virtual device in
xhci_setup_addressable_virt_dev(); once usb core fetch its
hub descriptor, and need to update the xHC's internal data
structures for the device, the HUB field of its slot context
will be set to 1 too, meanwhile MTT is also set before,
this will cause configure endpoint command fail, so in the
case, we should clear MTT to 0 for full speed hub according
to section 6.2.2
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/xhci.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 6062996..b30f55e 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -4782,8 +4782,16 @@ int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev,
ctrl_ctx->add_flags |= cpu_to_le32(SLOT_FLAG);
slot_ctx = xhci_get_slot_ctx(xhci, config_cmd->in_ctx);
slot_ctx->dev_info |= cpu_to_le32(DEV_HUB);
+ /*
+ * refer to section 6.2.2: MTT should be 0 for full speed hub,
+ * but it may be already set to 1 when setup an xHCI virtual
+ * device, so clear it anyway.
+ */
if (tt->multi)
slot_ctx->dev_info |= cpu_to_le32(DEV_MTT);
+ else if (hdev->speed == USB_SPEED_FULL)
+ slot_ctx->dev_info &= cpu_to_le32(~DEV_MTT);
+
if (xhci->hci_version > 0x95) {
xhci_dbg(xhci, "xHCI version %x needs hub "
"TT think time and number of ports\n",
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 147/305] jbd2: fix null committed data return in undo_access
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (145 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 146/305] usb: xhci: fix config fail of FS hub behind a HS hub with MTT Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 148/305] block: detach bdev inode from its wb in __blkdev_put() Kamal Mostafa
` (157 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Junxiao Bi, Theodore Ts'o, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Junxiao Bi <junxiao.bi@oracle.com>
commit 087ffd4eae9929afd06f6a709861df3c3508492a upstream.
introduced jbd2_write_access_granted() to improve write|undo_access
speed, but missed to check the status of b_committed_data which caused
a kernel panic on ocfs2.
[ 6538.405938] ------------[ cut here ]------------
[ 6538.406686] kernel BUG at fs/ocfs2/suballoc.c:2400!
[ 6538.406686] invalid opcode: 0000 [#1] SMP
[ 6538.406686] Modules linked in: ocfs2 nfsd lockd grace nfs_acl auth_rpcgss sunrpc autofs4 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sd_mod sg ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ppdev xen_kbdfront xen_netfront xen_fbfront parport_pc parport pcspkr i2c_piix4 acpi_cpufreq ext4 jbd2 mbcache xen_blkfront floppy pata_acpi ata_generic ata_piix cirrus ttm drm_kms_helper drm fb_sys_fops sysimgblt sysfillrect i2c_core syscopyarea dm_mirror dm_region_hash dm_log dm_mod
[ 6538.406686] CPU: 1 PID: 16265 Comm: mmap_truncate Not tainted 4.3.0 #1
[ 6538.406686] Hardware name: Xen HVM domU, BIOS 4.3.1OVM 05/14/2014
[ 6538.406686] task: ffff88007c2bab00 ti: ffff880075b78000 task.ti: ffff880075b78000
[ 6538.406686] RIP: 0010:[<ffffffffa06a286b>] [<ffffffffa06a286b>] ocfs2_block_group_clear_bits+0x23b/0x250 [ocfs2]
[ 6538.406686] RSP: 0018:ffff880075b7b7f8 EFLAGS: 00010246
[ 6538.406686] RAX: ffff8800760c5b40 RBX: ffff88006c06a000 RCX: ffffffffa06e6df0
[ 6538.406686] RDX: 0000000000000000 RSI: ffff88007a6f6ea0 RDI: ffff88007a760430
[ 6538.406686] RBP: ffff880075b7b878 R08: 0000000000000002 R09: 0000000000000001
[ 6538.406686] R10: ffffffffa06769be R11: 0000000000000000 R12: 0000000000000001
[ 6538.406686] R13: ffffffffa06a1750 R14: 0000000000000001 R15: ffff88007a6f6ea0
[ 6538.406686] FS: 00007f17fde30720(0000) GS:ffff88007f040000(0000) knlGS:0000000000000000
[ 6538.406686] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6538.406686] CR2: 0000000000601730 CR3: 000000007aea0000 CR4: 00000000000406e0
[ 6538.406686] Stack:
[ 6538.406686] ffff88007c2bb5b0 ffff880075b7b8e0 ffff88007a7604b0 ffff88006c640800
[ 6538.406686] ffff88007a7604b0 ffff880075d77390 0000000075b7b878 ffffffffa06a309d
[ 6538.406686] ffff880075d752d8 ffff880075b7b990 ffff880075b7b898 0000000000000000
[ 6538.406686] Call Trace:
[ 6538.406686] [<ffffffffa06a309d>] ? ocfs2_read_group_descriptor+0x6d/0xa0 [ocfs2]
[ 6538.406686] [<ffffffffa06a3654>] _ocfs2_free_suballoc_bits+0xe4/0x320 [ocfs2]
[ 6538.406686] [<ffffffffa06a1750>] ? ocfs2_put_slot+0xf0/0xf0 [ocfs2]
[ 6538.406686] [<ffffffffa06a397e>] _ocfs2_free_clusters+0xee/0x210 [ocfs2]
[ 6538.406686] [<ffffffffa06a1750>] ? ocfs2_put_slot+0xf0/0xf0 [ocfs2]
[ 6538.406686] [<ffffffffa06a1750>] ? ocfs2_put_slot+0xf0/0xf0 [ocfs2]
[ 6538.406686] [<ffffffffa0682d50>] ? ocfs2_extend_trans+0x50/0x1a0 [ocfs2]
[ 6538.406686] [<ffffffffa06a3ad5>] ocfs2_free_clusters+0x15/0x20 [ocfs2]
[ 6538.406686] [<ffffffffa065072c>] ocfs2_replay_truncate_records+0xfc/0x290 [ocfs2]
[ 6538.406686] [<ffffffffa06843ac>] ? ocfs2_start_trans+0xec/0x1d0 [ocfs2]
[ 6538.406686] [<ffffffffa0654600>] __ocfs2_flush_truncate_log+0x140/0x2d0 [ocfs2]
[ 6538.406686] [<ffffffffa0654394>] ? ocfs2_reserve_blocks_for_rec_trunc.clone.0+0x44/0x170 [ocfs2]
[ 6538.406686] [<ffffffffa065acd4>] ocfs2_remove_btree_range+0x374/0x630 [ocfs2]
[ 6538.406686] [<ffffffffa017486b>] ? jbd2_journal_stop+0x25b/0x470 [jbd2]
[ 6538.406686] [<ffffffffa065d5b5>] ocfs2_commit_truncate+0x305/0x670 [ocfs2]
[ 6538.406686] [<ffffffffa0683430>] ? ocfs2_journal_access_eb+0x20/0x20 [ocfs2]
[ 6538.406686] [<ffffffffa067adb7>] ocfs2_truncate_file+0x297/0x380 [ocfs2]
[ 6538.406686] [<ffffffffa01759e4>] ? jbd2_journal_begin_ordered_truncate+0x64/0xc0 [jbd2]
[ 6538.406686] [<ffffffffa067c7a2>] ocfs2_setattr+0x572/0x860 [ocfs2]
[ 6538.406686] [<ffffffff810e4a3f>] ? current_fs_time+0x3f/0x50
[ 6538.406686] [<ffffffff812124b7>] notify_change+0x1d7/0x340
[ 6538.406686] [<ffffffff8121abf9>] ? generic_getxattr+0x79/0x80
[ 6538.406686] [<ffffffff811f5876>] do_truncate+0x66/0x90
[ 6538.406686] [<ffffffff81120e30>] ? __audit_syscall_entry+0xb0/0x110
[ 6538.406686] [<ffffffff811f5bb3>] do_sys_ftruncate.clone.0+0xf3/0x120
[ 6538.406686] [<ffffffff811f5bee>] SyS_ftruncate+0xe/0x10
[ 6538.406686] [<ffffffff816aa2ae>] entry_SYSCALL_64_fastpath+0x12/0x71
[ 6538.406686] Code: 28 48 81 ee b0 04 00 00 48 8b 92 50 fb ff ff 48 8b 80 b0 03 00 00 48 39 90 88 00 00 00 0f 84 30 fe ff ff 0f 0b eb fe 0f 0b eb fe <0f> 0b 0f 1f 00 eb fb 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00
[ 6538.406686] RIP [<ffffffffa06a286b>] ocfs2_block_group_clear_bits+0x23b/0x250 [ocfs2]
[ 6538.406686] RSP <ffff880075b7b7f8>
[ 6538.691128] ---[ end trace 31cd7011d6770d7e ]---
[ 6538.694492] Kernel panic - not syncing: Fatal exception
[ 6538.695484] Kernel Offset: disabled
Fixes: de92c8caf16c("jbd2: speedup jbd2_journal_get_[write|undo]_access()")
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/jbd2/transaction.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index 91a571b..ad7c3fd 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -991,7 +991,8 @@ out:
}
/* Fast check whether buffer is already attached to the required transaction */
-static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh)
+static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh,
+ bool undo)
{
struct journal_head *jh;
bool ret = false;
@@ -1018,6 +1019,9 @@ static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh)
jh = READ_ONCE(bh->b_private);
if (!jh)
goto out;
+ /* For undo access buffer must have data copied */
+ if (undo && !jh->b_committed_data)
+ goto out;
if (jh->b_transaction != handle->h_transaction &&
jh->b_next_transaction != handle->h_transaction)
goto out;
@@ -1055,7 +1059,7 @@ int jbd2_journal_get_write_access(handle_t *handle, struct buffer_head *bh)
struct journal_head *jh;
int rc;
- if (jbd2_write_access_granted(handle, bh))
+ if (jbd2_write_access_granted(handle, bh, false))
return 0;
jh = jbd2_journal_add_journal_head(bh);
@@ -1192,7 +1196,7 @@ int jbd2_journal_get_undo_access(handle_t *handle, struct buffer_head *bh)
char *committed_data = NULL;
JBUFFER_TRACE(jh, "entry");
- if (jbd2_write_access_granted(handle, bh))
+ if (jbd2_write_access_granted(handle, bh, true))
return 0;
jh = jbd2_journal_add_journal_head(bh);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 148/305] block: detach bdev inode from its wb in __blkdev_put()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (146 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 147/305] jbd2: fix null committed data return in undo_access Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 149/305] ALSA: rme96: Fix unexpected volume reset after rate changes Kamal Mostafa
` (156 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Ilya Dryomov, Jens Axboe, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ilya Dryomov <idryomov@gmail.com>
commit 43d1c0eb7e11919f85200d2fce211173526f7304 upstream.
Since 52ebea749aae ("writeback: make backing_dev_info host
cgroup-specific bdi_writebacks") inode, at some point in its lifetime,
gets attached to a wb (struct bdi_writeback). Detaching happens on
evict, in inode_detach_wb() called from __destroy_inode(), and involves
updating wb.
However, detaching an internal bdev inode from its wb in
__destroy_inode() is too late. Its bdi and by extension root wb are
embedded into struct request_queue, which has different lifetime rules
and can be freed long before the final bdput() is called (can be from
__fput() of a corresponding /dev inode, through dput() - evict() -
bd_forget(). bdevs hold onto the underlying disk/queue pair only while
opened; as soon as bdev is closed all bets are off. In fact,
disk/queue can be gone before __blkdev_put() even returns:
1499 static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part)
1500 {
...
1518 if (bdev->bd_contains == bdev) {
1519 if (disk->fops->release)
1520 disk->fops->release(disk, mode);
[ Driver puts its references to disk/queue ]
1521 }
1522 if (!bdev->bd_openers) {
1523 struct module *owner = disk->fops->owner;
1524
1525 disk_put_part(bdev->bd_part);
1526 bdev->bd_part = NULL;
1527 bdev->bd_disk = NULL;
1528 if (bdev != bdev->bd_contains)
1529 victim = bdev->bd_contains;
1530 bdev->bd_contains = NULL;
1531
1532 put_disk(disk);
[ We put ours, the queue is gone
The last bdput() would result in a write to invalid memory ]
1533 module_put(owner);
...
1539 }
Since bdev inodes are special anyway, detach them in __blkdev_put()
after clearing inode's dirty bits, turning the problematic
inode_detach_wb() in __destroy_inode() into a noop.
add_disk() grabs its disk->queue since 523e1d399ce0 ("block: make
gendisk hold a reference to its queue"), so the old ->release comment
is removed in favor of the new inode_detach_wb() comment.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Acked-by: Tejun Heo <tj@kernel.org>
Tested-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
[ kamal: backport to 4.2-stable: bdev_write_inode() takes an inode ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/block_dev.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 1170f8c..426b30f 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1499,11 +1499,14 @@ static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part)
WARN_ON_ONCE(bdev->bd_holders);
sync_blockdev(bdev);
kill_bdev(bdev);
+
+ bdev_write_inode(bdev->bd_inode);
/*
- * ->release can cause the queue to disappear, so flush all
- * dirty data before.
+ * Detaching bdev inode from its wb in __destroy_inode()
+ * is too late: the queue which embeds its bdi (along with
+ * root wb) can be gone as soon as we put_disk() below.
*/
- bdev_write_inode(bdev->bd_inode);
+ inode_detach_wb(bdev->bd_inode);
}
if (bdev->bd_contains == bdev) {
if (disk->fops->release)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 149/305] ALSA: rme96: Fix unexpected volume reset after rate changes
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (147 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 148/305] block: detach bdev inode from its wb in __blkdev_put() Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 150/305] ALSA: hda - Add inverted dmic for Packard Bell DOTS Kamal Mostafa
` (155 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit a74a821624c0c75388a193337babd17a8c02c740 upstream.
rme96 driver needs to reset DAC depending on the sample rate, and this
results in resetting to the max volume suddenly. It's because of the
missing call of snd_rme96_apply_dac_volume().
However, calling this function right after the DAC reset still may not
work, and we need some delay before this call. Since the DAC reset
and the procedure after that are performed in the spinlock, we delay
the DAC volume restore at the end after the spinlock.
Reported-and-tested-by: Sylvain LABOISNE <maeda1@free.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/rme96.c | 41 ++++++++++++++++++++++++++---------------
1 file changed, 26 insertions(+), 15 deletions(-)
diff --git a/sound/pci/rme96.c b/sound/pci/rme96.c
index 2306ccf..77c963c 100644
--- a/sound/pci/rme96.c
+++ b/sound/pci/rme96.c
@@ -741,10 +741,11 @@ snd_rme96_playback_setrate(struct rme96 *rme96,
{
/* change to/from double-speed: reset the DAC (if available) */
snd_rme96_reset_dac(rme96);
+ return 1; /* need to restore volume */
} else {
writel(rme96->wcreg, rme96->iobase + RME96_IO_CONTROL_REGISTER);
+ return 0;
}
- return 0;
}
static int
@@ -980,6 +981,7 @@ snd_rme96_playback_hw_params(struct snd_pcm_substream *substream,
struct rme96 *rme96 = snd_pcm_substream_chip(substream);
struct snd_pcm_runtime *runtime = substream->runtime;
int err, rate, dummy;
+ bool apply_dac_volume = false;
runtime->dma_area = (void __force *)(rme96->iobase +
RME96_IO_PLAY_BUFFER);
@@ -993,24 +995,26 @@ snd_rme96_playback_hw_params(struct snd_pcm_substream *substream,
{
/* slave clock */
if ((int)params_rate(params) != rate) {
- spin_unlock_irq(&rme96->lock);
- return -EIO;
- }
- } else if ((err = snd_rme96_playback_setrate(rme96, params_rate(params))) < 0) {
- spin_unlock_irq(&rme96->lock);
- return err;
- }
- if ((err = snd_rme96_playback_setformat(rme96, params_format(params))) < 0) {
- spin_unlock_irq(&rme96->lock);
- return err;
+ err = -EIO;
+ goto error;
+ }
+ } else {
+ err = snd_rme96_playback_setrate(rme96, params_rate(params));
+ if (err < 0)
+ goto error;
+ apply_dac_volume = err > 0; /* need to restore volume later? */
}
+
+ err = snd_rme96_playback_setformat(rme96, params_format(params));
+ if (err < 0)
+ goto error;
snd_rme96_setframelog(rme96, params_channels(params), 1);
if (rme96->capture_periodsize != 0) {
if (params_period_size(params) << rme96->playback_frlog !=
rme96->capture_periodsize)
{
- spin_unlock_irq(&rme96->lock);
- return -EBUSY;
+ err = -EBUSY;
+ goto error;
}
}
rme96->playback_periodsize =
@@ -1021,9 +1025,16 @@ snd_rme96_playback_hw_params(struct snd_pcm_substream *substream,
rme96->wcreg &= ~(RME96_WCR_PRO | RME96_WCR_DOLBY | RME96_WCR_EMP);
writel(rme96->wcreg |= rme96->wcreg_spdif_stream, rme96->iobase + RME96_IO_CONTROL_REGISTER);
}
+
+ err = 0;
+ error:
spin_unlock_irq(&rme96->lock);
-
- return 0;
+ if (apply_dac_volume) {
+ usleep_range(3000, 10000);
+ snd_rme96_apply_dac_volume(rme96);
+ }
+
+ return err;
}
static int
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 150/305] ALSA: hda - Add inverted dmic for Packard Bell DOTS
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (148 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 149/305] ALSA: rme96: Fix unexpected volume reset after rate changes Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 151/305] vhost: relax log address alignment Kamal Mostafa
` (154 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Henningsson, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Henningsson <david.henningsson@canonical.com>
commit 02f6ff90400d055f08b0ba0b5f0707630b6faed7 upstream.
On the internal mic of the Packard Bell DOTS, one channel
has an inverted signal. Add a quirk to fix this up.
BugLink: https://bugs.launchpad.net/bugs/1523232
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 78a77f6..66818e1 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6617,6 +6617,7 @@ static const struct hda_fixup alc662_fixups[] = {
static const struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x1019, 0x9087, "ECS", ALC662_FIXUP_ASUS_MODE2),
SND_PCI_QUIRK(0x1025, 0x022f, "Acer Aspire One", ALC662_FIXUP_INV_DMIC),
+ SND_PCI_QUIRK(0x1025, 0x0241, "Packard Bell DOTS", ALC662_FIXUP_INV_DMIC),
SND_PCI_QUIRK(0x1025, 0x0308, "Acer Aspire 8942G", ALC662_FIXUP_ASPIRE),
SND_PCI_QUIRK(0x1025, 0x031c, "Gateway NV79", ALC662_FIXUP_SKU_IGNORE),
SND_PCI_QUIRK(0x1025, 0x0349, "eMachines eM250", ALC662_FIXUP_INV_DMIC),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 151/305] vhost: relax log address alignment
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (149 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 150/305] ALSA: hda - Add inverted dmic for Packard Bell DOTS Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 152/305] virtio: fix memory leak of virtio ida cache layers Kamal Mostafa
` (153 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Michael S. Tsirkin, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Michael S. Tsirkin" <mst@redhat.com>
commit d542483876f6ed720f573de3fbb1d8e60ccd0d6e upstream.
commit 5d9a07b0de512b77bf28d2401e5fe3351f00a240 ("vhost: relax used
address alignment") fixed the alignment for the used virtual address,
but not for the physical address used for logging.
That's a mistake: alignment should clearly be the same for virtual and
physical addresses,
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/vhost/vhost.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index eec2f11..080422f 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -819,7 +819,7 @@ long vhost_vring_ioctl(struct vhost_dev *d, int ioctl, void __user *argp)
BUILD_BUG_ON(__alignof__ *vq->used > VRING_USED_ALIGN_SIZE);
if ((a.avail_user_addr & (VRING_AVAIL_ALIGN_SIZE - 1)) ||
(a.used_user_addr & (VRING_USED_ALIGN_SIZE - 1)) ||
- (a.log_guest_addr & (sizeof(u64) - 1))) {
+ (a.log_guest_addr & (VRING_USED_ALIGN_SIZE - 1))) {
r = -EINVAL;
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 152/305] virtio: fix memory leak of virtio ida cache layers
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (150 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 151/305] vhost: relax log address alignment Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 153/305] IB/srp: Fix a memory leak Kamal Mostafa
` (152 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Suman Anna, Michael S. Tsirkin, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Suman Anna <s-anna@ti.com>
commit c13f99b7e945dad5273a8b7ee230f4d1f22d3354 upstream.
The virtio core uses a static ida named virtio_index_ida for
assigning index numbers to virtio devices during registration.
The ida core may allocate some internal idr cache layers and
an ida bitmap upon any ida allocation, and all these layers are
truely freed only upon the ida destruction. The virtio_index_ida
is not destroyed at present, leading to a memory leak when using
the virtio core as a module and atleast one virtio device is
registered and unregistered.
Fix this by invoking ida_destroy() in the virtio core module
exit.
Signed-off-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/virtio/virtio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index b1877d7..7062bb0 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -412,6 +412,7 @@ static int virtio_init(void)
static void __exit virtio_exit(void)
{
bus_unregister(&virtio_bus);
+ ida_destroy(&virtio_index_ida);
}
core_initcall(virtio_init);
module_exit(virtio_exit);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 153/305] IB/srp: Fix a memory leak
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (151 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 152/305] virtio: fix memory leak of virtio ida cache layers Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 154/305] IB/srp: Fix possible send queue overflow Kamal Mostafa
` (151 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bart Van Assche, Sebastian Parschauer, Doug Ledford, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Bart Van Assche <bart.vanassche@sandisk.com>
commit 4d59ad2995e4128c06d889f9e223099b1f19548e upstream.
If srp_connect_ch() returns a positive value then that is considered
by its caller as a connection failure but this does not result in a
scsi_host_put() call and additionally causes the srp_create_target()
function to return a positive value while it should return a negative
value. Avoid all this confusion and additionally fix a memory leak by
ensuring that srp_connect_ch() always returns a value that is <= 0.
This patch avoids that a rejected login triggers the following memory
leak:
unreferenced object 0xffff88021b24a220 (size 8):
comm "srp_daemon", pid 56421, jiffies 4295006762 (age 4240.750s)
hex dump (first 8 bytes):
68 6f 73 74 35 38 00 a5 host58..
backtrace:
[<ffffffff8151014a>] kmemleak_alloc+0x7a/0xc0
[<ffffffff81165c1e>] __kmalloc_track_caller+0xfe/0x160
[<ffffffff81260d2b>] kvasprintf+0x5b/0x90
[<ffffffff81260e2d>] kvasprintf_const+0x8d/0xb0
[<ffffffff81254b0c>] kobject_set_name_vargs+0x3c/0xa0
[<ffffffff81337e3c>] dev_set_name+0x3c/0x40
[<ffffffff81355757>] scsi_host_alloc+0x327/0x4b0
[<ffffffffa03edc8e>] srp_create_target+0x4e/0x8a0 [ib_srp]
[<ffffffff8133778b>] dev_attr_store+0x1b/0x20
[<ffffffff811f27fa>] sysfs_kf_write+0x4a/0x60
[<ffffffff811f1e8e>] kernfs_fop_write+0x14e/0x180
[<ffffffff81176eef>] __vfs_write+0x2f/0xf0
[<ffffffff811771e4>] vfs_write+0xa4/0x100
[<ffffffff81177c64>] SyS_write+0x54/0xc0
[<ffffffff8151b257>] entry_SYSCALL_64_fastpath+0x12/0x6f
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Cc: Sebastian Parschauer <sebastian.riemer@profitbricks.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/infiniband/ulp/srp/ib_srp.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index ffda44f..2216023 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -996,16 +996,16 @@ static int srp_connect_ch(struct srp_rdma_ch *ch, bool multich)
ret = srp_lookup_path(ch);
if (ret)
- return ret;
+ goto out;
while (1) {
init_completion(&ch->done);
ret = srp_send_req(ch, multich);
if (ret)
- return ret;
+ goto out;
ret = wait_for_completion_interruptible(&ch->done);
if (ret < 0)
- return ret;
+ goto out;
/*
* The CM event handling code will set status to
@@ -1013,15 +1013,16 @@ static int srp_connect_ch(struct srp_rdma_ch *ch, bool multich)
* back, or SRP_DLID_REDIRECT if we get a lid/qp
* redirect REJ back.
*/
- switch (ch->status) {
+ ret = ch->status;
+ switch (ret) {
case 0:
ch->connected = true;
- return 0;
+ goto out;
case SRP_PORT_REDIRECT:
ret = srp_lookup_path(ch);
if (ret)
- return ret;
+ goto out;
break;
case SRP_DLID_REDIRECT:
@@ -1030,13 +1031,16 @@ static int srp_connect_ch(struct srp_rdma_ch *ch, bool multich)
case SRP_STALE_CONN:
shost_printk(KERN_ERR, target->scsi_host, PFX
"giving up on stale connection\n");
- ch->status = -ECONNRESET;
- return ch->status;
+ ret = -ECONNRESET;
+ goto out;
default:
- return ch->status;
+ goto out;
}
}
+
+out:
+ return ret <= 0 ? ret : -ENODEV;
}
static int srp_inv_rkey(struct srp_rdma_ch *ch, u32 rkey)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 154/305] IB/srp: Fix possible send queue overflow
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (152 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 153/305] IB/srp: Fix a memory leak Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 155/305] powerpc/opal-irqchip: Fix double endian conversion Kamal Mostafa
` (150 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sagi Grimberg, Doug Ledford, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sagi Grimberg <sagig@mellanox.com>
commit 09c0c0bea500a9ad362589990ee316c9b2482f44 upstream.
When using work request based memory registration (fast_reg)
we must reserve SQ entries for registration and invalidation
in addition to send operations. Each IO consumes 3 SQ entries
(registration, send, invalidation) so we need to allocate 3x
larger send-queue instead of 2x.
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/infiniband/ulp/srp/ib_srp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index 2216023..bdcb72e 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -496,7 +496,7 @@ static int srp_create_ch_ib(struct srp_rdma_ch *ch)
struct ib_qp *qp;
struct ib_fmr_pool *fmr_pool = NULL;
struct srp_fr_pool *fr_pool = NULL;
- const int m = 1 + dev->use_fast_reg;
+ const int m = dev->use_fast_reg ? 3 : 1;
struct ib_cq_init_attr cq_attr = {};
int ret;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 155/305] powerpc/opal-irqchip: Fix double endian conversion
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (153 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 154/305] IB/srp: Fix possible send queue overflow Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 156/305] cxl: Set endianess of kernel contexts Kamal Mostafa
` (149 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alistair Popple, Michael Ellerman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alistair Popple <alistair@popple.id.au>
commit 25642e1459ace29f6ce5a171efc8b7b59a52a2d4 upstream.
The OPAL event calls return a mask of events that are active in big
endian format. This is checked when unmasking the events in the
irqchip by comparison with a cached value. The cached value was stored
in big endian format but should've been converted to CPU endian
first.
This bug leads to OPAL event delivery being delayed or dropped on some
systems. Symptoms may include a non-functional console.
The bug is fixed by calling opal_handle_events(...) instead of
duplicating code in opal_event_unmask(...).
Fixes: 9f0fd0499d30 ("powerpc/powernv: Add a virtual irqchip for opal events")
Reported-by: Douglas L Lehr <dllehr@us.ibm.com>
Signed-off-by: Alistair Popple <alistair@popple.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/platforms/powernv/opal-irqchip.c | 58 +++++++++++++--------------
1 file changed, 29 insertions(+), 29 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/opal-irqchip.c b/arch/powerpc/platforms/powernv/opal-irqchip.c
index e2e7d75..b056bc0 100644
--- a/arch/powerpc/platforms/powernv/opal-irqchip.c
+++ b/arch/powerpc/platforms/powernv/opal-irqchip.c
@@ -43,11 +43,34 @@ static unsigned int opal_irq_count;
static unsigned int *opal_irqs;
static void opal_handle_irq_work(struct irq_work *work);
-static __be64 last_outstanding_events;
+static u64 last_outstanding_events;
static struct irq_work opal_event_irq_work = {
.func = opal_handle_irq_work,
};
+void opal_handle_events(uint64_t events)
+{
+ int virq, hwirq = 0;
+ u64 mask = opal_event_irqchip.mask;
+
+ if (!in_irq() && (events & mask)) {
+ last_outstanding_events = events;
+ irq_work_queue(&opal_event_irq_work);
+ return;
+ }
+
+ while (events & mask) {
+ hwirq = fls64(events) - 1;
+ if (BIT_ULL(hwirq) & mask) {
+ virq = irq_find_mapping(opal_event_irqchip.domain,
+ hwirq);
+ if (virq)
+ generic_handle_irq(virq);
+ }
+ events &= ~BIT_ULL(hwirq);
+ }
+}
+
static void opal_event_mask(struct irq_data *d)
{
clear_bit(d->hwirq, &opal_event_irqchip.mask);
@@ -55,12 +78,12 @@ static void opal_event_mask(struct irq_data *d)
static void opal_event_unmask(struct irq_data *d)
{
+ __be64 events;
+
set_bit(d->hwirq, &opal_event_irqchip.mask);
- opal_poll_events(&last_outstanding_events);
- if (last_outstanding_events & opal_event_irqchip.mask)
- /* Need to retrigger the interrupt */
- irq_work_queue(&opal_event_irq_work);
+ opal_poll_events(&events);
+ opal_handle_events(be64_to_cpu(events));
}
static int opal_event_set_type(struct irq_data *d, unsigned int flow_type)
@@ -96,29 +119,6 @@ static int opal_event_map(struct irq_domain *d, unsigned int irq,
return 0;
}
-void opal_handle_events(uint64_t events)
-{
- int virq, hwirq = 0;
- u64 mask = opal_event_irqchip.mask;
-
- if (!in_irq() && (events & mask)) {
- last_outstanding_events = events;
- irq_work_queue(&opal_event_irq_work);
- return;
- }
-
- while (events & mask) {
- hwirq = fls64(events) - 1;
- if (BIT_ULL(hwirq) & mask) {
- virq = irq_find_mapping(opal_event_irqchip.domain,
- hwirq);
- if (virq)
- generic_handle_irq(virq);
- }
- events &= ~BIT_ULL(hwirq);
- }
-}
-
static irqreturn_t opal_interrupt(int irq, void *data)
{
__be64 events;
@@ -131,7 +131,7 @@ static irqreturn_t opal_interrupt(int irq, void *data)
static void opal_handle_irq_work(struct irq_work *work)
{
- opal_handle_events(be64_to_cpu(last_outstanding_events));
+ opal_handle_events(last_outstanding_events);
}
static int opal_event_match(struct irq_domain *h, struct device_node *node)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 156/305] cxl: Set endianess of kernel contexts
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (154 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 155/305] powerpc/opal-irqchip: Fix double endian conversion Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 157/305] ALSA: hda - Fixing speaker noise on the two latest thinkpad models Kamal Mostafa
` (148 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Frederic Barrat, Michael Ellerman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
commit e606e035cc7293a3824527d97359711fdda00663 upstream.
A process element (defined in CAIA) keeps track of the endianess of
contexts through the Little Endian (LE) bit of the State Register. It
is currently set for user contexts, but was somehow forgotten for
kernel contexts, so this patch fixes it.
It could lead to erratic behavior from an AFU when the context is
attached through the kernel API.
Fixes: 2f663527bd6a ("cxl: Configure PSL for kernel contexts and merge code")
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Suggested-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/misc/cxl/native.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/cxl/native.c b/drivers/misc/cxl/native.c
index 8339eb2..b703559 100644
--- a/drivers/misc/cxl/native.c
+++ b/drivers/misc/cxl/native.c
@@ -434,6 +434,7 @@ static u64 calculate_sr(struct cxl_context *ctx)
{
u64 sr = 0;
+ set_endian(sr);
if (ctx->master)
sr |= CXL_PSL_SR_An_MP;
if (mfspr(SPRN_LPCR) & LPCR_TC)
@@ -443,7 +444,6 @@ static u64 calculate_sr(struct cxl_context *ctx)
sr |= CXL_PSL_SR_An_HV;
} else {
sr |= CXL_PSL_SR_An_PR | CXL_PSL_SR_An_R;
- set_endian(sr);
sr &= ~(CXL_PSL_SR_An_HV);
if (!test_tsk_thread_flag(current, TIF_32BIT))
sr |= CXL_PSL_SR_An_SF;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 157/305] ALSA: hda - Fixing speaker noise on the two latest thinkpad models
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (155 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 156/305] cxl: Set endianess of kernel contexts Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 158/305] of/fdt: Add mutex protection for calls to __unflatten_device_tree() Kamal Mostafa
` (147 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Hui Wang, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hui Wang <hui.wang@canonical.com>
commit 23adc192b862b69ad80a40bd5206e337f41264ac upstream.
We have two latest thinkpad laptop models which are all based on the
Intel skylake platforms, and all of them have the codec alc293 on
them. When the machines boot to the desktop, an greeting dialogue
shows up with the notification sound. But on these two models, there
is noise with the notification sound. We have 3 SKUs for each of
the models, all of them have this problem.
So far, this problem is only specific to these two thinkpad models,
we did not find this problem on the old thinkpad models with the
codec alc293 or alc292.
A workaround for this problem is disabling the aamix.
BugLink: https://bugs.launchpad.net/bugs/1523517
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 66818e1..9bda106 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4606,6 +4606,7 @@ enum {
ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
ALC275_FIXUP_DELL_XPS,
ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE,
+ ALC293_FIXUP_LENOVO_SPK_NOISE,
};
static const struct hda_fixup alc269_fixups[] = {
@@ -5197,6 +5198,12 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC255_FIXUP_DELL1_MIC_NO_PRESENCE
},
+ [ALC293_FIXUP_LENOVO_SPK_NOISE] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc_fixup_disable_aamix,
+ .chained = true,
+ .chain_id = ALC269_FIXUP_THINKPAD_ACPI
+ },
};
static const struct snd_pci_quirk alc269_fixup_tbl[] = {
@@ -5344,6 +5351,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x2215, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
+ SND_PCI_QUIRK(0x17aa, 0x2233, "Thinkpad", ALC293_FIXUP_LENOVO_SPK_NOISE),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
SND_PCI_QUIRK(0x17aa, 0x5013, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
@@ -5353,6 +5361,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x5034, "Thinkpad T450", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x5036, "Thinkpad T450s", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x503c, "Thinkpad L450", ALC292_FIXUP_TPT440_DOCK),
+ SND_PCI_QUIRK(0x17aa, 0x504b, "Thinkpad", ALC293_FIXUP_LENOVO_SPK_NOISE),
SND_PCI_QUIRK(0x17aa, 0x5109, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K),
SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 158/305] of/fdt: Add mutex protection for calls to __unflatten_device_tree()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (156 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 157/305] ALSA: hda - Fixing speaker noise on the two latest thinkpad models Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 159/305] 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping Kamal Mostafa
` (146 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Pantelis Antoniou, Guenter Roeck, Rob Herring, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Guenter Roeck <linux@roeck-us.net>
commit f8062386671a596ca7022c61727a14a25679a0a1 upstream.
__unflatten_device_tree() calls unflatten_dt_node(), which declares
a static variable. It is therefore not reentrant.
One of the callers of __unflatten_device_tree(), unflatten_device_tree(),
is only called once during early initialization and does not need to be
protected. The other caller, of_fdt_unflatten_tree(), can be called at
any time, possibly multiple times in parallel. This can happen, for
example, if multiple devicetree overlays have to be loaded and installed.
Without this protection, errors such as the following may be seen.
kernel: End of tree marker overwritten: e6a3a458
kernel: find_target_node:
Failed to find target-indirect node at /fragment@0
kernel: __of_overlay_create: of_build_overlay_info() failed for tree@/
Add a mutex to of_fdt_unflatten_tree() to make the call reentrant.
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/of/fdt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index d1bfd89..049caf7 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -13,6 +13,7 @@
#include <linux/kernel.h>
#include <linux/initrd.h>
#include <linux/memblock.h>
+#include <linux/mutex.h>
#include <linux/of.h>
#include <linux/of_fdt.h>
#include <linux/of_reserved_mem.h>
@@ -436,6 +437,8 @@ static void *kernel_tree_alloc(u64 size, u64 align)
return kzalloc(size, GFP_KERNEL);
}
+static DEFINE_MUTEX(of_fdt_unflatten_mutex);
+
/**
* of_fdt_unflatten_tree - create tree of device_nodes from flat blob
*
@@ -447,7 +450,9 @@ static void *kernel_tree_alloc(u64 size, u64 align)
void of_fdt_unflatten_tree(const unsigned long *blob,
struct device_node **mynodes)
{
+ mutex_lock(&of_fdt_unflatten_mutex);
__unflatten_device_tree(blob, mynodes, &kernel_tree_alloc);
+ mutex_unlock(&of_fdt_unflatten_mutex);
}
EXPORT_SYMBOL_GPL(of_fdt_unflatten_tree);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 159/305] 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (157 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 158/305] of/fdt: Add mutex protection for calls to __unflatten_device_tree() Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 160/305] fix the regression from "direct-io: Fix negative return from dio read beyond eof" Kamal Mostafa
` (145 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 4ad78628445d26e5e9487b2e8f23274ad7b0f5d3 upstream.
For block devices the pagecache is associated with the inode
on bdevfs, not with the aliasing ones on the mountable filesystems.
The latter have its own ->i_data empty and ->i_mapping pointing
to the (unique per major/minor) bdevfs inode. That guarantees
cache coherence between all block device inodes with the same
device number.
Eviction of an alias inode has no business trying to evict the
pages belonging to bdevfs one; moreover, ->i_mapping is only
safe to access when the thing is opened. At the time of
->evict_inode() the victim is definitely *not* opened. We are
about to kill the address space embedded into struct inode
(inode->i_data) and that's what we need to empty of any pages.
9p instance tries to empty inode->i_mapping instead, which is
both unsafe and bogus - if we have several device nodes with
the same device number in different places, closing one of them
should not try to empty the (shared) page cache.
Fortunately, other instances in the tree are OK; they are
evicting from &inode->i_data instead, as 9p one should.
Reported-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com>
Tested-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/9p/vfs_inode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index b1dc518..2f97461 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -451,9 +451,9 @@ void v9fs_evict_inode(struct inode *inode)
{
struct v9fs_inode *v9inode = V9FS_I(inode);
- truncate_inode_pages_final(inode->i_mapping);
+ truncate_inode_pages_final(&inode->i_data);
clear_inode(inode);
- filemap_fdatawrite(inode->i_mapping);
+ filemap_fdatawrite(&inode->i_data);
v9fs_cache_inode_put_cookie(inode);
/* clunk the fid stashed in writeback_fid */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 160/305] fix the regression from "direct-io: Fix negative return from dio read beyond eof"
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (158 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 159/305] 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 161/305] um: Fix get_signal() usage Kamal Mostafa
` (144 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 2d4594acbf6d8f75a27f3578476b6a27d8b13ebb upstream.
Sure, it's better to bail out of past-the-eof read and return 0 than return
a bogus negative value on such. Only we'd better make sure we are bailing out
with 0 and not -ENOMEM...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/direct-io.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/direct-io.c b/fs/direct-io.c
index 6bc4bac..d83a021 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -1165,6 +1165,7 @@ do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
if (dio->flags & DIO_LOCKING)
mutex_unlock(&inode->i_mutex);
kmem_cache_free(dio_cache, dio);
+ retval = 0;
goto out;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 161/305] um: Fix get_signal() usage
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (159 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 160/305] fix the regression from "direct-io: Fix negative return from dio read beyond eof" Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-16 20:44 ` Richard Weinberger
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 162/305] radeon/cik: Fix GFX IB test on Big-Endian Kamal Mostafa
` (143 subsequent siblings)
304 siblings, 1 reply; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Richard Weinberger, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Richard Weinberger <richard@nod.at>
commit db2f24dc240856fb1d78005307f1523b7b3c121b upstream.
If get_signal() returns us a signal to post
we must not call it again, otherwise the already
posted signal will be overridden.
Before commit a610d6e672d this was the case as we stopped
the while after a successful handle_signal().
Fixes: a610d6e672d ("pull clearing RESTORE_SIGMASK into block_sigmask()")
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/um/kernel/signal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/um/kernel/signal.c b/arch/um/kernel/signal.c
index 4f60e4a..50b6e9f 100644
--- a/arch/um/kernel/signal.c
+++ b/arch/um/kernel/signal.c
@@ -69,7 +69,7 @@ static int kern_do_signal(struct pt_regs *regs)
struct ksignal ksig;
int handled_sig = 0;
- while (get_signal(&ksig)) {
+ if (get_signal(&ksig)) {
handled_sig = 1;
/* Whee! Actually deliver the signal. */
handle_signal(&ksig, regs);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 162/305] radeon/cik: Fix GFX IB test on Big-Endian
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (160 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 161/305] um: Fix get_signal() usage Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 163/305] radeon: Fix VCE ring test for Big-Endian systems Kamal Mostafa
` (142 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Oded Gabbay, Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Oded Gabbay <oded.gabbay@gmail.com>
commit 5f3e226f511ec98d70c970f09cdb4ec46511cc5e upstream.
This patch makes the IB test on the GFX ring pass for CI-based cards
installed in Big-Endian machines.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/cik.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index 248953d..05d43a0 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -4173,11 +4173,7 @@ void cik_ring_ib_execute(struct radeon_device *rdev, struct radeon_ib *ib)
control |= ib->length_dw | (vm_id << 24);
radeon_ring_write(ring, header);
- radeon_ring_write(ring,
-#ifdef __BIG_ENDIAN
- (2 << 0) |
-#endif
- (ib->gpu_addr & 0xFFFFFFFC));
+ radeon_ring_write(ring, (ib->gpu_addr & 0xFFFFFFFC));
radeon_ring_write(ring, upper_32_bits(ib->gpu_addr) & 0xFFFF);
radeon_ring_write(ring, control);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 163/305] radeon: Fix VCE ring test for Big-Endian systems
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (161 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 162/305] radeon/cik: Fix GFX IB test on Big-Endian Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 164/305] radeon: Fix VCE IB test on " Kamal Mostafa
` (141 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Oded Gabbay, Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Oded Gabbay <oded.gabbay@gmail.com>
commit 687f4b98d1f4e27508f7ad4bcce787c1ba58b289 upstream.
This patch fixes the VCE ring test when running on Big-Endian machines.
Every write to the ring needs to be translated to little-endian.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_vce.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_vce.c b/drivers/gpu/drm/radeon/radeon_vce.c
index 574f62b..86f57e4 100644
--- a/drivers/gpu/drm/radeon/radeon_vce.c
+++ b/drivers/gpu/drm/radeon/radeon_vce.c
@@ -699,12 +699,12 @@ bool radeon_vce_semaphore_emit(struct radeon_device *rdev,
{
uint64_t addr = semaphore->gpu_addr;
- radeon_ring_write(ring, VCE_CMD_SEMAPHORE);
- radeon_ring_write(ring, (addr >> 3) & 0x000FFFFF);
- radeon_ring_write(ring, (addr >> 23) & 0x000FFFFF);
- radeon_ring_write(ring, 0x01003000 | (emit_wait ? 1 : 0));
+ radeon_ring_write(ring, cpu_to_le32(VCE_CMD_SEMAPHORE));
+ radeon_ring_write(ring, cpu_to_le32((addr >> 3) & 0x000FFFFF));
+ radeon_ring_write(ring, cpu_to_le32((addr >> 23) & 0x000FFFFF));
+ radeon_ring_write(ring, cpu_to_le32(0x01003000 | (emit_wait ? 1 : 0)));
if (!emit_wait)
- radeon_ring_write(ring, VCE_CMD_END);
+ radeon_ring_write(ring, cpu_to_le32(VCE_CMD_END));
return true;
}
@@ -719,10 +719,10 @@ bool radeon_vce_semaphore_emit(struct radeon_device *rdev,
void radeon_vce_ib_execute(struct radeon_device *rdev, struct radeon_ib *ib)
{
struct radeon_ring *ring = &rdev->ring[ib->ring];
- radeon_ring_write(ring, VCE_CMD_IB);
- radeon_ring_write(ring, ib->gpu_addr);
- radeon_ring_write(ring, upper_32_bits(ib->gpu_addr));
- radeon_ring_write(ring, ib->length_dw);
+ radeon_ring_write(ring, cpu_to_le32(VCE_CMD_IB));
+ radeon_ring_write(ring, cpu_to_le32(ib->gpu_addr));
+ radeon_ring_write(ring, cpu_to_le32(upper_32_bits(ib->gpu_addr)));
+ radeon_ring_write(ring, cpu_to_le32(ib->length_dw));
}
/**
@@ -738,12 +738,12 @@ void radeon_vce_fence_emit(struct radeon_device *rdev,
struct radeon_ring *ring = &rdev->ring[fence->ring];
uint64_t addr = rdev->fence_drv[fence->ring].gpu_addr;
- radeon_ring_write(ring, VCE_CMD_FENCE);
- radeon_ring_write(ring, addr);
- radeon_ring_write(ring, upper_32_bits(addr));
- radeon_ring_write(ring, fence->seq);
- radeon_ring_write(ring, VCE_CMD_TRAP);
- radeon_ring_write(ring, VCE_CMD_END);
+ radeon_ring_write(ring, cpu_to_le32(VCE_CMD_FENCE));
+ radeon_ring_write(ring, cpu_to_le32(addr));
+ radeon_ring_write(ring, cpu_to_le32(upper_32_bits(addr)));
+ radeon_ring_write(ring, cpu_to_le32(fence->seq));
+ radeon_ring_write(ring, cpu_to_le32(VCE_CMD_TRAP));
+ radeon_ring_write(ring, cpu_to_le32(VCE_CMD_END));
}
/**
@@ -765,7 +765,7 @@ int radeon_vce_ring_test(struct radeon_device *rdev, struct radeon_ring *ring)
ring->idx, r);
return r;
}
- radeon_ring_write(ring, VCE_CMD_END);
+ radeon_ring_write(ring, cpu_to_le32(VCE_CMD_END));
radeon_ring_unlock_commit(rdev, ring, false);
for (i = 0; i < rdev->usec_timeout; i++) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 164/305] radeon: Fix VCE IB test on Big-Endian systems
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (162 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 163/305] radeon: Fix VCE ring test for Big-Endian systems Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 165/305] ALSA: hda - Fix noise problems on Thinkpad T440s Kamal Mostafa
` (140 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Oded Gabbay, Alex Deucher, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Oded Gabbay <oded.gabbay@gmail.com>
commit 361c32d39087e7caa99e629c0d7fb00643cb2190 upstream.
This patch makes the VCE IB test pass on Big-Endian systems. It converts
to little-endian the contents of the VCE message.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_vce.c | 68 ++++++++++++++++++-------------------
1 file changed, 34 insertions(+), 34 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_vce.c b/drivers/gpu/drm/radeon/radeon_vce.c
index 86f57e4..7eb1ae7 100644
--- a/drivers/gpu/drm/radeon/radeon_vce.c
+++ b/drivers/gpu/drm/radeon/radeon_vce.c
@@ -361,31 +361,31 @@ int radeon_vce_get_create_msg(struct radeon_device *rdev, int ring,
/* stitch together an VCE create msg */
ib.length_dw = 0;
- ib.ptr[ib.length_dw++] = 0x0000000c; /* len */
- ib.ptr[ib.length_dw++] = 0x00000001; /* session cmd */
- ib.ptr[ib.length_dw++] = handle;
-
- ib.ptr[ib.length_dw++] = 0x00000030; /* len */
- ib.ptr[ib.length_dw++] = 0x01000001; /* create cmd */
- ib.ptr[ib.length_dw++] = 0x00000000;
- ib.ptr[ib.length_dw++] = 0x00000042;
- ib.ptr[ib.length_dw++] = 0x0000000a;
- ib.ptr[ib.length_dw++] = 0x00000001;
- ib.ptr[ib.length_dw++] = 0x00000080;
- ib.ptr[ib.length_dw++] = 0x00000060;
- ib.ptr[ib.length_dw++] = 0x00000100;
- ib.ptr[ib.length_dw++] = 0x00000100;
- ib.ptr[ib.length_dw++] = 0x0000000c;
- ib.ptr[ib.length_dw++] = 0x00000000;
-
- ib.ptr[ib.length_dw++] = 0x00000014; /* len */
- ib.ptr[ib.length_dw++] = 0x05000005; /* feedback buffer */
- ib.ptr[ib.length_dw++] = upper_32_bits(dummy);
- ib.ptr[ib.length_dw++] = dummy;
- ib.ptr[ib.length_dw++] = 0x00000001;
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x0000000c); /* len */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000001); /* session cmd */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(handle);
+
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000030); /* len */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x01000001); /* create cmd */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000000);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000042);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x0000000a);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000001);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000080);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000060);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000100);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000100);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x0000000c);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000000);
+
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000014); /* len */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x05000005); /* feedback buffer */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(upper_32_bits(dummy));
+ ib.ptr[ib.length_dw++] = cpu_to_le32(dummy);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000001);
for (i = ib.length_dw; i < ib_size_dw; ++i)
- ib.ptr[i] = 0x0;
+ ib.ptr[i] = cpu_to_le32(0x0);
r = radeon_ib_schedule(rdev, &ib, NULL, false);
if (r) {
@@ -428,21 +428,21 @@ int radeon_vce_get_destroy_msg(struct radeon_device *rdev, int ring,
/* stitch together an VCE destroy msg */
ib.length_dw = 0;
- ib.ptr[ib.length_dw++] = 0x0000000c; /* len */
- ib.ptr[ib.length_dw++] = 0x00000001; /* session cmd */
- ib.ptr[ib.length_dw++] = handle;
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x0000000c); /* len */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000001); /* session cmd */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(handle);
- ib.ptr[ib.length_dw++] = 0x00000014; /* len */
- ib.ptr[ib.length_dw++] = 0x05000005; /* feedback buffer */
- ib.ptr[ib.length_dw++] = upper_32_bits(dummy);
- ib.ptr[ib.length_dw++] = dummy;
- ib.ptr[ib.length_dw++] = 0x00000001;
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000014); /* len */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x05000005); /* feedback buffer */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(upper_32_bits(dummy));
+ ib.ptr[ib.length_dw++] = cpu_to_le32(dummy);
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000001);
- ib.ptr[ib.length_dw++] = 0x00000008; /* len */
- ib.ptr[ib.length_dw++] = 0x02000001; /* destroy cmd */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x00000008); /* len */
+ ib.ptr[ib.length_dw++] = cpu_to_le32(0x02000001); /* destroy cmd */
for (i = ib.length_dw; i < ib_size_dw; ++i)
- ib.ptr[i] = 0x0;
+ ib.ptr[i] = cpu_to_le32(0x0);
r = radeon_ib_schedule(rdev, &ib, NULL, false);
if (r) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 165/305] ALSA: hda - Fix noise problems on Thinkpad T440s
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (163 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 164/305] radeon: Fix VCE IB test on " Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 166/305] ALSA: hda/ca0132 - quirk for Alienware 17 2015 Kamal Mostafa
` (139 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit 9a811230481243f384b8036c6a558bfdbd961f78 upstream.
Lenovo Thinkpad T440s suffers from constant background noises, and it
seems to be a generic hardware issue on this model:
https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T/T440s-speaker-noise/td-p/1339883
As the noise comes from the analog loopback path, disabling the path
is the easy workaround.
Also, the machine gives significant cracking noises at PM suspend. A
workaround found by trial-and-error is to disable the shutup callback
currently used for ALC269-variant.
This patch addresses these noise issues by introducing a new fixup
chain. Although the same workaround might be applicable to other
Thinkpad models, it's applied only to T440s (17aa:220c) in this patch,
so far, just to be safe (you chicken!). As a compromise, a new model
option string "tp440" is provided now, though, so that owners of other
Thinkpad models can test it more easily.
Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=958504
Reported-and-tested-by: Tim Hardeck <thardeck@suse.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 9bda106..13a889c 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4214,6 +4214,18 @@ static void alc_fixup_tpt440_dock(struct hda_codec *codec,
}
}
+/* additional fixup for Thinkpad T440s noise problem */
+static void alc_fixup_tpt440(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ struct alc_spec *spec = codec->spec;
+
+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ spec->shutup = alc_no_shutup; /* reduce click noise */
+ spec->gen.mixer_nid = 0; /* reduce background noise */
+ }
+}
+
static void alc_shutup_dell_xps13(struct hda_codec *codec)
{
struct alc_spec *spec = codec->spec;
@@ -4588,6 +4600,7 @@ enum {
ALC255_FIXUP_HEADSET_MODE_NO_HP_MIC,
ALC293_FIXUP_DELL1_MIC_NO_PRESENCE,
ALC292_FIXUP_TPT440_DOCK,
+ ALC292_FIXUP_TPT440,
ALC283_FIXUP_BXBT2807_MIC,
ALC255_FIXUP_DELL_WMI_MIC_MUTE_LED,
ALC282_FIXUP_ASPIRE_V5_PINS,
@@ -5061,6 +5074,12 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC269_FIXUP_LIMIT_INT_MIC_BOOST
},
+ [ALC292_FIXUP_TPT440] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc_fixup_tpt440,
+ .chained = true,
+ .chain_id = ALC292_FIXUP_TPT440_DOCK,
+ },
[ALC283_FIXUP_BXBT2807_MIC] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
@@ -5342,7 +5361,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x21fb, "Thinkpad T430s", ALC269_FIXUP_LENOVO_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2203, "Thinkpad X230 Tablet", ALC269_FIXUP_LENOVO_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2208, "Thinkpad T431s", ALC269_FIXUP_LENOVO_DOCK),
- SND_PCI_QUIRK(0x17aa, 0x220c, "Thinkpad T440s", ALC292_FIXUP_TPT440_DOCK),
+ SND_PCI_QUIRK(0x17aa, 0x220c, "Thinkpad T440s", ALC292_FIXUP_TPT440),
SND_PCI_QUIRK(0x17aa, 0x220e, "Thinkpad T440p", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2210, "Thinkpad T540p", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2211, "Thinkpad W541", ALC292_FIXUP_TPT440_DOCK),
@@ -5442,6 +5461,7 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
{.id = ALC283_FIXUP_CHROME_BOOK, .name = "alc283-dac-wcaps"},
{.id = ALC283_FIXUP_SENSE_COMBO_JACK, .name = "alc283-sense-combo"},
{.id = ALC292_FIXUP_TPT440_DOCK, .name = "tpt440-dock"},
+ {.id = ALC292_FIXUP_TPT440, .name = "tpt440"},
{}
};
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 166/305] ALSA: hda/ca0132 - quirk for Alienware 17 2015
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (164 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 165/305] ALSA: hda - Fix noise problems on Thinkpad T440s Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 167/305] dm thin metadata: fix bug when taking a metadata snapshot Kamal Mostafa
` (138 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Gabriele Martino, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Gabriele Martino <g.martino@gmx.com>
commit 5328e1ea87fb2b5cf695115df4325c1913209e97 upstream.
The Alienware 17 (2015) has the same card and pin configuration of the
Alienware 15, so the same quirks must be applied.
Signed-off-by: Gabriele Martino <g.martino@gmx.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_ca0132.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
index 0f039abe..470ecc8 100644
--- a/sound/pci/hda/patch_ca0132.c
+++ b/sound/pci/hda/patch_ca0132.c
@@ -764,7 +764,8 @@ enum {
};
static const struct snd_pci_quirk ca0132_quirks[] = {
- SND_PCI_QUIRK(0x1028, 0x0685, "Alienware 15", QUIRK_ALIENWARE),
+ SND_PCI_QUIRK(0x1028, 0x0685, "Alienware 15 2015", QUIRK_ALIENWARE),
+ SND_PCI_QUIRK(0x1028, 0x0688, "Alienware 17 2015", QUIRK_ALIENWARE),
{}
};
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 167/305] dm thin metadata: fix bug when taking a metadata snapshot
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (165 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 166/305] ALSA: hda/ca0132 - quirk for Alienware 17 2015 Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 168/305] dm space map metadata: fix ref counting bug when bootstrapping a new space map Kamal Mostafa
` (137 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Joe Thornber, Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Joe Thornber <ejt@redhat.com>
commit 49e99fc717f624aa75ca755d6e7bc029efd3f0e9 upstream.
When you take a metadata snapshot the btree roots for the mapping and
details tree need to have their reference counts incremented so they
persist for the lifetime of the metadata snap.
The roots being incremented were those currently written in the
superblock, which could possibly be out of date if concurrent IO is
triggering new mappings, breaking of sharing, etc.
Fix this by performing a commit with the metadata lock held while taking
a metadata snapshot.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/dm-thin-metadata.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
index 53a7d58..4479e90 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -1203,6 +1203,12 @@ static int __reserve_metadata_snap(struct dm_pool_metadata *pmd)
dm_block_t held_root;
/*
+ * We commit to ensure the btree roots which we increment in a
+ * moment are up to date.
+ */
+ __commit_transaction(pmd);
+
+ /*
* Copy the superblock.
*/
dm_sm_inc_block(pmd->metadata_sm, THIN_SUPERBLOCK_LOCATION);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 168/305] dm space map metadata: fix ref counting bug when bootstrapping a new space map
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (166 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 167/305] dm thin metadata: fix bug when taking a metadata snapshot Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 169/305] ipmi: move timer init to before irq is setup Kamal Mostafa
` (136 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Joe Thornber, Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Joe Thornber <ejt@redhat.com>
commit 50dd842ad83b43bed71790efb31cfb2f6c05c9c1 upstream.
When applying block operations (BOPs) do not remove them from the
uncommitted BOP ring-buffer until after they've been applied -- in case
we recurse.
Also, perform BOP_INC operation, in dm_sm_metadata_create() and
sm_metadata_extend(), in terms of the uncommitted BOP ring-buffer rather
than using direct calls to sm_ll_inc().
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/persistent-data/dm-space-map-metadata.c | 32 +++++++++++++++-------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c
index 5309129..fca6dbc 100644
--- a/drivers/md/persistent-data/dm-space-map-metadata.c
+++ b/drivers/md/persistent-data/dm-space-map-metadata.c
@@ -136,7 +136,7 @@ static int brb_push(struct bop_ring_buffer *brb,
return 0;
}
-static int brb_pop(struct bop_ring_buffer *brb, struct block_op *result)
+static int brb_peek(struct bop_ring_buffer *brb, struct block_op *result)
{
struct block_op *bop;
@@ -147,6 +147,17 @@ static int brb_pop(struct bop_ring_buffer *brb, struct block_op *result)
result->type = bop->type;
result->block = bop->block;
+ return 0;
+}
+
+static int brb_pop(struct bop_ring_buffer *brb)
+{
+ struct block_op *bop;
+
+ if (brb_empty(brb))
+ return -ENODATA;
+
+ bop = brb->bops + brb->begin;
brb->begin = brb_next(brb, brb->begin);
return 0;
@@ -211,7 +222,7 @@ static int apply_bops(struct sm_metadata *smm)
while (!brb_empty(&smm->uncommitted)) {
struct block_op bop;
- r = brb_pop(&smm->uncommitted, &bop);
+ r = brb_peek(&smm->uncommitted, &bop);
if (r) {
DMERR("bug in bop ring buffer");
break;
@@ -220,6 +231,8 @@ static int apply_bops(struct sm_metadata *smm)
r = commit_bop(smm, &bop);
if (r)
break;
+
+ brb_pop(&smm->uncommitted);
}
return r;
@@ -683,7 +696,6 @@ static struct dm_space_map bootstrap_ops = {
static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks)
{
int r, i;
- enum allocation_event ev;
struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm);
dm_block_t old_len = smm->ll.nr_blocks;
@@ -705,11 +717,12 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks)
* allocate any new blocks.
*/
do {
- for (i = old_len; !r && i < smm->begin; i++) {
- r = sm_ll_inc(&smm->ll, i, &ev);
- if (r)
- goto out;
- }
+ for (i = old_len; !r && i < smm->begin; i++)
+ r = add_bop(smm, BOP_INC, i);
+
+ if (r)
+ goto out;
+
old_len = smm->begin;
r = apply_bops(smm);
@@ -754,7 +767,6 @@ int dm_sm_metadata_create(struct dm_space_map *sm,
{
int r;
dm_block_t i;
- enum allocation_event ev;
struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm);
smm->begin = superblock + 1;
@@ -782,7 +794,7 @@ int dm_sm_metadata_create(struct dm_space_map *sm,
* allocated blocks that they were built from.
*/
for (i = superblock; !r && i < smm->begin; i++)
- r = sm_ll_inc(&smm->ll, i, &ev);
+ r = add_bop(smm, BOP_INC, i);
if (r)
return r;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 169/305] ipmi: move timer init to before irq is setup
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (167 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 168/305] dm space map metadata: fix ref counting bug when bootstrapping a new space map Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 170/305] dm btree: fix bufio buffer leaks in dm_btree_del() error path Kamal Mostafa
` (135 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jan Stancek, Tony Camuso, Corey Minyard, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Jan Stancek <jstancek@redhat.com>
commit 27f972d3e00b50639deb4cc1392afaeb08d3cecc upstream.
We encountered a panic on boot in ipmi_si on a dell per320 due to an
uninitialized timer as follows.
static int smi_start_processing(void *send_info,
ipmi_smi_t intf)
{
/* Try to claim any interrupts. */
if (new_smi->irq_setup)
new_smi->irq_setup(new_smi);
--> IRQ arrives here and irq handler tries to modify uninitialized timer
which triggers BUG_ON(!timer->function) in __mod_timer().
Call Trace:
<IRQ>
[<ffffffffa0532617>] start_new_msg+0x47/0x80 [ipmi_si]
[<ffffffffa053269e>] start_check_enables+0x4e/0x60 [ipmi_si]
[<ffffffffa0532bd8>] smi_event_handler+0x1e8/0x640 [ipmi_si]
[<ffffffff810f5584>] ? __rcu_process_callbacks+0x54/0x350
[<ffffffffa053327c>] si_irq_handler+0x3c/0x60 [ipmi_si]
[<ffffffff810efaf0>] handle_IRQ_event+0x60/0x170
[<ffffffff810f245e>] handle_edge_irq+0xde/0x180
[<ffffffff8100fc59>] handle_irq+0x49/0xa0
[<ffffffff8154643c>] do_IRQ+0x6c/0xf0
[<ffffffff8100ba53>] ret_from_intr+0x0/0x11
/* Set up the timer that drives the interface. */
setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi);
The following patch fixes the problem.
To: Openipmi-developer@lists.sourceforge.net
To: Corey Minyard <minyard@acm.org>
CC: linux-kernel@vger.kernel.org
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/ipmi/ipmi_si_intf.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
index 88a7bdd..0522270 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -1218,14 +1218,14 @@ static int smi_start_processing(void *send_info,
new_smi->intf = intf;
- /* Try to claim any interrupts. */
- if (new_smi->irq_setup)
- new_smi->irq_setup(new_smi);
-
/* Set up the timer that drives the interface. */
setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi);
smi_mod_timer(new_smi, jiffies + SI_TIMEOUT_JIFFIES);
+ /* Try to claim any interrupts. */
+ if (new_smi->irq_setup)
+ new_smi->irq_setup(new_smi);
+
/*
* Check if the user forcefully enabled the daemon.
*/
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 170/305] dm btree: fix bufio buffer leaks in dm_btree_del() error path
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (168 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 169/305] ipmi: move timer init to before irq is setup Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 171/305] vgaarb: fix signal handling in vga_get() Kamal Mostafa
` (134 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Joe Thornber, Mike Snitzer, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Joe Thornber <ejt@redhat.com>
commit ed8b45a3679eb49069b094c0711b30833f27c734 upstream.
If dm_btree_del()'s call to push_frame() fails, e.g. due to
btree_node_validator finding invalid metadata, the dm_btree_del() error
path must unlock all frames (which have active dm-bufio buffers) that
were pushed onto the del_stack.
Otherwise, dm_bufio_client_destroy() will BUG_ON() because dm-bufio
buffers have leaked, e.g.:
device-mapper: bufio: leaked buffer 3, hold count 1, list 0
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/persistent-data/dm-btree.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
index 40bbd51..5cb4068 100644
--- a/drivers/md/persistent-data/dm-btree.c
+++ b/drivers/md/persistent-data/dm-btree.c
@@ -255,6 +255,16 @@ static void pop_frame(struct del_stack *s)
dm_tm_unlock(s->tm, f->b);
}
+static void unlock_all_frames(struct del_stack *s)
+{
+ struct frame *f;
+
+ while (unprocessed_frames(s)) {
+ f = s->spine + s->top--;
+ dm_tm_unlock(s->tm, f->b);
+ }
+}
+
int dm_btree_del(struct dm_btree_info *info, dm_block_t root)
{
int r;
@@ -311,9 +321,13 @@ int dm_btree_del(struct dm_btree_info *info, dm_block_t root)
pop_frame(s);
}
}
-
out:
+ if (r) {
+ /* cleanup all frames of del_stack */
+ unlock_all_frames(s);
+ }
kfree(s);
+
return r;
}
EXPORT_SYMBOL_GPL(dm_btree_del);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 171/305] vgaarb: fix signal handling in vga_get()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (169 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 170/305] dm btree: fix bufio buffer leaks in dm_btree_del() error path Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 172/305] ARM: dts: vf610: use reset values for L2 cache latencies Kamal Mostafa
` (133 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kirill A. Shutemov, Dave Airlie, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Kirill A. Shutemov" <kirill@shutemov.name>
commit 9f5bd30818c42c6c36a51f93b4df75a2ea2bd85e upstream.
There are few defects in vga_get() related to signal hadning:
- we shouldn't check for pending signals for TASK_UNINTERRUPTIBLE
case;
- if we found pending signal we must remove ourself from wait queue
and change task state back to running;
- -ERESTARTSYS is more appropriate, I guess.
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/vga/vgaarb.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c
index 7bcbf86..17cd475 100644
--- a/drivers/gpu/vga/vgaarb.c
+++ b/drivers/gpu/vga/vgaarb.c
@@ -394,8 +394,10 @@ int vga_get(struct pci_dev *pdev, unsigned int rsrc, int interruptible)
set_current_state(interruptible ?
TASK_INTERRUPTIBLE :
TASK_UNINTERRUPTIBLE);
- if (signal_pending(current)) {
- rc = -EINTR;
+ if (interruptible && signal_pending(current)) {
+ __set_current_state(TASK_RUNNING);
+ remove_wait_queue(&vga_wait_queue, &wait);
+ rc = -ERESTARTSYS;
break;
}
schedule();
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 172/305] ARM: dts: vf610: use reset values for L2 cache latencies
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (170 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 171/305] vgaarb: fix signal handling in vga_get() Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 173/305] xhci: fix usb2 resume timing and races Kamal Mostafa
` (132 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Stefan Agner, Shawn Guo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Stefan Agner <stefan@agner.ch>
commit 9c17190595840b4ed30e8d5f286636ceb28aae4f upstream.
Linux on Vybrid used several different L2 latencies so far, none
of them seem to be the right ones. According to the application note
AN4947 ("Understanding Vybrid Architecture"), the tag portion runs
on CPU clock and is inside the L2 cache controller, whereas the data
portion is stored in the external SRAM running on platform clock.
Hence it is likely that the correct value requires a higher data
latency then tag latency.
These are the values which have been used so far:
- The mainline values:
arm,data-latency = <1 1 1>;
arm,tag-latency = <2 2 2>;
Those values have lead to problems on higher clocks. They look
like a poor translation from the reset values (missing +1 offset
and a mix up between tag/latency values).
- The Linux 3.0 (SoC vendor BSP) values (converted to DT notation):
arm,data-latency = <4 2 3>
arm,tag-latency = <4 2 3>
The cache initialization function along with the value matches the
i.MX6 code from the same kernel, so it seems that those values have
just been copied.
- The Colibri values:
arm,data-latency = <2 1 2>;
arm,tag-latency = <3 2 3>;
Those were a mix between the values of the Linux 3.0 based BSP and
the mainline values above.
- The SoC Reset values (converted to DT notation):
arm,data-latency = <3 3 3>;
arm,tag-latency = <2 2 2>;
So far there is no official statement on what the correct values are.
See also the related Freescale community thread:
https://community.freescale.com/message/579785#579785
For now, the reset values seem to be the best bet. Remove all other
"bogus" values and use the reset value on vf610.dtsi level.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/boot/dts/vf610-colibri.dtsi | 5 -----
arch/arm/boot/dts/vf610.dtsi | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/arch/arm/boot/dts/vf610-colibri.dtsi b/arch/arm/boot/dts/vf610-colibri.dtsi
index 19fe045..2d7eab7 100644
--- a/arch/arm/boot/dts/vf610-colibri.dtsi
+++ b/arch/arm/boot/dts/vf610-colibri.dtsi
@@ -18,8 +18,3 @@
reg = <0x80000000 0x10000000>;
};
};
-
-&L2 {
- arm,data-latency = <2 1 2>;
- arm,tag-latency = <3 2 3>;
-};
diff --git a/arch/arm/boot/dts/vf610.dtsi b/arch/arm/boot/dts/vf610.dtsi
index 5f8eb1b..58bc6e4 100644
--- a/arch/arm/boot/dts/vf610.dtsi
+++ b/arch/arm/boot/dts/vf610.dtsi
@@ -19,7 +19,7 @@
reg = <0x40006000 0x1000>;
cache-unified;
cache-level = <2>;
- arm,data-latency = <1 1 1>;
+ arm,data-latency = <3 3 3>;
arm,tag-latency = <2 2 2>;
};
};
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 173/305] xhci: fix usb2 resume timing and races.
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (171 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 172/305] ARM: dts: vf610: use reset values for L2 cache latencies Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 174/305] USB: add quirk for devices with broken LPM Kamal Mostafa
` (131 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mathias Nyman, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit f69115fdbc1ac0718e7d19ad3caa3da2ecfe1c96 upstream.
According to USB 2 specs ports need to signal resume for at least 20ms,
in practice even longer, before moving to U0 state.
Both host and devices can initiate resume.
On device initiated resume, a port status interrupt with the port in resume
state in issued. The interrupt handler tags a resume_done[port]
timestamp with current time + USB_RESUME_TIMEOUT, and kick roothub timer.
Root hub timer requests for port status, finds the port in resume state,
checks if resume_done[port] timestamp passed, and set port to U0 state.
On host initiated resume, current code sets the port to resume state,
sleep 20ms, and finally sets the port to U0 state. This should also
be changed to work in a similar way as the device initiated resume, with
timestamp tagging, but that is not yet tested and will be a separate
fix later.
There are a few issues with this approach
1. A host initiated resume will also generate a resume event. The event
handler will find the port in resume state, believe it's a device
initiated resume, and act accordingly.
2. A port status request might cut the resume signalling short if a
get_port_status request is handled during the host resume signalling.
The port will be found in resume state. The timestamp is not set leading
to time_after_eq(jiffies, timestamp) returning true, as timestamp = 0.
get_port_status will proceed with moving the port to U0.
3. If an error, or anything else happens to the port during device
initiated resume signalling it will leave all the device resume
parameters hanging uncleared, preventing further suspend, returning
-EBUSY, and cause the pm thread to busyloop trying to enter suspend.
Fix this by using the existing resuming_ports bitfield to indicate that
resume signalling timing is taken care of.
Check if the resume_done[port] is set before using it for timestamp
comparison, and also clear out any resume signalling related variables
if port is not in U0 or Resume state
This issue was discovered when a PM thread busylooped, trying to runtime
suspend the xhci USB 2 roothub on a Dell XPS
Reported-by: Daniel J Blueman <daniel@quora.org>
Tested-by: Daniel J Blueman <daniel@quora.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/xhci-hub.c | 47 +++++++++++++++++++++++++++++++++++++++-----
drivers/usb/host/xhci-ring.c | 3 ++-
2 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 394994f..976a15b 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -616,8 +616,30 @@ static u32 xhci_get_port_status(struct usb_hcd *hcd,
if ((raw_port_status & PORT_RESET) ||
!(raw_port_status & PORT_PE))
return 0xffffffff;
- if (time_after_eq(jiffies,
- bus_state->resume_done[wIndex])) {
+ /* did port event handler already start resume timing? */
+ if (!bus_state->resume_done[wIndex]) {
+ /* If not, maybe we are in a host initated resume? */
+ if (test_bit(wIndex, &bus_state->resuming_ports)) {
+ /* Host initated resume doesn't time the resume
+ * signalling using resume_done[].
+ * It manually sets RESUME state, sleeps 20ms
+ * and sets U0 state. This should probably be
+ * changed, but not right now.
+ */
+ } else {
+ /* port resume was discovered now and here,
+ * start resume timing
+ */
+ unsigned long timeout = jiffies +
+ msecs_to_jiffies(USB_RESUME_TIMEOUT);
+
+ set_bit(wIndex, &bus_state->resuming_ports);
+ bus_state->resume_done[wIndex] = timeout;
+ mod_timer(&hcd->rh_timer, timeout);
+ }
+ /* Has resume been signalled for USB_RESUME_TIME yet? */
+ } else if (time_after_eq(jiffies,
+ bus_state->resume_done[wIndex])) {
int time_left;
xhci_dbg(xhci, "Resume USB2 port %d\n",
@@ -658,13 +680,26 @@ static u32 xhci_get_port_status(struct usb_hcd *hcd,
} else {
/*
* The resume has been signaling for less than
- * 20ms. Report the port status as SUSPEND,
- * let the usbcore check port status again
- * and clear resume signaling later.
+ * USB_RESUME_TIME. Report the port status as SUSPEND,
+ * let the usbcore check port status again and clear
+ * resume signaling later.
*/
status |= USB_PORT_STAT_SUSPEND;
}
}
+ /*
+ * Clear stale usb2 resume signalling variables in case port changed
+ * state during resume signalling. For example on error
+ */
+ if ((bus_state->resume_done[wIndex] ||
+ test_bit(wIndex, &bus_state->resuming_ports)) &&
+ (raw_port_status & PORT_PLS_MASK) != XDEV_U3 &&
+ (raw_port_status & PORT_PLS_MASK) != XDEV_RESUME) {
+ bus_state->resume_done[wIndex] = 0;
+ clear_bit(wIndex, &bus_state->resuming_ports);
+ }
+
+
if ((raw_port_status & PORT_PLS_MASK) == XDEV_U0 &&
(raw_port_status & PORT_POWER)) {
if (bus_state->suspended_ports & (1 << wIndex)) {
@@ -998,6 +1033,7 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
if ((temp & PORT_PE) == 0)
goto error;
+ set_bit(wIndex, &bus_state->resuming_ports);
xhci_set_link_state(xhci, port_array, wIndex,
XDEV_RESUME);
spin_unlock_irqrestore(&xhci->lock, flags);
@@ -1005,6 +1041,7 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
spin_lock_irqsave(&xhci->lock, flags);
xhci_set_link_state(xhci, port_array, wIndex,
XDEV_U0);
+ clear_bit(wIndex, &bus_state->resuming_ports);
}
bus_state->port_c_suspend |= 1 << wIndex;
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 63041c1..ea9690e 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1583,7 +1583,8 @@ static void handle_port_status(struct xhci_hcd *xhci,
*/
bogus_port_status = true;
goto cleanup;
- } else {
+ } else if (!test_bit(faked_port_index,
+ &bus_state->resuming_ports)) {
xhci_dbg(xhci, "resume HS port %d\n", port_id);
bus_state->resume_done[faked_port_index] = jiffies +
msecs_to_jiffies(USB_RESUME_TIMEOUT);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 174/305] USB: add quirk for devices with broken LPM
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (172 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 173/305] xhci: fix usb2 resume timing and races Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 175/305] parisc iommu: fix panic due to trying to allocate too large region Kamal Mostafa
` (130 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alan Stern, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit ad87e03213b552a5c33d5e1e7a19a73768397010 upstream.
Some USB device / host controller combinations seem to have problems
with Link Power Management. For example, Steinar found that his xHCI
controller wouldn't handle bandwidth calculations correctly for two
video cards simultaneously when LPM was enabled, even though the bus
had plenty of bandwidth available.
This patch introduces a new quirk flag for devices that should remain
disabled for LPM, and creates quirk entries for Steinar's devices.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Steinar H. Gunderson <sgunderson@bigfoot.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/core/hub.c | 7 ++++++-
drivers/usb/core/quirks.c | 6 ++++++
include/linux/usb/quirks.h | 3 +++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 253b08b..5eb29e8 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -124,6 +124,10 @@ struct usb_hub *usb_hub_to_struct_hub(struct usb_device *hdev)
int usb_device_supports_lpm(struct usb_device *udev)
{
+ /* Some devices have trouble with LPM */
+ if (udev->quirks & USB_QUIRK_NO_LPM)
+ return 0;
+
/* USB 2.1 (and greater) devices indicate LPM support through
* their USB 2.0 Extended Capabilities BOS descriptor.
*/
@@ -4499,6 +4503,8 @@ hub_port_init (struct usb_hub *hub, struct usb_device *udev, int port1,
goto fail;
}
+ usb_detect_quirks(udev);
+
if (udev->wusb == 0 && le16_to_cpu(udev->descriptor.bcdUSB) >= 0x0201) {
retval = usb_get_bos_descriptor(udev);
if (!retval) {
@@ -4697,7 +4703,6 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
if (status < 0)
goto loop;
- usb_detect_quirks(udev);
if (udev->quirks & USB_QUIRK_DELAY_INIT)
msleep(1000);
diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
index f5a3819..017c1de 100644
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -199,6 +199,12 @@ static const struct usb_device_id usb_quirk_list[] = {
{ USB_DEVICE(0x1a0a, 0x0200), .driver_info =
USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL },
+ /* Blackmagic Design Intensity Shuttle */
+ { USB_DEVICE(0x1edb, 0xbd3b), .driver_info = USB_QUIRK_NO_LPM },
+
+ /* Blackmagic Design UltraStudio SDI */
+ { USB_DEVICE(0x1edb, 0xbd4f), .driver_info = USB_QUIRK_NO_LPM },
+
{ } /* terminating entry must be last */
};
diff --git a/include/linux/usb/quirks.h b/include/linux/usb/quirks.h
index 9948c87..1d0043d 100644
--- a/include/linux/usb/quirks.h
+++ b/include/linux/usb/quirks.h
@@ -47,4 +47,7 @@
/* device generates spurious wakeup, ignore remote wakeup capability */
#define USB_QUIRK_IGNORE_REMOTE_WAKEUP BIT(9)
+/* device can't handle Link Power Management */
+#define USB_QUIRK_NO_LPM BIT(10)
+
#endif /* __LINUX_USB_QUIRKS_H */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 175/305] parisc iommu: fix panic due to trying to allocate too large region
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (173 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 174/305] USB: add quirk for devices with broken LPM Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 176/305] mm: hugetlb: fix hugepage memory leak caused by wrong reserve count Kamal Mostafa
` (129 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mikulas Patocka, Helge Deller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit e46e31a3696ae2d66f32c207df3969613726e636 upstream.
When using the Promise TX2+ SATA controller on PA-RISC, the system often
crashes with kernel panic, for example just writing data with the dd
utility will make it crash.
Kernel panic - not syncing: drivers/parisc/sba_iommu.c: I/O MMU @ 000000000000a000 is out of mapping resources
CPU: 0 PID: 18442 Comm: mkspadfs Not tainted 4.4.0-rc2 #2
Backtrace:
[<000000004021497c>] show_stack+0x14/0x20
[<0000000040410bf0>] dump_stack+0x88/0x100
[<000000004023978c>] panic+0x124/0x360
[<0000000040452c18>] sba_alloc_range+0x698/0x6a0
[<0000000040453150>] sba_map_sg+0x260/0x5b8
[<000000000c18dbb4>] ata_qc_issue+0x264/0x4a8 [libata]
[<000000000c19535c>] ata_scsi_translate+0xe4/0x220 [libata]
[<000000000c19a93c>] ata_scsi_queuecmd+0xbc/0x320 [libata]
[<0000000040499bbc>] scsi_dispatch_cmd+0xfc/0x130
[<000000004049da34>] scsi_request_fn+0x6e4/0x970
[<00000000403e95a8>] __blk_run_queue+0x40/0x60
[<00000000403e9d8c>] blk_run_queue+0x3c/0x68
[<000000004049a534>] scsi_run_queue+0x2a4/0x360
[<000000004049be68>] scsi_end_request+0x1a8/0x238
[<000000004049de84>] scsi_io_completion+0xfc/0x688
[<0000000040493c74>] scsi_finish_command+0x17c/0x1d0
The cause of the crash is not exhaustion of the IOMMU space, there is
plenty of free pages. The function sba_alloc_range is called with size
0x11000, thus the pages_needed variable is 0x11. The function
sba_search_bitmap is called with bits_wanted 0x11 and boundary size is
0x10 (because dma_get_seg_boundary(dev) returns 0xffff).
The function sba_search_bitmap attempts to allocate 17 pages that must not
cross 16-page boundary - it can't satisfy this requirement
(iommu_is_span_boundary always returns true) and fails even if there are
many free entries in the IOMMU space.
How did it happen that we try to allocate 17 pages that don't cross
16-page boundary? The cause is in the function iommu_coalesce_chunks. This
function tries to coalesce adjacent entries in the scatterlist. The
function does several checks if it may coalesce one entry with the next,
one of those checks is this:
if (startsg->length + dma_len > max_seg_size)
break;
When it finishes coalescing adjacent entries, it allocates the mapping:
sg_dma_len(contig_sg) = dma_len;
dma_len = ALIGN(dma_len + dma_offset, IOVP_SIZE);
sg_dma_address(contig_sg) =
PIDE_FLAG
| (iommu_alloc_range(ioc, dev, dma_len) << IOVP_SHIFT)
| dma_offset;
It is possible that (startsg->length + dma_len > max_seg_size) is false
(we are just near the 0x10000 max_seg_size boundary), so the funcion
decides to coalesce this entry with the next entry. When the coalescing
succeeds, the function performs
dma_len = ALIGN(dma_len + dma_offset, IOVP_SIZE);
And now, because of non-zero dma_offset, dma_len is greater than 0x10000.
iommu_alloc_range (a pointer to sba_alloc_range) is called and it attempts
to allocate 17 pages for a device that must not cross 16-page boundary.
To fix the bug, we must make sure that dma_len after addition of
dma_offset and alignment doesn't cross the segment boundary. I.e. change
if (startsg->length + dma_len > max_seg_size)
break;
to
if (ALIGN(dma_len + dma_offset + startsg->length, IOVP_SIZE) > max_seg_size)
break;
This patch makes this change (it precalculates max_seg_boundary at the
beginning of the function iommu_coalesce_chunks). I also added a check
that the mapping length doesn't exceed dma_get_seg_boundary(dev) (it is
not needed for Promise TX2+ SATA, but it may be needed for other devices
that have dma_get_seg_boundary lower than dma_get_max_seg_size).
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/parisc/iommu-helpers.h | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/parisc/iommu-helpers.h b/drivers/parisc/iommu-helpers.h
index 761e77b..e56f156 100644
--- a/drivers/parisc/iommu-helpers.h
+++ b/drivers/parisc/iommu-helpers.h
@@ -104,7 +104,11 @@ iommu_coalesce_chunks(struct ioc *ioc, struct device *dev,
struct scatterlist *contig_sg; /* contig chunk head */
unsigned long dma_offset, dma_len; /* start/len of DMA stream */
unsigned int n_mappings = 0;
- unsigned int max_seg_size = dma_get_max_seg_size(dev);
+ unsigned int max_seg_size = min(dma_get_max_seg_size(dev),
+ (unsigned)DMA_CHUNK_SIZE);
+ unsigned int max_seg_boundary = dma_get_seg_boundary(dev) + 1;
+ if (max_seg_boundary) /* check if the addition above didn't overflow */
+ max_seg_size = min(max_seg_size, max_seg_boundary);
while (nents > 0) {
@@ -138,14 +142,11 @@ iommu_coalesce_chunks(struct ioc *ioc, struct device *dev,
/*
** First make sure current dma stream won't
- ** exceed DMA_CHUNK_SIZE if we coalesce the
+ ** exceed max_seg_size if we coalesce the
** next entry.
*/
- if(unlikely(ALIGN(dma_len + dma_offset + startsg->length,
- IOVP_SIZE) > DMA_CHUNK_SIZE))
- break;
-
- if (startsg->length + dma_len > max_seg_size)
+ if (unlikely(ALIGN(dma_len + dma_offset + startsg->length, IOVP_SIZE) >
+ max_seg_size))
break;
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 176/305] mm: hugetlb: fix hugepage memory leak caused by wrong reserve count
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (174 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 175/305] parisc iommu: fix panic due to trying to allocate too large region Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 177/305] mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress Kamal Mostafa
` (128 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Naoya Horiguchi, David Rientjes, Dave Hansen, Mel Gorman,
Joonsoo Kim, Hillf Danton, Mike Kravetz, Andrew Morton,
Linus Torvalds, Luis Henriques, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
commit a88c769548047b21f76fd71e04b6a3300ff17160 upstream.
When dequeue_huge_page_vma() in alloc_huge_page() fails, we fall back on
alloc_buddy_huge_page() to directly create a hugepage from the buddy
allocator.
In that case, however, if alloc_buddy_huge_page() succeeds we don't
decrement h->resv_huge_pages, which means that successful
hugetlb_fault() returns without releasing the reserve count. As a
result, subsequent hugetlb_fault() might fail despite that there are
still free hugepages.
This patch simply adds decrementing code on that code path.
I reproduced this problem when testing v4.3 kernel in the following situation:
- the test machine/VM is a NUMA system,
- hugepage overcommiting is enabled,
- most of hugepages are allocated and there's only one free hugepage
which is on node 0 (for example),
- another program, which calls set_mempolicy(MPOL_BIND) to bind itself to
node 1, tries to allocate a hugepage,
- the allocation should fail but the reserve count is still hold.
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Hillf Danton <hillf.zj@alibaba-inc.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[ luis: backported to 3.16:
- use 'chg' instead of 'gbl_chg'
- adjusted context ]
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/hugetlb.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 62c1ec5..f70850e 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -1563,7 +1563,10 @@ static struct page *alloc_huge_page(struct vm_area_struct *vma,
page = alloc_buddy_huge_page(h, NUMA_NO_NODE);
if (!page)
goto out_uncharge_cgroup;
-
+ if (!avoid_reserve && vma_has_reserves(vma, chg)) {
+ SetPagePrivate(page);
+ h->resv_huge_pages--;
+ }
spin_lock(&hugetlb_lock);
list_move(&page->lru, &h->hugepage_activelist);
/* Fall through */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 177/305] mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (175 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 176/305] mm: hugetlb: fix hugepage memory leak caused by wrong reserve count Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 178/305] mm: hugetlb: call huge_pte_alloc() only if ptep is null Kamal Mostafa
` (127 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michal Hocko, Tejun Heo, Cristopher Lameter, Joonsoo Kim,
Arkadiusz Miskiewicz, Andrew Morton, Linus Torvalds,
Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Michal Hocko <mhocko@suse.com>
commit 373ccbe5927034b55bdc80b0f8b54d6e13fe8d12 upstream.
Tetsuo Handa has reported that the system might basically livelock in
OOM condition without triggering the OOM killer.
The issue is caused by internal dependency of the direct reclaim on
vmstat counter updates (via zone_reclaimable) which are performed from
the workqueue context. If all the current workers get assigned to an
allocation request, though, they will be looping inside the allocator
trying to reclaim memory but zone_reclaimable can see stalled numbers so
it will consider a zone reclaimable even though it has been scanned way
too much. WQ concurrency logic will not consider this situation as a
congested workqueue because it relies that worker would have to sleep in
such a situation. This also means that it doesn't try to spawn new
workers or invoke the rescuer thread if the one is assigned to the
queue.
In order to fix this issue we need to do two things. First we have to
let wq concurrency code know that we are in trouble so we have to do a
short sleep. In order to prevent from issues handled by 0e093d99763e
("writeback: do not sleep on the congestion queue if there are no
congested BDIs or if significant congestion is not being encountered in
the current zone") we limit the sleep only to worker threads which are
the ones of the interest anyway.
The second thing to do is to create a dedicated workqueue for vmstat and
mark it WQ_MEM_RECLAIM to note it participates in the reclaim and to
have a spare worker thread for it.
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Tejun Heo <tj@kernel.org>
Cc: Cristopher Lameter <clameter@sgi.com>
Cc: Joonsoo Kim <js1304@gmail.com>
Cc: Arkadiusz Miskiewicz <arekm@maven.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[ kamal: backport to 4.2-stable: use queue_delayed_work() in vmstat_update ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/backing-dev.c | 19 ++++++++++++++++---
mm/vmstat.c | 7 +++++--
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/mm/backing-dev.c b/mm/backing-dev.c
index dc07d88..632b79b 100644
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c
@@ -943,8 +943,9 @@ EXPORT_SYMBOL(congestion_wait);
* jiffies for either a BDI to exit congestion of the given @sync queue
* or a write to complete.
*
- * In the absence of zone congestion, cond_resched() is called to yield
- * the processor if necessary but otherwise does not sleep.
+ * In the absence of zone congestion, a short sleep or a cond_resched is
+ * performed to yield the processor and to allow other subsystems to make
+ * a forward progress.
*
* The return value is 0 if the sleep is for the full timeout. Otherwise,
* it is the number of jiffies that were still remaining when the function
@@ -964,7 +965,19 @@ long wait_iff_congested(struct zone *zone, int sync, long timeout)
*/
if (atomic_read(&nr_wb_congested[sync]) == 0 ||
!test_bit(ZONE_CONGESTED, &zone->flags)) {
- cond_resched();
+
+ /*
+ * Memory allocation/reclaim might be called from a WQ
+ * context and the current implementation of the WQ
+ * concurrency control doesn't recognize that a particular
+ * WQ is congested if the worker thread is looping without
+ * ever sleeping. Therefore we have to do a short sleep
+ * here rather than calling cond_resched().
+ */
+ if (current->flags & PF_WQ_WORKER)
+ schedule_timeout(1);
+ else
+ cond_resched();
/* In case we scheduled, work out time remaining */
ret = timeout - (jiffies - start);
diff --git a/mm/vmstat.c b/mm/vmstat.c
index 4f5cd97..a94a02a 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -1357,6 +1357,7 @@ static const struct file_operations proc_vmstat_file_operations = {
#endif /* CONFIG_PROC_FS */
#ifdef CONFIG_SMP
+static struct workqueue_struct *vmstat_wq;
static DEFINE_PER_CPU(struct delayed_work, vmstat_work);
int sysctl_stat_interval __read_mostly = HZ;
static cpumask_var_t cpu_stat_off;
@@ -1369,7 +1370,8 @@ static void vmstat_update(struct work_struct *w)
* to occur in the future. Keep on running the
* update worker thread.
*/
- schedule_delayed_work(this_cpu_ptr(&vmstat_work),
+ queue_delayed_work(vmstat_wq,
+ this_cpu_ptr(&vmstat_work),
round_jiffies_relative(sysctl_stat_interval));
else {
/*
@@ -1437,7 +1439,7 @@ static void vmstat_shepherd(struct work_struct *w)
if (need_update(cpu) &&
cpumask_test_and_clear_cpu(cpu, cpu_stat_off))
- schedule_delayed_work_on(cpu,
+ queue_delayed_work_on(cpu, vmstat_wq,
&per_cpu(vmstat_work, cpu), 0);
put_online_cpus();
@@ -1526,6 +1528,7 @@ static int __init setup_vmstat(void)
start_shepherd_timer();
cpu_notifier_register_done();
+ vmstat_wq = alloc_workqueue("vmstat", WQ_FREEZABLE|WQ_MEM_RECLAIM, 0);
#endif
#ifdef CONFIG_PROC_FS
proc_create("buddyinfo", S_IRUGO, NULL, &fragmentation_file_operations);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 178/305] mm: hugetlb: call huge_pte_alloc() only if ptep is null
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (176 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 177/305] mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 179/305] drivers/base/memory.c: prohibit offlining of memory blocks with missing sections Kamal Mostafa
` (126 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Naoya Horiguchi, Hugh Dickins, Dave Hansen, Mel Gorman,
Joonsoo Kim, Mike Kravetz, Andrew Morton, Linus Torvalds,
Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
commit 0d777df5d8953293be090d9ab5a355db893e8357 upstream.
Currently at the beginning of hugetlb_fault(), we call huge_pte_offset()
and check whether the obtained *ptep is a migration/hwpoison entry or
not. And if not, then we get to call huge_pte_alloc(). This is racy
because the *ptep could turn into migration/hwpoison entry after the
huge_pte_offset() check. This race results in BUG_ON in
huge_pte_alloc().
We don't have to call huge_pte_alloc() when the huge_pte_offset()
returns non-NULL, so let's fix this bug with moving the code into else
block.
Note that the *ptep could turn into a migration/hwpoison entry after
this block, but that's not a problem because we have another
!pte_present check later (we never go into hugetlb_no_page() in that
case.)
Fixes: 290408d4a250 ("hugetlb: hugepage migration core")
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Acked-by: Hillf Danton <hillf.zj@alibaba-inc.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/hugetlb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index f70850e..080ed4b 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -3350,12 +3350,12 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
} else if (unlikely(is_hugetlb_entry_hwpoisoned(entry)))
return VM_FAULT_HWPOISON_LARGE |
VM_FAULT_SET_HINDEX(hstate_index(h));
+ } else {
+ ptep = huge_pte_alloc(mm, address, huge_page_size(h));
+ if (!ptep)
+ return VM_FAULT_OOM;
}
- ptep = huge_pte_alloc(mm, address, huge_page_size(h));
- if (!ptep)
- return VM_FAULT_OOM;
-
mapping = vma->vm_file->f_mapping;
idx = vma_hugecache_offset(h, vma, address);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 179/305] drivers/base/memory.c: prohibit offlining of memory blocks with missing sections
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (177 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 178/305] mm: hugetlb: call huge_pte_alloc() only if ptep is null Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 180/305] ocfs2: fix SGID not inherited issue Kamal Mostafa
` (125 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Seth Jennings, Daniel J Blueman, Yinghai Lu, Greg KH,
Russ Anderson, Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Seth Jennings <sjennings@variantweb.net>
commit 26bbe7ef6d5cdc7ec08cba6d433fca4060f258f3 upstream.
Commit bdee237c0343 ("x86: mm: Use 2GB memory block size on large-memory
x86-64 systems") and 982792c782ef ("x86, mm: probe memory block size for
generic x86 64bit") introduced large block sizes for x86. This made it
possible to have multiple sections per memory block where previously,
there was a only every one section per block.
Since blocks consist of contiguous ranges of section, there can be holes
in the blocks where sections are not present. If one attempts to
offline such a block, a crash occurs since the code is not designed to
deal with this.
This patch is a quick fix to gaurd against the crash by not allowing
blocks with non-present sections to be offlined.
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=107781
Signed-off-by: Seth Jennings <sjennings@variantweb.net>
Reported-by: Andrew Banman <abanman@sgi.com>
Cc: Daniel J Blueman <daniel@numascale.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Greg KH <greg@kroah.com>
Cc: Russ Anderson <rja@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/base/memory.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/base/memory.c b/drivers/base/memory.c
index 2804aed..25425d3 100644
--- a/drivers/base/memory.c
+++ b/drivers/base/memory.c
@@ -303,6 +303,10 @@ static int memory_subsys_offline(struct device *dev)
if (mem->state == MEM_OFFLINE)
return 0;
+ /* Can't offline block with non-present sections */
+ if (mem->section_count != sections_per_block)
+ return -EINVAL;
+
return memory_block_change_state(mem, MEM_OFFLINE, MEM_ONLINE);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 180/305] ocfs2: fix SGID not inherited issue
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (178 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 179/305] drivers/base/memory.c: prohibit offlining of memory blocks with missing sections Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 181/305] sh64: fix __NR_fgetxattr Kamal Mostafa
` (124 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Junxiao Bi, Mark Fasheh, Joel Becker, Andrew Morton,
Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Junxiao Bi <junxiao.bi@oracle.com>
commit 854ee2e944b4daf795e32562a7d2f9e90ab5a6a8 upstream.
Commit 8f1eb48758aa ("ocfs2: fix umask ignored issue") introduced an
issue, SGID of sub dir was not inherited from its parents dir. It is
because SGID is set into "inode->i_mode" in ocfs2_get_init_inode(), but
is overwritten by "mode" which don't have SGID set later.
Fixes: 8f1eb48758aa ("ocfs2: fix umask ignored issue")
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Acked-by: Srinivas Eeda <srinivas.eeda@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ocfs2/namei.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index ff04012..564584a 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -360,13 +360,11 @@ static int ocfs2_mknod(struct inode *dir,
goto leave;
}
- status = posix_acl_create(dir, &mode, &default_acl, &acl);
+ status = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl);
if (status) {
mlog_errno(status);
goto leave;
}
- /* update inode->i_mode after mask with "umask". */
- inode->i_mode = mode;
handle = ocfs2_start_trans(osb, ocfs2_mknod_credits(osb->sb,
S_ISDIR(mode),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 181/305] sh64: fix __NR_fgetxattr
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (179 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 180/305] ocfs2: fix SGID not inherited issue Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 182/305] sched/wait: Fix the signal handling fix Kamal Mostafa
` (123 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dmitry V. Levin, Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Dmitry V. Levin" <ldv@altlinux.org>
commit 2d33fa1059da4c8e816627a688d950b613ec0474 upstream.
According to arch/sh/kernel/syscalls_64.S and common sense, __NR_fgetxattr
has to be defined to 259, but it doesn't. Instead, it's defined to 269,
which is of course used by another syscall, __NR_sched_setaffinity in this
case.
This bug was found by strace test suite.
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sh/include/uapi/asm/unistd_64.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sh/include/uapi/asm/unistd_64.h b/arch/sh/include/uapi/asm/unistd_64.h
index e6820c8..47ebd5b 100644
--- a/arch/sh/include/uapi/asm/unistd_64.h
+++ b/arch/sh/include/uapi/asm/unistd_64.h
@@ -278,7 +278,7 @@
#define __NR_fsetxattr 256
#define __NR_getxattr 257
#define __NR_lgetxattr 258
-#define __NR_fgetxattr 269
+#define __NR_fgetxattr 259
#define __NR_listxattr 260
#define __NR_llistxattr 261
#define __NR_flistxattr 262
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 182/305] sched/wait: Fix the signal handling fix
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (180 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 181/305] sh64: fix __NR_fgetxattr Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 183/305] sata/mvebu: use #ifdef around suspend/resume code Kamal Mostafa
` (122 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ingo Molnar, tglx, Oleg Nesterov, hpa, Peter Zijlstra (Intel),
Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Zijlstra <peterz@infradead.org>
commit dfd01f026058a59a513f8a365b439a0681b803af upstream.
Jan Stancek reported that I wrecked things for him by fixing things for
Vladimir :/
His report was due to an UNINTERRUPTIBLE wait getting -EINTR, which
should not be possible, however my previous patch made this possible by
unconditionally checking signal_pending().
We cannot use current->state as was done previously, because the
instruction after the store to that variable it can be changed. We must
instead pass the initial state along and use that.
Fixes: 68985633bccb ("sched/wait: Fix signal handling in bit wait helpers")
Reported-by: Jan Stancek <jstancek@redhat.com>
Reported-by: Chris Mason <clm@fb.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Vladimir Murzin <vladimir.murzin@arm.com>
Tested-by: Chris Mason <clm@fb.com>
Reviewed-by: Paul Turner <pjt@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: tglx@linutronix.de
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: hpa@zytor.com
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/cifs/inode.c | 6 +++---
fs/nfs/inode.c | 6 +++---
fs/nfs/internal.h | 2 +-
fs/nfs/pagelist.c | 2 +-
fs/nfs/pnfs.c | 4 ++--
include/linux/wait.h | 10 +++++-----
kernel/sched/wait.c | 20 ++++++++++----------
net/sunrpc/sched.c | 6 +++---
8 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index 6b66dd5..a329f5b 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -1831,11 +1831,11 @@ cifs_invalidate_mapping(struct inode *inode)
* @word: long word containing the bit lock
*/
static int
-cifs_wait_bit_killable(struct wait_bit_key *key)
+cifs_wait_bit_killable(struct wait_bit_key *key, int mode)
{
- if (fatal_signal_pending(current))
- return -ERESTARTSYS;
freezable_schedule_unsafe();
+ if (signal_pending_state(mode, current))
+ return -ERESTARTSYS;
return 0;
}
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index f27cc76..1c65e3f 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -75,11 +75,11 @@ nfs_fattr_to_ino_t(struct nfs_fattr *fattr)
* nfs_wait_bit_killable - helper for functions that are sleeping on bit locks
* @word: long word containing the bit lock
*/
-int nfs_wait_bit_killable(struct wait_bit_key *key)
+int nfs_wait_bit_killable(struct wait_bit_key *key, int mode)
{
- if (fatal_signal_pending(current))
- return -ERESTARTSYS;
freezable_schedule_unsafe();
+ if (signal_pending_state(mode, current))
+ return -ERESTARTSYS;
return 0;
}
EXPORT_SYMBOL_GPL(nfs_wait_bit_killable);
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 1dad181..d7345c4 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -384,7 +384,7 @@ extern int nfs_drop_inode(struct inode *);
extern void nfs_clear_inode(struct inode *);
extern void nfs_evict_inode(struct inode *);
void nfs_zap_acl_cache(struct inode *inode);
-extern int nfs_wait_bit_killable(struct wait_bit_key *key);
+extern int nfs_wait_bit_killable(struct wait_bit_key *key, int mode);
/* super.c */
extern const struct super_operations nfs_sops;
diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
index fe3ddd2..452a011 100644
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -129,7 +129,7 @@ __nfs_iocounter_wait(struct nfs_io_counter *c)
set_bit(NFS_IO_INPROGRESS, &c->flags);
if (atomic_read(&c->io_count) == 0)
break;
- ret = nfs_wait_bit_killable(&q.key);
+ ret = nfs_wait_bit_killable(&q.key, TASK_KILLABLE);
} while (atomic_read(&c->io_count) != 0 && !ret);
finish_wait(wq, &q.wait);
return ret;
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 1cbebec..75abed0 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -1443,11 +1443,11 @@ static bool pnfs_within_mdsthreshold(struct nfs_open_context *ctx,
}
/* stop waiting if someone clears NFS_LAYOUT_RETRY_LAYOUTGET bit. */
-static int pnfs_layoutget_retry_bit_wait(struct wait_bit_key *key)
+static int pnfs_layoutget_retry_bit_wait(struct wait_bit_key *key, int mode)
{
if (!test_bit(NFS_LAYOUT_RETRY_LAYOUTGET, key->flags))
return 1;
- return nfs_wait_bit_killable(key);
+ return nfs_wait_bit_killable(key, mode);
}
static bool pnfs_prepare_to_retry_layoutget(struct pnfs_layout_hdr *lo)
diff --git a/include/linux/wait.h b/include/linux/wait.h
index 1e1bf9f..513b36f 100644
--- a/include/linux/wait.h
+++ b/include/linux/wait.h
@@ -145,7 +145,7 @@ __remove_wait_queue(wait_queue_head_t *head, wait_queue_t *old)
list_del(&old->task_list);
}
-typedef int wait_bit_action_f(struct wait_bit_key *);
+typedef int wait_bit_action_f(struct wait_bit_key *, int mode);
void __wake_up(wait_queue_head_t *q, unsigned int mode, int nr, void *key);
void __wake_up_locked_key(wait_queue_head_t *q, unsigned int mode, void *key);
void __wake_up_sync_key(wait_queue_head_t *q, unsigned int mode, int nr, void *key);
@@ -960,10 +960,10 @@ int wake_bit_function(wait_queue_t *wait, unsigned mode, int sync, void *key);
} while (0)
-extern int bit_wait(struct wait_bit_key *);
-extern int bit_wait_io(struct wait_bit_key *);
-extern int bit_wait_timeout(struct wait_bit_key *);
-extern int bit_wait_io_timeout(struct wait_bit_key *);
+extern int bit_wait(struct wait_bit_key *, int);
+extern int bit_wait_io(struct wait_bit_key *, int);
+extern int bit_wait_timeout(struct wait_bit_key *, int);
+extern int bit_wait_io_timeout(struct wait_bit_key *, int);
/**
* wait_on_bit - wait for a bit to be cleared
diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
index f10bd87..f15d6b6 100644
--- a/kernel/sched/wait.c
+++ b/kernel/sched/wait.c
@@ -392,7 +392,7 @@ __wait_on_bit(wait_queue_head_t *wq, struct wait_bit_queue *q,
do {
prepare_to_wait(wq, &q->wait, mode);
if (test_bit(q->key.bit_nr, q->key.flags))
- ret = (*action)(&q->key);
+ ret = (*action)(&q->key, mode);
} while (test_bit(q->key.bit_nr, q->key.flags) && !ret);
finish_wait(wq, &q->wait);
return ret;
@@ -431,7 +431,7 @@ __wait_on_bit_lock(wait_queue_head_t *wq, struct wait_bit_queue *q,
prepare_to_wait_exclusive(wq, &q->wait, mode);
if (!test_bit(q->key.bit_nr, q->key.flags))
continue;
- ret = action(&q->key);
+ ret = action(&q->key, mode);
if (!ret)
continue;
abort_exclusive_wait(wq, &q->wait, mode, &q->key);
@@ -581,43 +581,43 @@ void wake_up_atomic_t(atomic_t *p)
}
EXPORT_SYMBOL(wake_up_atomic_t);
-__sched int bit_wait(struct wait_bit_key *word)
+__sched int bit_wait(struct wait_bit_key *word, int mode)
{
schedule();
- if (signal_pending(current))
+ if (signal_pending_state(mode, current))
return -EINTR;
return 0;
}
EXPORT_SYMBOL(bit_wait);
-__sched int bit_wait_io(struct wait_bit_key *word)
+__sched int bit_wait_io(struct wait_bit_key *word, int mode)
{
io_schedule();
- if (signal_pending(current))
+ if (signal_pending_state(mode, current))
return -EINTR;
return 0;
}
EXPORT_SYMBOL(bit_wait_io);
-__sched int bit_wait_timeout(struct wait_bit_key *word)
+__sched int bit_wait_timeout(struct wait_bit_key *word, int mode)
{
unsigned long now = READ_ONCE(jiffies);
if (time_after_eq(now, word->timeout))
return -EAGAIN;
schedule_timeout(word->timeout - now);
- if (signal_pending(current))
+ if (signal_pending_state(mode, current))
return -EINTR;
return 0;
}
EXPORT_SYMBOL_GPL(bit_wait_timeout);
-__sched int bit_wait_io_timeout(struct wait_bit_key *word)
+__sched int bit_wait_io_timeout(struct wait_bit_key *word, int mode)
{
unsigned long now = READ_ONCE(jiffies);
if (time_after_eq(now, word->timeout))
return -EAGAIN;
io_schedule_timeout(word->timeout - now);
- if (signal_pending(current))
+ if (signal_pending_state(mode, current))
return -EINTR;
return 0;
}
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index 337ca85..6c21ca1 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -250,11 +250,11 @@ void rpc_destroy_wait_queue(struct rpc_wait_queue *queue)
}
EXPORT_SYMBOL_GPL(rpc_destroy_wait_queue);
-static int rpc_wait_bit_killable(struct wait_bit_key *key)
+static int rpc_wait_bit_killable(struct wait_bit_key *key, int mode)
{
- if (fatal_signal_pending(current))
- return -ERESTARTSYS;
freezable_schedule_unsafe();
+ if (signal_pending_state(mode, current))
+ return -ERESTARTSYS;
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 183/305] sata/mvebu: use #ifdef around suspend/resume code
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (181 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 182/305] sched/wait: Fix the signal handling fix Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 184/305] usb: musb: USB_TI_CPPI41_DMA requires dmaengine support Kamal Mostafa
` (121 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Arnd Bergmann, Tejun Heo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 4f1dd973acffeb67142d39f3bfbc4dd0569f2da6 upstream.
The newly added suspend/resume implementation for ahci_mvebu causes
a link error when CONFIG_PM_SLEEP is disabled:
ERROR: "ahci_platform_suspend_host" [drivers/ata/ahci_mvebu.ko] undefined!
ERROR: "ahci_platform_resume_host" [drivers/ata/ahci_mvebu.ko] undefined!
This adds the same #ifdef here that exists in the ahci_platform driver
which defines the above functions.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: d6ecf1581488 ("ata: ahci_mvebu: add suspend/resume support")
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/ata/ahci_mvebu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/ata/ahci_mvebu.c b/drivers/ata/ahci_mvebu.c
index 8490d37..f7a7fa8 100644
--- a/drivers/ata/ahci_mvebu.c
+++ b/drivers/ata/ahci_mvebu.c
@@ -62,6 +62,7 @@ static void ahci_mvebu_regret_option(struct ahci_host_priv *hpriv)
writel(0x80, hpriv->mmio + AHCI_VENDOR_SPECIFIC_0_DATA);
}
+#ifdef CONFIG_PM_SLEEP
static int ahci_mvebu_suspend(struct platform_device *pdev, pm_message_t state)
{
return ahci_platform_suspend_host(&pdev->dev);
@@ -81,6 +82,10 @@ static int ahci_mvebu_resume(struct platform_device *pdev)
return ahci_platform_resume_host(&pdev->dev);
}
+#else
+#define ahci_mvebu_suspend NULL
+#define ahci_mvebu_resume NULL
+#endif
static const struct ata_port_info ahci_mvebu_port_info = {
.flags = AHCI_FLAG_COMMON,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 184/305] usb: musb: USB_TI_CPPI41_DMA requires dmaengine support
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (182 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 183/305] sata/mvebu: use #ifdef around suspend/resume code Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 185/305] i2c: rk3x: populate correct variable for sda_falling_time Kamal Mostafa
` (120 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Felipe Balbi, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 183e53e8ddf4165c3763181682189362d6b403f7 upstream.
The CPPI-4.1 driver selects TI_CPPI41, which is a dmaengine
driver and that may not be available when CONFIG_DMADEVICES
is not set:
warning: (USB_TI_CPPI41_DMA) selects TI_CPPI41 which has unmet direct dependencies (DMADEVICES && ARCH_OMAP)
This adds an extra dependency to avoid generating warnings in randconfig
builds. Ideally we'd remove the 'select' statement, but that has the
potential to break defconfig files.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 411dd19c682d ("usb: musb: Kconfig: Select the DMA driver if DMA mode of MUSB is enabled")
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/musb/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/musb/Kconfig b/drivers/usb/musb/Kconfig
index 39db8b6..d1b9e0c 100644
--- a/drivers/usb/musb/Kconfig
+++ b/drivers/usb/musb/Kconfig
@@ -147,7 +147,7 @@ config USB_TI_CPPI_DMA
config USB_TI_CPPI41_DMA
bool 'TI CPPI 4.1 (AM335x)'
- depends on ARCH_OMAP
+ depends on ARCH_OMAP && DMADEVICES
select TI_CPPI41
config USB_TUSB_OMAP_DMA
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 185/305] i2c: rk3x: populate correct variable for sda_falling_time
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (183 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 184/305] usb: musb: USB_TI_CPPI41_DMA requires dmaengine support Kamal Mostafa
@ 2016-01-15 23:59 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 186/305] i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs Kamal Mostafa
` (119 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-15 23:59 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Wolfram Sang, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Wolfram Sang <wsa@the-dreams.de>
commit 9abd29e7c13de24ce73213a425d9574b35ac0c6a upstream.
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-rk3x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-rk3x.c b/drivers/i2c/busses/i2c-rk3x.c
index 72e97e30..9c4efd3 100644
--- a/drivers/i2c/busses/i2c-rk3x.c
+++ b/drivers/i2c/busses/i2c-rk3x.c
@@ -907,7 +907,7 @@ static int rk3x_i2c_probe(struct platform_device *pdev)
&i2c->scl_fall_ns))
i2c->scl_fall_ns = 300;
if (of_property_read_u32(pdev->dev.of_node, "i2c-sda-falling-time-ns",
- &i2c->scl_fall_ns))
+ &i2c->sda_fall_ns))
i2c->sda_fall_ns = i2c->scl_fall_ns;
strlcpy(i2c->adap.name, "rk3x-i2c", sizeof(i2c->adap.name));
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 186/305] i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (184 preceding siblings ...)
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 185/305] i2c: rk3x: populate correct variable for sda_falling_time Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 187/305] xen/events/fifo: Consume unprocessed events when a CPU dies Kamal Mostafa
` (118 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hans de Goede, Wolfram Sang, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hans de Goede <hdegoede@redhat.com>
commit bba61f50f76574ca5b84b310925be7c2e8e64275 upstream.
According to the datasheets the n factor for dividing the tclk is
2 to the power n on Allwinner SoCs, not 2 to the power n + 1 as it is
on other mv64xxx implementations.
I've contacted Allwinner about this and they have confirmed that the
datasheet is correct.
This commit fixes the clk-divider calculations for Allwinner SoCs
accordingly.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Tested-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-mv64xxx.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/drivers/i2c/busses/i2c-mv64xxx.c b/drivers/i2c/busses/i2c-mv64xxx.c
index 5801227..43207f5 100644
--- a/drivers/i2c/busses/i2c-mv64xxx.c
+++ b/drivers/i2c/busses/i2c-mv64xxx.c
@@ -146,6 +146,8 @@ struct mv64xxx_i2c_data {
bool errata_delay;
struct reset_control *rstc;
bool irq_clear_inverted;
+ /* Clk div is 2 to the power n, not 2 to the power n + 1 */
+ bool clk_n_base_0;
};
static struct mv64xxx_i2c_regs mv64xxx_i2c_regs_mv64xxx = {
@@ -757,25 +759,29 @@ MODULE_DEVICE_TABLE(of, mv64xxx_i2c_of_match_table);
#ifdef CONFIG_OF
#ifdef CONFIG_HAVE_CLK
static int
-mv64xxx_calc_freq(const int tclk, const int n, const int m)
+mv64xxx_calc_freq(struct mv64xxx_i2c_data *drv_data,
+ const int tclk, const int n, const int m)
{
- return tclk / (10 * (m + 1) * (2 << n));
+ if (drv_data->clk_n_base_0)
+ return tclk / (10 * (m + 1) * (1 << n));
+ else
+ return tclk / (10 * (m + 1) * (2 << n));
}
static bool
-mv64xxx_find_baud_factors(const u32 req_freq, const u32 tclk, u32 *best_n,
- u32 *best_m)
+mv64xxx_find_baud_factors(struct mv64xxx_i2c_data *drv_data,
+ const u32 req_freq, const u32 tclk)
{
int freq, delta, best_delta = INT_MAX;
int m, n;
for (n = 0; n <= 7; n++)
for (m = 0; m <= 15; m++) {
- freq = mv64xxx_calc_freq(tclk, n, m);
+ freq = mv64xxx_calc_freq(drv_data, tclk, n, m);
delta = req_freq - freq;
if (delta >= 0 && delta < best_delta) {
- *best_m = m;
- *best_n = n;
+ drv_data->freq_m = m;
+ drv_data->freq_n = n;
best_delta = delta;
}
if (best_delta == 0)
@@ -813,8 +819,11 @@ mv64xxx_of_config(struct mv64xxx_i2c_data *drv_data,
if (of_property_read_u32(np, "clock-frequency", &bus_freq))
bus_freq = 100000; /* 100kHz by default */
- if (!mv64xxx_find_baud_factors(bus_freq, tclk,
- &drv_data->freq_n, &drv_data->freq_m)) {
+ if (of_device_is_compatible(np, "allwinner,sun4i-a10-i2c") ||
+ of_device_is_compatible(np, "allwinner,sun6i-a31-i2c"))
+ drv_data->clk_n_base_0 = true;
+
+ if (!mv64xxx_find_baud_factors(drv_data, bus_freq, tclk)) {
rc = -EINVAL;
goto out;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 187/305] xen/events/fifo: Consume unprocessed events when a CPU dies
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (185 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 186/305] i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 188/305] ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers Kamal Mostafa
` (117 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ross Lagerwall, David Vrabel, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ross Lagerwall <ross.lagerwall@citrix.com>
commit 3de88d622fd68bd4dbee0f80168218b23f798fd0 upstream.
When a CPU is offlined, there may be unprocessed events on a port for
that CPU. If the port is subsequently reused on a different CPU, it
could be in an unexpected state with the link bit set, resulting in
interrupts being missed. Fix this by consuming any unprocessed events
for a particular CPU when that CPU dies.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/events/events_fifo.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/drivers/xen/events/events_fifo.c b/drivers/xen/events/events_fifo.c
index ed673e1..b14545e 100644
--- a/drivers/xen/events/events_fifo.c
+++ b/drivers/xen/events/events_fifo.c
@@ -281,7 +281,8 @@ static void handle_irq_for_port(unsigned port)
static void consume_one_event(unsigned cpu,
struct evtchn_fifo_control_block *control_block,
- unsigned priority, unsigned long *ready)
+ unsigned priority, unsigned long *ready,
+ bool drop)
{
struct evtchn_fifo_queue *q = &per_cpu(cpu_queue, cpu);
uint32_t head;
@@ -313,13 +314,17 @@ static void consume_one_event(unsigned cpu,
if (head == 0)
clear_bit(priority, ready);
- if (evtchn_fifo_is_pending(port) && !evtchn_fifo_is_masked(port))
- handle_irq_for_port(port);
+ if (evtchn_fifo_is_pending(port) && !evtchn_fifo_is_masked(port)) {
+ if (unlikely(drop))
+ pr_warn("Dropping pending event for port %u\n", port);
+ else
+ handle_irq_for_port(port);
+ }
q->head[priority] = head;
}
-static void evtchn_fifo_handle_events(unsigned cpu)
+static void __evtchn_fifo_handle_events(unsigned cpu, bool drop)
{
struct evtchn_fifo_control_block *control_block;
unsigned long ready;
@@ -331,11 +336,16 @@ static void evtchn_fifo_handle_events(unsigned cpu)
while (ready) {
q = find_first_bit(&ready, EVTCHN_FIFO_MAX_QUEUES);
- consume_one_event(cpu, control_block, q, &ready);
+ consume_one_event(cpu, control_block, q, &ready, drop);
ready |= xchg(&control_block->ready, 0);
}
}
+static void evtchn_fifo_handle_events(unsigned cpu)
+{
+ __evtchn_fifo_handle_events(cpu, false);
+}
+
static void evtchn_fifo_resume(void)
{
unsigned cpu;
@@ -420,6 +430,9 @@ static int evtchn_fifo_cpu_notification(struct notifier_block *self,
if (!per_cpu(cpu_control_block, cpu))
ret = evtchn_fifo_alloc_control_block(cpu);
break;
+ case CPU_DEAD:
+ __evtchn_fifo_handle_events(cpu, true);
+ break;
default:
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 188/305] ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (186 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 187/305] xen/events/fifo: Consume unprocessed events when a CPU dies Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 189/305] net: mvpp2: fix missing DMA region unmap in egress processing Kamal Mostafa
` (116 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Will Deacon, Russell King, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Will Deacon <will.deacon@arm.com>
commit 40ee068ec09b2d98162da5ea18b7c6fdbaa2bb71 upstream.
Under some unusual context-switching patterns, it is possible to end up
with multiple threads from the same mm running concurrently with
different ASIDs:
1. CPU x schedules task t with mm p containing ASID a and generation g
This task doesn't block and the CPU doesn't context switch.
So:
* per_cpu(active_asid, x) = {g,a}
* p->context.id = {g,a}
2. Some other CPU generates an ASID rollover. The global generation is
now (g + 1). CPU x is still running t, with no context switch and
so per_cpu(reserved_asid, x) = {g,a}
3. CPU y schedules task t', which shares mm p with t. The generation
mismatches, so we take the slowpath and hit the reserved ASID from
CPU x. p is then updated so that p->context.id = {g + 1,a}
4. CPU y schedules some other task u, which has an mm != p.
5. Some other CPU generates *another* CPU rollover. The global
generation is now (g + 2). CPU x is still running t, with no context
switch and so per_cpu(reserved_asid, x) = {g,a}.
6. CPU y once again schedules task t', but now *fails* to hit the
reserved ASID from CPU x because of the generation mismatch. This
results in a new ASID being allocated, despite the fact that t is
still running on CPU x with the same mm.
Consequently, TLBIs (e.g. as a result of CoW) will not be synchronised
between the two threads.
This patch fixes the problem by updating all of the matching reserved
ASIDs when we hit on the slowpath (i.e. in step 3 above). This keeps
the reserved ASIDs in-sync with the mm and avoids the problem.
Reported-by: Tony Thompson <anthony.thompson@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mm/context.c | 38 ++++++++++++++++++++++++++------------
1 file changed, 26 insertions(+), 12 deletions(-)
diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c
index 845769e..c8c8b9e 100644
--- a/arch/arm/mm/context.c
+++ b/arch/arm/mm/context.c
@@ -165,13 +165,28 @@ static void flush_context(unsigned int cpu)
__flush_icache_all();
}
-static int is_reserved_asid(u64 asid)
+static bool check_update_reserved_asid(u64 asid, u64 newasid)
{
int cpu;
- for_each_possible_cpu(cpu)
- if (per_cpu(reserved_asids, cpu) == asid)
- return 1;
- return 0;
+ bool hit = false;
+
+ /*
+ * Iterate over the set of reserved ASIDs looking for a match.
+ * If we find one, then we can update our mm to use newasid
+ * (i.e. the same ASID in the current generation) but we can't
+ * exit the loop early, since we need to ensure that all copies
+ * of the old ASID are updated to reflect the mm. Failure to do
+ * so could result in us missing the reserved ASID in a future
+ * generation.
+ */
+ for_each_possible_cpu(cpu) {
+ if (per_cpu(reserved_asids, cpu) == asid) {
+ hit = true;
+ per_cpu(reserved_asids, cpu) = newasid;
+ }
+ }
+
+ return hit;
}
static u64 new_context(struct mm_struct *mm, unsigned int cpu)
@@ -181,12 +196,14 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
u64 generation = atomic64_read(&asid_generation);
if (asid != 0) {
+ u64 newasid = generation | (asid & ~ASID_MASK);
+
/*
* If our current ASID was active during a rollover, we
* can continue to use it and this was just a false alarm.
*/
- if (is_reserved_asid(asid))
- return generation | (asid & ~ASID_MASK);
+ if (check_update_reserved_asid(asid, newasid))
+ return newasid;
/*
* We had a valid ASID in a previous life, so try to re-use
@@ -194,7 +211,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
*/
asid &= ~ASID_MASK;
if (!__test_and_set_bit(asid, asid_map))
- goto bump_gen;
+ return newasid;
}
/*
@@ -216,11 +233,8 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
__set_bit(asid, asid_map);
cur_idx = asid;
-
-bump_gen:
- asid |= generation;
cpumask_clear(mm_cpumask(mm));
- return asid;
+ return asid | generation;
}
void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 189/305] net: mvpp2: fix missing DMA region unmap in egress processing
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (187 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 188/305] ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 190/305] net: mvpp2: fix buffers' DMA handling on RX path Kamal Mostafa
` (115 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcin Wojtas, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marcin Wojtas <mw@semihalf.com>
commit e864b4c7b184bde36fa6a02bb3190983d2f796f9 upstream.
The Tx descriptor release code currently calls dma_unmap_single() and
dev_kfree_skb_any() if the descriptor is associated with a non-NULL skb.
This condition is true only for the last fragment of the packet.
Since every descriptor's buffer is DMA-mapped it has to be properly
unmapped.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375
network unit")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/marvell/mvpp2.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2.c b/drivers/net/ethernet/marvell/mvpp2.c
index d9884fd..95db519 100644
--- a/drivers/net/ethernet/marvell/mvpp2.c
+++ b/drivers/net/ethernet/marvell/mvpp2.c
@@ -4401,11 +4401,10 @@ static void mvpp2_txq_bufs_free(struct mvpp2_port *port,
mvpp2_txq_inc_get(txq_pcpu);
- if (!skb)
- continue;
-
dma_unmap_single(port->dev->dev.parent, buf_phys_addr,
skb_headlen(skb), DMA_TO_DEVICE);
+ if (!skb)
+ continue;
dev_kfree_skb_any(skb);
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 190/305] net: mvpp2: fix buffers' DMA handling on RX path
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (188 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 189/305] net: mvpp2: fix missing DMA region unmap in egress processing Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 191/305] net: mvpp2: fix refilling BM pools in " Kamal Mostafa
` (114 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcin Wojtas, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marcin Wojtas <mw@semihalf.com>
commit 4229d502ad3091e54c6f2e44d21dd8190881b49c upstream.
Each allocated buffer, whose pointer is put into BM pool is DMA-mapped.
Hence it should be properly unmapped after usage or when removing buffers
from pool.
This commit fixes DMA handling on RX path by adding dma_unmap_single() in
mvpp2_rx() and in mvpp2_bufs_free(). The latter function's argument number
had to be increased for this purpose.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375
network unit")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/marvell/mvpp2.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2.c b/drivers/net/ethernet/marvell/mvpp2.c
index 95db519..eaef461 100644
--- a/drivers/net/ethernet/marvell/mvpp2.c
+++ b/drivers/net/ethernet/marvell/mvpp2.c
@@ -3413,16 +3413,23 @@ static void mvpp2_bm_pool_bufsize_set(struct mvpp2 *priv,
}
/* Free all buffers from the pool */
-static void mvpp2_bm_bufs_free(struct mvpp2 *priv, struct mvpp2_bm_pool *bm_pool)
+static void mvpp2_bm_bufs_free(struct device *dev, struct mvpp2 *priv,
+ struct mvpp2_bm_pool *bm_pool)
{
int i;
for (i = 0; i < bm_pool->buf_num; i++) {
+ dma_addr_t buf_phys_addr;
u32 vaddr;
/* Get buffer virtual address (indirect access) */
- mvpp2_read(priv, MVPP2_BM_PHY_ALLOC_REG(bm_pool->id));
+ buf_phys_addr = mvpp2_read(priv,
+ MVPP2_BM_PHY_ALLOC_REG(bm_pool->id));
vaddr = mvpp2_read(priv, MVPP2_BM_VIRT_ALLOC_REG);
+
+ dma_unmap_single(dev, buf_phys_addr,
+ bm_pool->buf_size, DMA_FROM_DEVICE);
+
if (!vaddr)
break;
dev_kfree_skb_any((struct sk_buff *)vaddr);
@@ -3439,7 +3446,7 @@ static int mvpp2_bm_pool_destroy(struct platform_device *pdev,
{
u32 val;
- mvpp2_bm_bufs_free(priv, bm_pool);
+ mvpp2_bm_bufs_free(&pdev->dev, priv, bm_pool);
if (bm_pool->buf_num) {
WARN(1, "cannot free all buffers in pool %d\n", bm_pool->id);
return 0;
@@ -3692,7 +3699,8 @@ mvpp2_bm_pool_use(struct mvpp2_port *port, int pool, enum mvpp2_bm_type type,
MVPP2_BM_LONG_BUF_NUM :
MVPP2_BM_SHORT_BUF_NUM;
else
- mvpp2_bm_bufs_free(port->priv, new_pool);
+ mvpp2_bm_bufs_free(port->dev->dev.parent,
+ port->priv, new_pool);
new_pool->pkt_size = pkt_size;
@@ -3756,7 +3764,7 @@ static int mvpp2_bm_update_mtu(struct net_device *dev, int mtu)
int pkt_size = MVPP2_RX_PKT_SIZE(mtu);
/* Update BM pool with new buffer size */
- mvpp2_bm_bufs_free(port->priv, port_pool);
+ mvpp2_bm_bufs_free(dev->dev.parent, port->priv, port_pool);
if (port_pool->buf_num) {
WARN(1, "cannot free all buffers in pool %d\n", port_pool->id);
return -EIO;
@@ -5136,6 +5144,9 @@ static int mvpp2_rx(struct mvpp2_port *port, int rx_todo,
skb = (struct sk_buff *)rx_desc->buf_cookie;
+ dma_unmap_single(dev->dev.parent, rx_desc->buf_phys_addr,
+ bm_pool->buf_size, DMA_FROM_DEVICE);
+
rcvd_pkts++;
rcvd_bytes += rx_bytes;
atomic_inc(&bm_pool->in_use);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 191/305] net: mvpp2: fix refilling BM pools in RX path
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (189 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 190/305] net: mvpp2: fix buffers' DMA handling on RX path Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 192/305] dmaengine: at_xdmac: fix macro typo Kamal Mostafa
` (113 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcin Wojtas, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marcin Wojtas <mw@semihalf.com>
commit b5015854674b653d982f104936ec688e253469b9 upstream.
In hitherto code in case of RX buffer allocation error during refill,
original buffer is pushed to the network stack, but the amount of
available buffer pointers in BM pool is decreased.
This commit fixes the situation by moving refill call before skb_put(),
and returning original buffer pointer to the pool in case of an error.
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375
network unit")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/marvell/mvpp2.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2.c b/drivers/net/ethernet/marvell/mvpp2.c
index eaef461..a4beccf 100644
--- a/drivers/net/ethernet/marvell/mvpp2.c
+++ b/drivers/net/ethernet/marvell/mvpp2.c
@@ -5099,7 +5099,8 @@ static int mvpp2_rx(struct mvpp2_port *port, int rx_todo,
struct mvpp2_rx_queue *rxq)
{
struct net_device *dev = port->dev;
- int rx_received, rx_filled, i;
+ int rx_received;
+ int rx_done = 0;
u32 rcvd_pkts = 0;
u32 rcvd_bytes = 0;
@@ -5108,17 +5109,18 @@ static int mvpp2_rx(struct mvpp2_port *port, int rx_todo,
if (rx_todo > rx_received)
rx_todo = rx_received;
- rx_filled = 0;
- for (i = 0; i < rx_todo; i++) {
+ while (rx_done < rx_todo) {
struct mvpp2_rx_desc *rx_desc = mvpp2_rxq_next_desc_get(rxq);
struct mvpp2_bm_pool *bm_pool;
struct sk_buff *skb;
+ dma_addr_t phys_addr;
u32 bm, rx_status;
int pool, rx_bytes, err;
- rx_filled++;
+ rx_done++;
rx_status = rx_desc->status;
rx_bytes = rx_desc->data_size - MVPP2_MH_SIZE;
+ phys_addr = rx_desc->buf_phys_addr;
bm = mvpp2_bm_cookie_build(rx_desc);
pool = mvpp2_bm_cookie_pool_get(bm);
@@ -5135,8 +5137,10 @@ static int mvpp2_rx(struct mvpp2_port *port, int rx_todo,
* comprised by the RX descriptor.
*/
if (rx_status & MVPP2_RXD_ERR_SUMMARY) {
+ err_drop_frame:
dev->stats.rx_errors++;
mvpp2_rx_error(port, rx_desc);
+ /* Return the buffer to the pool */
mvpp2_pool_refill(port, bm, rx_desc->buf_phys_addr,
rx_desc->buf_cookie);
continue;
@@ -5144,7 +5148,13 @@ static int mvpp2_rx(struct mvpp2_port *port, int rx_todo,
skb = (struct sk_buff *)rx_desc->buf_cookie;
- dma_unmap_single(dev->dev.parent, rx_desc->buf_phys_addr,
+ err = mvpp2_rx_refill(port, bm_pool, bm, 0);
+ if (err) {
+ netdev_err(port->dev, "failed to refill BM pools\n");
+ goto err_drop_frame;
+ }
+
+ dma_unmap_single(dev->dev.parent, phys_addr,
bm_pool->buf_size, DMA_FROM_DEVICE);
rcvd_pkts++;
@@ -5157,12 +5167,6 @@ static int mvpp2_rx(struct mvpp2_port *port, int rx_todo,
mvpp2_rx_csum(port, rx_status, skb);
napi_gro_receive(&port->napi, skb);
-
- err = mvpp2_rx_refill(port, bm_pool, bm, 0);
- if (err) {
- netdev_err(port->dev, "failed to refill BM pools\n");
- rx_filled--;
- }
}
if (rcvd_pkts) {
@@ -5176,7 +5180,7 @@ static int mvpp2_rx(struct mvpp2_port *port, int rx_todo,
/* Update Rx queue management counters */
wmb();
- mvpp2_rxq_status_update(port, rxq->id, rx_todo, rx_filled);
+ mvpp2_rxq_status_update(port, rxq->id, rx_done, rx_done);
return rx_todo;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 192/305] dmaengine: at_xdmac: fix macro typo
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (190 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 191/305] net: mvpp2: fix refilling BM pools in " Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 193/305] video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented Kamal Mostafa
` (112 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ludovic Desroches, Vinod Koul, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ludovic Desroches <ludovic.desroches@atmel.com>
commit 15a03850ab8f0a643c964987cf126e9cfb53aa27 upstream.
Fix typo in a macro which was not used until now. It explains why there
is no error at compilation time.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Fixes: e1f7c9eee707 "dmaengine: at_xdmac: creation of the atmel eXtended
DMA Controller driver"
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/dma/at_xdmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
index da7917a..2205def 100644
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -156,7 +156,7 @@
#define AT_XDMAC_CC_WRIP (0x1 << 23) /* Write in Progress (read only) */
#define AT_XDMAC_CC_WRIP_DONE (0x0 << 23)
#define AT_XDMAC_CC_WRIP_IN_PROGRESS (0x1 << 23)
-#define AT_XDMAC_CC_PERID(i) (0x7f & (h) << 24) /* Channel Peripheral Identifier */
+#define AT_XDMAC_CC_PERID(i) (0x7f & (i) << 24) /* Channel Peripheral Identifier */
#define AT_XDMAC_CDS_MSP 0x2C /* Channel Data Stride Memory Set Pattern */
#define AT_XDMAC_CSUS 0x30 /* Channel Source Microblock Stride */
#define AT_XDMAC_CDUS 0x34 /* Channel Destination Microblock Stride */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 193/305] video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (191 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 192/305] dmaengine: at_xdmac: fix macro typo Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 194/305] crypto: skcipher - Copy iv from desc even for 0-len walks Kamal Mostafa
` (111 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Wang Dongsheng, Tomi Valkeinen, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Wang Dongsheng <dongsheng.wang@freescale.com>
commit acfc1cc13fe5bc6d7a10afa624f1e560850ddad3 upstream.
If diu_ops is not implemented on platform, kernel will access a NULL
pointer. We need to check this pointer in DIU initialization.
Signed-off-by: Wang Dongsheng <dongsheng.wang@freescale.com>
Acked-by: Timur Tabi <timur@tabi.org>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/video/fbdev/fsl-diu-fb.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/fsl-diu-fb.c b/drivers/video/fbdev/fsl-diu-fb.c
index 7fa2e6f..2a1fde6 100644
--- a/drivers/video/fbdev/fsl-diu-fb.c
+++ b/drivers/video/fbdev/fsl-diu-fb.c
@@ -479,7 +479,10 @@ static enum fsl_diu_monitor_port fsl_diu_name_to_port(const char *s)
port = FSL_DIU_PORT_DLVDS;
}
- return diu_ops.valid_monitor_port(port);
+ if (diu_ops.valid_monitor_port)
+ port = diu_ops.valid_monitor_port(port);
+
+ return port;
}
/*
@@ -1908,6 +1911,14 @@ static int __init fsl_diu_init(void)
#else
monitor_port = fsl_diu_name_to_port(monitor_string);
#endif
+
+ /*
+ * Must to verify set_pixel_clock. If not implement on platform,
+ * then that means that there is no platform support for the DIU.
+ */
+ if (!diu_ops.set_pixel_clock)
+ return -ENODEV;
+
pr_info("Freescale Display Interface Unit (DIU) framebuffer driver\n");
#ifdef CONFIG_NOT_COHERENT_CACHE
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 194/305] crypto: skcipher - Copy iv from desc even for 0-len walks
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (192 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 193/305] video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 195/305] ASoC: es8328: Fix deemphasis values Kamal Mostafa
` (110 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jason A. Donenfeld, Herbert Xu, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
commit 70d906bc17500edfa9bdd8c8b7e59618c7911613 upstream.
Some ciphers actually support encrypting zero length plaintexts. For
example, many AEAD modes support this. The resulting ciphertext for
those winds up being only the authentication tag, which is a result of
the key, the iv, the additional data, and the fact that the plaintext
had zero length. The blkcipher constructors won't copy the IV to the
right place, however, when using a zero length input, resulting in
some significant problems when ciphers call their initialization
routines, only to find that the ->iv parameter is uninitialized. One
such example of this would be using chacha20poly1305 with a zero length
input, which then calls chacha20, which calls the key setup routine,
which eventually OOPSes due to the uninitialized ->iv member.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
crypto/ablkcipher.c | 2 +-
crypto/blkcipher.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index b4ffc5b..e5b5721 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -277,12 +277,12 @@ static int ablkcipher_walk_first(struct ablkcipher_request *req,
if (WARN_ON_ONCE(in_irq()))
return -EDEADLK;
+ walk->iv = req->info;
walk->nbytes = walk->total;
if (unlikely(!walk->total))
return 0;
walk->iv_buffer = NULL;
- walk->iv = req->info;
if (unlikely(((unsigned long)walk->iv & alignmask))) {
int err = ablkcipher_copy_iv(walk, tfm, alignmask);
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 11b9814..8cc1622 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -326,12 +326,12 @@ static int blkcipher_walk_first(struct blkcipher_desc *desc,
if (WARN_ON_ONCE(in_irq()))
return -EDEADLK;
+ walk->iv = desc->info;
walk->nbytes = walk->total;
if (unlikely(!walk->total))
return 0;
walk->buffer = NULL;
- walk->iv = desc->info;
if (unlikely(((unsigned long)walk->iv & walk->alignmask))) {
int err = blkcipher_copy_iv(walk);
if (err)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 195/305] ASoC: es8328: Fix deemphasis values
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (193 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 194/305] crypto: skcipher - Copy iv from desc even for 0-len walks Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 196/305] KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR Kamal Mostafa
` (109 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: John Keeping, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: John Keeping <john@metanate.com>
commit 84ebac4d04d25ac5c1b1dc3ae621fd465eb38f4e upstream.
This is using completely the wrong mask and value when updating the
register. Since the correct values are already defined in the header,
switch to using a table with explicit constants rather than shifting the
array index.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/es8328.c | 25 +++++++++++++++++--------
sound/soc/codecs/es8328.h | 1 +
2 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/sound/soc/codecs/es8328.c b/sound/soc/codecs/es8328.c
index 6a09101..fb7b61f 100644
--- a/sound/soc/codecs/es8328.c
+++ b/sound/soc/codecs/es8328.c
@@ -85,7 +85,15 @@ static const DECLARE_TLV_DB_SCALE(pga_tlv, 0, 300, 0);
static const DECLARE_TLV_DB_SCALE(bypass_tlv, -1500, 300, 0);
static const DECLARE_TLV_DB_SCALE(mic_tlv, 0, 300, 0);
-static const int deemph_settings[] = { 0, 32000, 44100, 48000 };
+static const struct {
+ int rate;
+ unsigned int val;
+} deemph_settings[] = {
+ { 0, ES8328_DACCONTROL6_DEEMPH_OFF },
+ { 32000, ES8328_DACCONTROL6_DEEMPH_32k },
+ { 44100, ES8328_DACCONTROL6_DEEMPH_44_1k },
+ { 48000, ES8328_DACCONTROL6_DEEMPH_48k },
+};
static int es8328_set_deemph(struct snd_soc_codec *codec)
{
@@ -97,21 +105,22 @@ static int es8328_set_deemph(struct snd_soc_codec *codec)
* rate.
*/
if (es8328->deemph) {
- best = 1;
- for (i = 2; i < ARRAY_SIZE(deemph_settings); i++) {
- if (abs(deemph_settings[i] - es8328->playback_fs) <
- abs(deemph_settings[best] - es8328->playback_fs))
+ best = 0;
+ for (i = 1; i < ARRAY_SIZE(deemph_settings); i++) {
+ if (abs(deemph_settings[i].rate - es8328->playback_fs) <
+ abs(deemph_settings[best].rate - es8328->playback_fs))
best = i;
}
- val = best << 1;
+ val = deemph_settings[best].val;
} else {
- val = 0;
+ val = ES8328_DACCONTROL6_DEEMPH_OFF;
}
dev_dbg(codec->dev, "Set deemphasis %d\n", val);
- return snd_soc_update_bits(codec, ES8328_DACCONTROL6, 0x6, val);
+ return snd_soc_update_bits(codec, ES8328_DACCONTROL6,
+ ES8328_DACCONTROL6_DEEMPH_MASK, val);
}
static int es8328_get_deemph(struct snd_kcontrol *kcontrol,
diff --git a/sound/soc/codecs/es8328.h b/sound/soc/codecs/es8328.h
index cb36afe..156c748 100644
--- a/sound/soc/codecs/es8328.h
+++ b/sound/soc/codecs/es8328.h
@@ -153,6 +153,7 @@ int es8328_probe(struct device *dev, struct regmap *regmap);
#define ES8328_DACCONTROL6_CLICKFREE (1 << 3)
#define ES8328_DACCONTROL6_DAC_INVR (1 << 4)
#define ES8328_DACCONTROL6_DAC_INVL (1 << 5)
+#define ES8328_DACCONTROL6_DEEMPH_MASK (3 << 6)
#define ES8328_DACCONTROL6_DEEMPH_OFF (0 << 6)
#define ES8328_DACCONTROL6_DEEMPH_32k (1 << 6)
#define ES8328_DACCONTROL6_DEEMPH_44_1k (2 << 6)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 196/305] KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (194 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 195/305] ASoC: es8328: Fix deemphasis values Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 197/305] dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy() Kamal Mostafa
` (108 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paul Mackerras, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Paul Mackerras <paulus@ozlabs.org>
commit c20875a3e638e4a03e099b343ec798edd1af5cc6 upstream.
Currently it is possible for userspace (e.g. QEMU) to set a value
for the MSR for a guest VCPU which has both of the TS bits set,
which is an illegal combination. The result of this is that when
we execute a hrfid (hypervisor return from interrupt doubleword)
instruction to enter the guest, the CPU will take a TM Bad Thing
type of program interrupt (vector 0x700).
Now, if PR KVM is configured in the kernel along with HV KVM, we
actually handle this without crashing the host or giving hypervisor
privilege to the guest; instead what happens is that we deliver a
program interrupt to the guest, with SRR0 reflecting the address
of the hrfid instruction and SRR1 containing the MSR value at that
point. If PR KVM is not configured in the kernel, then we try to
run the host's program interrupt handler with the MMU set to the
guest context, which almost certainly causes a host crash.
This closes the hole by making kvmppc_set_msr_hv() check for the
illegal combination and force the TS field to a safe value (00,
meaning non-transactional).
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/kvm/book3s_hv.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index a9f753f..a27294e 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -210,6 +210,12 @@ static void kvmppc_core_vcpu_put_hv(struct kvm_vcpu *vcpu)
static void kvmppc_set_msr_hv(struct kvm_vcpu *vcpu, u64 msr)
{
+ /*
+ * Check for illegal transactional state bit combination
+ * and if we find it, force the TS field to a safe state.
+ */
+ if ((msr & MSR_TS_MASK) == MSR_TS_MASK)
+ msr &= ~MSR_TS_MASK;
vcpu->arch.shregs.msr = msr;
kvmppc_end_cede(vcpu);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 197/305] dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (195 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 196/305] KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 198/305] rfkill: copy the name into the rfkill struct Kamal Mostafa
` (107 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Cyrille Pitchen, Vinod Koul, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Cyrille Pitchen <cyrille.pitchen@atmel.com>
commit aa876cd4b41b4e3bcfbc75dd5750d75d5fa97a67 upstream.
This patch fixes at_xdmac_prep_dma_memcpy(). Indeed the data width field
of the Channel Configuration register was not updated properly in the
loop: the bits of the dwidth field were not cleared before adding their
new value.
Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Fixes: e1f7c9eee70 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/dma/at_xdmac.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
index 2205def..c01cdec 100644
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -1086,6 +1086,7 @@ at_xdmac_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t dest, dma_addr_t src,
/* Check remaining length and change data width if needed. */
dwidth = at_xdmac_align_width(chan,
src_addr | dst_addr | xfer_size);
+ chan_cc &= ~AT_XDMAC_CC_DWIDTH_MASK;
chan_cc |= AT_XDMAC_CC_DWIDTH(dwidth);
ublen = xfer_size >> dwidth;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 198/305] rfkill: copy the name into the rfkill struct
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (196 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 197/305] dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy() Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 199/305] ses: Fix problems with simple enclosures Kamal Mostafa
` (106 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Johannes Berg, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Johannes Berg <johannes.berg@intel.com>
commit b7bb110008607a915298bf0f47d25886ecb94477 upstream.
Some users of rfkill, like NFC and cfg80211, use a dynamic name when
allocating rfkill, in those cases dev_name(). Therefore, the pointer
passed to rfkill_alloc() might not be valid forever, I specifically
found the case that the rfkill name was quite obviously an invalid
pointer (or at least garbage) when the wiphy had been renamed.
Fix this by making a copy of the rfkill name in rfkill_alloc().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/rfkill/core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index f12149a..31b5c63 100644
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -49,7 +49,6 @@
struct rfkill {
spinlock_t lock;
- const char *name;
enum rfkill_type type;
unsigned long state;
@@ -73,6 +72,7 @@ struct rfkill {
struct delayed_work poll_work;
struct work_struct uevent_work;
struct work_struct sync_work;
+ char name[];
};
#define to_rfkill(d) container_of(d, struct rfkill, dev)
@@ -868,14 +868,14 @@ struct rfkill * __must_check rfkill_alloc(const char *name,
if (WARN_ON(type == RFKILL_TYPE_ALL || type >= NUM_RFKILL_TYPES))
return NULL;
- rfkill = kzalloc(sizeof(*rfkill), GFP_KERNEL);
+ rfkill = kzalloc(sizeof(*rfkill) + strlen(name) + 1, GFP_KERNEL);
if (!rfkill)
return NULL;
spin_lock_init(&rfkill->lock);
INIT_LIST_HEAD(&rfkill->node);
rfkill->type = type;
- rfkill->name = name;
+ strcpy(rfkill->name, name);
rfkill->ops = ops;
rfkill->data = ops_data;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 199/305] ses: Fix problems with simple enclosures
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (197 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 198/305] rfkill: copy the name into the rfkill struct Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 200/305] Revert "SCSI: Fix NULL pointer dereference in runtime PM" Kamal Mostafa
` (105 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: James Bottomley, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: James Bottomley <James.Bottomley@HansenPartnership.com>
commit 3417c1b5cb1fdc10261dbed42b05cc93166a78fd upstream.
Simple enclosure implementations (mostly USB) are allowed to return only
page 8 to every diagnostic query. That really confuses our
implementation because we assume the return is the page we asked for and
end up doing incorrect offsets based on bogus information leading to
accesses outside of allocated ranges. Fix that by checking the page
code of the return and giving an error if it isn't the one we asked for.
This should fix reported bugs with USB storage by simply refusing to
attach to enclosures that behave like this. It's also good defensive
practise now that we're starting to see more USB enclosures.
Reported-by: Andrea Gelmini <andrea.gelmini@gelma.net>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/ses.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
index dcb0d76..7d9cec5 100644
--- a/drivers/scsi/ses.c
+++ b/drivers/scsi/ses.c
@@ -84,6 +84,7 @@ static void init_device_slot_control(unsigned char *dest_desc,
static int ses_recv_diag(struct scsi_device *sdev, int page_code,
void *buf, int bufflen)
{
+ int ret;
unsigned char cmd[] = {
RECEIVE_DIAGNOSTIC,
1, /* Set PCV bit */
@@ -92,9 +93,26 @@ static int ses_recv_diag(struct scsi_device *sdev, int page_code,
bufflen & 0xff,
0
};
+ unsigned char recv_page_code;
- return scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
+ ret = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
NULL, SES_TIMEOUT, SES_RETRIES, NULL);
+ if (unlikely(!ret))
+ return ret;
+
+ recv_page_code = ((unsigned char *)buf)[0];
+
+ if (likely(recv_page_code == page_code))
+ return ret;
+
+ /* successful diagnostic but wrong page code. This happens to some
+ * USB devices, just print a message and pretend there was an error */
+
+ sdev_printk(KERN_ERR, sdev,
+ "Wrong diagnostic page; asked for %d got %u\n",
+ page_code, recv_page_code);
+
+ return -EINVAL;
}
static int ses_send_diag(struct scsi_device *sdev, int page_code,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 200/305] Revert "SCSI: Fix NULL pointer dereference in runtime PM"
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (198 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 199/305] ses: Fix problems with simple enclosures Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 201/305] ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx Kamal Mostafa
` (104 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ken Xue, Xiangliang Yu, James E.J. Bottomley, Jens Axboe,
Michael Terry, Martin K. Petersen, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ken Xue <ken.xue@amd.com>
commit 1c69d3b6eb73e466ecbb8edaf1bc7fd585b288da upstream.
This reverts commit 49718f0fb8c9 ("SCSI: Fix NULL pointer dereference in
runtime PM")
The old commit may lead to a issue that blk_{pre|post}_runtime_suspend and
blk_{pre|post}_runtime_resume may not be called in pairs.
Take sr device as example, when sr device goes to runtime suspend,
blk_{pre|post}_runtime_suspend will be called since sr device defined
pm->runtime_suspend. But blk_{pre|post}_runtime_resume will not be called
since sr device doesn't have pm->runtime_resume. so, sr device can not
resume correctly anymore.
More discussion can be found from below link.
http://marc.info/?l=linux-scsi&m=144163730531875&w=2
Signed-off-by: Ken Xue <Ken.Xue@amd.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Xiangliang Yu <Xiangliang.Yu@amd.com>
Cc: James E.J. Bottomley <JBottomley@odin.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Michael Terry <Michael.terry@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/scsi_pm.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/scsi/scsi_pm.c b/drivers/scsi/scsi_pm.c
index e4b7998..459abe1 100644
--- a/drivers/scsi/scsi_pm.c
+++ b/drivers/scsi/scsi_pm.c
@@ -219,13 +219,13 @@ static int sdev_runtime_suspend(struct device *dev)
struct scsi_device *sdev = to_scsi_device(dev);
int err = 0;
- if (pm && pm->runtime_suspend) {
- err = blk_pre_runtime_suspend(sdev->request_queue);
- if (err)
- return err;
+ err = blk_pre_runtime_suspend(sdev->request_queue);
+ if (err)
+ return err;
+ if (pm && pm->runtime_suspend)
err = pm->runtime_suspend(dev);
- blk_post_runtime_suspend(sdev->request_queue, err);
- }
+ blk_post_runtime_suspend(sdev->request_queue, err);
+
return err;
}
@@ -248,11 +248,11 @@ static int sdev_runtime_resume(struct device *dev)
const struct dev_pm_ops *pm = dev->driver ? dev->driver->pm : NULL;
int err = 0;
- if (pm && pm->runtime_resume) {
- blk_pre_runtime_resume(sdev->request_queue);
+ blk_pre_runtime_resume(sdev->request_queue);
+ if (pm && pm->runtime_resume)
err = pm->runtime_resume(dev);
- blk_post_runtime_resume(sdev->request_queue, err);
- }
+ blk_post_runtime_resume(sdev->request_queue, err);
+
return err;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 201/305] ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (199 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 200/305] Revert "SCSI: Fix NULL pointer dereference in runtime PM" Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 202/305] ses: fix additional element traversal bug Kamal Mostafa
` (103 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Ujfalusi, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Ujfalusi <peter.ujfalusi@ti.com>
commit e2a0c9fa80227be5ee017b5476638829dd41cb39 upstream.
The condition for checking for XDAT being cleared was not correct.
Fixes: 36bcecd0a73eb ("ASoC: davinci-mcasp: Correct TX start sequence")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/davinci/davinci-mcasp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/davinci/davinci-mcasp.c b/sound/soc/davinci/davinci-mcasp.c
index b960e62..0f1a0cf 100644
--- a/sound/soc/davinci/davinci-mcasp.c
+++ b/sound/soc/davinci/davinci-mcasp.c
@@ -222,8 +222,8 @@ static void mcasp_start_tx(struct davinci_mcasp *mcasp)
/* wait for XDATA to be cleared */
cnt = 0;
- while (!(mcasp_get_reg(mcasp, DAVINCI_MCASP_TXSTAT_REG) &
- ~XRDATA) && (cnt < 100000))
+ while ((mcasp_get_reg(mcasp, DAVINCI_MCASP_TXSTAT_REG) & XRDATA) &&
+ (cnt < 100000))
cnt++;
/* Release TX state machine */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 202/305] ses: fix additional element traversal bug
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (200 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 201/305] ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 203/305] powercap / RAPL: fix BIOS lock check Kamal Mostafa
` (102 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: James Bottomley, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: James Bottomley <James.Bottomley@HansenPartnership.com>
commit 5e1033561da1152c57b97ee84371dba2b3d64c25 upstream.
KASAN found that our additional element processing scripts drop off
the end of the VPD page into unallocated space. The reason is that
not every element has additional information but our traversal
routines think they do, leading to them expecting far more additional
information than is present. Fix this by adding a gate to the
traversal routine so that it only processes elements that are expected
to have additional information (list is in SES-2 section 6.1.13.1:
Additional Element Status diagnostic page overview)
Reported-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Tested-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/ses.c | 10 +++++++++-
include/linux/enclosure.h | 4 ++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
index 7d9cec5..044d064 100644
--- a/drivers/scsi/ses.c
+++ b/drivers/scsi/ses.c
@@ -559,7 +559,15 @@ static void ses_enclosure_data_process(struct enclosure_device *edev,
if (desc_ptr)
desc_ptr += len;
- if (addl_desc_ptr)
+ if (addl_desc_ptr &&
+ /* only find additional descriptions for specific devices */
+ (type_ptr[0] == ENCLOSURE_COMPONENT_DEVICE ||
+ type_ptr[0] == ENCLOSURE_COMPONENT_ARRAY_DEVICE ||
+ type_ptr[0] == ENCLOSURE_COMPONENT_SAS_EXPANDER ||
+ /* these elements are optional */
+ type_ptr[0] == ENCLOSURE_COMPONENT_SCSI_TARGET_PORT ||
+ type_ptr[0] == ENCLOSURE_COMPONENT_SCSI_INITIATOR_PORT ||
+ type_ptr[0] == ENCLOSURE_COMPONENT_CONTROLLER_ELECTRONICS))
addl_desc_ptr += addl_desc_ptr[1] + 2;
}
diff --git a/include/linux/enclosure.h b/include/linux/enclosure.h
index 7be22da..a4cf57c 100644
--- a/include/linux/enclosure.h
+++ b/include/linux/enclosure.h
@@ -29,7 +29,11 @@
/* A few generic types ... taken from ses-2 */
enum enclosure_component_type {
ENCLOSURE_COMPONENT_DEVICE = 0x01,
+ ENCLOSURE_COMPONENT_CONTROLLER_ELECTRONICS = 0x07,
+ ENCLOSURE_COMPONENT_SCSI_TARGET_PORT = 0x14,
+ ENCLOSURE_COMPONENT_SCSI_INITIATOR_PORT = 0x15,
ENCLOSURE_COMPONENT_ARRAY_DEVICE = 0x17,
+ ENCLOSURE_COMPONENT_SAS_EXPANDER = 0x18,
};
/* ses-2 common element status */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 203/305] powercap / RAPL: fix BIOS lock check
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (201 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 202/305] ses: fix additional element traversal bug Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 204/305] ARCv2: intc: Fix random perf irq disabling in SMP setup Kamal Mostafa
` (101 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Prarit Bhargava, Rafael J. Wysocki, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Prarit Bhargava <prarit@redhat.com>
commit 79a21dbfae3cd40d5a801778071a9967b79c2c20 upstream.
Intel RAPL initialized on several systems where the BIOS lock bit (msr
0x610, bit 63) was set. This occured because the return value of
rapl_read_data_raw() was being checked, rather than the value of the variable
passed in, locked.
This patch properly implments the rapl_read_data_raw() call to check the
variable locked, and now the Intel RAPL driver outputs the warning:
intel_rapl: RAPL package 0 domain package locked by BIOS
and does not initialize for the package.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/powercap/intel_rapl.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/powercap/intel_rapl.c b/drivers/powercap/intel_rapl.c
index 482b22d..2159634 100644
--- a/drivers/powercap/intel_rapl.c
+++ b/drivers/powercap/intel_rapl.c
@@ -1336,10 +1336,13 @@ static int rapl_detect_domains(struct rapl_package *rp, int cpu)
for (rd = rp->domains; rd < rp->domains + rp->nr_domains; rd++) {
/* check if the domain is locked by BIOS */
- if (rapl_read_data_raw(rd, FW_LOCK, false, &locked)) {
+ ret = rapl_read_data_raw(rd, FW_LOCK, false, &locked);
+ if (ret)
+ return ret;
+ if (locked) {
pr_info("RAPL package %d domain %s locked by BIOS\n",
rp->id, rd->name);
- rd->state |= DOMAIN_STATE_BIOS_LOCKED;
+ rd->state |= DOMAIN_STATE_BIOS_LOCKED;
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 204/305] ARCv2: intc: Fix random perf irq disabling in SMP setup
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (202 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 203/305] powercap / RAPL: fix BIOS lock check Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 205/305] i2c: designware: reverts "i2c: designware: Add support for AMD I2C controller" Kamal Mostafa
` (100 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marc Zyngier, Thomas Gleixner, Peter Zijlstra, Alexey Brodkin,
Vineet Gupta, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 8eb0984bf4fe82237f95481ff0afe514a676c717 upstream.
As part of fixing another perf issue, observed that after a perf run,
the interrupt got disabled on one/more cores.
Turns out that despite requesting perf irq as percpu, the flow handler
registered was not handle_percpu_irq()
Given that on ARCv2 cores, IRQs < 24 are always private to cpu, we
register the right handler at the very onset.
Before Fix
| [ARCLinux]# cat /proc/interrupts | grep perf
| 20: 0 0 0 0 ARCv2 core Intc 20 ARC perf counters
|
| [ARCLinux]# perf record -c 20000 /sbin/hackbench
| Running with 10*40 (== 400) tasks.
|
| [ARCLinux]# cat /proc/interrupts | grep perf
| 20: 0 522 8 51916 ARCv2 core Intc 20 ARC perf counters
|
| [ARCLinux]# perf record -c 20000 /sbin/hackbench
| Running with 10*40 (== 400) tasks.
|
| [ARCLinux]# cat /proc/interrupts | grep perf
| 20: 0 522 8 104368 ARCv2 core Intc 20 ARC perf counters
After Fix
| [ARCLinux]# cat /proc/interrupts | grep perf
| 20: 0 0 0 0 ARCv2 core Intc 20 ARC perf counters
|
| [ARCLinux]# perf record -c 20000 /sbin/hackbench
| Running with 10*40 (== 400) tasks.
|
| [ARCLinux]# cat /proc/interrupts | grep perf
| 20: 64198 62012 62697 67803 ARCv2 core Intc 20 ARC perf counters
|
| [ARCLinux]# perf record -c 20000 /sbin/hackbench
| Running with 10*40 (== 400) tasks.
|
| [ARCLinux]# cat /proc/interrupts | grep perf
| 20: 126014 122792 123301 133654 ARCv2 core Intc 20 ARC perf counters
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arc/kernel/intc-arcv2.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/arc/kernel/intc-arcv2.c b/arch/arc/kernel/intc-arcv2.c
index 26c1568..0394f9f 100644
--- a/arch/arc/kernel/intc-arcv2.c
+++ b/arch/arc/kernel/intc-arcv2.c
@@ -106,10 +106,21 @@ static struct irq_chip arcv2_irq_chip = {
static int arcv2_irq_map(struct irq_domain *d, unsigned int irq,
irq_hw_number_t hw)
{
- if (irq == TIMER0_IRQ || irq == IPI_IRQ)
+ /*
+ * core intc IRQs [16, 23]:
+ * Statically assigned always private-per-core (Timers, WDT, IPI, PCT)
+ */
+ if (hw < 24) {
+ /*
+ * A subsequent request_percpu_irq() fails if percpu_devid is
+ * not set. That in turns sets NOAUTOEN, meaning each core needs
+ * to call enable_percpu_irq()
+ */
+ irq_set_percpu_devid(irq);
irq_set_chip_and_handler(irq, &arcv2_irq_chip, handle_percpu_irq);
- else
+ } else {
irq_set_chip_and_handler(irq, &arcv2_irq_chip, handle_level_irq);
+ }
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 205/305] i2c: designware: reverts "i2c: designware: Add support for AMD I2C controller"
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (203 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 204/305] ARCv2: intc: Fix random perf irq disabling in SMP setup Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 206/305] i2c: designware: fix IO timeout issue for AMD controller Kamal Mostafa
` (99 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ken Xue, Xiangliang Yu, Wolfram Sang, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ken Xue <Ken.Xue@amd.com>
commit 3eddad96c4395280d5f6f13c958b276c11d3f575 upstream.
The patch reverts commit a445900c9060 (i2c: designware: Add support for
AMD I2C controller). It never worked anyhow because it did not register
a proper clkdev.
Since kernel 4.1 starts to support APD, there is no need to get freq
from id->driver_data for AMD0010. clkdev is supposed to be already
registered in APD.
So, revert old design and make AMD0010 looks like other ones.
Signed-off-by: Ken Xue <Ken.Xue@amd.com>
Signed-off-by: Xiangliang Yu <Xiangliang.Yu@amd.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
[ kamal: 4.2-stable prereq for
2d244c8 i2c: designware: fix IO timeout issue for AMD controller ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-designware-platdrv.c | 27 +--------------------------
1 file changed, 1 insertion(+), 26 deletions(-)
diff --git a/drivers/i2c/busses/i2c-designware-platdrv.c b/drivers/i2c/busses/i2c-designware-platdrv.c
index 472b882..4bf5fc1 100644
--- a/drivers/i2c/busses/i2c-designware-platdrv.c
+++ b/drivers/i2c/busses/i2c-designware-platdrv.c
@@ -97,7 +97,6 @@ static void dw_i2c_acpi_params(struct platform_device *pdev, char method[],
static int dw_i2c_acpi_configure(struct platform_device *pdev)
{
struct dw_i2c_dev *dev = platform_get_drvdata(pdev);
- const struct acpi_device_id *id;
dev->adapter.nr = -1;
dev->tx_fifo_depth = 32;
@@ -111,29 +110,9 @@ static int dw_i2c_acpi_configure(struct platform_device *pdev)
dw_i2c_acpi_params(pdev, "FMCN", &dev->fs_hcnt, &dev->fs_lcnt,
&dev->sda_hold_time);
- /*
- * Provide a way for Designware I2C host controllers that are not
- * based on Intel LPSS to specify their input clock frequency via
- * id->driver_data.
- */
- id = acpi_match_device(pdev->dev.driver->acpi_match_table, &pdev->dev);
- if (id && id->driver_data)
- clk_register_fixed_rate(&pdev->dev, dev_name(&pdev->dev), NULL,
- CLK_IS_ROOT, id->driver_data);
-
return 0;
}
-static void dw_i2c_acpi_unconfigure(struct platform_device *pdev)
-{
- struct dw_i2c_dev *dev = platform_get_drvdata(pdev);
- const struct acpi_device_id *id;
-
- id = acpi_match_device(pdev->dev.driver->acpi_match_table, &pdev->dev);
- if (id && id->driver_data)
- clk_unregister(dev->clk);
-}
-
static const struct acpi_device_id dw_i2c_acpi_match[] = {
{ "INT33C2", 0 },
{ "INT33C3", 0 },
@@ -141,7 +120,7 @@ static const struct acpi_device_id dw_i2c_acpi_match[] = {
{ "INT3433", 0 },
{ "80860F41", 0 },
{ "808622C1", 0 },
- { "AMD0010", 133 * 1000 * 1000 },
+ { "AMD0010", 0 },
{ }
};
MODULE_DEVICE_TABLE(acpi, dw_i2c_acpi_match);
@@ -150,7 +129,6 @@ static inline int dw_i2c_acpi_configure(struct platform_device *pdev)
{
return -ENODEV;
}
-static inline void dw_i2c_acpi_unconfigure(struct platform_device *pdev) { }
#endif
static int dw_i2c_probe(struct platform_device *pdev)
@@ -306,9 +284,6 @@ static int dw_i2c_remove(struct platform_device *pdev)
pm_runtime_put_sync(&pdev->dev);
pm_runtime_disable(&pdev->dev);
- if (has_acpi_companion(&pdev->dev))
- dw_i2c_acpi_unconfigure(pdev);
-
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 206/305] i2c: designware: fix IO timeout issue for AMD controller
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (204 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 205/305] i2c: designware: reverts "i2c: designware: Add support for AMD I2C controller" Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 207/305] ASoC: wm8974: set cache type for regmap Kamal Mostafa
` (98 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Xiangliang Yu, Wolfram Sang, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Xiangliang Yu <Xiangliang.Yu@amd.com>
commit 2d244c81481fa5142a2ba6656ab7a8e40c849c27 upstream.
Because of some hardware limitation, AMD I2C controller can't
trigger pending interrupt if interrupt status has been changed
after clearing interrupt status bits. Then, I2C will lost
interrupt and IO timeout.
According to hardware design, this patch implements a workaround
to disable i2c controller interrupt and re-enable i2c interrupt
before exiting ISR.
To reduce the performance impacts on other vendors, use unlikely
function to check flag in ISR.
Signed-off-by: Xiangliang Yu <Xiangliang.Yu@amd.com>
Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-designware-core.c | 6 ++++++
drivers/i2c/busses/i2c-designware-core.h | 1 +
drivers/i2c/busses/i2c-designware-platdrv.c | 7 ++++++-
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-designware-core.c b/drivers/i2c/busses/i2c-designware-core.c
index 6f19a33..75b1ffd 100644
--- a/drivers/i2c/busses/i2c-designware-core.c
+++ b/drivers/i2c/busses/i2c-designware-core.c
@@ -811,6 +811,12 @@ irqreturn_t i2c_dw_isr(int this_irq, void *dev_id)
tx_aborted:
if ((stat & (DW_IC_INTR_TX_ABRT | DW_IC_INTR_STOP_DET)) || dev->msg_err)
complete(&dev->cmd_complete);
+ else if (unlikely(dev->accessor_flags & ACCESS_INTR_MASK)) {
+ /* workaround to trigger pending interrupt */
+ stat = dw_readl(dev, DW_IC_INTR_MASK);
+ i2c_dw_disable_int(dev);
+ dw_writel(dev, stat, DW_IC_INTR_MASK);
+ }
return IRQ_HANDLED;
}
diff --git a/drivers/i2c/busses/i2c-designware-core.h b/drivers/i2c/busses/i2c-designware-core.h
index 9630222..808ef6a 100644
--- a/drivers/i2c/busses/i2c-designware-core.h
+++ b/drivers/i2c/busses/i2c-designware-core.h
@@ -111,6 +111,7 @@ struct dw_i2c_dev {
#define ACCESS_SWAP 0x00000001
#define ACCESS_16BIT 0x00000002
+#define ACCESS_INTR_MASK 0x00000004
extern u32 dw_readl(struct dw_i2c_dev *dev, int offset);
extern void dw_writel(struct dw_i2c_dev *dev, u32 b, int offset);
diff --git a/drivers/i2c/busses/i2c-designware-platdrv.c b/drivers/i2c/busses/i2c-designware-platdrv.c
index 4bf5fc1..13a7f10 100644
--- a/drivers/i2c/busses/i2c-designware-platdrv.c
+++ b/drivers/i2c/busses/i2c-designware-platdrv.c
@@ -97,6 +97,7 @@ static void dw_i2c_acpi_params(struct platform_device *pdev, char method[],
static int dw_i2c_acpi_configure(struct platform_device *pdev)
{
struct dw_i2c_dev *dev = platform_get_drvdata(pdev);
+ const struct acpi_device_id *id;
dev->adapter.nr = -1;
dev->tx_fifo_depth = 32;
@@ -110,6 +111,10 @@ static int dw_i2c_acpi_configure(struct platform_device *pdev)
dw_i2c_acpi_params(pdev, "FMCN", &dev->fs_hcnt, &dev->fs_lcnt,
&dev->sda_hold_time);
+ id = acpi_match_device(pdev->dev.driver->acpi_match_table, &pdev->dev);
+ if (id && id->driver_data)
+ dev->accessor_flags |= (u32)id->driver_data;
+
return 0;
}
@@ -120,7 +125,7 @@ static const struct acpi_device_id dw_i2c_acpi_match[] = {
{ "INT3433", 0 },
{ "80860F41", 0 },
{ "808622C1", 0 },
- { "AMD0010", 0 },
+ { "AMD0010", ACCESS_INTR_MASK },
{ }
};
MODULE_DEVICE_TABLE(acpi, dw_i2c_acpi_match);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 207/305] ASoC: wm8974: set cache type for regmap
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (205 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 206/305] i2c: designware: fix IO timeout issue for AMD controller Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 208/305] n_tty: Fix poll() after buffer-limited eof push read Kamal Mostafa
` (97 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mans Rullgard, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mans Rullgard <mans@mansr.com>
commit 1ea5998afe903384ddc16391d4c023cd4c867bea upstream.
Attempting to use this codec driver triggers a BUG() in regcache_sync()
since no cache type is set. The register map of this device is fairly
small and has few holes so a flat cache is suitable.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/wm8974.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/codecs/wm8974.c b/sound/soc/codecs/wm8974.c
index 33b16a7..57a8bae 100644
--- a/sound/soc/codecs/wm8974.c
+++ b/sound/soc/codecs/wm8974.c
@@ -574,6 +574,7 @@ static const struct regmap_config wm8974_regmap = {
.max_register = WM8974_MONOMIX,
.reg_defaults = wm8974_reg_defaults,
.num_reg_defaults = ARRAY_SIZE(wm8974_reg_defaults),
+ .cache_type = REGCACHE_FLAT,
};
static int wm8974_probe(struct snd_soc_codec *codec)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 208/305] n_tty: Fix poll() after buffer-limited eof push read
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (206 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 207/305] ASoC: wm8974: set cache type for regmap Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 209/305] tty: Fix GPF in flush_to_ldisc() Kamal Mostafa
` (96 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Hurley, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Hurley <peter@hurleysoftware.com>
commit ac8f3bf8832a405cc6e4dccb1d26d5cb2994d234 upstream.
commit 40d5e0905a03 ("n_tty: Fix EOF push handling") fixed EOF push
for reads. However, that approach still allows a condition mismatch
between poll() and read(), where poll() returns POLLIN but read()
blocks. This state can happen when a previous read() returned because
the user buffer was full and the next character was an EOF not at the
beginning of the line. While the next read() will properly identify
the condition and advance the read buffer tail without improperly
indicating an EOF file condition (ie., read() will not mistakenly
return 0), poll() will mistakenly indicate POLLIN.
Although a possible solution would be to peek at the input buffer
in n_tty_poll(), the better solution in this patch is to eat the
EOF during the previous read() (ie., fix the problem by eliminating
the condition).
The current canon line buffer copy limits the scan for next end-of-line
to the smaller of either,
a. the remaining user buffer size
b. completed lines in the input buffer
When the remaining user buffer size is exactly one less than the
end-of-line marked by EOF push, the EOF is not scanned nor skipped
but left for subsequent reads. In the example below, the scan
index 'eol' has stopped at the EOF because it is past the scan
limit of 5 (not because it has found the next set bit in read_flags)
user buffer [*nr = 5] _ _ _ _ _
read_flags 0 0 0 0 0 1
input buffer h e l l o [EOF]
^ ^
/ /
tail eol
result: found = 0, tail += 5, *nr += 5
Instead, allow the scan to peek ahead 1 byte (while still limiting the
scan to completed lines in the input buffer). For the example above,
result: found = 1, tail += 6, *nr += 5
Because the scan limit is now bumped +1 byte, when the scan is
completed, the tail advance and the user buffer copy limit is
re-clamped to *nr when EOF is _not_ found.
Fixes: 40d5e0905a03 ("n_tty: Fix EOF push handling")
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/tty/n_tty.c | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
index dedac8a..c82adde 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -2058,13 +2058,13 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
size_t eol;
size_t tail;
int ret, found = 0;
- bool eof_push = 0;
/* N.B. avoid overrun if nr == 0 */
- n = min(*nr, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
- if (!n)
+ if (!*nr)
return 0;
+ n = min(*nr + 1, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
+
tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
@@ -2085,12 +2085,11 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
n = eol - tail;
if (n > N_TTY_BUF_SIZE)
n += N_TTY_BUF_SIZE;
- n += found;
- c = n;
+ c = n + found;
- if (found && !ldata->push && read_buf(ldata, eol) == __DISABLED_CHAR) {
- n--;
- eof_push = !n && ldata->read_tail != ldata->line_start;
+ if (!found || read_buf(ldata, eol) != __DISABLED_CHAR) {
+ c = min(*nr, c);
+ n = c;
}
n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu size:%zu more:%zu\n",
@@ -2120,7 +2119,7 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
ldata->push = 0;
tty_audit_push(tty);
}
- return eof_push ? -EAGAIN : 0;
+ return 0;
}
extern ssize_t redirected_tty_write(struct file *, const char __user *,
@@ -2290,10 +2289,7 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
if (ldata->icanon && !L_EXTPROC(tty)) {
retval = canon_copy_from_read_buf(tty, &b, &nr);
- if (retval == -EAGAIN) {
- retval = 0;
- continue;
- } else if (retval)
+ if (retval)
break;
} else {
int uncopied;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 209/305] tty: Fix GPF in flush_to_ldisc()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (207 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 208/305] n_tty: Fix poll() after buffer-limited eof push read Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 210/305] ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly Kamal Mostafa
` (95 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Hurley, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Hurley <peter@hurleysoftware.com>
commit 9ce119f318ba1a07c29149301f1544b6c4bea52a upstream.
A line discipline which does not define a receive_buf() method can
can cause a GPF if data is ever received [1]. Oddly, this was known
to the author of n_tracesink in 2011, but never fixed.
[1] GPF report
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [< (null)>] (null)
PGD 3752d067 PUD 37a7b067 PMD 0
Oops: 0010 [#1] SMP KASAN
Modules linked in:
CPU: 2 PID: 148 Comm: kworker/u10:2 Not tainted 4.4.0-rc2+ #51
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: events_unbound flush_to_ldisc
task: ffff88006da94440 ti: ffff88006db60000 task.ti: ffff88006db60000
RIP: 0010:[<0000000000000000>] [< (null)>] (null)
RSP: 0018:ffff88006db67b50 EFLAGS: 00010246
RAX: 0000000000000102 RBX: ffff88003ab32f88 RCX: 0000000000000102
RDX: 0000000000000000 RSI: ffff88003ab330a6 RDI: ffff88003aabd388
RBP: ffff88006db67c48 R08: ffff88003ab32f9c R09: ffff88003ab31fb0
R10: ffff88003ab32fa8 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88006db67c20 R14: ffffffff863df820 R15: ffff88003ab31fb8
FS: 0000000000000000(0000) GS:ffff88006dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000037938000 CR4: 00000000000006e0
Stack:
ffffffff829f46f1 ffff88006da94bf8 ffff88006da94bf8 0000000000000000
ffff88003ab31fb0 ffff88003aabd438 ffff88003ab31ff8 ffff88006430fd90
ffff88003ab32f9c ffffed0007557a87 1ffff1000db6cf78 ffff88003ab32078
Call Trace:
[<ffffffff8127cf91>] process_one_work+0x8f1/0x17a0 kernel/workqueue.c:2030
[<ffffffff8127df14>] worker_thread+0xd4/0x1180 kernel/workqueue.c:2162
[<ffffffff8128faaf>] kthread+0x1cf/0x270 drivers/block/aoe/aoecmd.c:1302
[<ffffffff852a7c2f>] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
Code: Bad RIP value.
RIP [< (null)>] (null)
RSP <ffff88006db67b50>
CR2: 0000000000000000
---[ end trace a587f8947e54d6ea ]---
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/tty/tty_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c
index 4cf263d..6059177 100644
--- a/drivers/tty/tty_buffer.c
+++ b/drivers/tty/tty_buffer.c
@@ -442,7 +442,7 @@ receive_buf(struct tty_struct *tty, struct tty_buffer *head, int count)
count = disc->ops->receive_buf2(tty, p, f, count);
else {
count = min_t(int, count, tty->receive_room);
- if (count)
+ if (count && disc->ops->receive_buf)
disc->ops->receive_buf(tty, p, f, count);
}
head->read += count;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 210/305] ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (208 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 209/305] tty: Fix GPF in flush_to_ldisc() Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 211/305] ALSA: usb-audio: Add sample rate inquiry " Kamal Mostafa
` (94 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Anssi Hannula, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Anssi Hannula <anssi.hannula@iki.fi>
commit 42e3121d90f42e57f6dbd6083dff2f57b3ec7daa upstream.
AudioQuest DragonFly DAC reports a volume control range of 0..50
(0x0000..0x0032) which in USB Audio means a range of 0 .. 0.2dB, which
is obviously incorrect and would cause software using the dB information
in e.g. volume sliders to have a massive volume difference in 100..102%
range.
Commit 2d1cb7f658fb ("ALSA: usb-audio: add dB range mapping for some
devices") added a dB range mapping for it with range 0..50 dB.
However, the actual volume mapping seems to be neither linear volume nor
linear dB scale, but instead quite close to the cubic mapping e.g.
alsamixer uses, with a range of approx. -53...0 dB.
Replace the previous quirk with a custom dB mapping based on some basic
output measurements, using a 10-item range TLV (which will still fit in
alsa-lib MAX_TLV_RANGE_SIZE).
Tested on AudioQuest DragonFly HW v1.2. The quirk is only applied if the
range is 0..50, so if this gets fixed/changed in later HW revisions it
will no longer be applied.
v2: incorporated Takashi Iwai's suggestion for the quirk application
method
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/usb/mixer.c | 2 ++
sound/usb/mixer_maps.c | 12 ------------
sound/usb/mixer_quirks.c | 37 +++++++++++++++++++++++++++++++++++++
sound/usb/mixer_quirks.h | 4 ++++
4 files changed, 43 insertions(+), 12 deletions(-)
diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
index 83d6e76..761fa37 100644
--- a/sound/usb/mixer.c
+++ b/sound/usb/mixer.c
@@ -1336,6 +1336,8 @@ static void build_feature_ctl(struct mixer_build *state, void *raw_desc,
}
}
+ snd_usb_mixer_fu_apply_quirk(state->mixer, cval, unitid, kctl);
+
range = (cval->max - cval->min) / cval->res;
/*
* Are there devices with volume range more than 255? I use a bit more
diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c
index 6a803ef..ddca654 100644
--- a/sound/usb/mixer_maps.c
+++ b/sound/usb/mixer_maps.c
@@ -348,13 +348,6 @@ static struct usbmix_name_map bose_companion5_map[] = {
{ 0 } /* terminator */
};
-/* Dragonfly DAC 1.2, the dB conversion factor is 1 instead of 256 */
-static struct usbmix_dB_map dragonfly_1_2_dB = {0, 5000};
-static struct usbmix_name_map dragonfly_1_2_map[] = {
- { 7, NULL, .dB = &dragonfly_1_2_dB },
- { 0 } /* terminator */
-};
-
/*
* Control map entries
*/
@@ -470,11 +463,6 @@ static struct usbmix_ctl_map usbmix_ctl_maps[] = {
.id = USB_ID(0x05a7, 0x1020),
.map = bose_companion5_map,
},
- {
- /* Dragonfly DAC 1.2 */
- .id = USB_ID(0x21b4, 0x0081),
- .map = dragonfly_1_2_map,
- },
{ 0 } /* terminator */
};
diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
index 337c317..48a7450 100644
--- a/sound/usb/mixer_quirks.c
+++ b/sound/usb/mixer_quirks.c
@@ -37,6 +37,7 @@
#include <sound/control.h>
#include <sound/hwdep.h>
#include <sound/info.h>
+#include <sound/tlv.h>
#include "usbaudio.h"
#include "mixer.h"
@@ -1843,3 +1844,39 @@ void snd_usb_mixer_rc_memory_change(struct usb_mixer_interface *mixer,
}
}
+static void snd_dragonfly_quirk_db_scale(struct usb_mixer_interface *mixer,
+ struct snd_kcontrol *kctl)
+{
+ /* Approximation using 10 ranges based on output measurement on hw v1.2.
+ * This seems close to the cubic mapping e.g. alsamixer uses. */
+ static const DECLARE_TLV_DB_RANGE(scale,
+ 0, 1, TLV_DB_MINMAX_ITEM(-5300, -4970),
+ 2, 5, TLV_DB_MINMAX_ITEM(-4710, -4160),
+ 6, 7, TLV_DB_MINMAX_ITEM(-3884, -3710),
+ 8, 14, TLV_DB_MINMAX_ITEM(-3443, -2560),
+ 15, 16, TLV_DB_MINMAX_ITEM(-2475, -2324),
+ 17, 19, TLV_DB_MINMAX_ITEM(-2228, -2031),
+ 20, 26, TLV_DB_MINMAX_ITEM(-1910, -1393),
+ 27, 31, TLV_DB_MINMAX_ITEM(-1322, -1032),
+ 32, 40, TLV_DB_MINMAX_ITEM(-968, -490),
+ 41, 50, TLV_DB_MINMAX_ITEM(-441, 0),
+ );
+
+ usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk\n");
+ kctl->tlv.p = scale;
+ kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
+ kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
+}
+
+void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer,
+ struct usb_mixer_elem_info *cval, int unitid,
+ struct snd_kcontrol *kctl)
+{
+ switch (mixer->chip->usb_id) {
+ case USB_ID(0x21b4, 0x0081): /* AudioQuest DragonFly */
+ if (unitid == 7 && cval->min == 0 && cval->max == 50)
+ snd_dragonfly_quirk_db_scale(mixer, kctl);
+ break;
+ }
+}
+
diff --git a/sound/usb/mixer_quirks.h b/sound/usb/mixer_quirks.h
index bdbfab0..177c329 100644
--- a/sound/usb/mixer_quirks.h
+++ b/sound/usb/mixer_quirks.h
@@ -9,5 +9,9 @@ void snd_emuusb_set_samplerate(struct snd_usb_audio *chip,
void snd_usb_mixer_rc_memory_change(struct usb_mixer_interface *mixer,
int unitid);
+void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer,
+ struct usb_mixer_elem_info *cval, int unitid,
+ struct snd_kcontrol *kctl);
+
#endif /* SND_USB_MIXER_QUIRKS_H */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 211/305] ALSA: usb-audio: Add sample rate inquiry quirk for AudioQuest DragonFly
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (209 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 210/305] ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 212/305] drm: Don't overwrite UNVERFIED mode status to OK Kamal Mostafa
` (93 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Anssi Hannula, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Anssi Hannula <anssi.hannula@iki.fi>
commit 12a6116e66695a728bcb9616416c508ce9c051a1 upstream.
Avoid getting sample rate on AudioQuest DragonFly as it is unsupported
and causes noisy "cannot get freq at ep 0x1" messages when playback
starts.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/usb/quirks.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index eef9b8e..c73c379 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1122,6 +1122,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
case USB_ID(0x045E, 0x0779): /* MS Lifecam HD-3000 */
case USB_ID(0x04D8, 0xFEEA): /* Benchmark DAC1 Pre */
case USB_ID(0x074D, 0x3553): /* Outlaw RR2150 (Micronas UAC3553B) */
+ case USB_ID(0x21B4, 0x0081): /* AudioQuest DragonFly */
return true;
}
return false;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 212/305] drm: Don't overwrite UNVERFIED mode status to OK
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (210 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 211/305] ALSA: usb-audio: Add sample rate inquiry " Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 213/305] ARM: dts: imx6: Fix Ethernet PHY mode on Ventana boards Kamal Mostafa
` (92 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Adam Jackson, Ville Syrjälä,
Daniel Vetter, Dave Airlie, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala@linux.intel.com>
commit 4655a12b81edab7cc7b13ca4db4094792fb01b4a upstream.
The way the mode probing works is this:
1. All modes currently on the mode list are marked as UNVERIFIED
2. New modes are on the probed_modes list (they start with
status OK)
3. Modes are moved from the probed_modes list to the actual
mode list. If a mode already on the mode list is deemed
to match one of the probed modes, the duplicate is dropped
and the mode status updated to OK. After this the
probed_modes list will be empty.
4. All modes on the mode list are verified to not violate any
constraints. Any that do are marked as such.
5. Any mode left with a non-OK status is pruned from the list,
with an appropriate debug message.
What all this means is that any mode on the original list that
didn't have a duplicate on the probed_modes list, should be left
with status UNVERFIED (or previously could have been left with
some other status, but never OK).
I broke that in
commit 05acaec334fc ("drm: Reorganize probed mode validation")
by always assigning something to the mode->status during the validation
step. So any mode from the old list that still passed the validation
would be left on the list with status OK in the end.
Fix this by not doing the basic mode validation unless the mode
already has status OK (meaning it came from the probed_modes list,
or at least a duplicate of it was on that list). This way we will
correctly prune away any mode from the old mode list that didn't
appear on the probed_modes list.
Cc: Adam Jackson <ajax@redhat.com>
Fixes: 05acaec334fc ("drm: Reorganize probed mode validation")
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1449177255-9515-2-git-send-email-ville.syrjala@linux.intel.com
Testcase: igt/kms_force_connector_basic/prune-stale-modes
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=93332
[danvet: Also applying to drm-misc to avoid too much conflict hell -
there's a big pile of patches from Ville on top of this one.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/drm_probe_helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_probe_helper.c b/drivers/gpu/drm/drm_probe_helper.c
index 04203c0..d0149c4 100644
--- a/drivers/gpu/drm/drm_probe_helper.c
+++ b/drivers/gpu/drm/drm_probe_helper.c
@@ -195,7 +195,8 @@ static int drm_helper_probe_single_connector_modes_merge_bits(struct drm_connect
mode_flags |= DRM_MODE_FLAG_3D_MASK;
list_for_each_entry(mode, &connector->modes, head) {
- mode->status = drm_mode_validate_basic(mode);
+ if (mode->status == MODE_OK)
+ mode->status = drm_mode_validate_basic(mode);
if (mode->status == MODE_OK)
mode->status = drm_mode_validate_size(mode, maxX, maxY);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 213/305] ARM: dts: imx6: Fix Ethernet PHY mode on Ventana boards
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (211 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 212/305] drm: Don't overwrite UNVERFIED mode status to OK Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 214/305] ARM: 8471/1: need to save/restore arm register(r11) when it is corrupted Kamal Mostafa
` (91 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Krzysztof Hałasa, Shawn Guo, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Krzysztof=20Ha=C5=82asa?= <khalasa@piap.pl>
commit 3a35e470bc6bc4ce34c19c410ebbe4e3bbf0bafe upstream.
Gateworks Ventana boards seem to need "RGMII-ID" (internal delay)
PHY mode, instead of simple "RGMII", for their Marvell 88E1510
transceiver. Otherwise, the Ethernet MAC doesn't work with Marvell PHY
driver (TX doesn't seem to work correctly).
Tested on GW5400 rev. C.
This bug affects ARM Fedora 23.
Signed-off-by: Krzysztof Hałasa <khalasa@piap.pl>
Acked-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/boot/dts/imx6q-gw5400-a.dts | 2 +-
arch/arm/boot/dts/imx6qdl-gw51xx.dtsi | 2 +-
arch/arm/boot/dts/imx6qdl-gw52xx.dtsi | 2 +-
arch/arm/boot/dts/imx6qdl-gw53xx.dtsi | 2 +-
arch/arm/boot/dts/imx6qdl-gw54xx.dtsi | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/arm/boot/dts/imx6q-gw5400-a.dts b/arch/arm/boot/dts/imx6q-gw5400-a.dts
index 822ffb2..6c168dc 100644
--- a/arch/arm/boot/dts/imx6q-gw5400-a.dts
+++ b/arch/arm/boot/dts/imx6q-gw5400-a.dts
@@ -154,7 +154,7 @@
&fec {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
phy-reset-gpios = <&gpio1 30 GPIO_ACTIVE_HIGH>;
status = "okay";
};
diff --git a/arch/arm/boot/dts/imx6qdl-gw51xx.dtsi b/arch/arm/boot/dts/imx6qdl-gw51xx.dtsi
index f2867c4..90496aa 100644
--- a/arch/arm/boot/dts/imx6qdl-gw51xx.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-gw51xx.dtsi
@@ -94,7 +94,7 @@
&fec {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
phy-reset-gpios = <&gpio1 30 GPIO_ACTIVE_LOW>;
status = "okay";
};
diff --git a/arch/arm/boot/dts/imx6qdl-gw52xx.dtsi b/arch/arm/boot/dts/imx6qdl-gw52xx.dtsi
index 4493f6e..0a6730b 100644
--- a/arch/arm/boot/dts/imx6qdl-gw52xx.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-gw52xx.dtsi
@@ -154,7 +154,7 @@
&fec {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
phy-reset-gpios = <&gpio1 30 GPIO_ACTIVE_LOW>;
status = "okay";
};
diff --git a/arch/arm/boot/dts/imx6qdl-gw53xx.dtsi b/arch/arm/boot/dts/imx6qdl-gw53xx.dtsi
index a857d12..c49183a 100644
--- a/arch/arm/boot/dts/imx6qdl-gw53xx.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-gw53xx.dtsi
@@ -155,7 +155,7 @@
&fec {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
phy-reset-gpios = <&gpio1 30 GPIO_ACTIVE_LOW>;
status = "okay";
};
diff --git a/arch/arm/boot/dts/imx6qdl-gw54xx.dtsi b/arch/arm/boot/dts/imx6qdl-gw54xx.dtsi
index 1afe338..0631f9f 100644
--- a/arch/arm/boot/dts/imx6qdl-gw54xx.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-gw54xx.dtsi
@@ -145,7 +145,7 @@
&fec {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
phy-reset-gpios = <&gpio1 30 GPIO_ACTIVE_LOW>;
status = "okay";
};
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 214/305] ARM: 8471/1: need to save/restore arm register(r11) when it is corrupted
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (212 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 213/305] ARM: dts: imx6: Fix Ethernet PHY mode on Ventana boards Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 215/305] ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines Kamal Mostafa
` (90 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Anson Huang, Russell King, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Anson Huang <Anson.Huang@freescale.com>
commit fa0708b320f6da4c1104fe56e01b7abf66fd16ad upstream.
In cpu_v7_do_suspend routine, r11 is used while it is NOT
saved/restored, different compiler may have different usage
of ARM general registers, so it may cause issues during
calling cpu_v7_do_suspend.
We meet kernel fault occurs when using GCC 4.8.3, r11 contains
valid value before calling into cpu_v7_do_suspend, but when returned
from this routine, r11 is corrupted and lead to kernel fault.
Doing save/restore for those corrupted registers is a must in
assemble code.
Signed-off-by: Anson Huang <Anson.Huang@freescale.com>
Reviewed-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mm/proc-v7.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
index de2b246..8e1ea43 100644
--- a/arch/arm/mm/proc-v7.S
+++ b/arch/arm/mm/proc-v7.S
@@ -95,7 +95,7 @@ ENDPROC(cpu_v7_dcache_clean_area)
.equ cpu_v7_suspend_size, 4 * 9
#ifdef CONFIG_ARM_CPU_SUSPEND
ENTRY(cpu_v7_do_suspend)
- stmfd sp!, {r4 - r10, lr}
+ stmfd sp!, {r4 - r11, lr}
mrc p15, 0, r4, c13, c0, 0 @ FCSE/PID
mrc p15, 0, r5, c13, c0, 3 @ User r/o thread ID
stmia r0!, {r4 - r5}
@@ -112,7 +112,7 @@ ENTRY(cpu_v7_do_suspend)
mrc p15, 0, r9, c1, c0, 1 @ Auxiliary control register
mrc p15, 0, r10, c1, c0, 2 @ Co-processor access control
stmia r0, {r5 - r11}
- ldmfd sp!, {r4 - r10, pc}
+ ldmfd sp!, {r4 - r11, pc}
ENDPROC(cpu_v7_do_suspend)
ENTRY(cpu_v7_do_resume)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 215/305] ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (213 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 214/305] ARM: 8471/1: need to save/restore arm register(r11) when it is corrupted Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 216/305] ALSA: hda - Apply click noise workaround for Thinkpads generically Kamal Mostafa
` (89 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Henningsson, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Henningsson <david.henningsson@canonical.com>
commit c04017ea81dc1eccae87be7ac7b82b2972f9931f upstream.
These laptops support both headphone, headset and mic modes
for the 3.5mm jack.
BugLink: https://bugs.launchpad.net/bugs/1526330
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 13a889c..1274008 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4616,6 +4616,7 @@ enum {
ALC288_FIXUP_DISABLE_AAMIX,
ALC292_FIXUP_DELL_E7X,
ALC292_FIXUP_DISABLE_AAMIX,
+ ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK,
ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
ALC275_FIXUP_DELL_XPS,
ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE,
@@ -5179,6 +5180,12 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC269_FIXUP_DELL2_MIC_NO_PRESENCE
},
+ [ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc_fixup_disable_aamix,
+ .chained = true,
+ .chain_id = ALC293_FIXUP_DELL1_MIC_NO_PRESENCE
+ },
[ALC292_FIXUP_DELL_E7X] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_dell_xps13,
@@ -5257,11 +5264,11 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1028, 0x06c7, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x06d9, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x06da, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
- SND_PCI_QUIRK(0x1028, 0x06db, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
- SND_PCI_QUIRK(0x1028, 0x06dd, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
- SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
- SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
- SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
+ SND_PCI_QUIRK(0x1028, 0x06db, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
+ SND_PCI_QUIRK(0x1028, 0x06dd, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
+ SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
+ SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
+ SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
SND_PCI_QUIRK(0x1028, 0x0704, "Dell XPS 13", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 216/305] ALSA: hda - Apply click noise workaround for Thinkpads generically
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (214 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 215/305] ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 217/305] ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads Kamal Mostafa
` (88 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit 157f0b7f6c0cc0bc88647390006e959e267a0143 upstream.
It seems that a workaround for Thinkpad T440s crackling noise can be
applied generically to all Thinkpad models: namely, disabling the
default alc269 shutup callback. This patch moves it to the existing
alc_fixup_tpt440_dock() while also replacing the rest code with
another existing alc_fixup_disable_aamix(). It resulted in a good
code reduction.
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=958439
Reported-and-tested-by: Benjamin Poirier <bpoirier@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 15 ++-------------
1 file changed, 2 insertions(+), 13 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 1274008..51b81d0 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -4208,24 +4208,13 @@ static void alc_fixup_tpt440_dock(struct hda_codec *codec,
struct alc_spec *spec = codec->spec;
if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ spec->shutup = alc_no_shutup; /* reduce click noise */
spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP;
codec->power_save_node = 0; /* avoid click noises */
snd_hda_apply_pincfgs(codec, pincfgs);
}
}
-/* additional fixup for Thinkpad T440s noise problem */
-static void alc_fixup_tpt440(struct hda_codec *codec,
- const struct hda_fixup *fix, int action)
-{
- struct alc_spec *spec = codec->spec;
-
- if (action == HDA_FIXUP_ACT_PRE_PROBE) {
- spec->shutup = alc_no_shutup; /* reduce click noise */
- spec->gen.mixer_nid = 0; /* reduce background noise */
- }
-}
-
static void alc_shutup_dell_xps13(struct hda_codec *codec)
{
struct alc_spec *spec = codec->spec;
@@ -5077,7 +5066,7 @@ static const struct hda_fixup alc269_fixups[] = {
},
[ALC292_FIXUP_TPT440] = {
.type = HDA_FIXUP_FUNC,
- .v.func = alc_fixup_tpt440,
+ .v.func = alc_fixup_disable_aamix,
.chained = true,
.chain_id = ALC292_FIXUP_TPT440_DOCK,
},
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 217/305] ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (215 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 216/305] ALSA: hda - Apply click noise workaround for Thinkpads generically Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 218/305] ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd Kamal Mostafa
` (87 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit 70a0976b0c0d90f4246d7e63359d796ec82b87d6 upstream.
Lenovo Thinkpads with Realtek codecs may still have some loud
crackling noises at reboot/shutdown even though a few previous fixes
have been applied. It's because the previous fix (disabling the
default shutup callback) takes effect only at transition of the codec
power state. Meanwhile, at reboot or shutdown, we don't take down the
codec power as default, thus it triggers the same problem unless the
codec is powered down casually by runtime PM.
This patch tries to address the issue. It gives two things:
- implement the separate reboot_notify hook to struct alc_spec, and
call it optionally if defined.
- turn off the codec to D3 for Thinkpad models via this new callback
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=958439
Reported-and-tested-by: Benjamin Poirier <bpoirier@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 51b81d0..f1a0c7d 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -111,6 +111,7 @@ struct alc_spec {
void (*power_hook)(struct hda_codec *codec);
#endif
void (*shutup)(struct hda_codec *codec);
+ void (*reboot_notify)(struct hda_codec *codec);
int init_amp;
int codec_variant; /* flag for other variants */
@@ -773,6 +774,25 @@ static inline void alc_shutup(struct hda_codec *codec)
snd_hda_shutup_pins(codec);
}
+static void alc_reboot_notify(struct hda_codec *codec)
+{
+ struct alc_spec *spec = codec->spec;
+
+ if (spec && spec->reboot_notify)
+ spec->reboot_notify(codec);
+ else
+ alc_shutup(codec);
+}
+
+/* power down codec to D3 at reboot/shutdown; set as reboot_notify ops */
+static void alc_d3_at_reboot(struct hda_codec *codec)
+{
+ snd_hda_codec_set_power_to_all(codec, codec->core.afg, AC_PWRST_D3);
+ snd_hda_codec_write(codec, codec->core.afg, 0,
+ AC_VERB_SET_POWER_STATE, AC_PWRST_D3);
+ msleep(10);
+}
+
#define alc_free snd_hda_gen_free
#ifdef CONFIG_PM
@@ -818,7 +838,7 @@ static const struct hda_codec_ops alc_patch_ops = {
.suspend = alc_suspend,
.check_power_status = snd_hda_gen_check_power_status,
#endif
- .reboot_notify = alc_shutup,
+ .reboot_notify = alc_reboot_notify,
};
@@ -4209,6 +4229,7 @@ static void alc_fixup_tpt440_dock(struct hda_codec *codec,
if (action == HDA_FIXUP_ACT_PRE_PROBE) {
spec->shutup = alc_no_shutup; /* reduce click noise */
+ spec->reboot_notify = alc_d3_at_reboot; /* reduce noise */
spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP;
codec->power_save_node = 0; /* avoid click noises */
snd_hda_apply_pincfgs(codec, pincfgs);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 218/305] ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (216 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 217/305] ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 219/305] spi: fix parent-device reference leak Kamal Mostafa
` (86 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Takashi Iwai <tiwai@suse.de>
commit b6903c0ed9f0bcbbe88f67f7ed43d1721cbc6235 upstream.
Apply the same fixup for Thinkpad with dock to Thinkpad X1 Carbon 2nd,
too. This reduces the annoying loud cracking noise problem, as well
as the support of missing docking port.
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=958439
Reported-and-tested-by: Benjamin Poirier <bpoirier@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index f1a0c7d..c5c4ad4 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5385,6 +5385,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x2212, "Thinkpad T440", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2214, "Thinkpad X240", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2215, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
+ SND_PCI_QUIRK(0x17aa, 0x2218, "Thinkpad X1 Carbon 2nd", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2233, "Thinkpad", ALC293_FIXUP_LENOVO_SPK_NOISE),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 219/305] spi: fix parent-device reference leak
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (217 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 218/305] ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 220/305] scripts: recordmcount: break hardlinks Kamal Mostafa
` (85 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Johan Hovold, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Johan Hovold <johan@kernel.org>
commit 157f38f993919b648187ba341bfb05d0e91ad2f6 upstream.
Fix parent-device reference leak due to SPI-core taking an unnecessary
reference to the parent when allocating the master structure, a
reference that was never released.
Note that driver core takes its own reference to the parent when the
master device is registered.
Fixes: 49dce689ad4e ("spi doesn't need class_device")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/spi/spi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 9ce2f15..59ca751 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -1454,7 +1454,7 @@ struct spi_master *spi_alloc_master(struct device *dev, unsigned size)
master->bus_num = -1;
master->num_chipselect = 1;
master->dev.class = &spi_master_class;
- master->dev.parent = get_device(dev);
+ master->dev.parent = dev;
spi_master_set_devdata(master, &master[1]);
return master;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 220/305] scripts: recordmcount: break hardlinks
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (218 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 219/305] spi: fix parent-device reference leak Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 221/305] dma-debug: Fix dma_debug_entry offset calculation Kamal Mostafa
` (84 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Russell King, Steven Rostedt, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Russell King <rmk+kernel@arm.linux.org.uk>
commit dd39a26538e37f6c6131e829a4a510787e43c783 upstream.
recordmcount edits the file in-place, which can cause problems when
using ccache in hardlink mode. Arrange for recordmcount to break a
hardlinked object.
Link: http://lkml.kernel.org/r/E1a7MVT-0000et-62@rmk-PC.arm.linux.org.uk
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
scripts/recordmcount.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c
index e00bcd1..fd42629 100644
--- a/scripts/recordmcount.c
+++ b/scripts/recordmcount.c
@@ -211,6 +211,20 @@ static void *mmap_file(char const *fname)
addr = umalloc(sb.st_size);
uread(fd_map, addr, sb.st_size);
}
+ if (sb.st_nlink != 1) {
+ /* file is hard-linked, break the hard link */
+ close(fd_map);
+ if (unlink(fname) < 0) {
+ perror(fname);
+ fail_file();
+ }
+ fd_map = open(fname, O_RDWR | O_CREAT, sb.st_mode);
+ if (fd_map < 0) {
+ perror(fname);
+ fail_file();
+ }
+ uwrite(fd_map, addr, sb.st_size);
+ }
return addr;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 221/305] dma-debug: Fix dma_debug_entry offset calculation
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (219 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 220/305] scripts: recordmcount: break hardlinks Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 222/305] ftrace/scripts: Have recordmcount copy the object file Kamal Mostafa
` (83 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Mentz, Dan Williams, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Daniel Mentz <danielmentz@google.com>
commit 0354aec19ce3d355c6213b0434064efc25c9b22c upstream.
dma-debug uses struct dma_debug_entry to keep track of dma coherent
memory allocation requests. The virtual address is converted into a pfn
and an offset. Previously, the offset was calculated using an incorrect
bit mask. As a result, we saw incorrect error messages from dma-debug
like the following:
"DMA-API: exceeded 7 overlapping mappings of cacheline 0x03e00000"
Cacheline 0x03e00000 does not exist on our platform.
Fixes: 0abdd7a81b7e ("dma-debug: introduce debug_dma_assert_idle()")
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
lib/dma-debug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/dma-debug.c b/lib/dma-debug.c
index dace71f..c5fddeb 100644
--- a/lib/dma-debug.c
+++ b/lib/dma-debug.c
@@ -1456,7 +1456,7 @@ void debug_dma_alloc_coherent(struct device *dev, size_t size,
entry->type = dma_debug_coherent;
entry->dev = dev;
entry->pfn = page_to_pfn(virt_to_page(virt));
- entry->offset = (size_t) virt & PAGE_MASK;
+ entry->offset = (size_t) virt & ~PAGE_MASK;
entry->size = size;
entry->dev_addr = dma_addr;
entry->direction = DMA_BIDIRECTIONAL;
@@ -1472,7 +1472,7 @@ void debug_dma_free_coherent(struct device *dev, size_t size,
.type = dma_debug_coherent,
.dev = dev,
.pfn = page_to_pfn(virt_to_page(virt)),
- .offset = (size_t) virt & PAGE_MASK,
+ .offset = (size_t) virt & ~PAGE_MASK,
.dev_addr = addr,
.size = size,
.direction = DMA_BIDIRECTIONAL,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 222/305] ftrace/scripts: Have recordmcount copy the object file
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (220 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 221/305] dma-debug: Fix dma_debug_entry offset calculation Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 223/305] mtd: ubi: fixup error correction in do_sync_erase() Kamal Mostafa
` (82 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Steven Rostedt, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
commit a50bd43935586420fb75f4558369eb08566fac5e upstream.
Russell King found that he had weird side effects when compiling the kernel
with hard linked ccache. The reason was that recordmcount modified the
kernel in place via mmap, and when a file gets modified twice by
recordmcount, it will complain about it. To fix this issue, Russell wrote a
patch that checked if the file was hard linked more than once and would
unlink it if it was.
Linus Torvalds was not happy with the fact that recordmcount does this in
place modification. Instead of doing the unlink only if the file has two or
more hard links, it does the unlink all the time. In otherwords, it always
does a copy if it changed something. That is, it does the write out if a
change was made.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
scripts/recordmcount.c | 145 +++++++++++++++++++++++++++++++++++++------------
1 file changed, 110 insertions(+), 35 deletions(-)
diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c
index fd42629..a3d96c2 100644
--- a/scripts/recordmcount.c
+++ b/scripts/recordmcount.c
@@ -48,12 +48,17 @@
static int fd_map; /* File descriptor for file being modified. */
static int mmap_failed; /* Boolean flag. */
-static void *ehdr_curr; /* current ElfXX_Ehdr * for resource cleanup */
static char gpfx; /* prefix for global symbol name (sometimes '_') */
static struct stat sb; /* Remember .st_size, etc. */
static jmp_buf jmpenv; /* setjmp/longjmp per-file error escape */
static const char *altmcount; /* alternate mcount symbol name */
static int warn_on_notrace_sect; /* warn when section has mcount not being recorded */
+static void *file_map; /* pointer of the mapped file */
+static void *file_end; /* pointer to the end of the mapped file */
+static int file_updated; /* flag to state file was changed */
+static void *file_ptr; /* current file pointer location */
+static void *file_append; /* added to the end of the file */
+static size_t file_append_size; /* how much is added to end of file */
/* setjmp() return values */
enum {
@@ -67,10 +72,14 @@ static void
cleanup(void)
{
if (!mmap_failed)
- munmap(ehdr_curr, sb.st_size);
+ munmap(file_map, sb.st_size);
else
- free(ehdr_curr);
- close(fd_map);
+ free(file_map);
+ file_map = NULL;
+ free(file_append);
+ file_append = NULL;
+ file_append_size = 0;
+ file_updated = 0;
}
static void __attribute__((noreturn))
@@ -92,12 +101,22 @@ succeed_file(void)
static off_t
ulseek(int const fd, off_t const offset, int const whence)
{
- off_t const w = lseek(fd, offset, whence);
- if (w == (off_t)-1) {
- perror("lseek");
+ switch (whence) {
+ case SEEK_SET:
+ file_ptr = file_map + offset;
+ break;
+ case SEEK_CUR:
+ file_ptr += offset;
+ break;
+ case SEEK_END:
+ file_ptr = file_map + (sb.st_size - offset);
+ break;
+ }
+ if (file_ptr < file_map) {
+ fprintf(stderr, "lseek: seek before file\n");
fail_file();
}
- return w;
+ return file_ptr - file_map;
}
static size_t
@@ -114,12 +133,38 @@ uread(int const fd, void *const buf, size_t const count)
static size_t
uwrite(int const fd, void const *const buf, size_t const count)
{
- size_t const n = write(fd, buf, count);
- if (n != count) {
- perror("write");
- fail_file();
+ size_t cnt = count;
+ off_t idx = 0;
+
+ file_updated = 1;
+
+ if (file_ptr + count >= file_end) {
+ off_t aoffset = (file_ptr + count) - file_end;
+
+ if (aoffset > file_append_size) {
+ file_append = realloc(file_append, aoffset);
+ file_append_size = aoffset;
+ }
+ if (!file_append) {
+ perror("write");
+ fail_file();
+ }
+ if (file_ptr < file_end) {
+ cnt = file_end - file_ptr;
+ } else {
+ cnt = 0;
+ idx = aoffset - count;
+ }
}
- return n;
+
+ if (cnt)
+ memcpy(file_ptr, buf, cnt);
+
+ if (cnt < count)
+ memcpy(file_append + idx, buf + cnt, count - cnt);
+
+ file_ptr += count;
+ return count;
}
static void *
@@ -192,9 +237,7 @@ static int make_nop_arm64(void *map, size_t const offset)
*/
static void *mmap_file(char const *fname)
{
- void *addr;
-
- fd_map = open(fname, O_RDWR);
+ fd_map = open(fname, O_RDONLY);
if (fd_map < 0 || fstat(fd_map, &sb) < 0) {
perror(fname);
fail_file();
@@ -203,29 +246,58 @@ static void *mmap_file(char const *fname)
fprintf(stderr, "not a regular file: %s\n", fname);
fail_file();
}
- addr = mmap(0, sb.st_size, PROT_READ|PROT_WRITE, MAP_PRIVATE,
- fd_map, 0);
+ file_map = mmap(0, sb.st_size, PROT_READ|PROT_WRITE, MAP_PRIVATE,
+ fd_map, 0);
mmap_failed = 0;
- if (addr == MAP_FAILED) {
+ if (file_map == MAP_FAILED) {
mmap_failed = 1;
- addr = umalloc(sb.st_size);
- uread(fd_map, addr, sb.st_size);
+ file_map = umalloc(sb.st_size);
+ uread(fd_map, file_map, sb.st_size);
}
- if (sb.st_nlink != 1) {
- /* file is hard-linked, break the hard link */
- close(fd_map);
- if (unlink(fname) < 0) {
- perror(fname);
- fail_file();
- }
- fd_map = open(fname, O_RDWR | O_CREAT, sb.st_mode);
- if (fd_map < 0) {
- perror(fname);
+ close(fd_map);
+
+ file_end = file_map + sb.st_size;
+
+ return file_map;
+}
+
+static void write_file(const char *fname)
+{
+ char tmp_file[strlen(fname) + 4];
+ size_t n;
+
+ if (!file_updated)
+ return;
+
+ sprintf(tmp_file, "%s.rc", fname);
+
+ /*
+ * After reading the entire file into memory, delete it
+ * and write it back, to prevent weird side effects of modifying
+ * an object file in place.
+ */
+ fd_map = open(tmp_file, O_WRONLY | O_TRUNC | O_CREAT, sb.st_mode);
+ if (fd_map < 0) {
+ perror(fname);
+ fail_file();
+ }
+ n = write(fd_map, file_map, sb.st_size);
+ if (n != sb.st_size) {
+ perror("write");
+ fail_file();
+ }
+ if (file_append_size) {
+ n = write(fd_map, file_append, file_append_size);
+ if (n != file_append_size) {
+ perror("write");
fail_file();
}
- uwrite(fd_map, addr, sb.st_size);
}
- return addr;
+ close(fd_map);
+ if (rename(tmp_file, fname) < 0) {
+ perror(fname);
+ fail_file();
+ }
}
/* w8rev, w8nat, ...: Handle endianness. */
@@ -332,7 +404,6 @@ do_file(char const *const fname)
Elf32_Ehdr *const ehdr = mmap_file(fname);
unsigned int reltype = 0;
- ehdr_curr = ehdr;
w = w4nat;
w2 = w2nat;
w8 = w8nat;
@@ -453,6 +524,7 @@ do_file(char const *const fname)
}
} /* end switch */
+ write_file(fname);
cleanup();
}
@@ -505,11 +577,14 @@ main(int argc, char *argv[])
case SJ_SETJMP: /* normal sequence */
/* Avoid problems if early cleanup() */
fd_map = -1;
- ehdr_curr = NULL;
mmap_failed = 1;
+ file_map = NULL;
+ file_ptr = NULL;
+ file_updated = 0;
do_file(file);
break;
case SJ_FAIL: /* error in do_file or below */
+ sprintf("%s: failed\n", file);
++n_error;
break;
case SJ_SUCCEED: /* premature success */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 223/305] mtd: ubi: fixup error correction in do_sync_erase()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (221 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 222/305] ftrace/scripts: Have recordmcount copy the object file Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 224/305] mtd: ubi: don't leak e if schedule_erase() fails Kamal Mostafa
` (81 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sebastian Andrzej Siewior, Richard Weinberger, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sebastian Siewior <bigeasy@linutronix.de>
commit 1a31b20cd81d5cbc7ec6e24cb08066009a1ca32d upstream.
Since fastmap we gained do_sync_erase(). This function can return an error
and its error handling isn't obvious. First the memory allocation for
struct ubi_work can fail and as such struct ubi_wl_entry is leaked.
However if the memory allocation succeeds then the tail function takes
care of the struct ubi_wl_entry. A free here could result in a double
free.
To make the error handling simpler, I split the tail function into one
piece which does the work and another which frees the struct ubi_work
which is passed as argument. As result do_sync_erase() can keep the
struct on stack and we get rid of one error source.
Fixes: 8199b901a ("UBI: Add fastmap support to the WL sub-system")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/ubi/wl.c | 52 ++++++++++++++++++++++++++++------------------------
1 file changed, 28 insertions(+), 24 deletions(-)
diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index eb4489f9..f73233f 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -603,6 +603,7 @@ static int schedule_erase(struct ubi_device *ubi, struct ubi_wl_entry *e,
return 0;
}
+static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk);
/**
* do_sync_erase - run the erase worker synchronously.
* @ubi: UBI device description object
@@ -615,20 +616,16 @@ static int schedule_erase(struct ubi_device *ubi, struct ubi_wl_entry *e,
static int do_sync_erase(struct ubi_device *ubi, struct ubi_wl_entry *e,
int vol_id, int lnum, int torture)
{
- struct ubi_work *wl_wrk;
+ struct ubi_work wl_wrk;
dbg_wl("sync erase of PEB %i", e->pnum);
- wl_wrk = kmalloc(sizeof(struct ubi_work), GFP_NOFS);
- if (!wl_wrk)
- return -ENOMEM;
-
- wl_wrk->e = e;
- wl_wrk->vol_id = vol_id;
- wl_wrk->lnum = lnum;
- wl_wrk->torture = torture;
+ wl_wrk.e = e;
+ wl_wrk.vol_id = vol_id;
+ wl_wrk.lnum = lnum;
+ wl_wrk.torture = torture;
- return erase_worker(ubi, wl_wrk, 0);
+ return __erase_worker(ubi, &wl_wrk);
}
/**
@@ -1014,7 +1011,7 @@ out_unlock:
}
/**
- * erase_worker - physical eraseblock erase worker function.
+ * __erase_worker - physical eraseblock erase worker function.
* @ubi: UBI device description object
* @wl_wrk: the work object
* @shutdown: non-zero if the worker has to free memory and exit
@@ -1025,8 +1022,7 @@ out_unlock:
* needed. Returns zero in case of success and a negative error code in case of
* failure.
*/
-static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
- int shutdown)
+static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk)
{
struct ubi_wl_entry *e = wl_wrk->e;
int pnum = e->pnum;
@@ -1034,21 +1030,11 @@ static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
int lnum = wl_wrk->lnum;
int err, available_consumed = 0;
- if (shutdown) {
- dbg_wl("cancel erasure of PEB %d EC %d", pnum, e->ec);
- kfree(wl_wrk);
- wl_entry_destroy(ubi, e);
- return 0;
- }
-
dbg_wl("erase PEB %d EC %d LEB %d:%d",
pnum, e->ec, wl_wrk->vol_id, wl_wrk->lnum);
err = sync_erase(ubi, e, wl_wrk->torture);
if (!err) {
- /* Fine, we've erased it successfully */
- kfree(wl_wrk);
-
spin_lock(&ubi->wl_lock);
wl_tree_add(e, &ubi->free);
ubi->free_count++;
@@ -1066,7 +1052,6 @@ static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
}
ubi_err(ubi, "failed to erase PEB %d, error %d", pnum, err);
- kfree(wl_wrk);
if (err == -EINTR || err == -ENOMEM || err == -EAGAIN ||
err == -EBUSY) {
@@ -1150,6 +1135,25 @@ out_ro:
return err;
}
+static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
+ int shutdown)
+{
+ int ret;
+
+ if (shutdown) {
+ struct ubi_wl_entry *e = wl_wrk->e;
+
+ dbg_wl("cancel erasure of PEB %d EC %d", e->pnum, e->ec);
+ kfree(wl_wrk);
+ wl_entry_destroy(ubi, e);
+ return 0;
+ }
+
+ ret = __erase_worker(ubi, wl_wrk);
+ kfree(wl_wrk);
+ return ret;
+}
+
/**
* ubi_wl_put_peb - return a PEB to the wear-leveling sub-system.
* @ubi: UBI device description object
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 224/305] mtd: ubi: don't leak e if schedule_erase() fails
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (222 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 223/305] mtd: ubi: fixup error correction in do_sync_erase() Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 225/305] ARC: dw2 unwind: Reinstante unwinding out of modules Kamal Mostafa
` (80 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sebastian Andrzej Siewior, Richard Weinberger, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sebastian Siewior <bigeasy@linutronix.de>
commit 6b238de189f69dc77d660d4cce62eed15547f4c3 upstream.
If __erase_worker() fails to erase the EB and schedule_erase() fails as
well to do anything about it then we go RO. But that is not a reason to
leak the e argument here. Therefore clean up e.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/ubi/wl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index f73233f..5606563 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -1060,6 +1060,7 @@ static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk)
/* Re-schedule the LEB for erasure */
err1 = schedule_erase(ubi, e, vol_id, lnum, 0);
if (err1) {
+ wl_entry_destroy(ubi, e);
err = err1;
goto out_ro;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 225/305] ARC: dw2 unwind: Reinstante unwinding out of modules
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (223 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 224/305] mtd: ubi: don't leak e if schedule_erase() fails Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 226/305] ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing Kamal Mostafa
` (79 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Vineet Gupta, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit bc79c9a7216562a2035d2f64f73626613c1300d0 upstream.
The fix which removed linear searching of dwarf (because binary lookup
data always exists) missed out on the fact that modules don't get the
binary lookup tables info. This caused unwinding out of modules to stop
working.
So add binary lookup header setup (equivalent of eh_frame_hdr setup) to
modules as well.
While at it, confine the header setup to within unwinder code,
reducing one API exposed out of unwinder code.
Fixes: 2e22502c080f ARC: dw2 unwind: Remove falllback linear search thru FDE entries
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arc/include/asm/unwind.h | 4 ----
arch/arc/kernel/setup.c | 1 -
arch/arc/kernel/unwind.c | 40 ++++++++++++++++++++++++++--------------
3 files changed, 26 insertions(+), 19 deletions(-)
diff --git a/arch/arc/include/asm/unwind.h b/arch/arc/include/asm/unwind.h
index 7ca628b..c11a25b 100644
--- a/arch/arc/include/asm/unwind.h
+++ b/arch/arc/include/asm/unwind.h
@@ -112,7 +112,6 @@ struct unwind_frame_info {
extern int arc_unwind(struct unwind_frame_info *frame);
extern void arc_unwind_init(void);
-extern void arc_unwind_setup(void);
extern void *unwind_add_table(struct module *module, const void *table_start,
unsigned long table_size);
extern void unwind_remove_table(void *handle, int init_only);
@@ -152,9 +151,6 @@ static inline void arc_unwind_init(void)
{
}
-static inline void arc_unwind_setup(void)
-{
-}
#define unwind_add_table(a, b, c)
#define unwind_remove_table(a, b)
diff --git a/arch/arc/kernel/setup.c b/arch/arc/kernel/setup.c
index cabde9d..4940732 100644
--- a/arch/arc/kernel/setup.c
+++ b/arch/arc/kernel/setup.c
@@ -432,7 +432,6 @@ void __init setup_arch(char **cmdline_p)
#endif
arc_unwind_init();
- arc_unwind_setup();
}
static int __init customize_machine(void)
diff --git a/arch/arc/kernel/unwind.c b/arch/arc/kernel/unwind.c
index 7352475..9f9ecc1 100644
--- a/arch/arc/kernel/unwind.c
+++ b/arch/arc/kernel/unwind.c
@@ -170,6 +170,23 @@ static struct unwind_table *find_table(unsigned long pc)
static unsigned long read_pointer(const u8 **pLoc,
const void *end, signed ptrType);
+static void init_unwind_hdr(struct unwind_table *table,
+ void *(*alloc) (unsigned long));
+
+/*
+ * wrappers for header alloc (vs. calling one vs. other at call site)
+ * to elide section mismatches warnings
+ */
+static void *__init unw_hdr_alloc_early(unsigned long sz)
+{
+ return __alloc_bootmem_nopanic(sz, sizeof(unsigned int),
+ MAX_DMA_ADDRESS);
+}
+
+static void *unw_hdr_alloc(unsigned long sz)
+{
+ return kmalloc(sz, GFP_KERNEL);
+}
static void init_unwind_table(struct unwind_table *table, const char *name,
const void *core_start, unsigned long core_size,
@@ -209,6 +226,8 @@ void __init arc_unwind_init(void)
__start_unwind, __end_unwind - __start_unwind,
NULL, 0);
/*__start_unwind_hdr, __end_unwind_hdr - __start_unwind_hdr);*/
+
+ init_unwind_hdr(&root_table, unw_hdr_alloc_early);
}
static const u32 bad_cie, not_fde;
@@ -241,8 +260,8 @@ static void swap_eh_frame_hdr_table_entries(void *p1, void *p2, int size)
e2->fde = v;
}
-static void __init setup_unwind_table(struct unwind_table *table,
- void *(*alloc) (unsigned long))
+static void init_unwind_hdr(struct unwind_table *table,
+ void *(*alloc) (unsigned long))
{
const u8 *ptr;
unsigned long tableSize = table->size, hdrSize;
@@ -300,9 +319,11 @@ static void __init setup_unwind_table(struct unwind_table *table,
hdrSize = 4 + sizeof(unsigned long) + sizeof(unsigned int)
+ 2 * n * sizeof(unsigned long);
+
header = alloc(hdrSize);
if (!header)
return;
+
header->version = 1;
header->eh_frame_ptr_enc = DW_EH_PE_abs | DW_EH_PE_native;
header->fde_count_enc = DW_EH_PE_abs | DW_EH_PE_data4;
@@ -342,18 +363,6 @@ static void __init setup_unwind_table(struct unwind_table *table,
table->header = (const void *)header;
}
-static void *__init balloc(unsigned long sz)
-{
- return __alloc_bootmem_nopanic(sz,
- sizeof(unsigned int),
- __pa(MAX_DMA_ADDRESS));
-}
-
-void __init arc_unwind_setup(void)
-{
- setup_unwind_table(&root_table, balloc);
-}
-
#ifdef CONFIG_MODULES
static struct unwind_table *last_table;
@@ -377,6 +386,8 @@ void *unwind_add_table(struct module *module, const void *table_start,
table_start, table_size,
NULL, 0);
+ init_unwind_hdr(table, unw_hdr_alloc);
+
#ifdef UNWIND_DEBUG
unw_debug("Table added for [%s] %lx %lx\n",
module->name, table->core.pc, table->core.range);
@@ -439,6 +450,7 @@ void unwind_remove_table(void *handle, int init_only)
info.init_only = init_only;
unlink_table(&info); /* XXX: SMP */
+ kfree(table->header);
kfree(table);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 226/305] ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (224 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 225/305] ARC: dw2 unwind: Reinstante unwinding out of modules Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 227/305] powerpc/powernv: pr_warn_once on unsupported OPAL_MSG type Kamal Mostafa
` (78 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Vineet Gupta, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 323f41f9e7d0cb5b1d1586aded6682855f1e646d upstream.
ARC dwarf unwinder only supports CIE version == 1
The boot time dwarf sanitizer (part of binary lookup table constructor)
would simply bail if it saw CIE version == 3, rendering unwinder with a
NULL lookup table.
It seems libgcc linked with kernel does have such entries.
With fallback linear search removed, and a NULL binary lookup table,
unwinder fails to generate any stack trace.
So allow graceful ignoring of unsupported CIE entries.
This problem was initially seen in Alexey's setup (and not mine) as he
was using buildroot built toolchain (libgcc) which doesn't get built with
CFLAGS_FOR_TARGET="-gdwarf-2 which is my default
Fixes STAR 9000985048: "kernel unwinder broken with stock tools"
Fixes: 2e22502c080f ARC: dw2 unwind: Remove falllback linear search thru FDE entries
Reported-by Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arc/kernel/unwind.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/arch/arc/kernel/unwind.c b/arch/arc/kernel/unwind.c
index 9f9ecc1..cf2828a 100644
--- a/arch/arc/kernel/unwind.c
+++ b/arch/arc/kernel/unwind.c
@@ -293,13 +293,13 @@ static void init_unwind_hdr(struct unwind_table *table,
const u32 *cie = cie_for_fde(fde, table);
signed ptrType;
- if (cie == ¬_fde)
+ if (cie == ¬_fde) /* only process FDE here */
continue;
if (cie == NULL || cie == &bad_cie)
- return;
+ continue; /* say FDE->CIE.version != 1 */
ptrType = fde_pointer_type(cie);
if (ptrType < 0)
- return;
+ continue;
ptr = (const u8 *)(fde + 2);
if (!read_pointer(&ptr, (const u8 *)(fde + 1) + *fde,
@@ -343,6 +343,10 @@ static void init_unwind_hdr(struct unwind_table *table,
if (fde[1] == 0xffffffff)
continue; /* this is a CIE */
+
+ if (*(u8 *)(cie + 2) != 1)
+ continue; /* FDE->CIE.version not supported */
+
ptr = (const u8 *)(fde + 2);
header->table[n].start = read_pointer(&ptr,
(const u8 *)(fde + 1) +
@@ -519,7 +523,8 @@ static const u32 *cie_for_fde(const u32 *fde, const struct unwind_table *table)
if (*cie <= sizeof(*cie) + 4 || *cie >= fde[1] - sizeof(*fde)
|| (*cie & (sizeof(*cie) - 1))
- || (cie[1] != 0xffffffff))
+ || (cie[1] != 0xffffffff)
+ || ( *(u8 *)(cie + 2) != 1)) /* version 1 supported */
return NULL; /* this is not a (valid) CIE */
return cie;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 227/305] powerpc/powernv: pr_warn_once on unsupported OPAL_MSG type
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (225 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 226/305] ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 228/305] drm/nouveau/bios/fan: hardcode the fan mode to linear Kamal Mostafa
` (77 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Stewart Smith, Michael Ellerman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Stewart Smith <stewart@linux.vnet.ibm.com>
commit 98da62b716a3b24ab8e77453c9a8a954124c18cd upstream.
When running on newer OPAL firmware that supports sending extra
OPAL_MSG types, we would print a warning on *every* message received.
This could be a problem for kernels that don't support OPAL_MSG_OCC
on machines that are running real close to thermal limits and the
OCC is throttling the chip. For a kernel that is paying attention to
the message queue, we could get these notifications quite often.
Conceivably, future message types could also come fairly often,
and printing that we didn't understand them 10,000 times provides
no further information than printing them once.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/platforms/powernv/opal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
index f084afa..c368323 100644
--- a/arch/powerpc/platforms/powernv/opal.c
+++ b/arch/powerpc/platforms/powernv/opal.c
@@ -278,7 +278,7 @@ static void opal_handle_message(void)
/* Sanity check */
if (type >= OPAL_MSG_TYPE_MAX) {
- pr_warning("%s: Unknown message type: %u\n", __func__, type);
+ pr_warn_once("%s: Unknown message type: %u\n", __func__, type);
return;
}
opal_message_do_notify(type, (void *)&msg);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 228/305] drm/nouveau/bios/fan: hardcode the fan mode to linear
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (226 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 227/305] powerpc/powernv: pr_warn_once on unsupported OPAL_MSG type Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 229/305] md/raid10: fix data corruption and crash during resync Kamal Mostafa
` (76 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Martin Peres, Ben Skeggs, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Martin Peres <martin.peres@free.fr>
commit a814a29d7bbfdfe56fe1bb9641a185077066eb9f upstream.
This is an oversight that made use of the trip-point-based fan managenent on
cards that never expose those. This led the fan to stay at fan_min.
Fortunately, the emergency code would kick when the temperature would reach
90°C.
Reported-by: Tom Englund <tomenglund26@gmail.com>
Tested-by: Tom Englund <tomenglund26@gmail.com>
Signed-off-by: Martin Peres <martin.peres@free.fr>
Tested-by: Daemon32 <lnf.purple@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92126
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
index 8dba70d..e089752 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/fan.c
@@ -83,6 +83,7 @@ nvbios_fan_parse(struct nvkm_bios *bios, struct nvbios_therm_fan *fan)
fan->type = NVBIOS_THERM_FAN_UNK;
}
+ fan->fan_mode = NVBIOS_THERM_FAN_LINEAR;
fan->min_duty = nv_ro08(bios, data + 0x02);
fan->max_duty = nv_ro08(bios, data + 0x03);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 229/305] md/raid10: fix data corruption and crash during resync
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (227 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 228/305] drm/nouveau/bios/fan: hardcode the fan mode to linear Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 230/305] ALSA: hda - Set SKL+ hda controller power at freeze() and thaw() Kamal Mostafa
` (75 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Artur Paszkiewicz, NeilBrown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Artur Paszkiewicz <artur.paszkiewicz@intel.com>
commit cc57858831e3e9678291de730c4b4d2e52a19f59 upstream.
The commit c31df25f20e3 ("md/raid10: make sync_request_write() call
bio_copy_data()") replaced manual data copying with bio_copy_data() but
it doesn't work as intended. The source bio (fbio) is already processed,
so its bvec_iter has bi_size == 0 and bi_idx == bi_vcnt. Because of
this, bio_copy_data() either does not copy anything, or worse, copies
data from the ->bi_next bio if it is set. This causes wrong data to be
written to drives during resync and sometimes lockups/crashes in
bio_copy_data():
[ 517.338478] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [md126_raid10:3319]
[ 517.347324] Modules linked in: raid10 xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw iptable_filter ip_tables x86_pkg_temp_thermal coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul cryptd shpchp pcspkr ipmi_si ipmi_msghandler tpm_crb acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sr_mod cdrom sd_mod e1000e ax88179_178a usbnet mii ahci ata_generic crc32c_intel libahci ptp pata_acpi libata pps_core wmi sunrpc dm_mirror dm_region_hash dm_log dm_mod
[ 517.440555] CPU: 0 PID: 3319 Comm: md126_raid10 Not tainted 4.3.0-rc6+ #1
[ 517.448384] Hardware name: Intel Corporation PURLEY/PURLEY, BIOS PLYDCRB1.86B.0055.D14.1509221924 09/22/2015
[ 517.459768] task: ffff880153773980 ti: ffff880150df8000 task.ti: ffff880150df8000
[ 517.468529] RIP: 0010:[<ffffffff812e1888>] [<ffffffff812e1888>] bio_copy_data+0xc8/0x3c0
[ 517.478164] RSP: 0018:ffff880150dfbc98 EFLAGS: 00000246
[ 517.484341] RAX: ffff880169356688 RBX: 0000000000001000 RCX: 0000000000000000
[ 517.492558] RDX: 0000000000000000 RSI: ffffea0001ac2980 RDI: ffffea0000d835c0
[ 517.500773] RBP: ffff880150dfbd08 R08: 0000000000000001 R09: ffff880153773980
[ 517.508987] R10: ffff880169356600 R11: 0000000000001000 R12: 0000000000010000
[ 517.517199] R13: 000000000000e000 R14: 0000000000000000 R15: 0000000000001000
[ 517.525412] FS: 0000000000000000(0000) GS:ffff880174a00000(0000) knlGS:0000000000000000
[ 517.534844] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 517.541507] CR2: 00007f8a044d5fed CR3: 0000000169504000 CR4: 00000000001406f0
[ 517.549722] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 517.557929] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 517.566144] Stack:
[ 517.568626] ffff880174a16bc0 ffff880153773980 ffff880169356600 0000000000000000
[ 517.577659] 0000000000000001 0000000000000001 ffff880153773980 ffff88016a61a800
[ 517.586715] ffff880150dfbcf8 0000000000000001 ffff88016dd209e0 0000000000001000
[ 517.595773] Call Trace:
[ 517.598747] [<ffffffffa043ef95>] raid10d+0xfc5/0x1690 [raid10]
[ 517.605610] [<ffffffff816697ae>] ? __schedule+0x29e/0x8e2
[ 517.611987] [<ffffffff814ff206>] md_thread+0x106/0x140
[ 517.618072] [<ffffffff810c1d80>] ? wait_woken+0x80/0x80
[ 517.624252] [<ffffffff814ff100>] ? super_1_load+0x520/0x520
[ 517.630817] [<ffffffff8109ef89>] kthread+0xc9/0xe0
[ 517.636506] [<ffffffff8109eec0>] ? flush_kthread_worker+0x70/0x70
[ 517.643653] [<ffffffff8166d99f>] ret_from_fork+0x3f/0x70
[ 517.649929] [<ffffffff8109eec0>] ? flush_kthread_worker+0x70/0x70
Signed-off-by: Artur Paszkiewicz <artur.paszkiewicz@intel.com>
Reviewed-by: Shaohua Li <shli@kernel.org>
Fixes: c31df25f20e3 ("md/raid10: make sync_request_write() call bio_copy_data()")
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/raid10.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index d4b70d9..3bcbdb7 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -2052,6 +2052,8 @@ static void sync_request_write(struct mddev *mddev, struct r10bio *r10_bio)
first = i;
fbio = r10_bio->devs[i].bio;
+ fbio->bi_iter.bi_size = r10_bio->sectors << 9;
+ fbio->bi_iter.bi_idx = 0;
vcnt = (r10_bio->sectors + (PAGE_SIZE >> 9) - 1) >> (PAGE_SHIFT - 9);
/* now find blocks with errors */
@@ -2095,7 +2097,7 @@ static void sync_request_write(struct mddev *mddev, struct r10bio *r10_bio)
bio_reset(tbio);
tbio->bi_vcnt = vcnt;
- tbio->bi_iter.bi_size = r10_bio->sectors << 9;
+ tbio->bi_iter.bi_size = fbio->bi_iter.bi_size;
tbio->bi_rw = WRITE;
tbio->bi_private = r10_bio;
tbio->bi_iter.bi_sector = r10_bio->devs[i].addr;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 230/305] ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (228 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 229/305] md/raid10: fix data corruption and crash during resync Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 231/305] s390/dis: Fix handling of format specifiers Kamal Mostafa
` (74 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Xiong Zhang, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Xiong Zhang <xiong.y.zhang@intel.com>
commit 3e6db33aaf1d42a30339f831ec4850570d6cc7a3 upstream.
It takes three minutes to enter into hibernation on some OEM SKL
machines and we see many codec spurious response after thaw() opertion.
This is because HDA is still in D0 state after freeze() call and
pci_pm_freeze/pci_pm_freeze_noirq() don't set D3 hot in pci_bus driver.
It seems bios still access HDA when system enter into freeze state,
HDA will receive codec response interrupt immediately after thaw() call.
Because of this unexpected interrupt, HDA enter into a abnormal
state and slow down the system enter into hibernation.
In this patch, we put HDA into D3 hot state in azx_freeze_noirq() and
put HDA into D0 state in azx_thaw_noirq().
V2: Only apply this fix to SKL+
Fix compile error when CONFIG_PM_SLEEP isn't defined
[Yet another fix for CONFIG_PM_SLEEP ifdef and the additional comment
by tiwai]
Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/hda_intel.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index 4d2cbe2..de2b2e2 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -927,6 +927,36 @@ static int azx_resume(struct device *dev)
}
#endif /* CONFIG_PM_SLEEP || SUPPORT_VGA_SWITCHEROO */
+#ifdef CONFIG_PM_SLEEP
+/* put codec down to D3 at hibernation for Intel SKL+;
+ * otherwise BIOS may still access the codec and screw up the driver
+ */
+#define IS_SKL(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0xa170)
+#define IS_SKL_LP(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x9d70)
+#define IS_BXT(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x5a98)
+#define IS_SKL_PLUS(pci) (IS_SKL(pci) || IS_SKL_LP(pci) || IS_BXT(pci))
+
+static int azx_freeze_noirq(struct device *dev)
+{
+ struct pci_dev *pci = to_pci_dev(dev);
+
+ if (IS_SKL_PLUS(pci))
+ pci_set_power_state(pci, PCI_D3hot);
+
+ return 0;
+}
+
+static int azx_thaw_noirq(struct device *dev)
+{
+ struct pci_dev *pci = to_pci_dev(dev);
+
+ if (IS_SKL_PLUS(pci))
+ pci_set_power_state(pci, PCI_D0);
+
+ return 0;
+}
+#endif /* CONFIG_PM_SLEEP */
+
#ifdef CONFIG_PM
static int azx_runtime_suspend(struct device *dev)
{
@@ -1036,6 +1066,10 @@ static int azx_runtime_idle(struct device *dev)
static const struct dev_pm_ops azx_pm = {
SET_SYSTEM_SLEEP_PM_OPS(azx_suspend, azx_resume)
+#ifdef CONFIG_PM_SLEEP
+ .freeze_noirq = azx_freeze_noirq,
+ .thaw_noirq = azx_thaw_noirq,
+#endif
SET_RUNTIME_PM_OPS(azx_runtime_suspend, azx_runtime_resume, azx_runtime_idle)
};
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 231/305] s390/dis: Fix handling of format specifiers
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (229 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 230/305] ALSA: hda - Set SKL+ hda controller power at freeze() and thaw() Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 232/305] xen: Add RING_COPY_REQUEST() Kamal Mostafa
` (73 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michael Holzheu, Martin Schwidefsky, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Michael Holzheu <holzheu@linux.vnet.ibm.com>
commit 272fa59ccb4fc802af28b1d699c2463db6a71bf7 upstream.
The print_insn() function returns strings like "lghi %r1,0". To escape the
'%' character in sprintf() a second '%' is used. For example "lghi %%r1,0"
is converted into "lghi %r1,0".
After print_insn() the output string is passed to printk(). Because format
specifiers like "%r" or "%f" are ignored by printk() this works by chance
most of the time. But for instructions with control registers like
"lctl %c6,%c6,780" this fails because printk() interprets "%c" as
character format specifier.
Fix this problem and escape the '%' characters twice.
For example "lctl %%%%c6,%%%%c6,780" is then converted by sprintf()
into "lctl %%c6,%%c6,780" and by printk() into "lctl %c6,%c6,780".
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/s390/kernel/dis.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/arch/s390/kernel/dis.c b/arch/s390/kernel/dis.c
index 8140d10..6e72961 100644
--- a/arch/s390/kernel/dis.c
+++ b/arch/s390/kernel/dis.c
@@ -1920,16 +1920,23 @@ static int print_insn(char *buffer, unsigned char *code, unsigned long addr)
}
if (separator)
ptr += sprintf(ptr, "%c", separator);
+ /*
+ * Use four '%' characters below because of the
+ * following two conversions:
+ *
+ * 1) sprintf: %%%%r -> %%r
+ * 2) printk : %%r -> %r
+ */
if (operand->flags & OPERAND_GPR)
- ptr += sprintf(ptr, "%%r%i", value);
+ ptr += sprintf(ptr, "%%%%r%i", value);
else if (operand->flags & OPERAND_FPR)
- ptr += sprintf(ptr, "%%f%i", value);
+ ptr += sprintf(ptr, "%%%%f%i", value);
else if (operand->flags & OPERAND_AR)
- ptr += sprintf(ptr, "%%a%i", value);
+ ptr += sprintf(ptr, "%%%%a%i", value);
else if (operand->flags & OPERAND_CR)
- ptr += sprintf(ptr, "%%c%i", value);
+ ptr += sprintf(ptr, "%%%%c%i", value);
else if (operand->flags & OPERAND_VR)
- ptr += sprintf(ptr, "%%v%i", value);
+ ptr += sprintf(ptr, "%%%%v%i", value);
else if (operand->flags & OPERAND_PCREL)
ptr += sprintf(ptr, "%lx", (signed int) value
+ addr);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 232/305] xen: Add RING_COPY_REQUEST()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (230 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 231/305] s390/dis: Fix handling of format specifiers Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 233/305] xen-netback: don't use last request to determine minimum Tx credit Kamal Mostafa
` (72 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Vrabel, Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Vrabel <david.vrabel@citrix.com>
commit 454d5d882c7e412b840e3c99010fe81a9862f6fb upstream.
Using RING_GET_REQUEST() on a shared ring is easy to use incorrectly
(i.e., by not considering that the other end may alter the data in the
shared ring while it is being inspected). Safe usage of a request
generally requires taking a local copy.
Provide a RING_COPY_REQUEST() macro to use instead of
RING_GET_REQUEST() and an open-coded memcpy(). This takes care of
ensuring that the copy is done correctly regardless of any possible
compiler optimizations.
Use a volatile source to prevent the compiler from reordering or
omitting the copy.
This is part of XSA155.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/xen/interface/io/ring.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/include/xen/interface/io/ring.h b/include/xen/interface/io/ring.h
index 7d28aff..7dc685b 100644
--- a/include/xen/interface/io/ring.h
+++ b/include/xen/interface/io/ring.h
@@ -181,6 +181,20 @@ struct __name##_back_ring { \
#define RING_GET_REQUEST(_r, _idx) \
(&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].req))
+/*
+ * Get a local copy of a request.
+ *
+ * Use this in preference to RING_GET_REQUEST() so all processing is
+ * done on a local copy that cannot be modified by the other end.
+ *
+ * Note that https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 may cause this
+ * to be ineffective where _req is a struct which consists of only bitfields.
+ */
+#define RING_COPY_REQUEST(_r, _idx, _req) do { \
+ /* Use volatile to force the copy into _req. */ \
+ *(_req) = *(volatile typeof(_req))RING_GET_REQUEST(_r, _idx); \
+} while (0)
+
#define RING_GET_RESPONSE(_r, _idx) \
(&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].rsp))
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 233/305] xen-netback: don't use last request to determine minimum Tx credit
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (231 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 232/305] xen: Add RING_COPY_REQUEST() Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 234/305] xen-netback: use RING_COPY_REQUEST() throughout Kamal Mostafa
` (71 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Vrabel, Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Vrabel <david.vrabel@citrix.com>
commit 0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357 upstream.
The last from guest transmitted request gives no indication about the
minimum amount of credit that the guest might need to send a packet
since the last packet might have been a small one.
Instead allow for the worst case 128 KiB packet.
This is part of XSA155.
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/xen-netback/netback.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
index 3f44b52..a31451e 100644
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c
@@ -625,9 +625,7 @@ static void tx_add_credit(struct xenvif_queue *queue)
* Allow a burst big enough to transmit a jumbo packet of up to 128kB.
* Otherwise the interface can seize up due to insufficient credit.
*/
- max_burst = RING_GET_REQUEST(&queue->tx, queue->tx.req_cons)->size;
- max_burst = min(max_burst, 131072UL);
- max_burst = max(max_burst, queue->credit_bytes);
+ max_burst = max(131072UL, queue->credit_bytes);
/* Take care that adding a new chunk of credit doesn't wrap to zero. */
max_credit = queue->remaining_credit + queue->credit_bytes;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 234/305] xen-netback: use RING_COPY_REQUEST() throughout
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (232 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 233/305] xen-netback: don't use last request to determine minimum Tx credit Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 235/305] xen-blkback: only read request operation from shared ring once Kamal Mostafa
` (70 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Vrabel, Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Vrabel <david.vrabel@citrix.com>
commit 68a33bfd8403e4e22847165d149823a2e0e67c9c upstream.
Instead of open-coding memcpy()s and directly accessing Tx and Rx
requests, use the new RING_COPY_REQUEST() that ensures the local copy
is correct.
This is more than is strictly necessary for guest Rx requests since
only the id and gref fields are used and it is harmless if the
frontend modifies these.
This is part of XSA155.
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/xen-netback/netback.c | 30 ++++++++++++++----------------
1 file changed, 14 insertions(+), 16 deletions(-)
diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
index a31451e..4fe3e13 100644
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c
@@ -247,18 +247,18 @@ static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif_queue *queue,
struct netrx_pending_operations *npo)
{
struct xenvif_rx_meta *meta;
- struct xen_netif_rx_request *req;
+ struct xen_netif_rx_request req;
- req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++);
+ RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req);
meta = npo->meta + npo->meta_prod++;
meta->gso_type = XEN_NETIF_GSO_TYPE_NONE;
meta->gso_size = 0;
meta->size = 0;
- meta->id = req->id;
+ meta->id = req.id;
npo->copy_off = 0;
- npo->copy_gref = req->gref;
+ npo->copy_gref = req.gref;
return meta;
}
@@ -370,7 +370,7 @@ static int xenvif_gop_skb(struct sk_buff *skb,
struct xenvif *vif = netdev_priv(skb->dev);
int nr_frags = skb_shinfo(skb)->nr_frags;
int i;
- struct xen_netif_rx_request *req;
+ struct xen_netif_rx_request req;
struct xenvif_rx_meta *meta;
unsigned char *data;
int head = 1;
@@ -389,15 +389,15 @@ static int xenvif_gop_skb(struct sk_buff *skb,
/* Set up a GSO prefix descriptor, if necessary */
if ((1 << gso_type) & vif->gso_prefix_mask) {
- req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++);
+ RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req);
meta = npo->meta + npo->meta_prod++;
meta->gso_type = gso_type;
meta->gso_size = skb_shinfo(skb)->gso_size;
meta->size = 0;
- meta->id = req->id;
+ meta->id = req.id;
}
- req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++);
+ RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req);
meta = npo->meta + npo->meta_prod++;
if ((1 << gso_type) & vif->gso_mask) {
@@ -409,9 +409,9 @@ static int xenvif_gop_skb(struct sk_buff *skb,
}
meta->size = 0;
- meta->id = req->id;
+ meta->id = req.id;
npo->copy_off = 0;
- npo->copy_gref = req->gref;
+ npo->copy_gref = req.gref;
data = skb->data;
while (data < skb_tail_pointer(skb)) {
@@ -655,7 +655,7 @@ static void xenvif_tx_err(struct xenvif_queue *queue,
spin_unlock_irqrestore(&queue->response_lock, flags);
if (cons == end)
break;
- txp = RING_GET_REQUEST(&queue->tx, cons++);
+ RING_COPY_REQUEST(&queue->tx, cons++, txp);
} while (1);
queue->tx.req_cons = cons;
}
@@ -722,8 +722,7 @@ static int xenvif_count_requests(struct xenvif_queue *queue,
if (drop_err)
txp = &dropped_tx;
- memcpy(txp, RING_GET_REQUEST(&queue->tx, cons + slots),
- sizeof(*txp));
+ RING_COPY_REQUEST(&queue->tx, cons + slots, txp);
/* If the guest submitted a frame >= 64 KiB then
* first->size overflowed and following slots will
@@ -1056,8 +1055,7 @@ static int xenvif_get_extras(struct xenvif_queue *queue,
return -EBADR;
}
- memcpy(&extra, RING_GET_REQUEST(&queue->tx, cons),
- sizeof(extra));
+ RING_COPY_REQUEST(&queue->tx, cons, &extra);
if (unlikely(!extra.type ||
extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) {
queue->tx.req_cons = ++cons;
@@ -1192,7 +1190,7 @@ static void xenvif_tx_build_gops(struct xenvif_queue *queue,
idx = queue->tx.req_cons;
rmb(); /* Ensure that we see the request before we copy it. */
- memcpy(&txreq, RING_GET_REQUEST(&queue->tx, idx), sizeof(txreq));
+ RING_COPY_REQUEST(&queue->tx, idx, &txreq);
/* Credit-based scheduling. */
if (txreq.size > queue->remaining_credit &&
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 235/305] xen-blkback: only read request operation from shared ring once
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (233 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 234/305] xen-netback: use RING_COPY_REQUEST() throughout Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 236/305] xen-blkback: read from indirect descriptors only once Kamal Mostafa
` (69 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Roger Pau Monné, David Vrabel, Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
commit 1f13d75ccb806260079e0679d55d9253e370ec8a upstream.
A compiler may load a switch statement value multiple times, which could
be bad when the value is in memory shared with the frontend.
When converting a non-native request to a native one, ensure that
src->operation is only loaded once by using READ_ONCE().
This is part of XSA155.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/block/xen-blkback/common.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h
index 45a044a..619bd60 100644
--- a/drivers/block/xen-blkback/common.h
+++ b/drivers/block/xen-blkback/common.h
@@ -399,8 +399,8 @@ static inline void blkif_get_x86_32_req(struct blkif_request *dst,
struct blkif_x86_32_request *src)
{
int i, n = BLKIF_MAX_SEGMENTS_PER_REQUEST, j;
- dst->operation = src->operation;
- switch (src->operation) {
+ dst->operation = READ_ONCE(src->operation);
+ switch (dst->operation) {
case BLKIF_OP_READ:
case BLKIF_OP_WRITE:
case BLKIF_OP_WRITE_BARRIER:
@@ -447,8 +447,8 @@ static inline void blkif_get_x86_64_req(struct blkif_request *dst,
struct blkif_x86_64_request *src)
{
int i, n = BLKIF_MAX_SEGMENTS_PER_REQUEST, j;
- dst->operation = src->operation;
- switch (src->operation) {
+ dst->operation = READ_ONCE(src->operation);
+ switch (dst->operation) {
case BLKIF_OP_READ:
case BLKIF_OP_WRITE:
case BLKIF_OP_WRITE_BARRIER:
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 236/305] xen-blkback: read from indirect descriptors only once
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (234 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 235/305] xen-blkback: only read request operation from shared ring once Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 237/305] xen-scsiback: safely copy requests Kamal Mostafa
` (68 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Roger Pau Monné, David Vrabel, Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
commit 18779149101c0dd43ded43669ae2a92d21b6f9cb upstream.
Since indirect descriptors are in memory shared with the frontend, the
frontend could alter the first_sect and last_sect values after they have
been validated but before they are recorded in the request. This may
result in I/O requests that overflow the foreign page, possibly
overwriting local pages when the I/O request is executed.
When parsing indirect descriptors, only read first_sect and last_sect
once.
This is part of XSA155.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
[ kamal: backport to 4.2-stable: s/XEN_PAGE_SIZE/PAGE_SIZE/ ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/block/xen-blkback/blkback.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
index 954c002..9caf93c 100644
--- a/drivers/block/xen-blkback/blkback.c
+++ b/drivers/block/xen-blkback/blkback.c
@@ -950,6 +950,8 @@ static int xen_blkbk_parse_indirect(struct blkif_request *req,
goto unmap;
for (n = 0, i = 0; n < nseg; n++) {
+ uint8_t first_sect, last_sect;
+
if ((n % SEGS_PER_INDIRECT_FRAME) == 0) {
/* Map indirect segments */
if (segments)
@@ -957,15 +959,18 @@ static int xen_blkbk_parse_indirect(struct blkif_request *req,
segments = kmap_atomic(pages[n/SEGS_PER_INDIRECT_FRAME]->page);
}
i = n % SEGS_PER_INDIRECT_FRAME;
+
pending_req->segments[n]->gref = segments[i].gref;
- seg[n].nsec = segments[i].last_sect -
- segments[i].first_sect + 1;
- seg[n].offset = (segments[i].first_sect << 9);
- if ((segments[i].last_sect >= (PAGE_SIZE >> 9)) ||
- (segments[i].last_sect < segments[i].first_sect)) {
+
+ first_sect = READ_ONCE(segments[i].first_sect);
+ last_sect = READ_ONCE(segments[i].last_sect);
+ if (last_sect >= (PAGE_SIZE >> 9) || last_sect < first_sect) {
rc = -EINVAL;
goto unmap;
}
+
+ seg[n].nsec = last_sect - first_sect + 1;
+ seg[n].offset = first_sect << 9;
preq->nr_sects += seg[n].nsec;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 237/305] xen-scsiback: safely copy requests
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (235 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 236/305] xen-blkback: read from indirect descriptors only once Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 238/305] xen/pciback: Save xen_pci_op commands before processing it Kamal Mostafa
` (67 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Vrabel, Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Vrabel <david.vrabel@citrix.com>
commit be69746ec12f35b484707da505c6c76ff06f97dc upstream.
The copy of the ring request was lacking a following barrier(),
potentially allowing the compiler to optimize the copy away.
Use RING_COPY_REQUEST() to ensure the request is copied to local
memory.
This is part of XSA155.
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/xen-scsiback.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c
index 9eeefd7..2af9aa8 100644
--- a/drivers/xen/xen-scsiback.c
+++ b/drivers/xen/xen-scsiback.c
@@ -727,7 +727,7 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info)
if (!pending_req)
return 1;
- ring_req = *RING_GET_REQUEST(ring, rc);
+ RING_COPY_REQUEST(ring, rc, &ring_req);
ring->req_cons = ++rc;
err = prepare_pending_reqs(info, &ring_req, pending_req);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 238/305] xen/pciback: Save xen_pci_op commands before processing it
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (236 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 237/305] xen-scsiback: safely copy requests Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 239/305] xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled Kamal Mostafa
` (66 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jan Beulich, David Vrabel, Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
commit 8135cf8b092723dbfcc611fe6fdcb3a36c9951c5 upstream.
Double fetch vulnerabilities that happen when a variable is
fetched twice from shared memory but a security check is only
performed the first time.
The xen_pcibk_do_op function performs a switch statements on the op->cmd
value which is stored in shared memory. Interestingly this can result
in a double fetch vulnerability depending on the performed compiler
optimization.
This patch fixes it by saving the xen_pci_op command before
processing it. We also use 'barrier' to make sure that the
compiler does not perform any optimization.
This is part of XSA155.
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jan Beulich <JBeulich@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/xen-pciback/pciback.h | 1 +
drivers/xen/xen-pciback/pciback_ops.c | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/xen/xen-pciback/pciback.h b/drivers/xen/xen-pciback/pciback.h
index 58e38d5..4d529f3 100644
--- a/drivers/xen/xen-pciback/pciback.h
+++ b/drivers/xen/xen-pciback/pciback.h
@@ -37,6 +37,7 @@ struct xen_pcibk_device {
struct xen_pci_sharedinfo *sh_info;
unsigned long flags;
struct work_struct op_work;
+ struct xen_pci_op op;
};
struct xen_pcibk_dev_data {
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index c4a0666..a0e0e3e 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -298,9 +298,11 @@ void xen_pcibk_do_op(struct work_struct *data)
container_of(data, struct xen_pcibk_device, op_work);
struct pci_dev *dev;
struct xen_pcibk_dev_data *dev_data = NULL;
- struct xen_pci_op *op = &pdev->sh_info->op;
+ struct xen_pci_op *op = &pdev->op;
int test_intx = 0;
+ *op = pdev->sh_info->op;
+ barrier();
dev = xen_pcibk_get_pci_dev(pdev, op->domain, op->bus, op->devfn);
if (dev == NULL)
@@ -342,6 +344,17 @@ void xen_pcibk_do_op(struct work_struct *data)
if ((dev_data->enable_intx != test_intx))
xen_pcibk_control_isr(dev, 0 /* no reset */);
}
+ pdev->sh_info->op.err = op->err;
+ pdev->sh_info->op.value = op->value;
+#ifdef CONFIG_PCI_MSI
+ if (op->cmd == XEN_PCI_OP_enable_msix && op->err == 0) {
+ unsigned int i;
+
+ for (i = 0; i < op->value; i++)
+ pdev->sh_info->op.msix_entries[i].vector =
+ op->msix_entries[i].vector;
+ }
+#endif
/* Tell the driver domain that we're done. */
wmb();
clear_bit(_XEN_PCIF_active, (unsigned long *)&pdev->sh_info->flags);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 239/305] xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (237 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 238/305] xen/pciback: Save xen_pci_op commands before processing it Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 240/305] xen/pciback: Return error on XEN_PCI_OP_enable_msix " Kamal Mostafa
` (65 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
commit 56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d upstream.
The guest sequence of:
a) XEN_PCI_OP_enable_msi
b) XEN_PCI_OP_enable_msi
c) XEN_PCI_OP_disable_msi
results in hitting an BUG_ON condition in the msi.c code.
The MSI code uses an dev->msi_list to which it adds MSI entries.
Under the above conditions an BUG_ON() can be hit. The device
passed in the guest MUST have MSI capability.
The a) adds the entry to the dev->msi_list and sets msi_enabled.
The b) adds a second entry but adding in to SysFS fails (duplicate entry)
and deletes all of the entries from msi_list and returns (with msi_enabled
is still set). c) pci_disable_msi passes the msi_enabled checks and hits:
BUG_ON(list_empty(dev_to_msi_list(&dev->dev)));
and blows up.
The patch adds a simple check in the XEN_PCI_OP_enable_msi to guard
against that. The check for msix_enabled is not stricly neccessary.
This is part of XSA-157.
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/xen-pciback/pciback_ops.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index a0e0e3e..8bfb87c 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -144,7 +144,12 @@ int xen_pcibk_enable_msi(struct xen_pcibk_device *pdev,
if (unlikely(verbose_request))
printk(KERN_DEBUG DRV_NAME ": %s: enable MSI\n", pci_name(dev));
- status = pci_enable_msi(dev);
+ if (dev->msi_enabled)
+ status = -EALREADY;
+ else if (dev->msix_enabled)
+ status = -ENXIO;
+ else
+ status = pci_enable_msi(dev);
if (status) {
pr_warn_ratelimited("%s: error enabling MSI for guest %u: err %d\n",
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 240/305] xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (238 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 239/305] xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 241/305] xen/pciback: Do not install an IRQ handler for MSI interrupts Kamal Mostafa
` (64 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
commit 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9 upstream.
The guest sequence of:
a) XEN_PCI_OP_enable_msix
b) XEN_PCI_OP_enable_msix
results in hitting an NULL pointer due to using freed pointers.
The device passed in the guest MUST have MSI-X capability.
The a) constructs and SysFS representation of MSI and MSI groups.
The b) adds a second set of them but adding in to SysFS fails (duplicate entry).
'populate_msi_sysfs' frees the newly allocated msi_irq_groups (note that
in a) pdev->msi_irq_groups is still set) and also free's ALL of the
MSI-X entries of the device (the ones allocated in step a) and b)).
The unwind code: 'free_msi_irqs' deletes all the entries and tries to
delete the pdev->msi_irq_groups (which hasn't been set to NULL).
However the pointers in the SysFS are already freed and we hit an
NULL pointer further on when 'strlen' is attempted on a freed pointer.
The patch adds a simple check in the XEN_PCI_OP_enable_msix to guard
against that. The check for msi_enabled is not stricly neccessary.
This is part of XSA-157
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/xen-pciback/pciback_ops.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index 8bfb87c..029f33d 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -206,9 +206,16 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev,
if (unlikely(verbose_request))
printk(KERN_DEBUG DRV_NAME ": %s: enable MSI-X\n",
pci_name(dev));
+
if (op->value > SH_INFO_MAX_VEC)
return -EINVAL;
+ if (dev->msix_enabled)
+ return -EALREADY;
+
+ if (dev->msi_enabled)
+ return -ENXIO;
+
entries = kmalloc(op->value * sizeof(*entries), GFP_KERNEL);
if (entries == NULL)
return -ENOMEM;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 241/305] xen/pciback: Do not install an IRQ handler for MSI interrupts.
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (239 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 240/305] xen/pciback: Return error on XEN_PCI_OP_enable_msix " Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 242/305] xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled Kamal Mostafa
` (63 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
commit a396f3a210c3a61e94d6b87ec05a75d0be2a60d0 upstream.
Otherwise an guest can subvert the generic MSI code to trigger
an BUG_ON condition during MSI interrupt freeing:
for (i = 0; i < entry->nvec_used; i++)
BUG_ON(irq_has_action(entry->irq + i));
Xen PCI backed installs an IRQ handler (request_irq) for
the dev->irq whenever the guest writes PCI_COMMAND_MEMORY
(or PCI_COMMAND_IO) to the PCI_COMMAND register. This is
done in case the device has legacy interrupts the GSI line
is shared by the backend devices.
To subvert the backend the guest needs to make the backend
to change the dev->irq from the GSI to the MSI interrupt line,
make the backend allocate an interrupt handler, and then command
the backend to free the MSI interrupt and hit the BUG_ON.
Since the backend only calls 'request_irq' when the guest
writes to the PCI_COMMAND register the guest needs to call
XEN_PCI_OP_enable_msi before any other operation. This will
cause the generic MSI code to setup an MSI entry and
populate dev->irq with the new PIRQ value.
Then the guest can write to PCI_COMMAND PCI_COMMAND_MEMORY
and cause the backend to setup an IRQ handler for dev->irq
(which instead of the GSI value has the MSI pirq). See
'xen_pcibk_control_isr'.
Then the guest disables the MSI: XEN_PCI_OP_disable_msi
which ends up triggering the BUG_ON condition in 'free_msi_irqs'
as there is an IRQ handler for the entry->irq (dev->irq).
Note that this cannot be done using MSI-X as the generic
code does not over-write dev->irq with the MSI-X PIRQ values.
The patch inhibits setting up the IRQ handler if MSI or
MSI-X (for symmetry reasons) code had been called successfully.
P.S.
Xen PCIBack when it sets up the device for the guest consumption
ends up writting 0 to the PCI_COMMAND (see xen_pcibk_reset_device).
XSA-120 addendum patch removed that - however when upstreaming said
addendum we found that it caused issues with qemu upstream. That
has now been fixed in qemu upstream.
This is part of XSA-157
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/xen-pciback/pciback_ops.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index 029f33d..d0696ce 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -70,6 +70,13 @@ static void xen_pcibk_control_isr(struct pci_dev *dev, int reset)
enable ? "enable" : "disable");
if (enable) {
+ /*
+ * The MSI or MSI-X should not have an IRQ handler. Otherwise
+ * if the guest terminates we BUG_ON in free_msi_irqs.
+ */
+ if (dev->msi_enabled || dev->msix_enabled)
+ goto out;
+
rc = request_irq(dev_data->irq,
xen_pcibk_guest_interrupt, IRQF_SHARED,
dev_data->irq_name, dev);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 242/305] xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (240 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 241/305] xen/pciback: Do not install an IRQ handler for MSI interrupts Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 243/305] xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set Kamal Mostafa
` (62 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
commit 7cfb905b9638982862f0331b36ccaaca5d383b49 upstream.
Otherwise just continue on, returning the same values as
previously (return of 0, and op->result has the PIRQ value).
This does not change the behavior of XEN_PCI_OP_disable_msi[|x].
The pci_disable_msi or pci_disable_msix have the checks for
msi_enabled or msix_enabled so they will error out immediately.
However the guest can still call these operations and cause
us to disable the 'ack_intr'. That means the backend IRQ handler
for the legacy interrupt will not respond to interrupts anymore.
This will lead to (if the device is causing an interrupt storm)
for the Linux generic code to disable the interrupt line.
Naturally this will only happen if the device in question
is plugged in on the motherboard on shared level interrupt GSI.
This is part of XSA-157
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/xen-pciback/pciback_ops.c | 33 ++++++++++++++++++++-------------
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index d0696ce..4ee5fc0 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -185,20 +185,23 @@ static
int xen_pcibk_disable_msi(struct xen_pcibk_device *pdev,
struct pci_dev *dev, struct xen_pci_op *op)
{
- struct xen_pcibk_dev_data *dev_data;
-
if (unlikely(verbose_request))
printk(KERN_DEBUG DRV_NAME ": %s: disable MSI\n",
pci_name(dev));
- pci_disable_msi(dev);
+ if (dev->msi_enabled) {
+ struct xen_pcibk_dev_data *dev_data;
+
+ pci_disable_msi(dev);
+
+ dev_data = pci_get_drvdata(dev);
+ if (dev_data)
+ dev_data->ack_intr = 1;
+ }
op->value = dev->irq ? xen_pirq_from_irq(dev->irq) : 0;
if (unlikely(verbose_request))
printk(KERN_DEBUG DRV_NAME ": %s: MSI: %d\n", pci_name(dev),
op->value);
- dev_data = pci_get_drvdata(dev);
- if (dev_data)
- dev_data->ack_intr = 1;
return 0;
}
@@ -264,23 +267,27 @@ static
int xen_pcibk_disable_msix(struct xen_pcibk_device *pdev,
struct pci_dev *dev, struct xen_pci_op *op)
{
- struct xen_pcibk_dev_data *dev_data;
if (unlikely(verbose_request))
printk(KERN_DEBUG DRV_NAME ": %s: disable MSI-X\n",
pci_name(dev));
- pci_disable_msix(dev);
+ if (dev->msix_enabled) {
+ struct xen_pcibk_dev_data *dev_data;
+
+ pci_disable_msix(dev);
+
+ dev_data = pci_get_drvdata(dev);
+ if (dev_data)
+ dev_data->ack_intr = 1;
+ }
/*
* SR-IOV devices (which don't have any legacy IRQ) have
* an undefined IRQ value of zero.
*/
op->value = dev->irq ? xen_pirq_from_irq(dev->irq) : 0;
if (unlikely(verbose_request))
- printk(KERN_DEBUG DRV_NAME ": %s: MSI-X: %d\n", pci_name(dev),
- op->value);
- dev_data = pci_get_drvdata(dev);
- if (dev_data)
- dev_data->ack_intr = 1;
+ printk(KERN_DEBUG DRV_NAME ": %s: MSI-X: %d\n",
+ pci_name(dev), op->value);
return 0;
}
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 243/305] xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (241 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 242/305] xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 244/305] [media] Revert "[media] ivtv: avoid going past input/audio array" Kamal Mostafa
` (61 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Konrad Rzeszutek Wilk, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
commit 408fb0e5aa7fda0059db282ff58c3b2a4278baa0 upstream.
commit f598282f51 ("PCI: Fix the NIU MSI-X problem in a better way")
teaches us that dealing with MSI-X can be troublesome.
Further checks in the MSI-X architecture shows that if the
PCI_COMMAND_MEMORY bit is turned of in the PCI_COMMAND we
may not be able to access the BAR (since they are memory regions).
Since the MSI-X tables are located in there.. that can lead
to us causing PCIe errors. Inhibit us performing any
operation on the MSI-X unless the MEMORY bit is set.
Note that Xen hypervisor with:
"x86/MSI-X: access MSI-X table only after having enabled MSI-X"
will return:
xen_pciback: 0000:0a:00.1: error -6 enabling MSI-X for guest 3!
When the generic MSI code tries to setup the PIRQ without
MEMORY bit set. Which means with later versions of Xen
(4.6) this patch is not neccessary.
This is part of XSA-157
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/xen/xen-pciback/pciback_ops.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index 4ee5fc0..73dafdc 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -212,6 +212,7 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev,
struct xen_pcibk_dev_data *dev_data;
int i, result;
struct msix_entry *entries;
+ u16 cmd;
if (unlikely(verbose_request))
printk(KERN_DEBUG DRV_NAME ": %s: enable MSI-X\n",
@@ -223,7 +224,12 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev,
if (dev->msix_enabled)
return -EALREADY;
- if (dev->msi_enabled)
+ /*
+ * PCI_COMMAND_MEMORY must be enabled, otherwise we may not be able
+ * to access the BARs where the MSI-X entries reside.
+ */
+ pci_read_config_word(dev, PCI_COMMAND, &cmd);
+ if (dev->msi_enabled || !(cmd & PCI_COMMAND_MEMORY))
return -ENXIO;
entries = kmalloc(op->value * sizeof(*entries), GFP_KERNEL);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 244/305] [media] Revert "[media] ivtv: avoid going past input/audio array"
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (242 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 243/305] xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 245/305] [media] airspy: increase USB control message buffer size Kamal Mostafa
` (60 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
commit dfcf36d90489a403d8d833f0f73d84a8d68b5570 upstream.
This patch broke ivtv logic, as reported at
https://bugzilla.redhat.com/show_bug.cgi?id=1278942
This reverts commit 09290cc885937cab3b2d60a6d48fe3d2d3e04061.
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/pci/ivtv/ivtv-driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/pci/ivtv/ivtv-driver.c b/drivers/media/pci/ivtv/ivtv-driver.c
index 8616fa8..c2e60b4 100644
--- a/drivers/media/pci/ivtv/ivtv-driver.c
+++ b/drivers/media/pci/ivtv/ivtv-driver.c
@@ -805,11 +805,11 @@ static void ivtv_init_struct2(struct ivtv *itv)
{
int i;
- for (i = 0; i < IVTV_CARD_MAX_VIDEO_INPUTS - 1; i++)
+ for (i = 0; i < IVTV_CARD_MAX_VIDEO_INPUTS; i++)
if (itv->card->video_inputs[i].video_type == 0)
break;
itv->nof_inputs = i;
- for (i = 0; i < IVTV_CARD_MAX_AUDIO_INPUTS - 1; i++)
+ for (i = 0; i < IVTV_CARD_MAX_AUDIO_INPUTS; i++)
if (itv->card->audio_inputs[i].audio_type == 0)
break;
itv->nof_audio_inputs = i;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 245/305] [media] airspy: increase USB control message buffer size
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (243 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 244/305] [media] Revert "[media] ivtv: avoid going past input/audio array" Kamal Mostafa
@ 2016-01-16 0:00 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 246/305] USB: ipaq.c: fix a timeout loop Kamal Mostafa
` (59 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:00 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Antti Palosaari, Mauro Carvalho Chehab, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Antti Palosaari <crope@iki.fi>
commit aa0850e1d56623845b46350ffd971afa9241886d upstream.
Driver requested device firmware version string during probe using
only 24 byte long buffer. That buffer is too small for newer firmware
versions, which causes device firmware hang - device stops responding
to any commands after that. Increase buffer size to 128 which should
be enough for any current and future version strings.
Link: https://github.com/airspy/host/issues/27
Reported-by: Benjamin Vernoux <bvernoux@gmail.com>
Signed-off-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/usb/airspy/airspy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/airspy/airspy.c b/drivers/media/usb/airspy/airspy.c
index 4069234..a50750c 100644
--- a/drivers/media/usb/airspy/airspy.c
+++ b/drivers/media/usb/airspy/airspy.c
@@ -132,7 +132,7 @@ struct airspy {
int urbs_submitted;
/* USB control message buffer */
- #define BUF_SIZE 24
+ #define BUF_SIZE 128
u8 buf[BUF_SIZE];
/* Current configuration */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 246/305] USB: ipaq.c: fix a timeout loop
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (244 preceding siblings ...)
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 245/305] [media] airspy: increase USB control message buffer size Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 247/305] USB: fix invalid memory access in hub_activate() Kamal Mostafa
` (58 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dan Carpenter, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit abdc9a3b4bac97add99e1d77dc6d28623afe682b upstream.
The code expects the loop to end with "retries" set to zero but, because
it is a post-op, it will end set to -1. I have fixed this by moving the
decrement inside the loop.
Fixes: 014aa2a3c32e ('USB: ipaq: minor ipaq_open() cleanup.')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/serial/ipaq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/serial/ipaq.c b/drivers/usb/serial/ipaq.c
index f51a5d5..ec1b8f2 100644
--- a/drivers/usb/serial/ipaq.c
+++ b/drivers/usb/serial/ipaq.c
@@ -531,7 +531,8 @@ static int ipaq_open(struct tty_struct *tty,
* through. Since this has a reasonably high failure rate, we retry
* several times.
*/
- while (retries--) {
+ while (retries) {
+ retries--;
result = usb_control_msg(serial->dev,
usb_sndctrlpipe(serial->dev, 0), 0x22, 0x21,
0x1, 0, NULL, 0, 100);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 247/305] USB: fix invalid memory access in hub_activate()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (245 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 246/305] USB: ipaq.c: fix a timeout loop Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 248/305] i2c: rcar: disable runtime PM correctly in slave mode Kamal Mostafa
` (57 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alan Stern, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit e50293ef9775c5f1cf3fcc093037dd6a8c5684ea upstream.
Commit 8520f38099cc ("USB: change hub initialization sleeps to
delayed_work") changed the hub_activate() routine to make part of it
run in a workqueue. However, the commit failed to take a reference to
the usb_hub structure or to lock the hub interface while doing so. As
a result, if a hub is plugged in and quickly unplugged before the work
routine can run, the routine will try to access memory that has been
deallocated. Or, if the hub is unplugged while the routine is
running, the memory may be deallocated while it is in active use.
This patch fixes the problem by taking a reference to the usb_hub at
the start of hub_activate() and releasing it at the end (when the work
is finished), and by locking the hub interface while the work routine
is running. It also adds a check at the start of the routine to see
if the hub has already been disconnected, in which nothing should be
done.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Alexandru Cornea <alexandru.cornea@intel.com>
Tested-by: Alexandru Cornea <alexandru.cornea@intel.com>
Fixes: 8520f38099cc ("USB: change hub initialization sleeps to delayed_work")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/core/hub.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 5eb29e8..2f0fa89 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1035,10 +1035,20 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
unsigned delay;
/* Continue a partial initialization */
- if (type == HUB_INIT2)
- goto init2;
- if (type == HUB_INIT3)
+ if (type == HUB_INIT2 || type == HUB_INIT3) {
+ device_lock(hub->intfdev);
+
+ /* Was the hub disconnected while we were waiting? */
+ if (hub->disconnected) {
+ device_unlock(hub->intfdev);
+ kref_put(&hub->kref, hub_release);
+ return;
+ }
+ if (type == HUB_INIT2)
+ goto init2;
goto init3;
+ }
+ kref_get(&hub->kref);
/* The superspeed hub except for root hub has to use Hub Depth
* value as an offset into the route string to locate the bits
@@ -1236,6 +1246,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
queue_delayed_work(system_power_efficient_wq,
&hub->init_work,
msecs_to_jiffies(delay));
+ device_unlock(hub->intfdev);
return; /* Continues at init3: below */
} else {
msleep(delay);
@@ -1257,6 +1268,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
/* Allow autosuspend if it was suppressed */
if (type <= HUB_INIT3)
usb_autopm_put_interface_async(to_usb_interface(hub->intfdev));
+
+ if (type == HUB_INIT2 || type == HUB_INIT3)
+ device_unlock(hub->intfdev);
+
+ kref_put(&hub->kref, hub_release);
}
/* Implement the continuations for the delays above */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 248/305] i2c: rcar: disable runtime PM correctly in slave mode
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (246 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 247/305] USB: fix invalid memory access in hub_activate() Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 249/305] md: remove check for MD_RECOVERY_NEEDED in action_store Kamal Mostafa
` (56 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Wolfram Sang, Wolfram Sang, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
commit b4cd08aa1f53c831e67dc5c6bc9f9acff27abcba upstream.
When we also are I2C slave, we need to disable runtime PM because the
address detection mechanism needs to be active all the time. However, we
can reenable runtime PM once the slave instance was unregistered. So,
use pm_runtime_get_sync/put to achieve this, since it has proper
refcounting. pm_runtime_allow/forbid is like a global knob controllable
from userspace which is unsuitable here.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-rcar.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
index d8b5a8f..3191dd9 100644
--- a/drivers/i2c/busses/i2c-rcar.c
+++ b/drivers/i2c/busses/i2c-rcar.c
@@ -575,7 +575,7 @@ static int rcar_reg_slave(struct i2c_client *slave)
if (slave->flags & I2C_CLIENT_TEN)
return -EAFNOSUPPORT;
- pm_runtime_forbid(rcar_i2c_priv_to_dev(priv));
+ pm_runtime_get_sync(rcar_i2c_priv_to_dev(priv));
priv->slave = slave;
rcar_i2c_write(priv, ICSAR, slave->addr);
@@ -597,7 +597,7 @@ static int rcar_unreg_slave(struct i2c_client *slave)
priv->slave = NULL;
- pm_runtime_allow(rcar_i2c_priv_to_dev(priv));
+ pm_runtime_put(rcar_i2c_priv_to_dev(priv));
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 249/305] md: remove check for MD_RECOVERY_NEEDED in action_store.
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (247 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 248/305] i2c: rcar: disable runtime PM correctly in slave mode Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 250/305] parisc: Fix syscall restarts Kamal Mostafa
` (55 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: NeilBrown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: NeilBrown <neilb@suse.com>
commit 312045eef985b61d74c28047ecd8eca6719d9516 upstream.
md currently doesn't allow a 'sync_action' such as 'reshape' to be set
while MD_RECOVERY_NEEDED is set.
This s a problem, particularly since commit 738a273806ee as that can
cause ->check_shape to call mddev_resume() which sets
MD_RECOVERY_NEEDED. So by the time we come to start 'reshape' it is
very likely that MD_RECOVERY_NEEDED is still set.
Testing for this flag is not really needed and is in any case very
racy as it can be set at any moment - asynchronously. Any race
between setting a sync_action and setting MD_RECOVERY_NEEDED must
already be handled properly in some locked code, probably
md_check_recovery(), so remove the test here.
The test on MD_RECOVERY_RUNNING is also racy in the 'reshape' case
so we should test it again after getting mddev_lock().
As this fixes a race and a regression which can cause 'reshape' to
fail, it is suitable for -stable kernels since 4.1
Reported-by: Xiao Ni <xni@redhat.com>
Fixes: 738a273806ee ("md/raid5: fix allocation of 'scribble' array.")
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/md.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 95e7b72..3d49672 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -4235,8 +4235,7 @@ action_store(struct mddev *mddev, const char *page, size_t len)
}
mddev_unlock(mddev);
}
- } else if (test_bit(MD_RECOVERY_RUNNING, &mddev->recovery) ||
- test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))
+ } else if (test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))
return -EBUSY;
else if (cmd_match(page, "resync"))
clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery);
@@ -4249,8 +4248,12 @@ action_store(struct mddev *mddev, const char *page, size_t len)
return -EINVAL;
err = mddev_lock(mddev);
if (!err) {
- clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery);
- err = mddev->pers->start_reshape(mddev);
+ if (test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))
+ err = -EBUSY;
+ else {
+ clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery);
+ err = mddev->pers->start_reshape(mddev);
+ }
mddev_unlock(mddev);
}
if (err)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 250/305] parisc: Fix syscall restarts
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (248 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 249/305] md: remove check for MD_RECOVERY_NEEDED in action_store Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 251/305] ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2) Kamal Mostafa
` (54 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Helge Deller, Mathieu Desnoyers, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Helge Deller <deller@gmx.de>
commit 71a71fb5374a23be36a91981b5614590b9e722c3 upstream.
On parisc syscalls which are interrupted by signals sometimes failed to
restart and instead returned -ENOSYS which in the worst case lead to
userspace crashes.
A similiar problem existed on MIPS and was fixed by commit e967ef02
("MIPS: Fix restart of indirect syscalls").
On parisc the current syscall restart code assumes that all syscall
callers load the syscall number in the delay slot of the ble
instruction. That's how it is e.g. done in the unistd.h header file:
ble 0x100(%sr2, %r0)
ldi #syscall_nr, %r20
Because of that assumption the current code never restored %r20 before
returning to userspace.
This assumption is at least not true for code which uses the glibc
syscall() function, which instead uses this syntax:
ble 0x100(%sr2, %r0)
copy regX, %r20
where regX depend on how the compiler optimizes the code and register
usage.
This patch fixes this problem by adding code to analyze how the syscall
number is loaded in the delay branch and - if needed - copy the syscall
number to regX prior returning to userspace for the syscall restart.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/parisc/kernel/signal.c | 64 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 52 insertions(+), 12 deletions(-)
diff --git a/arch/parisc/kernel/signal.c b/arch/parisc/kernel/signal.c
index dc1ea79..2264f68 100644
--- a/arch/parisc/kernel/signal.c
+++ b/arch/parisc/kernel/signal.c
@@ -435,6 +435,55 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs, int in_syscall)
regs->gr[28]);
}
+/*
+ * Check how the syscall number gets loaded into %r20 within
+ * the delay branch in userspace and adjust as needed.
+ */
+
+static void check_syscallno_in_delay_branch(struct pt_regs *regs)
+{
+ u32 opcode, source_reg;
+ u32 __user *uaddr;
+ int err;
+
+ /* Usually we don't have to restore %r20 (the system call number)
+ * because it gets loaded in the delay slot of the branch external
+ * instruction via the ldi instruction.
+ * In some cases a register-to-register copy instruction might have
+ * been used instead, in which case we need to copy the syscall
+ * number into the source register before returning to userspace.
+ */
+
+ /* A syscall is just a branch, so all we have to do is fiddle the
+ * return pointer so that the ble instruction gets executed again.
+ */
+ regs->gr[31] -= 8; /* delayed branching */
+
+ /* Get assembler opcode of code in delay branch */
+ uaddr = (unsigned int *) ((regs->gr[31] & ~3) + 4);
+ err = get_user(opcode, uaddr);
+ if (err)
+ return;
+
+ /* Check if delay branch uses "ldi int,%r20" */
+ if ((opcode & 0xffff0000) == 0x34140000)
+ return; /* everything ok, just return */
+
+ /* Check if delay branch uses "nop" */
+ if (opcode == INSN_NOP)
+ return;
+
+ /* Check if delay branch uses "copy %rX,%r20" */
+ if ((opcode & 0xffe0ffff) == 0x08000254) {
+ source_reg = (opcode >> 16) & 31;
+ regs->gr[source_reg] = regs->gr[20];
+ return;
+ }
+
+ pr_warn("syscall restart: %s (pid %d): unexpected opcode 0x%08x\n",
+ current->comm, task_pid_nr(current), opcode);
+}
+
static inline void
syscall_restart(struct pt_regs *regs, struct k_sigaction *ka)
{
@@ -457,10 +506,7 @@ syscall_restart(struct pt_regs *regs, struct k_sigaction *ka)
}
/* fallthrough */
case -ERESTARTNOINTR:
- /* A syscall is just a branch, so all
- * we have to do is fiddle the return pointer.
- */
- regs->gr[31] -= 8; /* delayed branching */
+ check_syscallno_in_delay_branch(regs);
break;
}
}
@@ -510,15 +556,9 @@ insert_restart_trampoline(struct pt_regs *regs)
}
case -ERESTARTNOHAND:
case -ERESTARTSYS:
- case -ERESTARTNOINTR: {
- /* Hooray for delayed branching. We don't
- * have to restore %r20 (the system call
- * number) because it gets loaded in the delay
- * slot of the branch external instruction.
- */
- regs->gr[31] -= 8;
+ case -ERESTARTNOINTR:
+ check_syscallno_in_delay_branch(regs);
return;
- }
default:
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 251/305] ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (249 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 250/305] parisc: Fix syscall restarts Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 252/305] MIPS: uaccess: Fix strlen_user with EVA Kamal Mostafa
` (53 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mario Kleiner, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Mario Kleiner <mario.kleiner.de@gmail.com>
commit 9f660a1c43890c2cdd1f423fd73654e7ca08fe56 upstream.
Without this patch, internal speaker and line-out work,
but front headphone output jack stays silent on the
Mac Pro 4,1.
This code path also gets executed on the MacPro 5,1 due
to identical codec SSID, but i don't know if it has any
positive or adverse effects there or not.
(v2) Implement feedback from Takashi Iwai: Reuse
alc889_fixup_mbp_vref and just add a new nid
0x19 for the MacPro 4,1.
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index c5c4ad4..f31cfde 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1785,6 +1785,7 @@ enum {
ALC889_FIXUP_MBA11_VREF,
ALC889_FIXUP_MBA21_VREF,
ALC889_FIXUP_MP11_VREF,
+ ALC889_FIXUP_MP41_VREF,
ALC882_FIXUP_INV_DMIC,
ALC882_FIXUP_NO_PRIMARY_HP,
ALC887_FIXUP_ASUS_BASS,
@@ -1873,7 +1874,7 @@ static void alc889_fixup_mbp_vref(struct hda_codec *codec,
const struct hda_fixup *fix, int action)
{
struct alc_spec *spec = codec->spec;
- static hda_nid_t nids[2] = { 0x14, 0x15 };
+ static hda_nid_t nids[3] = { 0x14, 0x15, 0x19 };
int i;
if (action != HDA_FIXUP_ACT_INIT)
@@ -2163,6 +2164,12 @@ static const struct hda_fixup alc882_fixups[] = {
.chained = true,
.chain_id = ALC885_FIXUP_MACPRO_GPIO,
},
+ [ALC889_FIXUP_MP41_VREF] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc889_fixup_mbp_vref,
+ .chained = true,
+ .chain_id = ALC885_FIXUP_MACPRO_GPIO,
+ },
[ALC882_FIXUP_INV_DMIC] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_inv_dmic,
@@ -2245,7 +2252,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
SND_PCI_QUIRK(0x106b, 0x3f00, "Macbook 5,1", ALC889_FIXUP_IMAC91_VREF),
SND_PCI_QUIRK(0x106b, 0x4000, "MacbookPro 5,1", ALC889_FIXUP_IMAC91_VREF),
SND_PCI_QUIRK(0x106b, 0x4100, "Macmini 3,1", ALC889_FIXUP_IMAC91_VREF),
- SND_PCI_QUIRK(0x106b, 0x4200, "Mac Pro 5,1", ALC885_FIXUP_MACPRO_GPIO),
+ SND_PCI_QUIRK(0x106b, 0x4200, "Mac Pro 4,1/5,1", ALC889_FIXUP_MP41_VREF),
SND_PCI_QUIRK(0x106b, 0x4300, "iMac 9,1", ALC889_FIXUP_IMAC91_VREF),
SND_PCI_QUIRK(0x106b, 0x4600, "MacbookPro 5,2", ALC889_FIXUP_IMAC91_VREF),
SND_PCI_QUIRK(0x106b, 0x4900, "iMac 9,1 Aluminum", ALC889_FIXUP_IMAC91_VREF),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 252/305] MIPS: uaccess: Fix strlen_user with EVA
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (250 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 251/305] ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2) Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 253/305] drm/i915: Break busywaiting for requests on pending signals Kamal Mostafa
` (52 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: James Hogan, Markos Chandras, Paul Burton, Leonid Yegoshin,
linux-mips, Ralf Baechle, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: James Hogan <james.hogan@imgtec.com>
commit 5dc62fdd8383afbd2faca6b6e6ea1052b45b0124 upstream.
The strlen_user() function calls __strlen_kernel_asm in both branches of
the eva_kernel_access() conditional. For EVA it should be calling
__strlen_user_eva for user accesses, otherwise it will load from the
kernel address space instead of the user address space, and the access
checking will likely be ineffective at preventing it due to EVA's
overlapping user and kernel address spaces.
This was found after extending the test_user_copy module to cover user
string access functions, which gave the following error with EVA:
test_user_copy: illegal strlen_user passed
Fortunately the use of strlen_user() has been all but eradicated from
the mainline kernel, so only out of tree modules could be affected.
Fixes: e3a9b07a9caf ("MIPS: asm: uaccess: Add EVA support for str*_user operations")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/10842/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/include/asm/uaccess.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
index 5305d69..3f959c0 100644
--- a/arch/mips/include/asm/uaccess.h
+++ b/arch/mips/include/asm/uaccess.h
@@ -1384,7 +1384,7 @@ static inline long strlen_user(const char __user *s)
might_fault();
__asm__ __volatile__(
"move\t$4, %1\n\t"
- __MODULE_JAL(__strlen_kernel_asm)
+ __MODULE_JAL(__strlen_user_asm)
"move\t%0, $2"
: "=r" (res)
: "r" (s)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 253/305] drm/i915: Break busywaiting for requests on pending signals
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (251 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 252/305] MIPS: uaccess: Fix strlen_user with EVA Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 254/305] drm/i915: Limit the busy wait on requests to 5us not 10ms! Kamal Mostafa
` (51 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chris Wilson, Jens Axboe, Daniel Vetter, Tvrtko Ursulin,
Eero Tamminen, Rantala, Valtteri, Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit e7571f7fd66c77a760338340adbe41d994fe93ac upstream.
The busywait in __i915_spin_request() does not respect pending signals
and so may consume the entire timeslice for the task instead of
returning to userspace to handle the signal.
In the worst case this could cause a delay in signal processing of 20ms,
which would be a noticeable jitter in cursor tracking. If a higher
resolution signal was being used, for example to provide fairness of a
server timeslices between clients, we could expect to detect some
unfairness between clients (i.e. some windows not updating as fast as
others). This issue was noticed when inspecting a report of poor
interactivity resulting from excessively high __i915_spin_request usage.
Fixes regression from
commit 2def4ad99befa25775dd2f714fdd4d92faec6e34 [v4.2]
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Tue Apr 7 16:20:41 2015 +0100
drm/i915: Optimistically spin for the request completion
v2: Try to assess the impact of the bug
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc; "Rogozhkin, Dmitry V" <dmitry.v.rogozhkin@intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: Eero Tamminen <eero.t.tamminen@intel.com>
Cc: "Rantala, Valtteri" <valtteri.rantala@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1449833608-22125-2-git-send-email-chris@chris-wilson.co.uk
(cherry picked from commit 91b0c352ace9afec1fb51590c7b8bd60e0eb9fbd)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/i915_gem.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index 3a27978..8697c08 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -1174,7 +1174,7 @@ static bool missed_irq(struct drm_i915_private *dev_priv,
return test_bit(ring->id, &dev_priv->gpu_error.missed_irq_rings);
}
-static int __i915_spin_request(struct drm_i915_gem_request *req)
+static int __i915_spin_request(struct drm_i915_gem_request *req, int state)
{
unsigned long timeout;
@@ -1186,6 +1186,9 @@ static int __i915_spin_request(struct drm_i915_gem_request *req)
if (i915_gem_request_completed(req, true))
return 0;
+ if (signal_pending_state(state, current))
+ break;
+
if (time_after_eq(jiffies, timeout))
break;
@@ -1225,6 +1228,7 @@ int __i915_wait_request(struct drm_i915_gem_request *req,
struct drm_i915_private *dev_priv = dev->dev_private;
const bool irq_test_in_progress =
ACCESS_ONCE(dev_priv->gpu_error.test_irq_rings) & intel_ring_flag(ring);
+ int state = interruptible ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE;
DEFINE_WAIT(wait);
unsigned long timeout_expire;
s64 before, now;
@@ -1249,7 +1253,7 @@ int __i915_wait_request(struct drm_i915_gem_request *req,
before = ktime_get_raw_ns();
/* Optimistic spin for the next jiffie before touching IRQs */
- ret = __i915_spin_request(req);
+ ret = __i915_spin_request(req, state);
if (ret == 0)
goto out;
@@ -1261,8 +1265,7 @@ int __i915_wait_request(struct drm_i915_gem_request *req,
for (;;) {
struct timer_list timer;
- prepare_to_wait(&ring->irq_queue, &wait,
- interruptible ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
+ prepare_to_wait(&ring->irq_queue, &wait, state);
/* We need to check whether any gpu reset happened in between
* the caller grabbing the seqno and now ... */
@@ -1280,7 +1283,7 @@ int __i915_wait_request(struct drm_i915_gem_request *req,
break;
}
- if (interruptible && signal_pending(current)) {
+ if (signal_pending_state(state, current)) {
ret = -ERESTARTSYS;
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 254/305] drm/i915: Limit the busy wait on requests to 5us not 10ms!
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (252 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 253/305] drm/i915: Break busywaiting for requests on pending signals Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 255/305] drm/i915: Only spin whilst waiting on the current request Kamal Mostafa
` (50 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Rogozhkin, Dmitry V, Daniel Vetter, Tvrtko Ursulin,
Eero Tamminen, Rantala, Valtteri, Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit f87a780f07b22b6dc4642dbaf44af65112076cb8 upstream.
When waiting for high frequency requests, the finite amount of time
required to set up the irq and wait upon it limits the response rate. By
busywaiting on the request completion for a short while we can service
the high frequency waits as quick as possible. However, if it is a slow
request, we want to sleep as quickly as possible. The tradeoff between
waiting and sleeping is roughly the time it takes to sleep on a request,
on the order of a microsecond. Based on measurements of synchronous
workloads from across big core and little atom, I have set the limit for
busywaiting as 10 microseconds. In most of the synchronous cases, we can
reduce the limit down to as little as 2 miscroseconds, but that leaves
quite a few test cases regressing by factors of 3 and more.
The code currently uses the jiffie clock, but that is far too coarse (on
the order of 10 milliseconds) and results in poor interactivity as the
CPU ends up being hogged by slow requests. To get microsecond resolution
we need to use a high resolution timer. The cheapest of which is polling
local_clock(), but that is only valid on the same CPU. If we switch CPUs
because the task was preempted, we can also use that as an indicator that
the system is too busy to waste cycles on spinning and we should sleep
instead.
__i915_spin_request was introduced in
commit 2def4ad99befa25775dd2f714fdd4d92faec6e34 [v4.2]
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Tue Apr 7 16:20:41 2015 +0100
drm/i915: Optimistically spin for the request completion
v2: Drop full u64 for unsigned long - the timer is 32bit wraparound safe,
so we can use native register sizes on smaller architectures. Mention
the approximate microseconds units for elapsed time and add some extra
comments describing the reason for busywaiting.
v3: Raise the limit to 10us
v4: Now 5us.
Reported-by: Jens Axboe <axboe@kernel.dk>
Link: https://lkml.org/lkml/2015/11/12/621
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: "Rogozhkin, Dmitry V" <dmitry.v.rogozhkin@intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: Eero Tamminen <eero.t.tamminen@intel.com>
Cc: "Rantala, Valtteri" <valtteri.rantala@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1449833608-22125-3-git-send-email-chris@chris-wilson.co.uk
(cherry picked from commit ca5b721e238226af1d767103ac852aeb8e4c0764)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/i915_gem.c | 47 +++++++++++++++++++++++++++++++++++++++--
1 file changed, 45 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index 8697c08..ace38a7 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -1174,14 +1174,57 @@ static bool missed_irq(struct drm_i915_private *dev_priv,
return test_bit(ring->id, &dev_priv->gpu_error.missed_irq_rings);
}
+static unsigned long local_clock_us(unsigned *cpu)
+{
+ unsigned long t;
+
+ /* Cheaply and approximately convert from nanoseconds to microseconds.
+ * The result and subsequent calculations are also defined in the same
+ * approximate microseconds units. The principal source of timing
+ * error here is from the simple truncation.
+ *
+ * Note that local_clock() is only defined wrt to the current CPU;
+ * the comparisons are no longer valid if we switch CPUs. Instead of
+ * blocking preemption for the entire busywait, we can detect the CPU
+ * switch and use that as indicator of system load and a reason to
+ * stop busywaiting, see busywait_stop().
+ */
+ *cpu = get_cpu();
+ t = local_clock() >> 10;
+ put_cpu();
+
+ return t;
+}
+
+static bool busywait_stop(unsigned long timeout, unsigned cpu)
+{
+ unsigned this_cpu;
+
+ if (time_after(local_clock_us(&this_cpu), timeout))
+ return true;
+
+ return this_cpu != cpu;
+}
+
static int __i915_spin_request(struct drm_i915_gem_request *req, int state)
{
unsigned long timeout;
+ unsigned cpu;
+
+ /* When waiting for high frequency requests, e.g. during synchronous
+ * rendering split between the CPU and GPU, the finite amount of time
+ * required to set up the irq and wait upon it limits the response
+ * rate. By busywaiting on the request completion for a short while we
+ * can service the high frequency waits as quick as possible. However,
+ * if it is a slow request, we want to sleep as quickly as possible.
+ * The tradeoff between waiting and sleeping is roughly the time it
+ * takes to sleep on a request, on the order of a microsecond.
+ */
if (i915_gem_request_get_ring(req)->irq_refcount)
return -EBUSY;
- timeout = jiffies + 1;
+ timeout = local_clock_us(&cpu) + 5;
while (!need_resched()) {
if (i915_gem_request_completed(req, true))
return 0;
@@ -1189,7 +1232,7 @@ static int __i915_spin_request(struct drm_i915_gem_request *req, int state)
if (signal_pending_state(state, current))
break;
- if (time_after_eq(jiffies, timeout))
+ if (busywait_stop(timeout, cpu))
break;
cpu_relax_lowlatency();
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 255/305] drm/i915: Only spin whilst waiting on the current request
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (253 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 254/305] drm/i915: Limit the busy wait on requests to 5us not 10ms! Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 256/305] MIPS: CPS: drop .set mips64r2 directives Kamal Mostafa
` (49 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chris Wilson, Rogozhkin, Dmitry V, Daniel Vetter, Tvrtko Ursulin,
Eero Tamminen, Rantala, Valtteri, Jani Nikula, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit 0f0cd472062eca6f9fac8be0cd5585f9a2df1ab2 upstream.
Limit busywaiting only to the request currently being processed by the
GPU. If the request is not currently being processed by the GPU, there
is a very low likelihood of it being completed within the 2 microsecond
spin timeout and so we will just be wasting CPU cycles.
v2: Check for logical inversion when rebasing - we were incorrectly
checking for this request being active, and instead busywaiting for
when the GPU was not yet processing the request of interest.
v3: Try another colour for the seqno names.
v4: Another colour for the function names.
v5: Remove the forced coherency when checking for the active request. On
reflection and plenty of recent experimentation, the issue is not a
cache coherency problem - but an irq/seqno ordering problem (timing issue).
Here, we do not need the w/a to force ordering of the read with an
interrupt.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: "Rogozhkin, Dmitry V" <dmitry.v.rogozhkin@intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: Eero Tamminen <eero.t.tamminen@intel.com>
Cc: "Rantala, Valtteri" <valtteri.rantala@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1449833608-22125-4-git-send-email-chris@chris-wilson.co.uk
(cherry picked from commit 821485dc2ad665f136c57ee589bf7a8210160fe2)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/i915_drv.h | 27 +++++++++++++++++++--------
drivers/gpu/drm/i915/i915_gem.c | 8 +++++++-
2 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
index e1df8feb..f4e2f54 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -2119,8 +2119,17 @@ struct drm_i915_gem_request {
struct drm_i915_private *i915;
struct intel_engine_cs *ring;
- /** GEM sequence number associated with this request. */
- uint32_t seqno;
+ /** GEM sequence number associated with the previous request,
+ * when the HWS breadcrumb is equal to this the GPU is processing
+ * this request.
+ */
+ u32 previous_seqno;
+
+ /** GEM sequence number associated with this request,
+ * when the HWS breadcrumb is equal or greater than this the GPU
+ * has finished processing this request.
+ */
+ u32 seqno;
/** Position in the ringbuffer of the start of the request */
u32 head;
@@ -2797,15 +2806,17 @@ i915_seqno_passed(uint32_t seq1, uint32_t seq2)
return (int32_t)(seq1 - seq2) >= 0;
}
+static inline bool i915_gem_request_started(struct drm_i915_gem_request *req,
+ bool lazy_coherency)
+{
+ u32 seqno = req->ring->get_seqno(req->ring, lazy_coherency);
+ return i915_seqno_passed(seqno, req->previous_seqno);
+}
+
static inline bool i915_gem_request_completed(struct drm_i915_gem_request *req,
bool lazy_coherency)
{
- u32 seqno;
-
- BUG_ON(req == NULL);
-
- seqno = req->ring->get_seqno(req->ring, lazy_coherency);
-
+ u32 seqno = req->ring->get_seqno(req->ring, lazy_coherency);
return i915_seqno_passed(seqno, req->seqno);
}
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index ace38a7..da7653c 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -1221,9 +1221,13 @@ static int __i915_spin_request(struct drm_i915_gem_request *req, int state)
* takes to sleep on a request, on the order of a microsecond.
*/
- if (i915_gem_request_get_ring(req)->irq_refcount)
+ if (req->ring->irq_refcount)
return -EBUSY;
+ /* Only spin if we know the GPU is processing this request */
+ if (!i915_gem_request_started(req, true))
+ return -EAGAIN;
+
timeout = local_clock_us(&cpu) + 5;
while (!need_resched()) {
if (i915_gem_request_completed(req, true))
@@ -1237,6 +1241,7 @@ static int __i915_spin_request(struct drm_i915_gem_request *req, int state)
cpu_relax_lowlatency();
}
+
if (i915_gem_request_completed(req, false))
return 0;
@@ -2594,6 +2599,7 @@ int __i915_add_request(struct intel_engine_cs *ring,
}
request->emitted_jiffies = jiffies;
+ request->previous_seqno = ring->last_submitted_seqno;
ring->last_submitted_seqno = request->seqno;
list_add_tail(&request->list, &ring->request_list);
request->file_priv = NULL;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 256/305] MIPS: CPS: drop .set mips64r2 directives
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (254 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 255/305] drm/i915: Only spin whilst waiting on the current request Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 257/305] KVM: MTRR: fix fixed MTRR segment look up Kamal Mostafa
` (48 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Paul Burton, Markos Chandras, James Hogan, linux-mips,
Ralf Baechle, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Paul Burton <paul.burton@imgtec.com>
commit f3575e230cf8537951ebe3cc19974c5db2ff4f1c upstream.
Commit 977e043d5ea1 ("MIPS: kernel: cps-vec: Replace mips32r2 ISA level
with mips64r2") leads to .set mips64r2 directives being present in 32
bit (ie. CONFIG_32BIT=y) kernels. This is incorrect & leads to MIPS64
instructions being emitted by the assembler when expanding
pseudo-instructions. For example the "move" instruction can legitimately
be expanded to a "daddu". This causes problems when the kernel is run on
a MIPS32 CPU, as CONFIG_32BIT kernels of course often are...
Fix this by dropping the .set <ISA> directives entirely now that Kconfig
should be ensuring that kernels including this code are built with a
suitable -march= compiler flag.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/10869/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/kernel/cps-vec.S | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/mips/kernel/cps-vec.S b/arch/mips/kernel/cps-vec.S
index 209ded1..763d8b7 100644
--- a/arch/mips/kernel/cps-vec.S
+++ b/arch/mips/kernel/cps-vec.S
@@ -229,7 +229,6 @@ LEAF(mips_cps_core_init)
has_mt t0, 3f
.set push
- .set mips64r2
.set mt
/* Only allow 1 TC per VPE to execute... */
@@ -348,7 +347,6 @@ LEAF(mips_cps_boot_vpes)
nop
.set push
- .set mips64r2
.set mt
1: /* Enter VPE configuration state */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 257/305] KVM: MTRR: fix fixed MTRR segment look up
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (255 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 256/305] MIPS: CPS: drop .set mips64r2 directives Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 258/305] KVM: MTRR: observe maxphyaddr from guest CPUID, not host Kamal Mostafa
` (47 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alexis Dambricourt, Paolo Bonzini, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alexis Dambricourt <alexis.dambricourt@gmail.com>
commit a7f2d7865720ff13d5b0f2a3bb1fd80dc3d7a73f upstream.
This fixes the slow-down of VM running with pci-passthrough, since some MTRR
range changed from MTRR_TYPE_WRBACK to MTRR_TYPE_UNCACHABLE. Memory in the
0K-640K range was incorrectly treated as uncacheable.
Fixes: f7bfb57b3e89ff89c0da9f93dedab89f68d6ca27
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=107561
Signed-off-by: Alexis Dambricourt <alexis.dambricourt@gmail.com>
[Use correct BZ for "Fixes" annotation. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/mtrr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
index 9e8bf13..adc54e1 100644
--- a/arch/x86/kvm/mtrr.c
+++ b/arch/x86/kvm/mtrr.c
@@ -267,7 +267,7 @@ static int fixed_mtrr_addr_to_seg(u64 addr)
for (seg = 0; seg < seg_num; seg++) {
mtrr_seg = &fixed_seg_table[seg];
- if (mtrr_seg->start >= addr && addr < mtrr_seg->end)
+ if (mtrr_seg->start <= addr && addr < mtrr_seg->end)
return seg;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 258/305] KVM: MTRR: observe maxphyaddr from guest CPUID, not host
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (256 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 257/305] KVM: MTRR: fix fixed MTRR segment look up Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 259/305] KVM: MTRR: treat memory as writeback if MTRR is disabled in guest CPUID Kamal Mostafa
` (46 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paolo Bonzini, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit fa7c4ebd5ae0c22f9908436303106a9ffcf0cf42 upstream.
Conversion of MTRRs to ranges used the maxphyaddr from the boot CPU.
This is wrong, because var_mtrr_range's mask variable then is discontiguous
(like FF00FFFF000, where the first run of 0s corresponds to the bits
between host and guest maxphyaddr). Instead always set up the masks
to be full 64-bit values---we know that the reserved bits at the top
are zero, and we can restore them when reading the MSR. This way
var_mtrr_range gets a mask that just works.
Fixes: a13842dc668b40daef4327294a6d3bdc8bd30276
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=107561
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/mtrr.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
index adc54e1..7747b6d 100644
--- a/arch/x86/kvm/mtrr.c
+++ b/arch/x86/kvm/mtrr.c
@@ -300,7 +300,6 @@ static void var_mtrr_range(struct kvm_mtrr_range *range, u64 *start, u64 *end)
*start = range->base & PAGE_MASK;
mask = range->mask & PAGE_MASK;
- mask |= ~0ULL << boot_cpu_data.x86_phys_bits;
/* This cannot overflow because writing to the reserved bits of
* variable MTRRs causes a #GP.
@@ -356,10 +355,14 @@ static void set_var_mtrr_msr(struct kvm_vcpu *vcpu, u32 msr, u64 data)
if (var_mtrr_range_is_valid(cur))
list_del(&mtrr_state->var_ranges[index].node);
+ /* Extend the mask with all 1 bits to the left, since those
+ * bits must implicitly be 0. The bits are then cleared
+ * when reading them.
+ */
if (!is_mtrr_mask)
cur->base = data;
else
- cur->mask = data;
+ cur->mask = data | (-1LL << cpuid_maxphyaddr(vcpu));
/* add it to the list if it's enabled. */
if (var_mtrr_range_is_valid(cur)) {
@@ -426,6 +429,8 @@ int kvm_mtrr_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
*pdata = vcpu->arch.mtrr_state.var_ranges[index].base;
else
*pdata = vcpu->arch.mtrr_state.var_ranges[index].mask;
+
+ *pdata &= (1ULL << cpuid_maxphyaddr(vcpu)) - 1;
}
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 259/305] KVM: MTRR: treat memory as writeback if MTRR is disabled in guest CPUID
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (257 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 258/305] KVM: MTRR: observe maxphyaddr from guest CPUID, not host Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 260/305] [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64() Kamal Mostafa
` (45 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paolo Bonzini, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit e24dea2afc6a0852983dc741072d8e96155e13f5 upstream.
Virtual machines can be run with CPUID such that there are no MTRRs.
In that case, the firmware will never enable MTRRs and it is obviously
undesirable to run the guest entirely with UC memory. Check out guest
CPUID, and use WB memory if MTRR do not exist.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=107561
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/cpuid.h | 8 ++++++++
arch/x86/kvm/mtrr.c | 14 +++++++++++---
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index dd05b9c..aea5b04 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -38,6 +38,14 @@ static inline bool guest_cpuid_has_xsave(struct kvm_vcpu *vcpu)
return best && (best->ecx & bit(X86_FEATURE_XSAVE));
}
+static inline bool guest_cpuid_has_mtrr(struct kvm_vcpu *vcpu)
+{
+ struct kvm_cpuid_entry2 *best;
+
+ best = kvm_find_cpuid_entry(vcpu, 1, 0);
+ return best && (best->edx & bit(X86_FEATURE_MTRR));
+}
+
static inline bool guest_cpuid_has_tsc_adjust(struct kvm_vcpu *vcpu)
{
struct kvm_cpuid_entry2 *best;
diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
index 7747b6d..3f8c732 100644
--- a/arch/x86/kvm/mtrr.c
+++ b/arch/x86/kvm/mtrr.c
@@ -120,14 +120,22 @@ static u8 mtrr_default_type(struct kvm_mtrr *mtrr_state)
return mtrr_state->deftype & IA32_MTRR_DEF_TYPE_TYPE_MASK;
}
-static u8 mtrr_disabled_type(void)
+static u8 mtrr_disabled_type(struct kvm_vcpu *vcpu)
{
/*
* Intel SDM 11.11.2.2: all MTRRs are disabled when
* IA32_MTRR_DEF_TYPE.E bit is cleared, and the UC
* memory type is applied to all of physical memory.
+ *
+ * However, virtual machines can be run with CPUID such that
+ * there are no MTRRs. In that case, the firmware will never
+ * enable MTRRs and it is obviously undesirable to run the
+ * guest entirely with UC memory and we use WB.
*/
- return MTRR_TYPE_UNCACHABLE;
+ if (guest_cpuid_has_mtrr(vcpu))
+ return MTRR_TYPE_UNCACHABLE;
+ else
+ return MTRR_TYPE_WRBACK;
}
/*
@@ -675,7 +683,7 @@ u8 kvm_mtrr_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn)
}
if (iter.mtrr_disabled)
- return mtrr_disabled_type();
+ return mtrr_disabled_type(vcpu);
/* not contained in any MTRRs. */
if (type == -1)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 260/305] [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (258 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 259/305] KVM: MTRR: treat memory as writeback if MTRR is disabled in guest CPUID Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 261/305] ocfs2: fix BUG when calculate new backup super Kamal Mostafa
` (44 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Al Viro, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 76cc404bfdc0d419c720de4daaf2584542734f42 upstream.
Reviewed-by: Jeff Layton <jeff.layton@primarydata.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/kernel/sys_oabi-compat.c | 73 ++++++++++++++++++++-------------------
1 file changed, 37 insertions(+), 36 deletions(-)
diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c
index b83f3b7..087acb5 100644
--- a/arch/arm/kernel/sys_oabi-compat.c
+++ b/arch/arm/kernel/sys_oabi-compat.c
@@ -193,15 +193,44 @@ struct oabi_flock64 {
pid_t l_pid;
} __attribute__ ((packed,aligned(4)));
-asmlinkage long sys_oabi_fcntl64(unsigned int fd, unsigned int cmd,
+static long do_locks(unsigned int fd, unsigned int cmd,
unsigned long arg)
{
- struct oabi_flock64 user;
struct flock64 kernel;
- mm_segment_t fs = USER_DS; /* initialized to kill a warning */
- unsigned long local_arg = arg;
- int ret;
+ struct oabi_flock64 user;
+ mm_segment_t fs;
+ long ret;
+
+ if (copy_from_user(&user, (struct oabi_flock64 __user *)arg,
+ sizeof(user)))
+ return -EFAULT;
+ kernel.l_type = user.l_type;
+ kernel.l_whence = user.l_whence;
+ kernel.l_start = user.l_start;
+ kernel.l_len = user.l_len;
+ kernel.l_pid = user.l_pid;
+
+ fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sys_fcntl64(fd, cmd, (unsigned long)&kernel);
+ set_fs(fs);
+
+ if (!ret && (cmd == F_GETLK64 || cmd == F_OFD_GETLK)) {
+ user.l_type = kernel.l_type;
+ user.l_whence = kernel.l_whence;
+ user.l_start = kernel.l_start;
+ user.l_len = kernel.l_len;
+ user.l_pid = kernel.l_pid;
+ if (copy_to_user((struct oabi_flock64 __user *)arg,
+ &user, sizeof(user)))
+ ret = -EFAULT;
+ }
+ return ret;
+}
+asmlinkage long sys_oabi_fcntl64(unsigned int fd, unsigned int cmd,
+ unsigned long arg)
+{
switch (cmd) {
case F_OFD_GETLK:
case F_OFD_SETLK:
@@ -209,39 +238,11 @@ asmlinkage long sys_oabi_fcntl64(unsigned int fd, unsigned int cmd,
case F_GETLK64:
case F_SETLK64:
case F_SETLKW64:
- if (copy_from_user(&user, (struct oabi_flock64 __user *)arg,
- sizeof(user)))
- return -EFAULT;
- kernel.l_type = user.l_type;
- kernel.l_whence = user.l_whence;
- kernel.l_start = user.l_start;
- kernel.l_len = user.l_len;
- kernel.l_pid = user.l_pid;
- local_arg = (unsigned long)&kernel;
- fs = get_fs();
- set_fs(KERNEL_DS);
- }
-
- ret = sys_fcntl64(fd, cmd, local_arg);
+ return do_locks(fd, cmd, arg);
- switch (cmd) {
- case F_GETLK64:
- if (!ret) {
- user.l_type = kernel.l_type;
- user.l_whence = kernel.l_whence;
- user.l_start = kernel.l_start;
- user.l_len = kernel.l_len;
- user.l_pid = kernel.l_pid;
- if (copy_to_user((struct oabi_flock64 __user *)arg,
- &user, sizeof(user)))
- ret = -EFAULT;
- }
- case F_SETLK64:
- case F_SETLKW64:
- set_fs(fs);
+ default:
+ return sys_fcntl64(fd, cmd, arg);
}
-
- return ret;
}
struct oabi_epoll_event {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 261/305] ocfs2: fix BUG when calculate new backup super
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (259 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 260/305] [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64() Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 262/305] mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() Kamal Mostafa
` (43 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Joseph Qi, Mark Fasheh, Joel Becker, Andrew Morton,
Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Joseph Qi <joseph.qi@huawei.com>
commit 5c9ee4cbf2a945271f25b89b137f2c03bbc3be33 upstream.
When resizing, it firstly extends the last gd. Once it should backup
super in the gd, it calculates new backup super and update the
corresponding value.
But it currently doesn't consider the situation that the backup super is
already done. And in this case, it still sets the bit in gd bitmap and
then decrease from bg_free_bits_count, which leads to a corrupted gd and
trigger the BUG in ocfs2_block_group_set_bits:
BUG_ON(le16_to_cpu(bg->bg_free_bits_count) < num_bits);
So check whether the backup super is done and then do the updates.
Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Reviewed-by: Jiufei Xue <xuejiufei@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ocfs2/resize.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/fs/ocfs2/resize.c b/fs/ocfs2/resize.c
index d5da6f6..79b8021 100644
--- a/fs/ocfs2/resize.c
+++ b/fs/ocfs2/resize.c
@@ -54,11 +54,12 @@
static u16 ocfs2_calc_new_backup_super(struct inode *inode,
struct ocfs2_group_desc *gd,
u16 cl_cpg,
+ u16 old_bg_clusters,
int set)
{
int i;
u16 backups = 0;
- u32 cluster;
+ u32 cluster, lgd_cluster;
u64 blkno, gd_blkno, lgd_blkno = le64_to_cpu(gd->bg_blkno);
for (i = 0; i < OCFS2_MAX_BACKUP_SUPERBLOCKS; i++) {
@@ -71,6 +72,12 @@ static u16 ocfs2_calc_new_backup_super(struct inode *inode,
else if (gd_blkno > lgd_blkno)
break;
+ /* check if already done backup super */
+ lgd_cluster = ocfs2_blocks_to_clusters(inode->i_sb, lgd_blkno);
+ lgd_cluster += old_bg_clusters;
+ if (lgd_cluster >= cluster)
+ continue;
+
if (set)
ocfs2_set_bit(cluster % cl_cpg,
(unsigned long *)gd->bg_bitmap);
@@ -99,6 +106,7 @@ static int ocfs2_update_last_group_and_inode(handle_t *handle,
u16 chain, num_bits, backups = 0;
u16 cl_bpc = le16_to_cpu(cl->cl_bpc);
u16 cl_cpg = le16_to_cpu(cl->cl_cpg);
+ u16 old_bg_clusters;
trace_ocfs2_update_last_group_and_inode(new_clusters,
first_new_cluster);
@@ -112,6 +120,7 @@ static int ocfs2_update_last_group_and_inode(handle_t *handle,
group = (struct ocfs2_group_desc *)group_bh->b_data;
+ old_bg_clusters = le16_to_cpu(group->bg_bits) / cl_bpc;
/* update the group first. */
num_bits = new_clusters * cl_bpc;
le16_add_cpu(&group->bg_bits, num_bits);
@@ -125,7 +134,7 @@ static int ocfs2_update_last_group_and_inode(handle_t *handle,
OCFS2_FEATURE_COMPAT_BACKUP_SB)) {
backups = ocfs2_calc_new_backup_super(bm_inode,
group,
- cl_cpg, 1);
+ cl_cpg, old_bg_clusters, 1);
le16_add_cpu(&group->bg_free_bits_count, -1 * backups);
}
@@ -163,7 +172,7 @@ out_rollback:
if (ret < 0) {
ocfs2_calc_new_backup_super(bm_inode,
group,
- cl_cpg, 0);
+ cl_cpg, old_bg_clusters, 0);
le16_add_cpu(&group->bg_free_bits_count, backups);
le16_add_cpu(&group->bg_bits, -1 * num_bits);
le16_add_cpu(&group->bg_free_bits_count, -1 * num_bits);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 262/305] mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (260 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 261/305] ocfs2: fix BUG when calculate new backup super Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 263/305] net/mlx4_en: Remove dependency between timestamping capability and service_task Kamal Mostafa
` (42 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrew Banman, Russ Anderson, Alex Thorlton, Yinghai Lu, Greg KH,
Seth Jennings, Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Andrew Banman <abanman@sgi.com>
commit 5f0f2887f4de9508dcf438deab28f1de8070c271 upstream.
test_pages_in_a_zone() does not account for the possibility of missing
sections in the given pfn range. pfn_valid_within always returns 1 when
CONFIG_HOLES_IN_ZONE is not set, allowing invalid pfns from missing
sections to pass the test, leading to a kernel oops.
Wrap an additional pfn loop with PAGES_PER_SECTION granularity to check
for missing sections before proceeding into the zone-check code.
This also prevents a crash from offlining memory devices with missing
sections. Despite this, it may be a good idea to keep the related patch
'[PATCH 3/3] drivers: memory: prohibit offlining of memory blocks with
missing sections' because missing sections in a memory block may lead to
other problems not covered by the scope of this fix.
Signed-off-by: Andrew Banman <abanman@sgi.com>
Acked-by: Alex Thorlton <athorlton@sgi.com>
Cc: Russ Anderson <rja@sgi.com>
Cc: Alex Thorlton <athorlton@sgi.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Greg KH <greg@kroah.com>
Cc: Seth Jennings <sjennings@variantweb.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/memory_hotplug.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
index 8fd97da..5860ef1 100644
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -1354,23 +1354,30 @@ int is_mem_section_removable(unsigned long start_pfn, unsigned long nr_pages)
*/
int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn)
{
- unsigned long pfn;
+ unsigned long pfn, sec_end_pfn;
struct zone *zone = NULL;
struct page *page;
int i;
- for (pfn = start_pfn;
+ for (pfn = start_pfn, sec_end_pfn = SECTION_ALIGN_UP(start_pfn);
pfn < end_pfn;
- pfn += MAX_ORDER_NR_PAGES) {
- i = 0;
- /* This is just a CONFIG_HOLES_IN_ZONE check.*/
- while ((i < MAX_ORDER_NR_PAGES) && !pfn_valid_within(pfn + i))
- i++;
- if (i == MAX_ORDER_NR_PAGES)
+ pfn = sec_end_pfn + 1, sec_end_pfn += PAGES_PER_SECTION) {
+ /* Make sure the memory section is present first */
+ if (!present_section_nr(pfn_to_section_nr(pfn)))
continue;
- page = pfn_to_page(pfn + i);
- if (zone && page_zone(page) != zone)
- return 0;
- zone = page_zone(page);
+ for (; pfn < sec_end_pfn && pfn < end_pfn;
+ pfn += MAX_ORDER_NR_PAGES) {
+ i = 0;
+ /* This is just a CONFIG_HOLES_IN_ZONE check.*/
+ while ((i < MAX_ORDER_NR_PAGES) &&
+ !pfn_valid_within(pfn + i))
+ i++;
+ if (i == MAX_ORDER_NR_PAGES)
+ continue;
+ page = pfn_to_page(pfn + i);
+ if (zone && page_zone(page) != zone)
+ return 0;
+ zone = page_zone(page);
+ }
}
return 1;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 263/305] net/mlx4_en: Remove dependency between timestamping capability and service_task
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (261 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 262/305] mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 264/305] ipv6/addrlabel: fix ip6addrlbl_get() Kamal Mostafa
` (41 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eugenia Emantayev, Eran Ben Elisha, Or Gerlitz, David S. Miller,
Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Eugenia Emantayev <eugenia@mellanox.com>
commit fc9f5ea9b4ecbe9b7839c92f0a54261809c723d3 upstream.
Service task is responsible for other tasks in addition to timestamping
overflow check. Launch it even if timestamping is not supported by device.
Fixes: 07841f9d94c1 ('net/mlx4_en: Schedule napi when RX buffers allocation fails')
Signed-off-by: Eugenia Emantayev <eugenia@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
index e0de2fd..b32514d 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
@@ -2997,9 +2997,8 @@ int mlx4_en_init_netdev(struct mlx4_en_dev *mdev, int port,
}
queue_delayed_work(mdev->workqueue, &priv->stats_task, STATS_DELAY);
- if (mdev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_TS)
- queue_delayed_work(mdev->workqueue, &priv->service_task,
- SERVICE_TASK_DELAY);
+ queue_delayed_work(mdev->workqueue, &priv->service_task,
+ SERVICE_TASK_DELAY);
mlx4_en_set_stats_bitmap(mdev->dev, &priv->stats_bitmap,
mdev->profile.prof[priv->port].rx_ppp,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 264/305] ipv6/addrlabel: fix ip6addrlbl_get()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (262 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 263/305] net/mlx4_en: Remove dependency between timestamping capability and service_task Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 265/305] xfrm: add rcu protection to sk->sk_policy[] Kamal Mostafa
` (40 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrey Ryabinin, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
commit e459dfeeb64008b2d23bdf600f03b3605dbb8152 upstream.
ip6addrlbl_get() has never worked. If ip6addrlbl_hold() succeeded,
ip6addrlbl_get() will exit with '-ESRCH'. If ip6addrlbl_hold() failed,
ip6addrlbl_get() will use about to be free ip6addrlbl_entry pointer.
Fix this by inverting ip6addrlbl_hold() check.
Fixes: 2a8cc6c89039 ("[IPV6] ADDRCONF: Support RFC3484 configurable address selection policy table.")
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reviewed-by: Cong Wang <cwang@twopensource.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/addrlabel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index 882124e..a8f6986 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -552,7 +552,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr *nlh)
rcu_read_lock();
p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index);
- if (p && ip6addrlbl_hold(p))
+ if (p && !ip6addrlbl_hold(p))
p = NULL;
lseq = ip6addrlbl_table.seq;
rcu_read_unlock();
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 265/305] xfrm: add rcu protection to sk->sk_policy[]
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (263 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 264/305] ipv6/addrlabel: fix ip6addrlbl_get() Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 266/305] amd-xgbe: fix a couple timeout loops Kamal Mostafa
` (39 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Eric Dumazet <edumazet@google.com>
commit d188ba86dd07a72ebebfa22fe9cb0b0572e57740 upstream.
XFRM can deal with SYNACK messages, sent while listener socket
is not locked. We add proper rcu protection to __xfrm_sk_clone_policy()
and xfrm_sk_policy_lookup()
This might serve as the first step to remove xfrm.xfrm_policy_lock
use in fast path.
Fixes: fa76ce7328b2 ("inet: get rid of central tcp/dccp listener timer")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/sock.h | 2 +-
include/net/xfrm.h | 24 +++++++++++++++---------
net/core/sock.c | 2 +-
net/xfrm/xfrm_policy.c | 37 +++++++++++++++++++++++++------------
4 files changed, 42 insertions(+), 23 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 208c874..8de0690 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -371,7 +371,7 @@ struct sock {
struct socket_wq __rcu *sk_wq;
#ifdef CONFIG_XFRM
- struct xfrm_policy *sk_policy[2];
+ struct xfrm_policy __rcu *sk_policy[2];
#endif
unsigned long sk_flags;
struct dst_entry *sk_rx_dst;
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index f0ee97e..02a1d20 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1140,12 +1140,14 @@ static inline int xfrm6_route_forward(struct sk_buff *skb)
return xfrm_route_forward(skb, AF_INET6);
}
-int __xfrm_sk_clone_policy(struct sock *sk);
+int __xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk);
-static inline int xfrm_sk_clone_policy(struct sock *sk)
+static inline int xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk)
{
- if (unlikely(sk->sk_policy[0] || sk->sk_policy[1]))
- return __xfrm_sk_clone_policy(sk);
+ sk->sk_policy[0] = NULL;
+ sk->sk_policy[1] = NULL;
+ if (unlikely(osk->sk_policy[0] || osk->sk_policy[1]))
+ return __xfrm_sk_clone_policy(sk, osk);
return 0;
}
@@ -1153,12 +1155,16 @@ int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
static inline void xfrm_sk_free_policy(struct sock *sk)
{
- if (unlikely(sk->sk_policy[0] != NULL)) {
- xfrm_policy_delete(sk->sk_policy[0], XFRM_POLICY_MAX);
+ struct xfrm_policy *pol;
+
+ pol = rcu_dereference_protected(sk->sk_policy[0], 1);
+ if (unlikely(pol != NULL)) {
+ xfrm_policy_delete(pol, XFRM_POLICY_MAX);
sk->sk_policy[0] = NULL;
}
- if (unlikely(sk->sk_policy[1] != NULL)) {
- xfrm_policy_delete(sk->sk_policy[1], XFRM_POLICY_MAX+1);
+ pol = rcu_dereference_protected(sk->sk_policy[1], 1);
+ if (unlikely(pol != NULL)) {
+ xfrm_policy_delete(pol, XFRM_POLICY_MAX+1);
sk->sk_policy[1] = NULL;
}
}
@@ -1168,7 +1174,7 @@ void xfrm_garbage_collect(struct net *net);
#else
static inline void xfrm_sk_free_policy(struct sock *sk) {}
-static inline int xfrm_sk_clone_policy(struct sock *sk) { return 0; }
+static inline int xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk) { return 0; }
static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
diff --git a/net/core/sock.c b/net/core/sock.c
index 623224a..3148f24 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1536,7 +1536,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
*/
is_charged = sk_filter_charge(newsk, filter);
- if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk))) {
+ if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk, sk))) {
/* It is still raw copy of parent, so invalidate
* destructor and make plain sk_free() */
newsk->sk_destruct = NULL;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 18cead7..2718184 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1212,8 +1212,10 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir,
struct xfrm_policy *pol;
struct net *net = sock_net(sk);
+ rcu_read_lock();
read_lock_bh(&net->xfrm.xfrm_policy_lock);
- if ((pol = sk->sk_policy[dir]) != NULL) {
+ pol = rcu_dereference(sk->sk_policy[dir]);
+ if (pol != NULL) {
bool match = xfrm_selector_match(&pol->selector, fl,
sk->sk_family);
int err = 0;
@@ -1237,6 +1239,7 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir,
}
out:
read_unlock_bh(&net->xfrm.xfrm_policy_lock);
+ rcu_read_unlock();
return pol;
}
@@ -1305,13 +1308,14 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol)
#endif
write_lock_bh(&net->xfrm.xfrm_policy_lock);
- old_pol = sk->sk_policy[dir];
- sk->sk_policy[dir] = pol;
+ old_pol = rcu_dereference_protected(sk->sk_policy[dir],
+ lockdep_is_held(&net->xfrm.xfrm_policy_lock));
if (pol) {
pol->curlft.add_time = get_seconds();
pol->index = xfrm_gen_index(net, XFRM_POLICY_MAX+dir, 0);
xfrm_sk_policy_link(pol, dir);
}
+ rcu_assign_pointer(sk->sk_policy[dir], pol);
if (old_pol) {
if (pol)
xfrm_policy_requeue(old_pol, pol);
@@ -1359,17 +1363,26 @@ static struct xfrm_policy *clone_policy(const struct xfrm_policy *old, int dir)
return newp;
}
-int __xfrm_sk_clone_policy(struct sock *sk)
+int __xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk)
{
- struct xfrm_policy *p0 = sk->sk_policy[0],
- *p1 = sk->sk_policy[1];
+ const struct xfrm_policy *p;
+ struct xfrm_policy *np;
+ int i, ret = 0;
- sk->sk_policy[0] = sk->sk_policy[1] = NULL;
- if (p0 && (sk->sk_policy[0] = clone_policy(p0, 0)) == NULL)
- return -ENOMEM;
- if (p1 && (sk->sk_policy[1] = clone_policy(p1, 1)) == NULL)
- return -ENOMEM;
- return 0;
+ rcu_read_lock();
+ for (i = 0; i < 2; i++) {
+ p = rcu_dereference(osk->sk_policy[i]);
+ if (p) {
+ np = clone_policy(p, i);
+ if (unlikely(!np)) {
+ ret = -ENOMEM;
+ break;
+ }
+ rcu_assign_pointer(sk->sk_policy[i], np);
+ }
+ }
+ rcu_read_unlock();
+ return ret;
}
static int
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 266/305] amd-xgbe: fix a couple timeout loops
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (264 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 265/305] xfrm: add rcu protection to sk->sk_policy[] Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 267/305] phy: sun9i-usb: add USB dependency Kamal Mostafa
` (38 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dan Carpenter, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit c7557e6a56510ff6636d40ad4ff64a3ef7d9e197 upstream.
At the end of the loop we test "if (!count)" but because "count--" is
a post-op then the loop will end with count set to -1. I have fixed
this by changing it to --count.
Fixes: c5aa9e3b8156 ('amd-xgbe: Initial AMD 10GbE platform driver')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
index f672dba..7b64623 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
@@ -1849,7 +1849,7 @@ static int xgbe_exit(struct xgbe_prv_data *pdata)
usleep_range(10, 15);
/* Poll Until Poll Condition */
- while (count-- && XGMAC_IOREAD_BITS(pdata, DMA_MR, SWR))
+ while (--count && XGMAC_IOREAD_BITS(pdata, DMA_MR, SWR))
usleep_range(500, 600);
if (!count)
@@ -1873,7 +1873,7 @@ static int xgbe_flush_tx_queues(struct xgbe_prv_data *pdata)
/* Poll Until Poll Condition */
for (i = 0; i < pdata->tx_q_count; i++) {
count = 2000;
- while (count-- && XGMAC_MTL_IOREAD_BITS(pdata, i,
+ while (--count && XGMAC_MTL_IOREAD_BITS(pdata, i,
MTL_Q_TQOMR, FTQ))
usleep_range(500, 600);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 267/305] phy: sun9i-usb: add USB dependency
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (265 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 266/305] amd-xgbe: fix a couple timeout loops Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 268/305] net/mlx4_en: Fix HW timestamp init issue upon system startup Kamal Mostafa
` (37 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, Kishon Vijay Abraham I, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 97dc5bf8d60938741e2f99242dff3684c29b6d90 upstream.
The sun9i usb phy driver calls of_usb_get_phy_mode(), which is not
available if USB is disabled:
drivers/built-in.o: In function `sun9i_usb_phy_probe':
:(.text+0x7fb0): undefined reference to `of_usb_get_phy_mode'
This adds a dependency to avoid the randconfig build errors.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 9c3b44302636 ("phy: Add driver to support individual USB PHYs on sun9i")
Acked-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/phy/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/phy/Kconfig b/drivers/phy/Kconfig
index 6b8dd16..771308e 100644
--- a/drivers/phy/Kconfig
+++ b/drivers/phy/Kconfig
@@ -211,6 +211,7 @@ config PHY_SUN9I_USB
tristate "Allwinner sun9i SoC USB PHY driver"
depends on ARCH_SUNXI && HAS_IOMEM && OF
depends on RESET_CONTROLLER
+ depends on USB_COMMON
select GENERIC_PHY
help
Enable this to support the transceiver that is part of Allwinner
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 268/305] net/mlx4_en: Fix HW timestamp init issue upon system startup
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (266 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 267/305] phy: sun9i-usb: add USB dependency Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 269/305] sctp: convert sack_needed and sack_generation to bits Kamal Mostafa
` (36 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eugenia Emantayev, Marina Varshaver, Eran Ben Elisha, Or Gerlitz,
David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Eugenia Emantayev <eugenia@mellanox.com>
commit 90683061dd50b0d70f01466c2d694f4e928a86f3 upstream.
mlx4_en_init_timestamp was called before creation of netdev and port
init, thus used uninitialized values. Specifically - NIC frequency was
incorrect causing wrong calculations and later wrong HW timestamps.
Fixes: 1ec4864b1017 ('net/mlx4_en: Fixed crash when port type is changed')
Signed-off-by: Eugenia Emantayev <eugenia@mellanox.com>
Signed-off-by: Marina Varshaver <marinav@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/mellanox/mlx4/en_clock.c | 7 +++++++
drivers/net/ethernet/mellanox/mlx4/en_main.c | 7 -------
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 +++++++
3 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_clock.c b/drivers/net/ethernet/mellanox/mlx4/en_clock.c
index 8a083d7..038f9ce 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_clock.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_clock.c
@@ -242,6 +242,13 @@ void mlx4_en_init_timestamp(struct mlx4_en_dev *mdev)
unsigned long flags;
u64 ns, zero = 0;
+ /* mlx4_en_init_timestamp is called for each netdev.
+ * mdev->ptp_clock is common for all ports, skip initialization if
+ * was done for other port.
+ */
+ if (mdev->ptp_clock)
+ return;
+
rwlock_init(&mdev->clock_lock);
memset(&mdev->cycles, 0, sizeof(mdev->cycles));
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_main.c b/drivers/net/ethernet/mellanox/mlx4/en_main.c
index 913b716..24cec68 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_main.c
@@ -210,9 +210,6 @@ static void mlx4_en_remove(struct mlx4_dev *dev, void *endev_ptr)
if (mdev->pndev[i])
mlx4_en_destroy_netdev(mdev->pndev[i]);
- if (mdev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_TS)
- mlx4_en_remove_timestamp(mdev);
-
flush_workqueue(mdev->workqueue);
destroy_workqueue(mdev->workqueue);
(void) mlx4_mr_free(dev, &mdev->mr);
@@ -278,10 +275,6 @@ static void *mlx4_en_add(struct mlx4_dev *dev)
mlx4_foreach_port(i, dev, MLX4_PORT_TYPE_ETH)
mdev->port_cnt++;
- /* Initialize time stamp mechanism */
- if (mdev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_TS)
- mlx4_en_init_timestamp(mdev);
-
/* Set default number of RX rings*/
mlx4_en_set_num_rx_rings(mdev);
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
index b32514d..8544af0 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
@@ -2056,6 +2056,9 @@ void mlx4_en_destroy_netdev(struct net_device *dev)
/* flush any pending task for this netdev */
flush_workqueue(mdev->workqueue);
+ if (mdev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_TS)
+ mlx4_en_remove_timestamp(mdev);
+
/* Detach the netdev so tasks would not attempt to access it */
mutex_lock(&mdev->state_lock);
mdev->pndev[priv->port] = NULL;
@@ -2997,6 +3000,10 @@ int mlx4_en_init_netdev(struct mlx4_en_dev *mdev, int port,
}
queue_delayed_work(mdev->workqueue, &priv->stats_task, STATS_DELAY);
+ /* Initialize time stamp mechanism */
+ if (mdev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_TS)
+ mlx4_en_init_timestamp(mdev);
+
queue_delayed_work(mdev->workqueue, &priv->service_task,
SERVICE_TASK_DELAY);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 269/305] sctp: convert sack_needed and sack_generation to bits
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (267 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 268/305] net/mlx4_en: Fix HW timestamp init issue upon system startup Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 270/305] sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING Kamal Mostafa
` (35 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Marcelo Ricardo Leitner, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
commit 38ee8fb67c3457f36f5137073c4b8ac2436d2393 upstream.
They don't need to be any bigger than that and with this we start a new
bitfield for tracking association runtime stuff, like zero window
situation.
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[ kamal: 4.2-stable prereq for
8a0d19c sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/sctp/structs.h | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 495c87e..7bbb710 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -775,10 +775,10 @@ struct sctp_transport {
hb_sent:1,
/* Is the Path MTU update pending on this tranport */
- pmtu_pending:1;
+ pmtu_pending:1,
- /* Has this transport moved the ctsn since we last sacked */
- __u32 sack_generation;
+ /* Has this transport moved the ctsn since we last sacked */
+ sack_generation:1;
u32 dst_cookie;
struct flowi fl;
@@ -1482,19 +1482,19 @@ struct sctp_association {
prsctp_capable:1, /* Can peer do PR-SCTP? */
auth_capable:1; /* Is peer doing SCTP-AUTH? */
- /* Ack State : This flag indicates if the next received
+ /* sack_needed : This flag indicates if the next received
* : packet is to be responded to with a
- * : SACK. This is initializedto 0. When a packet
- * : is received it is incremented. If this value
+ * : SACK. This is initialized to 0. When a packet
+ * : is received sack_cnt is incremented. If this value
* : reaches 2 or more, a SACK is sent and the
* : value is reset to 0. Note: This is used only
* : when no DATA chunks are received out of
* : order. When DATA chunks are out of order,
* : SACK's are not delayed (see Section 6).
*/
- __u8 sack_needed; /* Do we need to sack the peer? */
+ __u8 sack_needed:1, /* Do we need to sack the peer? */
+ sack_generation:1;
__u32 sack_cnt;
- __u32 sack_generation;
__u32 adaptation_ind; /* Adaptation Code point. */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 270/305] sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (268 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 269/305] sctp: convert sack_needed and sack_generation to bits Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 271/305] serial: 8250_uniphier: fix dl_read and dl_write functions Kamal Mostafa
` (34 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Xin Long, Marcelo Ricardo Leitner, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: lucien <lucien.xin@gmail.com>
commit 8a0d19c5ed417c78d03f4e0fa7215e58c40896d8 upstream.
when A sends a data to B, then A close() and enter into SHUTDOWN_PENDING
state, if B neither claim his rwnd is 0 nor send SACK for this data, A
will keep retransmitting this data until t5 timeout, Max.Retrans times
can't work anymore, which is bad.
if B's rwnd is not 0, it should send abort after Max.Retrans times, only
when B's rwnd == 0 and A's retransmitting beyonds Max.Retrans times, A
will start t5 timer, which is also commit f8d960524328 ("sctp: Enforce
retransmission limit during shutdown") means, but it lacks the condition
peer rwnd == 0.
so fix it by adding a bit (zero_window_announced) in peer to record if
the last rwnd is 0. If it was, zero_window_announced will be set. and use
this bit to decide if start t5 timer when local.state is SHUTDOWN_PENDING.
Fixes: commit f8d960524328 ("sctp: Enforce retransmission limit during shutdown")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/sctp/structs.h | 3 ++-
net/sctp/outqueue.c | 1 +
net/sctp/sm_statefuns.c | 3 ++-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 7bbb710..eea9bde 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -1493,7 +1493,8 @@ struct sctp_association {
* : SACK's are not delayed (see Section 6).
*/
__u8 sack_needed:1, /* Do we need to sack the peer? */
- sack_generation:1;
+ sack_generation:1,
+ zero_window_announced:1;
__u32 sack_cnt;
__u32 adaptation_ind; /* Adaptation Code point. */
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index 7e8f0a1..8d88823 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -1251,6 +1251,7 @@ int sctp_outq_sack(struct sctp_outq *q, struct sctp_chunk *chunk)
*/
sack_a_rwnd = ntohl(sack->a_rwnd);
+ asoc->peer.zero_window_announced = !sack_a_rwnd;
outstanding = q->outstanding_bytes;
if (outstanding < sack_a_rwnd)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 3ee27b7..3809a74 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -5412,7 +5412,8 @@ sctp_disposition_t sctp_sf_do_6_3_3_rtx(struct net *net,
SCTP_INC_STATS(net, SCTP_MIB_T3_RTX_EXPIREDS);
if (asoc->overall_error_count >= asoc->max_retrans) {
- if (asoc->state == SCTP_STATE_SHUTDOWN_PENDING) {
+ if (asoc->peer.zero_window_announced &&
+ asoc->state == SCTP_STATE_SHUTDOWN_PENDING) {
/*
* We are here likely because the receiver had its rwnd
* closed for a while and we have not been able to
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 271/305] serial: 8250_uniphier: fix dl_read and dl_write functions
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (269 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 270/305] sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 272/305] net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration Kamal Mostafa
` (33 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Masahiro Yamada, Greg Kroah-Hartman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Masahiro Yamada <yamada.masahiro@socionext.com>
commit 7be047e035dc4fb1536f1694cbb932f881533ab2 upstream.
The register offset must be shifted by regshift, otherwise the
baudrate is not set. I missed the issue probably because the
divisor register was already set by the boot loader.
Fixes: 1a8d2903cb6a ("serial: 8250_uniphier: add UniPhier serial driver")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/tty/serial/8250/8250_uniphier.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_uniphier.c b/drivers/tty/serial/8250/8250_uniphier.c
index d11621e..245edbb 100644
--- a/drivers/tty/serial/8250/8250_uniphier.c
+++ b/drivers/tty/serial/8250/8250_uniphier.c
@@ -115,12 +115,16 @@ static void uniphier_serial_out(struct uart_port *p, int offset, int value)
*/
static int uniphier_serial_dl_read(struct uart_8250_port *up)
{
- return readl(up->port.membase + UNIPHIER_UART_DLR);
+ int offset = UNIPHIER_UART_DLR << up->port.regshift;
+
+ return readl(up->port.membase + offset);
}
static void uniphier_serial_dl_write(struct uart_8250_port *up, int value)
{
- writel(value, up->port.membase + UNIPHIER_UART_DLR);
+ int offset = UNIPHIER_UART_DLR << up->port.regshift;
+
+ writel(value, up->port.membase + offset);
}
static int uniphier_of_serial_setup(struct device *dev, struct uart_port *port,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 272/305] net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (270 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 271/305] serial: 8250_uniphier: fix dl_read and dl_write functions Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 273/305] netfilter: nfnetlink_queue: Unregister pernet subsys in case of init failure Kamal Mostafa
` (32 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Hannes Frederic Sowa, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
commit 7bbadd2d1009575dad675afc16650ebb5aa10612 upstream.
Docbook does not like the definition of macros inside a field declaration
and adds a warning. Move the definition out.
Fixes: 79462ad02e86180 ("net: add validation for the socket syscall protocol argument")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/sock.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 8de0690..639138b 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -387,8 +387,8 @@ struct sock {
sk_no_check_rx : 1,
sk_userlocks : 4,
sk_protocol : 8,
-#define SK_PROTOCOL_MAX U8_MAX
sk_type : 16;
+#define SK_PROTOCOL_MAX U8_MAX
kmemcheck_bitfield_end(flags);
int sk_wmem_queued;
gfp_t sk_allocation;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 273/305] netfilter: nfnetlink_queue: Unregister pernet subsys in case of init failure
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (271 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 272/305] net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 274/305] addrconf: always initialize sysctl table data Kamal Mostafa
` (31 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nikolay Borisov, Pablo Neira Ayuso, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Nikolay Borisov <kernel@kyup.com>
commit 639e077b43d9c54ffb1e1b54a2de54597ceae1d8 upstream.
Commit 3bfe049807c2403 ("netfilter: nfnetlink_{log,queue}:
Register pernet in first place") reorganised the initialisation
order of the pernet_subsys to avoid "use-before-initialised"
condition. However, in doing so the cleanup logic in nfnetlink_queue
got botched in that the pernet_subsys wasn't cleaned in case
nfnetlink_subsys_register failed. This patch adds the necessary
cleanup routine call.
Fixes: 3bfe049807c2403 ("netfilter: nfnetlink_{log,queue}: Register pernet in first place")
Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[ kamal: backport to 4.2-stable: appled to nfnetlink_queue_core.c ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/netfilter/nfnetlink_queue_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index a5cd6d9..2bfb1fd 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -1392,6 +1392,7 @@ static int __init nfnetlink_queue_init(void)
cleanup_netlink_notifier:
netlink_unregister_notifier(&nfqnl_rtnl_notifier);
+ unregister_pernet_subsys(&nfnl_queue_net_ops);
out:
return status;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 274/305] addrconf: always initialize sysctl table data
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (272 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 273/305] netfilter: nfnetlink_queue: Unregister pernet subsys in case of init failure Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 275/305] ser_gigaset: fix deallocation of platform device structure Kamal Mostafa
` (30 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Cong Wang, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: WANG Cong <xiyou.wangcong@gmail.com>
commit 5449a5ca9bc27dd51a462de7ca0b1cd861cd2bd0 upstream.
When sysctl performs restrict writes, it allows to write from
a middle position of a sysctl file, which requires us to initialize
the table data before calling proc_dostring() for the write case.
Fixes: 3d1bec99320d ("ipv6: introduce secret_stable to ipv6_devconf")
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Tested-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv6/addrconf.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f4d78a4..d956e30 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -5269,13 +5269,10 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
goto out;
}
- if (!write) {
- err = snprintf(str, sizeof(str), "%pI6",
- &secret->secret);
- if (err >= sizeof(str)) {
- err = -EIO;
- goto out;
- }
+ err = snprintf(str, sizeof(str), "%pI6", &secret->secret);
+ if (err >= sizeof(str)) {
+ err = -EIO;
+ goto out;
}
err = proc_dostring(&lctl, write, buffer, lenp, ppos);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 275/305] ser_gigaset: fix deallocation of platform device structure
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (273 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 274/305] addrconf: always initialize sysctl table data Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 276/305] pinctrl: bcm2835: Fix initial value for direction_output Kamal Mostafa
` (29 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tilman Schmidt, Paul Bolle, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Tilman Schmidt <tilman@imap.cc>
commit 4c5e354a974214dfb44cd23fa0429327693bc3ea upstream.
When shutting down the device, the struct ser_cardstate must not be
kfree()d immediately after the call to platform_device_unregister()
since the embedded struct platform_device is still in use.
Move the kfree() call to the release method instead.
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Fixes: 2869b23e4b95 ("drivers/isdn/gigaset: new M101 driver (v2)")
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/isdn/gigaset/ser-gigaset.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/isdn/gigaset/ser-gigaset.c b/drivers/isdn/gigaset/ser-gigaset.c
index 375be50..10c81ca 100644
--- a/drivers/isdn/gigaset/ser-gigaset.c
+++ b/drivers/isdn/gigaset/ser-gigaset.c
@@ -370,19 +370,23 @@ static void gigaset_freecshw(struct cardstate *cs)
tasklet_kill(&cs->write_tasklet);
if (!cs->hw.ser)
return;
- dev_set_drvdata(&cs->hw.ser->dev.dev, NULL);
platform_device_unregister(&cs->hw.ser->dev);
- kfree(cs->hw.ser);
- cs->hw.ser = NULL;
}
static void gigaset_device_release(struct device *dev)
{
struct platform_device *pdev = to_platform_device(dev);
+ struct cardstate *cs = dev_get_drvdata(dev);
/* adapted from platform_device_release() in drivers/base/platform.c */
kfree(dev->platform_data);
kfree(pdev->resource);
+
+ if (!cs)
+ return;
+ dev_set_drvdata(dev, NULL);
+ kfree(cs->hw.ser);
+ cs->hw.ser = NULL;
}
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 276/305] pinctrl: bcm2835: Fix initial value for direction_output
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (274 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 275/305] ser_gigaset: fix deallocation of platform device structure Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 277/305] mISDN: fix a loop count Kamal Mostafa
` (28 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Stefan Wahren, Linus Walleij, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Stefan Wahren <stefan.wahren@i2se.com>
commit 4c02cba18cc9de672a554ddda4f23dec8cb4b48e upstream.
Currently the provided initial value for bcm2835_gpio_direction_output
has no effect. So fix this issue by changing the value before
changing the GPIO direction. As a result we need to move the function below
bcm2835_gpio_set.
Suggested-by: Martin Sperl <kernel@martin.sperl.org>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Acked-by: Eric Anholt <eric@anholt.net>
Acked-by: Stephen Warren <swarren@wwwdotorg.org>
Fixes: e1b2dc70cd5b ("pinctrl: add bcm2835 driver")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/pinctrl/bcm/pinctrl-bcm2835.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/pinctrl/bcm/pinctrl-bcm2835.c b/drivers/pinctrl/bcm/pinctrl-bcm2835.c
index 6177315..7a2d53c 100644
--- a/drivers/pinctrl/bcm/pinctrl-bcm2835.c
+++ b/drivers/pinctrl/bcm/pinctrl-bcm2835.c
@@ -352,12 +352,6 @@ static int bcm2835_gpio_get(struct gpio_chip *chip, unsigned offset)
return bcm2835_gpio_get_bit(pc, GPLEV0, offset);
}
-static int bcm2835_gpio_direction_output(struct gpio_chip *chip,
- unsigned offset, int value)
-{
- return pinctrl_gpio_direction_output(chip->base + offset);
-}
-
static void bcm2835_gpio_set(struct gpio_chip *chip, unsigned offset, int value)
{
struct bcm2835_pinctrl *pc = dev_get_drvdata(chip->dev);
@@ -365,6 +359,13 @@ static void bcm2835_gpio_set(struct gpio_chip *chip, unsigned offset, int value)
bcm2835_gpio_set_bit(pc, value ? GPSET0 : GPCLR0, offset);
}
+static int bcm2835_gpio_direction_output(struct gpio_chip *chip,
+ unsigned offset, int value)
+{
+ bcm2835_gpio_set(chip, offset, value);
+ return pinctrl_gpio_direction_output(chip->base + offset);
+}
+
static int bcm2835_gpio_to_irq(struct gpio_chip *chip, unsigned offset)
{
struct bcm2835_pinctrl *pc = dev_get_drvdata(chip->dev);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 277/305] mISDN: fix a loop count
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (275 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 276/305] pinctrl: bcm2835: Fix initial value for direction_output Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 278/305] sh_eth: fix TX buffer byte-swapping Kamal Mostafa
` (27 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dan Carpenter, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 40d24c4d8a7430aa4dfd7a665fa3faf3b05b673f upstream.
There are two issue here.
1) cnt starts as maxloop + 1 so all these loops iterate one more time
than intended.
2) At the end of the loop we test for "if (maxloop && !cnt)" but for
the first two loops, we end with cnt equal to -1. Changing this to
a pre-op means we end with cnt set to 0.
Fixes: cae86d4a4e56 ('mISDN: Add driver for Infineon ISDN chipset family')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/isdn/hardware/mISDN/mISDNipac.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c
index a77eea5..cb428b9 100644
--- a/drivers/isdn/hardware/mISDN/mISDNipac.c
+++ b/drivers/isdn/hardware/mISDN/mISDNipac.c
@@ -1170,7 +1170,7 @@ mISDNipac_irq(struct ipac_hw *ipac, int maxloop)
if (ipac->type & IPAC_TYPE_IPACX) {
ista = ReadIPAC(ipac, ISACX_ISTA);
- while (ista && cnt--) {
+ while (ista && --cnt) {
pr_debug("%s: ISTA %02x\n", ipac->name, ista);
if (ista & IPACX__ICA)
ipac_irq(&ipac->hscx[0], ista);
@@ -1182,7 +1182,7 @@ mISDNipac_irq(struct ipac_hw *ipac, int maxloop)
}
} else if (ipac->type & IPAC_TYPE_IPAC) {
ista = ReadIPAC(ipac, IPAC_ISTA);
- while (ista && cnt--) {
+ while (ista && --cnt) {
pr_debug("%s: ISTA %02x\n", ipac->name, ista);
if (ista & (IPAC__ICD | IPAC__EXD)) {
istad = ReadISAC(isac, ISAC_ISTA);
@@ -1200,7 +1200,7 @@ mISDNipac_irq(struct ipac_hw *ipac, int maxloop)
ista = ReadIPAC(ipac, IPAC_ISTA);
}
} else if (ipac->type & IPAC_TYPE_HSCX) {
- while (cnt) {
+ while (--cnt) {
ista = ReadIPAC(ipac, IPAC_ISTAB + ipac->hscx[1].off);
pr_debug("%s: B2 ISTA %02x\n", ipac->name, ista);
if (ista)
@@ -1211,7 +1211,6 @@ mISDNipac_irq(struct ipac_hw *ipac, int maxloop)
mISDNisac_irq(isac, istad);
if (0 == (ista | istad))
break;
- cnt--;
}
}
if (cnt > maxloop) /* only for ISAC/HSCX without PCI IRQ test */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 278/305] sh_eth: fix TX buffer byte-swapping
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (276 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 277/305] mISDN: fix a loop count Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 279/305] qlcnic: fix a timeout loop Kamal Mostafa
` (26 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sergei Shtylyov, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
commit 3e2309937f1e5d538ff13da5fb8de41196927c61 upstream.
For the little-endian SH771x kernels the driver has to byte-swap the RX/TX
buffers, however yet unset physcial address from the TX descriptor is used
to call sh_eth_soft_swap(). Use 'skb->data' instead...
Fixes: 31fcb99d9958 ("net: sh_eth: remove __flush_purge_region")
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/renesas/sh_eth.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
index 13463c4..675cd7f 100644
--- a/drivers/net/ethernet/renesas/sh_eth.c
+++ b/drivers/net/ethernet/renesas/sh_eth.c
@@ -2393,8 +2393,7 @@ static int sh_eth_start_xmit(struct sk_buff *skb, struct net_device *ndev)
txdesc = &mdp->tx_ring[entry];
/* soft swap. */
if (!mdp->cd->hw_swap)
- sh_eth_soft_swap(phys_to_virt(ALIGN(txdesc->addr, 4)),
- skb->len + 2);
+ sh_eth_soft_swap(PTR_ALIGN(skb->data, 4), skb->len + 2);
txdesc->addr = dma_map_single(&ndev->dev, skb->data, skb->len,
DMA_TO_DEVICE);
if (dma_mapping_error(&ndev->dev, txdesc->addr)) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 279/305] qlcnic: fix a timeout loop
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (277 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 278/305] sh_eth: fix TX buffer byte-swapping Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 280/305] dmaengine: bcm2835-dma: Convert to use DMA pool Kamal Mostafa
` (25 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dan Carpenter, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 389e4e04ad2d4887c7bdd7c01a93d3dfa5c14a06 upstream.
The problem here is that at the end of the loop we test for if
idc->vnic_wait_limit is zero, but since idc->vnic_wait_limit-- is a
post-op, it actually ends up set to (u8)-1. I have fixed this by
moving the decrement inside the loop.
Fixes: 486a5bc77a4a ('qlcnic: Add support for 83xx suspend and resume.')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
index be7d7a6..b1a452f 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
@@ -246,7 +246,8 @@ int qlcnic_83xx_check_vnic_state(struct qlcnic_adapter *adapter)
u32 state;
state = QLCRDX(ahw, QLC_83XX_VNIC_STATE);
- while (state != QLCNIC_DEV_NPAR_OPER && idc->vnic_wait_limit--) {
+ while (state != QLCNIC_DEV_NPAR_OPER && idc->vnic_wait_limit) {
+ idc->vnic_wait_limit--;
msleep(1000);
state = QLCRDX(ahw, QLC_83XX_VNIC_STATE);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 280/305] dmaengine: bcm2835-dma: Convert to use DMA pool
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (278 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 279/305] qlcnic: fix a timeout loop Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 281/305] net: phy: mdio-mux: Check return value of mdiobus_alloc() Kamal Mostafa
` (24 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Ujfalusi, Vinod Koul, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Peter Ujfalusi <peter.ujfalusi@ti.com>
commit 27bc944ca39ff1ed69bc48a38dc057e15ea3d1c0 upstream.
f93178291712 dmaengine: bcm2835-dma: Fix memory leak when stopping a
running transfer
Fixed the memleak, but introduced another issue: the terminate_all callback
might be called with interrupts disabled and the dma_free_coherent() is
not allowed to be called when IRQs are disabled.
Convert the driver to use dma_pool_* for managing the list of control
blocks for the transfer.
Fixes: f93178291712 ("dmaengine: bcm2835-dma: Fix memory leak when stopping a running transfer")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Tested-by: Matthias Reichl <hias@horus.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/dma/bcm2835-dma.c | 78 ++++++++++++++++++++++++++++++++---------------
1 file changed, 54 insertions(+), 24 deletions(-)
diff --git a/drivers/dma/bcm2835-dma.c b/drivers/dma/bcm2835-dma.c
index c92d6a7..996c4b0 100644
--- a/drivers/dma/bcm2835-dma.c
+++ b/drivers/dma/bcm2835-dma.c
@@ -31,6 +31,7 @@
*/
#include <linux/dmaengine.h>
#include <linux/dma-mapping.h>
+#include <linux/dmapool.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/interrupt.h>
@@ -62,6 +63,11 @@ struct bcm2835_dma_cb {
uint32_t pad[2];
};
+struct bcm2835_cb_entry {
+ struct bcm2835_dma_cb *cb;
+ dma_addr_t paddr;
+};
+
struct bcm2835_chan {
struct virt_dma_chan vc;
struct list_head node;
@@ -72,18 +78,18 @@ struct bcm2835_chan {
int ch;
struct bcm2835_desc *desc;
+ struct dma_pool *cb_pool;
void __iomem *chan_base;
int irq_number;
};
struct bcm2835_desc {
+ struct bcm2835_chan *c;
struct virt_dma_desc vd;
enum dma_transfer_direction dir;
- unsigned int control_block_size;
- struct bcm2835_dma_cb *control_block_base;
- dma_addr_t control_block_base_phys;
+ struct bcm2835_cb_entry *cb_list;
unsigned int frames;
size_t size;
@@ -143,10 +149,13 @@ static inline struct bcm2835_desc *to_bcm2835_dma_desc(
static void bcm2835_dma_desc_free(struct virt_dma_desc *vd)
{
struct bcm2835_desc *desc = container_of(vd, struct bcm2835_desc, vd);
- dma_free_coherent(desc->vd.tx.chan->device->dev,
- desc->control_block_size,
- desc->control_block_base,
- desc->control_block_base_phys);
+ int i;
+
+ for (i = 0; i < desc->frames; i++)
+ dma_pool_free(desc->c->cb_pool, desc->cb_list[i].cb,
+ desc->cb_list[i].paddr);
+
+ kfree(desc->cb_list);
kfree(desc);
}
@@ -199,7 +208,7 @@ static void bcm2835_dma_start_desc(struct bcm2835_chan *c)
c->desc = d = to_bcm2835_dma_desc(&vd->tx);
- writel(d->control_block_base_phys, c->chan_base + BCM2835_DMA_ADDR);
+ writel(d->cb_list[0].paddr, c->chan_base + BCM2835_DMA_ADDR);
writel(BCM2835_DMA_ACTIVE, c->chan_base + BCM2835_DMA_CS);
}
@@ -232,9 +241,16 @@ static irqreturn_t bcm2835_dma_callback(int irq, void *data)
static int bcm2835_dma_alloc_chan_resources(struct dma_chan *chan)
{
struct bcm2835_chan *c = to_bcm2835_dma_chan(chan);
+ struct device *dev = c->vc.chan.device->dev;
+
+ dev_dbg(dev, "Allocating DMA channel %d\n", c->ch);
- dev_dbg(c->vc.chan.device->dev,
- "Allocating DMA channel %d\n", c->ch);
+ c->cb_pool = dma_pool_create(dev_name(dev), dev,
+ sizeof(struct bcm2835_dma_cb), 0, 0);
+ if (!c->cb_pool) {
+ dev_err(dev, "unable to allocate descriptor pool\n");
+ return -ENOMEM;
+ }
return request_irq(c->irq_number,
bcm2835_dma_callback, 0, "DMA IRQ", c);
@@ -246,6 +262,7 @@ static void bcm2835_dma_free_chan_resources(struct dma_chan *chan)
vchan_free_chan_resources(&c->vc);
free_irq(c->irq_number, c);
+ dma_pool_destroy(c->cb_pool);
dev_dbg(c->vc.chan.device->dev, "Freeing DMA channel %u\n", c->ch);
}
@@ -261,8 +278,7 @@ static size_t bcm2835_dma_desc_size_pos(struct bcm2835_desc *d, dma_addr_t addr)
size_t size;
for (size = i = 0; i < d->frames; i++) {
- struct bcm2835_dma_cb *control_block =
- &d->control_block_base[i];
+ struct bcm2835_dma_cb *control_block = d->cb_list[i].cb;
size_t this_size = control_block->length;
dma_addr_t dma;
@@ -343,6 +359,7 @@ static struct dma_async_tx_descriptor *bcm2835_dma_prep_dma_cyclic(
dma_addr_t dev_addr;
unsigned int es, sync_type;
unsigned int frame;
+ int i;
/* Grab configuration */
if (!is_slave_direction(direction)) {
@@ -374,27 +391,31 @@ static struct dma_async_tx_descriptor *bcm2835_dma_prep_dma_cyclic(
if (!d)
return NULL;
+ d->c = c;
d->dir = direction;
d->frames = buf_len / period_len;
- /* Allocate memory for control blocks */
- d->control_block_size = d->frames * sizeof(struct bcm2835_dma_cb);
- d->control_block_base = dma_zalloc_coherent(chan->device->dev,
- d->control_block_size, &d->control_block_base_phys,
- GFP_NOWAIT);
-
- if (!d->control_block_base) {
+ d->cb_list = kcalloc(d->frames, sizeof(*d->cb_list), GFP_KERNEL);
+ if (!d->cb_list) {
kfree(d);
return NULL;
}
+ /* Allocate memory for control blocks */
+ for (i = 0; i < d->frames; i++) {
+ struct bcm2835_cb_entry *cb_entry = &d->cb_list[i];
+
+ cb_entry->cb = dma_pool_zalloc(c->cb_pool, GFP_ATOMIC,
+ &cb_entry->paddr);
+ if (!cb_entry->cb)
+ goto error_cb;
+ }
/*
* Iterate over all frames, create a control block
* for each frame and link them together.
*/
for (frame = 0; frame < d->frames; frame++) {
- struct bcm2835_dma_cb *control_block =
- &d->control_block_base[frame];
+ struct bcm2835_dma_cb *control_block = d->cb_list[frame].cb;
/* Setup adresses */
if (d->dir == DMA_DEV_TO_MEM) {
@@ -428,12 +449,21 @@ static struct dma_async_tx_descriptor *bcm2835_dma_prep_dma_cyclic(
* This DMA engine driver currently only supports cyclic DMA.
* Therefore, wrap around at number of frames.
*/
- control_block->next = d->control_block_base_phys +
- sizeof(struct bcm2835_dma_cb)
- * ((frame + 1) % d->frames);
+ control_block->next = d->cb_list[((frame + 1) % d->frames)].paddr;
}
return vchan_tx_prep(&c->vc, &d->vd, flags);
+error_cb:
+ i--;
+ for (; i >= 0; i--) {
+ struct bcm2835_cb_entry *cb_entry = &d->cb_list[i];
+
+ dma_pool_free(c->cb_pool, cb_entry->cb, cb_entry->paddr);
+ }
+
+ kfree(d->cb_list);
+ kfree(d);
+ return NULL;
}
static int bcm2835_dma_slave_config(struct dma_chan *chan,
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 281/305] net: phy: mdio-mux: Check return value of mdiobus_alloc()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (279 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 280/305] dmaengine: bcm2835-dma: Convert to use DMA pool Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 282/305] include/linux/mmdebug.h: should include linux/bug.h Kamal Mostafa
` (23 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tobias Klauser, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Tobias Klauser <tklauser@distanz.ch>
commit 20b08e1a793d898f0f13040d5418ee0955f678cf upstream.
mdiobus_alloc() might return NULL, but its return value is not
checked in mdio_mux_init(). This could potentially lead to a NULL
pointer dereference. Fix it by checking the return value
Fixes: 0ca2997d1452 ("netdev/of/phy: Add MDIO bus multiplexer support.")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/phy/mdio-mux.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/phy/mdio-mux.c b/drivers/net/phy/mdio-mux.c
index 4d4d25e..ac8a823 100644
--- a/drivers/net/phy/mdio-mux.c
+++ b/drivers/net/phy/mdio-mux.c
@@ -148,9 +148,14 @@ int mdio_mux_init(struct device *dev,
}
cb->bus_number = v;
cb->parent = pb;
+
cb->mii_bus = mdiobus_alloc();
+ if (!cb->mii_bus) {
+ ret_val = -ENOMEM;
+ of_node_put(child_bus_node);
+ break;
+ }
cb->mii_bus->priv = cb;
-
cb->mii_bus->irq = cb->phy_irq;
cb->mii_bus->name = "mdio_mux";
snprintf(cb->mii_bus->id, MII_BUS_ID_SIZE, "%x.%x",
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 282/305] include/linux/mmdebug.h: should include linux/bug.h
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (280 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 281/305] net: phy: mdio-mux: Check return value of mdiobus_alloc() Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 283/305] powerpc/opal-irqchip: Fix deadlock introduced by "Fix double endian conversion" Kamal Mostafa
` (22 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: James Morse, Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: James Morse <james.morse@arm.com>
commit 1d5cda4076d930d6d52088ed2c7753f7c564cbd7 upstream.
mmdebug.h uses BUILD_BUG_ON_INVALID(), assuming someone else included
linux/bug.h. Include it ourselves.
This saves build-failures such as:
arch/arm64/include/asm/pgtable.h: In function 'set_pte_at':
arch/arm64/include/asm/pgtable.h:281:3: error: implicit declaration of function 'BUILD_BUG_ON_INVALID' [-Werror=implicit-function-declaration]
VM_WARN_ONCE(!pte_young(pte),
Fixes: 02602a18c32d7 ("bug: completely remove code generated by disabled VM_BUG_ON()")
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/mmdebug.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/linux/mmdebug.h b/include/linux/mmdebug.h
index 877ef22..772362a 100644
--- a/include/linux/mmdebug.h
+++ b/include/linux/mmdebug.h
@@ -1,6 +1,7 @@
#ifndef LINUX_MM_DEBUG_H
#define LINUX_MM_DEBUG_H 1
+#include <linux/bug.h>
#include <linux/stringify.h>
struct page;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 283/305] powerpc/opal-irqchip: Fix deadlock introduced by "Fix double endian conversion"
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (281 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 282/305] include/linux/mmdebug.h: should include linux/bug.h Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 284/305] genirq: Prevent chip buslock deadlock Kamal Mostafa
` (21 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alistair Popple, Michael Ellerman, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Alistair Popple <alistair@popple.id.au>
commit 036592fbbe753d236402a0ae68148e7c143a0f0e upstream.
Commit 25642e1459ac ("powerpc/opal-irqchip: Fix double endian
conversion") fixed an endian bug by calling opal_handle_events() in
opal_event_unmask().
However this introduced a deadlock if we find an event is active
during unmasking and call opal_handle_events() again. The bad call
sequence is:
opal_interrupt()
-> opal_handle_events()
-> generic_handle_irq()
-> handle_level_irq()
-> raw_spin_lock(&desc->lock)
handle_irq_event(desc)
unmask_irq(desc)
-> opal_event_unmask()
-> opal_handle_events()
-> generic_handle_irq()
-> handle_level_irq()
-> raw_spin_lock(&desc->lock) (BOOM)
When generating multiple opal events in quick succession this would lead
to the following stall warnings:
EEH: Fenced PHB#0 detected, location: U78C9.001.WZS09XA-P1-C32
INFO: rcu_sched detected stalls on CPUs/tasks:
12-...: (1 GPs behind) idle=68f/140000000000001/0 softirq=860/861 fqs=2065
15-...: (1 GPs behind) idle=be5/140000000000001/0 softirq=1142/1143 fqs=2065
(detected by 13, t=2102 jiffies, g=1325, c=1324, q=602)
NMI watchdog: BUG: soft lockup - CPU#18 stuck for 22s! [irqbalance:2696]
INFO: rcu_sched detected stalls on CPUs/tasks:
12-...: (1 GPs behind) idle=68f/140000000000001/0 softirq=860/861 fqs=8371
15-...: (1 GPs behind) idle=be5/140000000000001/0 softirq=1142/1143 fqs=8371
(detected by 20, t=8407 jiffies, g=1325, c=1324, q=1290)
This patch corrects the problem by queuing the work if an event is
active during unmasking, which is similar to the pre-endian fix
behaviour.
Fixes: 25642e1459ac ("powerpc/opal-irqchip: Fix double endian conversion")
Signed-off-by: Alistair Popple <alistair@popple.id.au>
Reported-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/platforms/powernv/opal-irqchip.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/powernv/opal-irqchip.c b/arch/powerpc/platforms/powernv/opal-irqchip.c
index b056bc0..ccabec5 100644
--- a/arch/powerpc/platforms/powernv/opal-irqchip.c
+++ b/arch/powerpc/platforms/powernv/opal-irqchip.c
@@ -83,7 +83,19 @@ static void opal_event_unmask(struct irq_data *d)
set_bit(d->hwirq, &opal_event_irqchip.mask);
opal_poll_events(&events);
- opal_handle_events(be64_to_cpu(events));
+ last_outstanding_events = be64_to_cpu(events);
+
+ /*
+ * We can't just handle the events now with opal_handle_events().
+ * If we did we would deadlock when opal_event_unmask() is called from
+ * handle_level_irq() with the irq descriptor lock held, because
+ * calling opal_handle_events() would call generic_handle_irq() and
+ * then handle_level_irq() which would try to take the descriptor lock
+ * again. Instead queue the events for later.
+ */
+ if (last_outstanding_events & opal_event_irqchip.mask)
+ /* Need to retrigger the interrupt */
+ irq_work_queue(&opal_event_irq_work);
}
static int opal_event_set_type(struct irq_data *d, unsigned int flow_type)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 284/305] genirq: Prevent chip buslock deadlock
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (282 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 283/305] powerpc/opal-irqchip: Fix deadlock introduced by "Fix double endian conversion" Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 285/305] x86/mce: Ensure offline CPUs don't participate in rendezvous process Kamal Mostafa
` (20 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Thomas Gleixner, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit abc7e40c81d113ef4bacb556f0a77ca63ac81d85 upstream.
If a interrupt chip utilizes chip->buslock then free_irq() can
deadlock in the following way:
CPU0 CPU1
interrupt(X) (Shared or spurious)
free_irq(X) interrupt_thread(X)
chip_bus_lock(X)
irq_finalize_oneshot(X)
chip_bus_lock(X)
synchronize_irq(X)
synchronize_irq() waits for the interrupt thread to complete,
i.e. forever.
Solution is simple: Drop chip_bus_lock() before calling
synchronize_irq() as we do with the irq_desc lock. There is nothing to
be protected after the point where irq_desc lock has been released.
This adds chip_bus_lock/unlock() to the remove_irq() code path, but
that's actually correct in the case where remove_irq() is called on
such an interrupt. The current users of remove_irq() are not affected
as none of those interrupts is on a chip which requires buslock.
Reported-by: Fredrik Markström <fredrik.markstrom@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/irq/manage.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
index f974485..aaec958 100644
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -1363,6 +1363,7 @@ static struct irqaction *__free_irq(unsigned int irq, void *dev_id)
if (!desc)
return NULL;
+ chip_bus_lock(desc);
raw_spin_lock_irqsave(&desc->lock, flags);
/*
@@ -1376,7 +1377,7 @@ static struct irqaction *__free_irq(unsigned int irq, void *dev_id)
if (!action) {
WARN(1, "Trying to free already-free IRQ %d\n", irq);
raw_spin_unlock_irqrestore(&desc->lock, flags);
-
+ chip_bus_sync_unlock(desc);
return NULL;
}
@@ -1403,6 +1404,7 @@ static struct irqaction *__free_irq(unsigned int irq, void *dev_id)
#endif
raw_spin_unlock_irqrestore(&desc->lock, flags);
+ chip_bus_sync_unlock(desc);
unregister_handler_proc(irq, action);
@@ -1476,9 +1478,7 @@ void free_irq(unsigned int irq, void *dev_id)
desc->affinity_notify = NULL;
#endif
- chip_bus_lock(desc);
kfree(__free_irq(irq, dev_id));
- chip_bus_sync_unlock(desc);
}
EXPORT_SYMBOL(free_irq);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 285/305] x86/mce: Ensure offline CPUs don't participate in rendezvous process
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (283 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 284/305] genirq: Prevent chip buslock deadlock Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 286/305] x86/paravirt: Prevent rtc_cmos platform device init on PV guests Kamal Mostafa
` (19 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ashok Raj, Borislav Petkov, H. Peter Anvin, Linus Torvalds,
Peter Zijlstra, Thomas Gleixner, linux-edac, Ingo Molnar,
Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Ashok Raj <ashok.raj@intel.com>
commit d90167a941f62860f35eb960e1012aa2d30e7e94 upstream.
Intel's MCA implementation broadcasts MCEs to all CPUs on the
node. This poses a problem for offlined CPUs which cannot
participate in the rendezvous process:
Kernel panic - not syncing: Timeout: Not all CPUs entered broadcast exception handler
Kernel Offset: disabled
Rebooting in 100 seconds..
More specifically, Linux does a soft offline of a CPU when
writing a 0 to /sys/devices/system/cpu/cpuX/online, which
doesn't prevent the #MC exception from being broadcasted to that
CPU.
Ensure that offline CPUs don't participate in the MCE rendezvous
and clear the RIP valid status bit so that a second MCE won't
cause a shutdown.
Without the patch, mce_start() will increment mce_callin and
wait for all CPUs. Offlined CPUs should avoid participating in
the rendezvous process altogether.
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
[ Massage commit message. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/1449742346-21470-2-git-send-email-bp@alien8.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kernel/cpu/mcheck/mce.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index df919ff..32ec29d 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -1055,6 +1055,17 @@ void do_machine_check(struct pt_regs *regs, long error_code)
int flags = MF_ACTION_REQUIRED;
int lmce = 0;
+ /* If this CPU is offline, just bail out. */
+ if (cpu_is_offline(smp_processor_id())) {
+ u64 mcgstatus;
+
+ mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS);
+ if (mcgstatus & MCG_STATUS_RIPV) {
+ mce_wrmsrl(MSR_IA32_MCG_STATUS, 0);
+ return;
+ }
+ }
+
prev_state = ist_enter(regs);
this_cpu_inc(mce_exception_count);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 286/305] x86/paravirt: Prevent rtc_cmos platform device init on PV guests
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (284 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 285/305] x86/mce: Ensure offline CPUs don't participate in rendezvous process Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 287/305] ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz Kamal Mostafa
` (18 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David Vrabel, Boris Ostrovsky, vkuznets, xen-devel, konrad.wilk,
Thomas Gleixner, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: David Vrabel <david.vrabel@citrix.com>
commit d8c98a1d1488747625ad6044d423406e17e99b7a upstream.
Adding the rtc platform device in non-privileged Xen PV guests causes
an IRQ conflict because these guests do not have legacy PIC and may
allocate irqs in the legacy range.
In a single VCPU Xen PV guest we should have:
/proc/interrupts:
CPU0
0: 4934 xen-percpu-virq timer0
1: 0 xen-percpu-ipi spinlock0
2: 0 xen-percpu-ipi resched0
3: 0 xen-percpu-ipi callfunc0
4: 0 xen-percpu-virq debug0
5: 0 xen-percpu-ipi callfuncsingle0
6: 0 xen-percpu-ipi irqwork0
7: 321 xen-dyn-event xenbus
8: 90 xen-dyn-event hvc_console
...
But hvc_console cannot get its interrupt because it is already in use
by rtc0 and the console does not work.
genirq: Flags mismatch irq 8. 00000000 (hvc_console) vs. 00000000 (rtc0)
We can avoid this problem by realizing that unprivileged PV guests (both
Xen and lguests) are not supposed to have rtc_cmos device and so
adding it is not necessary.
Privileged guests (i.e. Xen's dom0) do use it but they should not have
irq conflicts since they allocate irqs above legacy range (above
gsi_top, in fact).
Instead of explicitly testing whether the guest is privileged we can
extend pv_info structure to include information about guest's RTC
support.
Reported-and-tested-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: vkuznets@redhat.com
Cc: xen-devel@lists.xenproject.org
Cc: konrad.wilk@oracle.com
Link: http://lkml.kernel.org/r/1449842873-2613-1-git-send-email-boris.ostrovsky@oracle.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/include/asm/paravirt.h | 6 ++++++
arch/x86/include/asm/paravirt_types.h | 5 +++++
arch/x86/include/asm/processor.h | 1 +
arch/x86/kernel/rtc.c | 3 +++
arch/x86/lguest/boot.c | 1 +
arch/x86/xen/enlighten.c | 4 +++-
6 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index d143bfa..d0791ac 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -19,6 +19,12 @@ static inline int paravirt_enabled(void)
return pv_info.paravirt_enabled;
}
+static inline int paravirt_has_feature(unsigned int feature)
+{
+ WARN_ON_ONCE(!pv_info.paravirt_enabled);
+ return (pv_info.features & feature);
+}
+
static inline void load_sp0(struct tss_struct *tss,
struct thread_struct *thread)
{
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index a6b8f9f..af3b3b7 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -70,9 +70,14 @@ struct pv_info {
#endif
int paravirt_enabled;
+ unsigned int features; /* valid only if paravirt_enabled is set */
const char *name;
};
+#define paravirt_has(x) paravirt_has_feature(PV_SUPPORTED_##x)
+/* Supported features */
+#define PV_SUPPORTED_RTC (1<<0)
+
struct pv_init_ops {
/*
* Patch may replace one of the defined code sequences with
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 944f178..9b3bb51 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -478,6 +478,7 @@ static inline unsigned long current_top_of_stack(void)
#else
#define __cpuid native_cpuid
#define paravirt_enabled() 0
+#define paravirt_has(x) 0
static inline void load_sp0(struct tss_struct *tss,
struct thread_struct *thread)
diff --git a/arch/x86/kernel/rtc.c b/arch/x86/kernel/rtc.c
index cd96852..4af8d06 100644
--- a/arch/x86/kernel/rtc.c
+++ b/arch/x86/kernel/rtc.c
@@ -200,6 +200,9 @@ static __init int add_rtc_cmos(void)
}
#endif
+ if (paravirt_enabled() && !paravirt_has(RTC))
+ return -ENODEV;
+
platform_device_register(&rtc_device);
dev_info(&rtc_device.dev,
"registered platform RTC device (no PNP device found)\n");
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index f2dc08c..5c4792e 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -1419,6 +1419,7 @@ __init void lguest_init(void)
pv_info.kernel_rpl = 1;
/* Everyone except Xen runs with this set. */
pv_info.shared_kernel_pmd = 1;
+ pv_info.features = 0;
/*
* We set up all the lguest overrides for sensitive operations. These
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 3cebc65..f83c0ba 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1186,7 +1186,7 @@ static const struct pv_info xen_info __initconst = {
#ifdef CONFIG_X86_64
.extra_user_64bit_cs = FLAT_USER_CS64,
#endif
-
+ .features = 0,
.name = "Xen",
};
@@ -1528,6 +1528,8 @@ asmlinkage __visible void __init xen_start_kernel(void)
/* Install Xen paravirt ops */
pv_info = xen_info;
+ if (xen_initial_domain())
+ pv_info.features |= PV_SUPPORTED_RTC;
pv_init_ops = xen_init_ops;
pv_apic_ops = xen_apic_ops;
if (!xen_pvh_domain()) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 287/305] ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (285 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 286/305] x86/paravirt: Prevent rtc_cmos platform device init on PV guests Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 288/305] ALSA: hda - Add mic mute hotkey quirk for Lenovo ThinkCentre AIO Kamal Mostafa
` (17 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nikesh Oswal, Charles Keepax, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Nikesh Oswal <Nikesh.Oswal@cirrus.com>
commit e73694d871867cae8471d2350ce89acb38bc2b63 upstream.
For a sample rate of 12kHz the bclk was taken from the 44.1kHz table as
we test for a multiple of 8kHz. This patch fixes this issue by testing
for multiples of 4kHz instead.
Signed-off-by: Nikesh Oswal <Nikesh.Oswal@cirrus.com>
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/arizona.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/arizona.c b/sound/soc/codecs/arizona.c
index 4180827..02b1e0c 100644
--- a/sound/soc/codecs/arizona.c
+++ b/sound/soc/codecs/arizona.c
@@ -1499,7 +1499,7 @@ static int arizona_hw_params(struct snd_pcm_substream *substream,
bool reconfig;
unsigned int aif_tx_state, aif_rx_state;
- if (params_rate(params) % 8000)
+ if (params_rate(params) % 4000)
rates = &arizona_44k1_bclk_rates[0];
else
rates = &arizona_48k_bclk_rates[0];
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 288/305] ALSA: hda - Add mic mute hotkey quirk for Lenovo ThinkCentre AIO
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (286 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 287/305] ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 289/305] ALSA: hda - Add keycode map for alc input device Kamal Mostafa
` (16 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kailang, Hui Wang, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Kailang <kailang@realtek.com>
commit 3694cb2947db50753caf432db067487eafae7b9b upstream.
The Lenovo ThinkCenter AIO uses Line2 (NID 0x1b) to implement the
micmute hotkey, here we register an input device and use Line2 unsol
event to collect the hotkey pressing or releasing.
In the meanwhile, the micmute led is controlled by GPIO2, so we
use an existing function alc_fixup_gpio_mic_mute_hook() to control
the led.
[Hui: And there are two places to register the input device, to make
the code simple and clean, move the two same code sections into a
function.]
Signed-off-by: Kailang <kailang@realtek.com>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 84 ++++++++++++++++++++++++++++++++++++-------
1 file changed, 71 insertions(+), 13 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index f31cfde..cdcf38e 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3478,6 +3478,29 @@ static void gpio2_mic_hotkey_event(struct hda_codec *codec,
input_sync(spec->kb_dev);
}
+static int alc_register_micmute_input_device(struct hda_codec *codec)
+{
+ struct alc_spec *spec = codec->spec;
+
+ spec->kb_dev = input_allocate_device();
+ if (!spec->kb_dev) {
+ codec_err(codec, "Out of memory (input_allocate_device)\n");
+ return -ENOMEM;
+ }
+ spec->kb_dev->name = "Microphone Mute Button";
+ spec->kb_dev->evbit[0] = BIT_MASK(EV_KEY);
+ spec->kb_dev->keybit[BIT_WORD(KEY_MICMUTE)] = BIT_MASK(KEY_MICMUTE);
+
+ if (input_register_device(spec->kb_dev)) {
+ codec_err(codec, "input_register_device failed\n");
+ input_free_device(spec->kb_dev);
+ spec->kb_dev = NULL;
+ return -ENOMEM;
+ }
+
+ return 0;
+}
+
static void alc280_fixup_hp_gpio2_mic_hotkey(struct hda_codec *codec,
const struct hda_fixup *fix, int action)
{
@@ -3495,20 +3518,8 @@ static void alc280_fixup_hp_gpio2_mic_hotkey(struct hda_codec *codec,
struct alc_spec *spec = codec->spec;
if (action == HDA_FIXUP_ACT_PRE_PROBE) {
- spec->kb_dev = input_allocate_device();
- if (!spec->kb_dev) {
- codec_err(codec, "Out of memory (input_allocate_device)\n");
+ if (alc_register_micmute_input_device(codec) != 0)
return;
- }
- spec->kb_dev->name = "Microphone Mute Button";
- spec->kb_dev->evbit[0] = BIT_MASK(EV_KEY);
- spec->kb_dev->keybit[BIT_WORD(KEY_MICMUTE)] = BIT_MASK(KEY_MICMUTE);
- if (input_register_device(spec->kb_dev)) {
- codec_err(codec, "input_register_device failed\n");
- input_free_device(spec->kb_dev);
- spec->kb_dev = NULL;
- return;
- }
snd_hda_add_verbs(codec, gpio_init);
snd_hda_codec_write_cache(codec, codec->core.afg, 0,
@@ -3538,6 +3549,47 @@ static void alc280_fixup_hp_gpio2_mic_hotkey(struct hda_codec *codec,
}
}
+static void alc233_fixup_lenovo_line2_mic_hotkey(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ /* Line2 = mic mute hotkey
+ GPIO2 = mic mute LED */
+ static const struct hda_verb gpio_init[] = {
+ { 0x01, AC_VERB_SET_GPIO_MASK, 0x04 },
+ { 0x01, AC_VERB_SET_GPIO_DIRECTION, 0x04 },
+ {}
+ };
+
+ struct alc_spec *spec = codec->spec;
+
+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ if (alc_register_micmute_input_device(codec) != 0)
+ return;
+
+ snd_hda_add_verbs(codec, gpio_init);
+ snd_hda_jack_detect_enable_callback(codec, 0x1b,
+ gpio2_mic_hotkey_event);
+
+ spec->gen.cap_sync_hook = alc_fixup_gpio_mic_mute_hook;
+ spec->gpio_led = 0;
+ spec->mute_led_polarity = 0;
+ spec->gpio_mic_led_mask = 0x04;
+ return;
+ }
+
+ if (!spec->kb_dev)
+ return;
+
+ switch (action) {
+ case HDA_FIXUP_ACT_PROBE:
+ spec->init_amp = ALC_INIT_DEFAULT;
+ break;
+ case HDA_FIXUP_ACT_FREE:
+ input_unregister_device(spec->kb_dev);
+ spec->kb_dev = NULL;
+ }
+}
+
static void alc269_fixup_hp_line1_mic1_led(struct hda_codec *codec,
const struct hda_fixup *fix, int action)
{
@@ -4638,6 +4690,7 @@ enum {
ALC275_FIXUP_DELL_XPS,
ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE,
ALC293_FIXUP_LENOVO_SPK_NOISE,
+ ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY,
};
static const struct hda_fixup alc269_fixups[] = {
@@ -5247,6 +5300,10 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC269_FIXUP_THINKPAD_ACPI
},
+ [ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc233_fixup_lenovo_line2_mic_hotkey,
+ },
};
static const struct snd_pci_quirk alc269_fixup_tbl[] = {
@@ -5396,6 +5453,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2233, "Thinkpad", ALC293_FIXUP_LENOVO_SPK_NOISE),
+ SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
SND_PCI_QUIRK(0x17aa, 0x5013, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 289/305] ALSA: hda - Add keycode map for alc input device
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (287 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 288/305] ALSA: hda - Add mic mute hotkey quirk for Lenovo ThinkCentre AIO Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 290/305] ftrace/scripts: Fix incorrect use of sprintf in recordmcount Kamal Mostafa
` (15 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Hui Wang, Takashi Iwai, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Hui Wang <hui.wang@canonical.com>
commit c7b60a89516beb20a352ec85c73a8fccd5becf26 upstream.
Then users can remap the keycode from userspace. If without the remap,
the input device will pass KEY_MICMUTE to userspace, but in X11 layer,
it uses KEY_F20 rather than KEY_MICMUTE for XF86AudioMicMute. After
adding the keycode map, users can remap the keycode to any value users
want.
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_realtek.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index cdcf38e..1e5627b 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -67,6 +67,10 @@ enum {
ALC_HEADSET_TYPE_OMTP,
};
+enum {
+ ALC_KEY_MICMUTE_INDEX,
+};
+
struct alc_customize_define {
unsigned int sku_cfg;
unsigned char port_connectivity;
@@ -123,6 +127,7 @@ struct alc_spec {
unsigned int pll_coef_idx, pll_coef_bit;
unsigned int coef0;
struct input_dev *kb_dev;
+ u8 alc_mute_keycode_map[1];
};
/*
@@ -3472,24 +3477,32 @@ static void gpio2_mic_hotkey_event(struct hda_codec *codec,
/* GPIO2 just toggles on a keypress/keyrelease cycle. Therefore
send both key on and key off event for every interrupt. */
- input_report_key(spec->kb_dev, KEY_MICMUTE, 1);
+ input_report_key(spec->kb_dev, spec->alc_mute_keycode_map[ALC_KEY_MICMUTE_INDEX], 1);
input_sync(spec->kb_dev);
- input_report_key(spec->kb_dev, KEY_MICMUTE, 0);
+ input_report_key(spec->kb_dev, spec->alc_mute_keycode_map[ALC_KEY_MICMUTE_INDEX], 0);
input_sync(spec->kb_dev);
}
static int alc_register_micmute_input_device(struct hda_codec *codec)
{
struct alc_spec *spec = codec->spec;
+ int i;
spec->kb_dev = input_allocate_device();
if (!spec->kb_dev) {
codec_err(codec, "Out of memory (input_allocate_device)\n");
return -ENOMEM;
}
+
+ spec->alc_mute_keycode_map[ALC_KEY_MICMUTE_INDEX] = KEY_MICMUTE;
+
spec->kb_dev->name = "Microphone Mute Button";
spec->kb_dev->evbit[0] = BIT_MASK(EV_KEY);
- spec->kb_dev->keybit[BIT_WORD(KEY_MICMUTE)] = BIT_MASK(KEY_MICMUTE);
+ spec->kb_dev->keycodesize = sizeof(spec->alc_mute_keycode_map[0]);
+ spec->kb_dev->keycodemax = ARRAY_SIZE(spec->alc_mute_keycode_map);
+ spec->kb_dev->keycode = spec->alc_mute_keycode_map;
+ for (i = 0; i < ARRAY_SIZE(spec->alc_mute_keycode_map); i++)
+ set_bit(spec->alc_mute_keycode_map[i], spec->kb_dev->keybit);
if (input_register_device(spec->kb_dev)) {
codec_err(codec, "input_register_device failed\n");
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 290/305] ftrace/scripts: Fix incorrect use of sprintf in recordmcount
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (288 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 289/305] ALSA: hda - Add keycode map for alc input device Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 291/305] tracing: Fix setting of start_index in find_next() Kamal Mostafa
` (14 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Li Bin, Russell King, Will Deacon, Colin Ian King,
Steven Rostedt, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Colin Ian King <colin.king@canonical.com>
commit 713a3e4de707fab49d5aa4bceb77db1058572a7b upstream.
Fix build warning:
scripts/recordmcount.c:589:4: warning: format not a string
literal and no format arguments [-Wformat-security]
sprintf("%s: failed\n", file);
Fixes: a50bd43935586 ("ftrace/scripts: Have recordmcount copy the object file")
Link: http://lkml.kernel.org/r/1451516801-16951-1-git-send-email-colin.king@canonical.com
Cc: Li Bin <huawei.libin@huawei.com>
Cc: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
scripts/recordmcount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c
index a3d96c2..825d717 100644
--- a/scripts/recordmcount.c
+++ b/scripts/recordmcount.c
@@ -584,7 +584,7 @@ main(int argc, char *argv[])
do_file(file);
break;
case SJ_FAIL: /* error in do_file or below */
- sprintf("%s: failed\n", file);
+ fprintf(stderr, "%s: failed\n", file);
++n_error;
break;
case SJ_SUCCEED: /* premature success */
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 291/305] tracing: Fix setting of start_index in find_next()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (289 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 290/305] ftrace/scripts: Fix incorrect use of sprintf in recordmcount Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 292/305] tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro Kamal Mostafa
` (13 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Qiu Peiyang, Steven Rostedt, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Qiu Peiyang <peiyangx.qiu@intel.com>
commit f36d1be2930ede0a1947686e1126ffda5d5ee1bb upstream.
When we do cat /sys/kernel/debug/tracing/printk_formats, we hit kernel
panic at t_show.
general protection fault: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 2957 Comm: sh Tainted: G W O 3.14.55-x86_64-01062-gd4acdc7 #2
RIP: 0010:[<ffffffff811375b2>]
[<ffffffff811375b2>] t_show+0x22/0xe0
RSP: 0000:ffff88002b4ebe80 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004
RDX: 0000000000000004 RSI: ffffffff81fd26a6 RDI: ffff880032f9f7b1
RBP: ffff88002b4ebe98 R08: 0000000000001000 R09: 000000000000ffec
R10: 0000000000000000 R11: 000000000000000f R12: ffff880004d9b6c0
R13: 7365725f6d706400 R14: ffff880004d9b6c0 R15: ffffffff82020570
FS: 0000000000000000(0000) GS:ffff88003aa00000(0063) knlGS:00000000f776bc40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f6c02ff0 CR3: 000000002c2b3000 CR4: 00000000001007f0
Call Trace:
[<ffffffff811dc076>] seq_read+0x2f6/0x3e0
[<ffffffff811b749b>] vfs_read+0x9b/0x160
[<ffffffff811b7f69>] SyS_read+0x49/0xb0
[<ffffffff81a3a4b9>] ia32_do_call+0x13/0x13
---[ end trace 5bd9eb630614861e ]---
Kernel panic - not syncing: Fatal exception
When the first time find_next calls find_next_mod_format, it should
iterate the trace_bprintk_fmt_list to find the first print format of
the module. However in current code, start_index is smaller than *pos
at first, and code will not iterate the list. Latter container_of will
get the wrong address with former v, which will cause mod_fmt be a
meaningless object and so is the returned mod_fmt->fmt.
This patch will fix it by correcting the start_index. After fixed,
when the first time calls find_next_mod_format, start_index will be
equal to *pos, and code will iterate the trace_bprintk_fmt_list to
get the right module printk format, so is the returned mod_fmt->fmt.
Link: http://lkml.kernel.org/r/5684B900.9000309@intel.com
Fixes: 102c9323c35a8 "tracing: Add __tracepoint_string() to export string pointers"
Signed-off-by: Qiu Peiyang <peiyangx.qiu@intel.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/trace/trace_printk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/trace/trace_printk.c b/kernel/trace/trace_printk.c
index 36c1455..2dbffe2 100644
--- a/kernel/trace/trace_printk.c
+++ b/kernel/trace/trace_printk.c
@@ -267,6 +267,7 @@ static const char **find_next(void *v, loff_t *pos)
if (*pos < last_index + start_index)
return __start___tracepoint_str + (*pos - last_index);
+ start_index += last_index;
return find_next_mod_format(start_index, v, fmt, pos);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 292/305] tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (290 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 291/305] tracing: Fix setting of start_index in find_next() Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 293/305] ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption Kamal Mostafa
` (12 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Chris Metcalf, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Chris Metcalf <cmetcalf@ezchip.com>
commit c1b27ab5d69099718f519127eea017120c180e71 upstream.
This allows the build system to know that it can't attempt to
configure the Lustre virtual block device, for example, when tilepro
is using 64KB pages (as it does by default). The tilegx build
already provided those symbols.
Previously we required that the tilepro hypervisor be rebuilt with
a different hardcoded page size in its headers, and then Linux be
rebuilt using the updated hypervisor header. Now we allow each of
the hypervisor and Linux to be built independently. We still check
at boot time to ensure that the page size provided by the hypervisor
matches what Linux expects.
Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/tile/Kconfig | 11 +++++------
arch/tile/include/asm/page.h | 8 +++++---
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
index 9def1f5..bd2b4cf 100644
--- a/arch/tile/Kconfig
+++ b/arch/tile/Kconfig
@@ -175,8 +175,6 @@ config NR_CPUS
smaller kernel memory footprint results from using a smaller
value on chips with fewer tiles.
-if TILEGX
-
choice
prompt "Kernel page size"
default PAGE_SIZE_64KB
@@ -187,8 +185,11 @@ choice
connections, etc., it may be better to select 16KB, which uses
memory more efficiently at some cost in TLB performance.
- Note that this option is TILE-Gx specific; currently
- TILEPro page size is set by rebuilding the hypervisor.
+ Note that for TILEPro, you must also rebuild the hypervisor
+ with a matching page size.
+
+config PAGE_SIZE_4KB
+ bool "4KB" if TILEPRO
config PAGE_SIZE_16KB
bool "16KB"
@@ -198,8 +199,6 @@ config PAGE_SIZE_64KB
endchoice
-endif
-
source "kernel/Kconfig.hz"
config KEXEC
diff --git a/arch/tile/include/asm/page.h b/arch/tile/include/asm/page.h
index a213a8d..8eca6a0 100644
--- a/arch/tile/include/asm/page.h
+++ b/arch/tile/include/asm/page.h
@@ -20,15 +20,17 @@
#include <arch/chip.h>
/* PAGE_SHIFT and HPAGE_SHIFT determine the page sizes. */
-#if defined(CONFIG_PAGE_SIZE_16KB)
+#if defined(CONFIG_PAGE_SIZE_4KB) /* tilepro only */
+#define PAGE_SHIFT 12
+#define CTX_PAGE_FLAG HV_CTX_PG_SM_4K
+#elif defined(CONFIG_PAGE_SIZE_16KB)
#define PAGE_SHIFT 14
#define CTX_PAGE_FLAG HV_CTX_PG_SM_16K
#elif defined(CONFIG_PAGE_SIZE_64KB)
#define PAGE_SHIFT 16
#define CTX_PAGE_FLAG HV_CTX_PG_SM_64K
#else
-#define PAGE_SHIFT HV_LOG2_DEFAULT_PAGE_SIZE_SMALL
-#define CTX_PAGE_FLAG 0
+#error Page size not specified in Kconfig
#endif
#define HPAGE_SHIFT HV_LOG2_DEFAULT_PAGE_SIZE_LARGE
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 293/305] ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (291 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 292/305] tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 294/305] ARM: versatile: fix MMC/SD interrupt assignment Kamal Mostafa
` (11 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Tony Lindgren, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Tony Lindgren <tony@atomide.com>
commit e7b11dc7b77bfce0a351230a5feeadc1d0bba997 upstream.
Commit 63aa945b1013 ("memory: omap-gpmc: Add Kconfig option for debug")
unified the GPMC debug for the SoCs with GPMC. The commit also left out
the option for HWMOD_INIT_NO_RESET as we now require proper timings for
GPMC to be able to remap GPMC devices out of address 0.
Unfortunately on Nokia N900, onenand now only partially works with the
device tree provided timings. It works enough to get detected but the
clock rate supported by the onenand chip gets misdetected. This in turn
causes the GPMC timings to be miscalculated and this leads into file
system corruption on N900.
Looks like onenand needs CS_CONFIG1 bit 27 WRITETYPE set for for sync
write. This is needed also for async timings when we write to onenand
with omap2_onenand_set_async_mode(). Without sync write bit set, the
async read for the onenand ONENAND_REG_VERSION_ID will return 0xfff.
Let's exit with an error if onenand rate is not detected. And let's
remove the extra call to omap2_onenand_set_async_mode() as we only need
to do this once at the end of omap2_onenand_setup_async().
Fixes: 63aa945b1013 ("memory: omap-gpmc: Add Kconfig option for debug")
Reported-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Tested-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mach-omap2/gpmc-onenand.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/arm/mach-omap2/gpmc-onenand.c b/arch/arm/mach-omap2/gpmc-onenand.c
index 17a6f75..7b76ce0 100644
--- a/arch/arm/mach-omap2/gpmc-onenand.c
+++ b/arch/arm/mach-omap2/gpmc-onenand.c
@@ -149,8 +149,8 @@ static int omap2_onenand_get_freq(struct omap_onenand_platform_data *cfg,
freq = 104;
break;
default:
- freq = 54;
- break;
+ pr_err("onenand rate not detected, bad GPMC async timings?\n");
+ freq = 0;
}
return freq;
@@ -271,6 +271,11 @@ static int omap2_onenand_setup_async(void __iomem *onenand_base)
struct gpmc_timings t;
int ret;
+ /*
+ * Note that we need to keep sync_write set for the call to
+ * omap2_onenand_set_async_mode() to work to detect the onenand
+ * supported clock rate for the sync timings.
+ */
if (gpmc_onenand_data->of_node) {
gpmc_read_settings_dt(gpmc_onenand_data->of_node,
&onenand_async);
@@ -281,12 +286,9 @@ static int omap2_onenand_setup_async(void __iomem *onenand_base)
else
gpmc_onenand_data->flags |= ONENAND_SYNC_READ;
onenand_async.sync_read = false;
- onenand_async.sync_write = false;
}
}
- omap2_onenand_set_async_mode(onenand_base);
-
omap2_onenand_calc_async_timings(&t);
ret = gpmc_cs_program_settings(gpmc_onenand_data->cs, &onenand_async);
@@ -310,6 +312,8 @@ static int omap2_onenand_setup_sync(void __iomem *onenand_base, int *freq_ptr)
if (!freq) {
/* Very first call freq is not known */
freq = omap2_onenand_get_freq(gpmc_onenand_data, onenand_base);
+ if (!freq)
+ return -ENODEV;
set_onenand_cfg(onenand_base);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 294/305] ARM: versatile: fix MMC/SD interrupt assignment
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (292 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 293/305] ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 295/305] async_tx: use GFP_NOWAIT rather than GFP_IO Kamal Mostafa
` (10 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Rob Herring, Grant Likely, Linus Walleij, Olof Johansson, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Linus Walleij <linus.walleij@linaro.org>
commit 20f12758c9a837e9cafd7ced59f0b4c7a3961281 upstream.
Commit 0976c946a610d06e907335b7a3afa6db046f8e1b
"arm/versatile: Fix versatile irq specifications"
has an off-by-one error on the Versatile AB that has
been regressing the Versatile AB hardware for some time.
However it seems like the interrupt assignments have
never been correct and I have now adjusted them according
to the specification. The masks for the valid interrupts
made it impossible to assign the right SIC interrupt
for the MMCI, so I went in and fixed these to correspond
to the specifications, and added references if anyone
wants to double-check.
Due to the Versatile PB including the Versatile AB
as a base DTS file, we need to override and correct
some values to correspond to the actual changes in the
hardware.
For the Versatile PB I don't think the IRQ line
assignment for MMCI has ever been correct for either of
the two MMCI blocks. It would be nice if someone with the
physical PB board could test this.
Patch tested on the Versatile AB, QEMU for Versatile AB
and QEMU for Versatile PB.
Cc: Rob Herring <robh@kernel.org>
Cc: Grant Likely <grant.likely@linaro.org>
Fixes: 0976c946a610 ("arm/versatile: Fix versatile irq specifications")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/boot/dts/versatile-ab.dts | 10 +++++++---
arch/arm/boot/dts/versatile-pb.dts | 20 +++++++++++++++++++-
2 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/arch/arm/boot/dts/versatile-ab.dts b/arch/arm/boot/dts/versatile-ab.dts
index 01f4019..3279bf1 100644
--- a/arch/arm/boot/dts/versatile-ab.dts
+++ b/arch/arm/boot/dts/versatile-ab.dts
@@ -110,7 +110,11 @@
interrupt-parent = <&vic>;
interrupts = <31>; /* Cascaded to vic */
clear-mask = <0xffffffff>;
- valid-mask = <0xffc203f8>;
+ /*
+ * Valid interrupt lines mask according to
+ * table 4-36 page 4-50 of ARM DUI 0225D
+ */
+ valid-mask = <0x0760031b>;
};
dma@10130000 {
@@ -266,8 +270,8 @@
};
mmc@5000 {
compatible = "arm,pl180", "arm,primecell";
- reg = < 0x5000 0x1000>;
- interrupts-extended = <&vic 22 &sic 2>;
+ reg = <0x5000 0x1000>;
+ interrupts-extended = <&vic 22 &sic 1>;
clocks = <&xtal24mhz>, <&pclk>;
clock-names = "mclk", "apb_pclk";
};
diff --git a/arch/arm/boot/dts/versatile-pb.dts b/arch/arm/boot/dts/versatile-pb.dts
index b83137f..33a8eb2 100644
--- a/arch/arm/boot/dts/versatile-pb.dts
+++ b/arch/arm/boot/dts/versatile-pb.dts
@@ -5,6 +5,16 @@
compatible = "arm,versatile-pb";
amba {
+ /* The Versatile PB is using more SIC IRQ lines than the AB */
+ sic: intc@10003000 {
+ clear-mask = <0xffffffff>;
+ /*
+ * Valid interrupt lines mask according to
+ * figure 3-30 page 3-74 of ARM DUI 0224B
+ */
+ valid-mask = <0x7fe003ff>;
+ };
+
gpio2: gpio@101e6000 {
compatible = "arm,pl061", "arm,primecell";
reg = <0x101e6000 0x1000>;
@@ -67,6 +77,13 @@
};
fpga {
+ mmc@5000 {
+ /*
+ * Overrides the interrupt assignment from
+ * the Versatile AB board file.
+ */
+ interrupts-extended = <&sic 22 &sic 23>;
+ };
uart@9000 {
compatible = "arm,pl011", "arm,primecell";
reg = <0x9000 0x1000>;
@@ -86,7 +103,8 @@
mmc@b000 {
compatible = "arm,pl180", "arm,primecell";
reg = <0xb000 0x1000>;
- interrupts-extended = <&vic 23 &sic 2>;
+ interrupt-parent = <&sic>;
+ interrupts = <1>, <2>;
clocks = <&xtal24mhz>, <&pclk>;
clock-names = "mclk", "apb_pclk";
};
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 295/305] async_tx: use GFP_NOWAIT rather than GFP_IO
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (293 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 294/305] ARM: versatile: fix MMC/SD interrupt assignment Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 296/305] dts: vt8500: Add SDHC node to DTS file for WM8650 Kamal Mostafa
` (9 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: NeilBrown, Vinod Koul, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: NeilBrown <neilb@suse.com>
commit b02bab6b0f928d49dbfb03e1e4e9dd43647623d7 upstream.
These async_XX functions are called from md/raid5 in an atomic
section, between get_cpu() and put_cpu(), so they must not sleep.
So use GFP_NOWAIT rather than GFP_IO.
Dan Williams writes: Longer term async_tx needs to be merged into md
directly as we can allocate this unmap data statically per-stripe
rather than per request.
Fixed: 7476bd79fc01 ("async_pq: convert to dmaengine_unmap_data")
Reported-and-tested-by: Stanislav Samsonov <slava@annapurnalabs.com>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
crypto/async_tx/async_memcpy.c | 2 +-
crypto/async_tx/async_pq.c | 4 ++--
crypto/async_tx/async_raid6_recov.c | 4 ++--
crypto/async_tx/async_xor.c | 4 ++--
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/crypto/async_tx/async_memcpy.c b/crypto/async_tx/async_memcpy.c
index f8c0b8d..88bc8e6 100644
--- a/crypto/async_tx/async_memcpy.c
+++ b/crypto/async_tx/async_memcpy.c
@@ -53,7 +53,7 @@ async_memcpy(struct page *dest, struct page *src, unsigned int dest_offset,
struct dmaengine_unmap_data *unmap = NULL;
if (device)
- unmap = dmaengine_get_unmap_data(device->dev, 2, GFP_NOIO);
+ unmap = dmaengine_get_unmap_data(device->dev, 2, GFP_NOWAIT);
if (unmap && is_dma_copy_aligned(device, src_offset, dest_offset, len)) {
unsigned long dma_prep_flags = 0;
diff --git a/crypto/async_tx/async_pq.c b/crypto/async_tx/async_pq.c
index 5d355e0..c0748bb 100644
--- a/crypto/async_tx/async_pq.c
+++ b/crypto/async_tx/async_pq.c
@@ -188,7 +188,7 @@ async_gen_syndrome(struct page **blocks, unsigned int offset, int disks,
BUG_ON(disks > 255 || !(P(blocks, disks) || Q(blocks, disks)));
if (device)
- unmap = dmaengine_get_unmap_data(device->dev, disks, GFP_NOIO);
+ unmap = dmaengine_get_unmap_data(device->dev, disks, GFP_NOWAIT);
/* XORing P/Q is only implemented in software */
if (unmap && !(submit->flags & ASYNC_TX_PQ_XOR_DST) &&
@@ -307,7 +307,7 @@ async_syndrome_val(struct page **blocks, unsigned int offset, int disks,
BUG_ON(disks < 4);
if (device)
- unmap = dmaengine_get_unmap_data(device->dev, disks, GFP_NOIO);
+ unmap = dmaengine_get_unmap_data(device->dev, disks, GFP_NOWAIT);
if (unmap && disks <= dma_maxpq(device, 0) &&
is_dma_pq_aligned(device, offset, 0, len)) {
diff --git a/crypto/async_tx/async_raid6_recov.c b/crypto/async_tx/async_raid6_recov.c
index 934a849..8fab627 100644
--- a/crypto/async_tx/async_raid6_recov.c
+++ b/crypto/async_tx/async_raid6_recov.c
@@ -41,7 +41,7 @@ async_sum_product(struct page *dest, struct page **srcs, unsigned char *coef,
u8 *a, *b, *c;
if (dma)
- unmap = dmaengine_get_unmap_data(dma->dev, 3, GFP_NOIO);
+ unmap = dmaengine_get_unmap_data(dma->dev, 3, GFP_NOWAIT);
if (unmap) {
struct device *dev = dma->dev;
@@ -105,7 +105,7 @@ async_mult(struct page *dest, struct page *src, u8 coef, size_t len,
u8 *d, *s;
if (dma)
- unmap = dmaengine_get_unmap_data(dma->dev, 3, GFP_NOIO);
+ unmap = dmaengine_get_unmap_data(dma->dev, 3, GFP_NOWAIT);
if (unmap) {
dma_addr_t dma_dest[2];
diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c
index e1bce26..da75777 100644
--- a/crypto/async_tx/async_xor.c
+++ b/crypto/async_tx/async_xor.c
@@ -182,7 +182,7 @@ async_xor(struct page *dest, struct page **src_list, unsigned int offset,
BUG_ON(src_cnt <= 1);
if (device)
- unmap = dmaengine_get_unmap_data(device->dev, src_cnt+1, GFP_NOIO);
+ unmap = dmaengine_get_unmap_data(device->dev, src_cnt+1, GFP_NOWAIT);
if (unmap && is_dma_xor_aligned(device, offset, 0, len)) {
struct dma_async_tx_descriptor *tx;
@@ -278,7 +278,7 @@ async_xor_val(struct page *dest, struct page **src_list, unsigned int offset,
BUG_ON(src_cnt <= 1);
if (device)
- unmap = dmaengine_get_unmap_data(device->dev, src_cnt, GFP_NOIO);
+ unmap = dmaengine_get_unmap_data(device->dev, src_cnt, GFP_NOWAIT);
if (unmap && src_cnt <= device->max_xor &&
is_dma_xor_aligned(device, offset, 0, len)) {
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 296/305] dts: vt8500: Add SDHC node to DTS file for WM8650
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (294 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 295/305] async_tx: use GFP_NOWAIT rather than GFP_IO Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 297/305] ftrace/module: Call clean up function when module init fails early Kamal Mostafa
` (8 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Roman Volkov, Arnd Bergmann, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Roman Volkov <rvolkov@v1ros.org>
commit 0f090bf14e51e7eefb71d9d1c545807f8b627986 upstream.
Since WM8650 has the same 'WMT' SDHC controller as WM8505, and the driver
is already in the kernel, this node enables the controller support for
WM8650
Signed-off-by: Roman Volkov <rvolkov@v1ros.org>
Reviewed-by: Alexey Charkov <alchark@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/boot/dts/wm8650.dtsi | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/boot/dts/wm8650.dtsi b/arch/arm/boot/dts/wm8650.dtsi
index b1c59a7..e12213d 100644
--- a/arch/arm/boot/dts/wm8650.dtsi
+++ b/arch/arm/boot/dts/wm8650.dtsi
@@ -187,6 +187,15 @@
interrupts = <43>;
};
+ sdhc@d800a000 {
+ compatible = "wm,wm8505-sdhc";
+ reg = <0xd800a000 0x400>;
+ interrupts = <20>, <21>;
+ clocks = <&clksdhc>;
+ bus-width = <4>;
+ sdon-inverted;
+ };
+
fb: fb@d8050800 {
compatible = "wm,wm8505-fb";
reg = <0xd8050800 0x200>;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 297/305] ftrace/module: Call clean up function when module init fails early
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (295 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 296/305] dts: vt8500: Add SDHC node to DTS file for WM8650 Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 298/305] vmstat: allocate vmstat_wq before it is used Kamal Mostafa
` (7 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Steven Rostedt, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
commit 049fb9bd416077b3622d317a45796be4f2431df3 upstream.
If the module init code fails after calling ftrace_module_init() and before
calling do_init_module(), we can suffer from a memory leak. This is because
ftrace_module_init() allocates pages to store the locations that ftrace
hooks are placed in the module text. If do_init_module() fails, it still
calls the MODULE_GOING notifiers which will tell ftrace to do a clean up of
the pages it allocated for the module. But if load_module() fails before
then, the pages allocated by ftrace_module_init() will never be freed.
Call ftrace_release_mod() on the module if load_module() fails before
getting to do_init_module().
Link: http://lkml.kernel.org/r/567CEA31.1070507@intel.com
Reported-by: "Qiu, PeiyangX" <peiyangx.qiu@intel.com>
Fixes: a949ae560a511 "ftrace/module: Hardcode ftrace_module_init() call into load_module()"
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/ftrace.h | 1 +
kernel/module.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h
index 6cd8c0e..47420d4 100644
--- a/include/linux/ftrace.h
+++ b/include/linux/ftrace.h
@@ -575,6 +575,7 @@ extern int ftrace_arch_read_dyn_info(char *buf, int size);
extern int skip_trace(unsigned long ip);
extern void ftrace_module_init(struct module *mod);
+extern void ftrace_release_mod(struct module *mod);
extern void ftrace_disable_daemon(void);
extern void ftrace_enable_daemon(void);
diff --git a/kernel/module.c b/kernel/module.c
index 8f051a1..38c7bd5 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3571,6 +3571,12 @@ static int load_module(struct load_info *info, const char __user *uargs,
synchronize_sched();
mutex_unlock(&module_mutex);
free_module:
+ /*
+ * Ftrace needs to clean up what it initialized.
+ * This does nothing if ftrace_module_init() wasn't called,
+ * but it must be called outside of module_mutex.
+ */
+ ftrace_release_mod(mod);
/* Free lock-classes; relies on the preceding sync_rcu() */
lockdep_free_key_range(mod->module_core, mod->core_size);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 298/305] vmstat: allocate vmstat_wq before it is used
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (296 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 297/305] ftrace/module: Call clean up function when module init fails early Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 299/305] firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6 Kamal Mostafa
` (6 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michal Hocko, Andrew Morton, Linus Torvalds, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Michal Hocko <mhocko@suse.com>
commit 751e5f5c753e8d447bcf89f9e96b9616ac081628 upstream.
kernel test robot has reported the following crash:
BUG: unable to handle kernel NULL pointer dereference at 00000100
IP: [<c1074df6>] __queue_work+0x26/0x390
*pdpt = 0000000000000000 *pde = f000ff53f000ff53 *pde = f000ff53f000ff53
Oops: 0000 [#1] PREEMPT PREEMPT SMP SMP
CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.4.0-rc4-00139-g373ccbe #1
Workqueue: events vmstat_shepherd
task: cb684600 ti: cb7ba000 task.ti: cb7ba000
EIP: 0060:[<c1074df6>] EFLAGS: 00010046 CPU: 0
EIP is at __queue_work+0x26/0x390
EAX: 00000046 EBX: cbb37800 ECX: cbb37800 EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: cb7bbe68 ESP: cb7bbe38
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: 00000100 CR3: 01fd5000 CR4: 000006b0
Stack:
Call Trace:
__queue_delayed_work+0xa1/0x160
queue_delayed_work_on+0x36/0x60
vmstat_shepherd+0xad/0xf0
process_one_work+0x1aa/0x4c0
worker_thread+0x41/0x440
kthread+0xb0/0xd0
ret_from_kernel_thread+0x21/0x40
The reason is that start_shepherd_timer schedules the shepherd work item
which uses vmstat_wq (vmstat_shepherd) before setup_vmstat allocates
that workqueue so if the further initialization takes more than HZ we
might end up scheduling on a NULL vmstat_wq. This is really unlikely
but not impossible.
Fixes: 373ccbe59270 ("mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress")
Reported-by: kernel test robot <ying.huang@linux.intel.com>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Tested-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/vmstat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/vmstat.c b/mm/vmstat.c
index a94a02a..705d4a1 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -1461,6 +1461,7 @@ static void __init start_shepherd_timer(void)
BUG();
cpumask_copy(cpu_stat_off, cpu_online_mask);
+ vmstat_wq = alloc_workqueue("vmstat", WQ_FREEZABLE|WQ_MEM_RECLAIM, 0);
schedule_delayed_work(&shepherd,
round_jiffies_relative(sysctl_stat_interval));
}
@@ -1528,7 +1529,6 @@ static int __init setup_vmstat(void)
start_shepherd_timer();
cpu_notifier_register_done();
- vmstat_wq = alloc_workqueue("vmstat", WQ_FREEZABLE|WQ_MEM_RECLAIM, 0);
#endif
#ifdef CONFIG_PROC_FS
proc_create("buddyinfo", S_IRUGO, NULL, &fragmentation_file_operations);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 299/305] firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (297 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 298/305] vmstat: allocate vmstat_wq before it is used Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 300/305] kvm: x86: only channel 0 of the i8254 is linked to the HPET Kamal Mostafa
` (5 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrea Arcangeli, Jean Delvare, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Andrea Arcangeli <aarcange@redhat.com>
commit ff4319dc7cd58c92b389960e375038335d157a60 upstream.
The dmi_ver wasn't updated correctly before the dmi_decode method run
to save the uuid.
That resulted in "dmidecode -s system-uuid" and
/sys/class/dmi/id/product_uuid disagreeing. The latter was buggy and
this fixes it.
Reported-by: Federico Simoncelli <fsimonce@redhat.com>
Fixes: 9f9c9cbb6057 ("drivers/firmware/dmi_scan.c: fetch dmi version from SMBIOS if it exists")
Fixes: 79bae42d51a5 ("dmi_scan: refactor dmi_scan_machine(), {smbios,dmi}_present()")
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/firmware/dmi_scan.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
index ac1ce4a..0e08e66 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -521,6 +521,7 @@ static int __init dmi_present(const u8 *buf)
dmi_ver = smbios_ver;
else
dmi_ver = (buf[14] & 0xF0) << 4 | (buf[14] & 0x0F);
+ dmi_ver <<= 8;
dmi_num = get_unaligned_le16(buf + 12);
dmi_len = get_unaligned_le16(buf + 6);
dmi_base = get_unaligned_le32(buf + 8);
@@ -528,15 +529,14 @@ static int __init dmi_present(const u8 *buf)
if (dmi_walk_early(dmi_decode) == 0) {
if (smbios_ver) {
pr_info("SMBIOS %d.%d present.\n",
- dmi_ver >> 8, dmi_ver & 0xFF);
+ dmi_ver >> 16, (dmi_ver >> 8) & 0xFF);
} else {
smbios_entry_point_size = 15;
memcpy(smbios_entry_point, buf,
smbios_entry_point_size);
pr_info("Legacy DMI %d.%d present.\n",
- dmi_ver >> 8, dmi_ver & 0xFF);
+ dmi_ver >> 16, (dmi_ver >> 8) & 0xFF);
}
- dmi_ver <<= 8;
dmi_format_ids(dmi_ids_string, sizeof(dmi_ids_string));
printk(KERN_DEBUG "DMI: %s\n", dmi_ids_string);
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 300/305] kvm: x86: only channel 0 of the i8254 is linked to the HPET
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (298 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 299/305] firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6 Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 301/305] ASoC: Use nested lock for snd_soc_dapm_mutex_lock Kamal Mostafa
` (4 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paolo Bonzini, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit e5e57e7a03b1cdcb98e4aed135def2a08cbf3257 upstream.
While setting the KVM PIT counters in 'kvm_pit_load_count', if
'hpet_legacy_start' is set, the function disables the timer on
channel[0], instead of the respective index 'channel'. This is
because channels 1-3 are not linked to the HPET. Fix the caller
to only activate the special HPET processing for channel 0.
Reported-by: P J P <pjp@fedoraproject.org>
Fixes: 0185604c2d82c560dab2f2933a18f797e74ab5a8
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/i8254.c | 1 +
arch/x86/kvm/x86.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index f90952f..a5b5997 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -418,6 +418,7 @@ void kvm_pit_load_count(struct kvm *kvm, int channel, u32 val, int hpet_legacy_s
u8 saved_mode;
if (hpet_legacy_start) {
/* save existing mode for later reenablement */
+ WARN_ON(channel != 0);
saved_mode = kvm->arch.vpit->pit_state.channels[0].mode;
kvm->arch.vpit->pit_state.channels[0].mode = 0xff; /* disable timer */
pit_load_count(kvm, channel, val);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a0d40d7..d022b73 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3679,7 +3679,8 @@ static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
sizeof(kvm->arch.vpit->pit_state.channels));
kvm->arch.vpit->pit_state.flags = ps->flags;
for (i = 0; i < 3; i++)
- kvm_pit_load_count(kvm, i, kvm->arch.vpit->pit_state.channels[i].count, start);
+ kvm_pit_load_count(kvm, i, kvm->arch.vpit->pit_state.channels[i].count,
+ start && i == 0);
mutex_unlock(&kvm->arch.vpit->pit_state.lock);
return r;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 301/305] ASoC: Use nested lock for snd_soc_dapm_mutex_lock
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (299 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 300/305] kvm: x86: only channel 0 of the i8254 is linked to the HPET Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 302/305] net: sched: fix missing free per cpu on qstats Kamal Mostafa
` (3 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Charles Keepax, Mark Brown, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
commit 783513eec3209542fcd6ac0cbcb030b3c17a4827 upstream.
snd_soc_dapm_mutex_lock currently uses the un-nested call which can
cause lockdep warnings when called from control handlers (a relatively
common usage) and using modules. As creating the control causes a
potential mutex inversion with the handler, creating the control will
take the controls_rwsem under the dapm_mutex and accessing the control
will take the dapm_mutex under controls_rwsem.
All the users look like they want to be using the runtime class of the
lock anyway, so this patch just changes snd_soc_dapm_mutex_lock to use
the nested call, with the SND_SOC_DAPM_CLASS_RUNTIME class.
Fixes: f6d5e586b416 ("ASoC: dapm: Add helpers to lock/unlock DAPM mutex")
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/sound/soc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/sound/soc.h b/include/sound/soc.h
index 334d0d2..78a58c1 100644
--- a/include/sound/soc.h
+++ b/include/sound/soc.h
@@ -1629,7 +1629,7 @@ extern const struct dev_pm_ops snd_soc_pm_ops;
/* Helper functions */
static inline void snd_soc_dapm_mutex_lock(struct snd_soc_dapm_context *dapm)
{
- mutex_lock(&dapm->card->dapm_mutex);
+ mutex_lock_nested(&dapm->card->dapm_mutex, SND_SOC_DAPM_CLASS_RUNTIME);
}
static inline void snd_soc_dapm_mutex_unlock(struct snd_soc_dapm_context *dapm)
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 302/305] net: sched: fix missing free per cpu on qstats
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (300 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 301/305] ASoC: Use nested lock for snd_soc_dapm_mutex_lock Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 303/305] net: filter: make JITs zero A for SKF_AD_ALU_XOR_X Kamal Mostafa
` (2 subsequent siblings)
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: John Fastabend, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: John Fastabend <john.fastabend@gmail.com>
commit 73c20a8b7245273125cfe92c4b46e6fdb568a801 upstream.
When a qdisc is using per cpu stats (currently just the ingress
qdisc) only the bstats are being freed. This also free's the qstats.
Fixes: b0ab6f92752b9f9d8 ("net: sched: enable per cpu qstats")
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sched/sch_generic.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index b453270..3c6f6b77 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -666,8 +666,10 @@ static void qdisc_rcu_free(struct rcu_head *head)
{
struct Qdisc *qdisc = container_of(head, struct Qdisc, rcu_head);
- if (qdisc_is_percpu_stats(qdisc))
+ if (qdisc_is_percpu_stats(qdisc)) {
free_percpu(qdisc->cpu_bstats);
+ free_percpu(qdisc->cpu_qstats);
+ }
kfree((char *) qdisc - qdisc->padded);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 303/305] net: filter: make JITs zero A for SKF_AD_ALU_XOR_X
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (301 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 302/305] net: sched: fix missing free per cpu on qstats Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 304/305] sched/core: Reset task's lockless wake-queues on fork() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 305/305] net: possible use after free in dst_release Kamal Mostafa
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Rabin Vincent, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Rabin Vincent <rabin@rab.in>
commit 55795ef5469290f89f04e12e662ded604909e462 upstream.
The SKF_AD_ALU_XOR_X ancillary is not like the other ancillary data
instructions since it XORs A with X while all the others replace A with
some loaded value. All the BPF JITs fail to clear A if this is used as
the first instruction in a filter. This was found using american fuzzy
lop.
Add a helper to determine if A needs to be cleared given the first
instruction in a filter, and use this in the JITs. Except for ARM, the
rest have only been compile-tested.
Fixes: 3480593131e0 ("net: filter: get rid of BPF_S_* enum")
Signed-off-by: Rabin Vincent <rabin@rab.in>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/net/bpf_jit_32.c | 16 +---------------
arch/mips/net/bpf_jit.c | 16 +---------------
arch/powerpc/net/bpf_jit_comp.c | 13 ++-----------
arch/sparc/net/bpf_jit_comp.c | 17 ++---------------
include/linux/filter.h | 19 +++++++++++++++++++
5 files changed, 25 insertions(+), 56 deletions(-)
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
index c011e22..8a84eb7 100644
--- a/arch/arm/net/bpf_jit_32.c
+++ b/arch/arm/net/bpf_jit_32.c
@@ -182,19 +182,6 @@ static inline int mem_words_used(struct jit_ctx *ctx)
return fls(ctx->seen & SEEN_MEM);
}
-static inline bool is_load_to_a(u16 inst)
-{
- switch (inst) {
- case BPF_LD | BPF_W | BPF_LEN:
- case BPF_LD | BPF_W | BPF_ABS:
- case BPF_LD | BPF_H | BPF_ABS:
- case BPF_LD | BPF_B | BPF_ABS:
- return true;
- default:
- return false;
- }
-}
-
static void jit_fill_hole(void *area, unsigned int size)
{
u32 *ptr;
@@ -206,7 +193,6 @@ static void jit_fill_hole(void *area, unsigned int size)
static void build_prologue(struct jit_ctx *ctx)
{
u16 reg_set = saved_regs(ctx);
- u16 first_inst = ctx->skf->insns[0].code;
u16 off;
#ifdef CONFIG_FRAME_POINTER
@@ -236,7 +222,7 @@ static void build_prologue(struct jit_ctx *ctx)
emit(ARM_MOV_I(r_X, 0), ctx);
/* do not leak kernel data to userspace */
- if ((first_inst != (BPF_RET | BPF_K)) && !(is_load_to_a(first_inst)))
+ if (bpf_needs_clear_a(&ctx->skf->insns[0]))
emit(ARM_MOV_I(r_A, 0), ctx);
/* stack space for the BPF_MEM words */
diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c
index 0c4a133..26e947d 100644
--- a/arch/mips/net/bpf_jit.c
+++ b/arch/mips/net/bpf_jit.c
@@ -521,19 +521,6 @@ static inline u16 align_sp(unsigned int num)
return num;
}
-static bool is_load_to_a(u16 inst)
-{
- switch (inst) {
- case BPF_LD | BPF_W | BPF_LEN:
- case BPF_LD | BPF_W | BPF_ABS:
- case BPF_LD | BPF_H | BPF_ABS:
- case BPF_LD | BPF_B | BPF_ABS:
- return true;
- default:
- return false;
- }
-}
-
static void save_bpf_jit_regs(struct jit_ctx *ctx, unsigned offset)
{
int i = 0, real_off = 0;
@@ -614,7 +601,6 @@ static unsigned int get_stack_depth(struct jit_ctx *ctx)
static void build_prologue(struct jit_ctx *ctx)
{
- u16 first_inst = ctx->skf->insns[0].code;
int sp_off;
/* Calculate the total offset for the stack pointer */
@@ -641,7 +627,7 @@ static void build_prologue(struct jit_ctx *ctx)
emit_jit_reg_move(r_X, r_zero, ctx);
/* Do not leak kernel data to userspace */
- if ((first_inst != (BPF_RET | BPF_K)) && !(is_load_to_a(first_inst)))
+ if (bpf_needs_clear_a(&ctx->skf->insns[0]))
emit_jit_reg_move(r_A, r_zero, ctx);
}
diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c
index 17cea18..264c473 100644
--- a/arch/powerpc/net/bpf_jit_comp.c
+++ b/arch/powerpc/net/bpf_jit_comp.c
@@ -78,18 +78,9 @@ static void bpf_jit_build_prologue(struct bpf_prog *fp, u32 *image,
PPC_LI(r_X, 0);
}
- switch (filter[0].code) {
- case BPF_RET | BPF_K:
- case BPF_LD | BPF_W | BPF_LEN:
- case BPF_LD | BPF_W | BPF_ABS:
- case BPF_LD | BPF_H | BPF_ABS:
- case BPF_LD | BPF_B | BPF_ABS:
- /* first instruction sets A register (or is RET 'constant') */
- break;
- default:
- /* make sure we dont leak kernel information to user */
+ /* make sure we dont leak kernel information to user */
+ if (bpf_needs_clear_a(&filter[0]))
PPC_LI(r_A, 0);
- }
}
static void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx)
diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c
index 7931eee..8109e92 100644
--- a/arch/sparc/net/bpf_jit_comp.c
+++ b/arch/sparc/net/bpf_jit_comp.c
@@ -420,22 +420,9 @@ void bpf_jit_compile(struct bpf_prog *fp)
}
emit_reg_move(O7, r_saved_O7);
- switch (filter[0].code) {
- case BPF_RET | BPF_K:
- case BPF_LD | BPF_W | BPF_LEN:
- case BPF_LD | BPF_W | BPF_ABS:
- case BPF_LD | BPF_H | BPF_ABS:
- case BPF_LD | BPF_B | BPF_ABS:
- /* The first instruction sets the A register (or is
- * a "RET 'constant'")
- */
- break;
- default:
- /* Make sure we dont leak kernel information to the
- * user.
- */
+ /* Make sure we dont leak kernel information to the user. */
+ if (bpf_needs_clear_a(&filter[0]))
emit_clear(r_A); /* A = 0 */
- }
for (i = 0; i < flen; i++) {
unsigned int K = filter[i].k;
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 17724f6..137b10c 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -446,6 +446,25 @@ static inline void bpf_jit_free(struct bpf_prog *fp)
#define BPF_ANC BIT(15)
+static inline bool bpf_needs_clear_a(const struct sock_filter *first)
+{
+ switch (first->code) {
+ case BPF_RET | BPF_K:
+ case BPF_LD | BPF_W | BPF_LEN:
+ return false;
+
+ case BPF_LD | BPF_W | BPF_ABS:
+ case BPF_LD | BPF_H | BPF_ABS:
+ case BPF_LD | BPF_B | BPF_ABS:
+ if (first->k == SKF_AD_OFF + SKF_AD_ALU_XOR_X)
+ return true;
+ return false;
+
+ default:
+ return true;
+ }
+}
+
static inline u16 bpf_anc_helper(const struct sock_filter *ftest)
{
BUG_ON(ftest->code & BPF_ANC);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 304/305] sched/core: Reset task's lockless wake-queues on fork()
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (302 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 303/305] net: filter: make JITs zero A for SKF_AD_ALU_XOR_X Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 305/305] net: possible use after free in dst_release Kamal Mostafa
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sebastian Andrzej Siewior, Peter Zijlstra (Intel),
Davidlohr Bueso, Linus Torvalds, Steven Rostedt, Thomas Gleixner,
Ingo Molnar, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
commit 093e5840ae76f1082633503964d035f40ed0216d upstream.
In the following commit:
7675104990ed ("sched: Implement lockless wake-queues")
we gained lockless wake-queues.
The -RT kernel managed to lockup itself with those. There could be multiple
attempts for task X to enqueue it for a wakeup _even_ if task X is already
running.
The reason is that task X could be runnable but not yet on CPU. The the
task performing the wakeup did not leave the CPU it could performe
multiple wakeups.
With the proper timming task X could be running and enqueued for a
wakeup. If this happens while X is performing a fork() then its its
child will have a !NULL `wake_q` member copied.
This is not a problem as long as the child task does not participate in
lockless wakeups :)
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 7675104990ed ("sched: Implement lockless wake-queues")
Link: http://lkml.kernel.org/r/20151221171710.GA5499@linutronix.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/fork.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/fork.c b/kernel/fork.c
index e769c8c..a0fb0ce 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -379,6 +379,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
#endif
tsk->splice_pipe = NULL;
tsk->task_frag.page = NULL;
+ tsk->wake_q.next = NULL;
account_kernel_stack(ti, 1);
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* [PATCH 4.2.y-ckt 305/305] net: possible use after free in dst_release
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
` (303 preceding siblings ...)
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 304/305] sched/core: Reset task's lockless wake-queues on fork() Kamal Mostafa
@ 2016-01-16 0:01 ` Kamal Mostafa
304 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-16 0:01 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Francesco Ruggeri, David S. Miller, Kamal Mostafa
4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Francesco Ruggeri <fruggeri@aristanetworks.com>
commit 07a5d38453599052aff0877b16bb9c1585f08609 upstream.
dst_release should not access dst->flags after decrementing
__refcnt to 0. The dst_entry may be in dst_busy_list and
dst_gc_task may dst_destroy it before dst_release gets a chance
to access dst->flags.
Fixes: d69bbf88c8d0 ("net: fix a race in dst_release()")
Fixes: 27b75c95f10d ("net: avoid RCU for NOCACHE dst")
Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/core/dst.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/dst.c b/net/core/dst.c
index cc4a086..27e030f 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -282,12 +282,13 @@ void dst_release(struct dst_entry *dst)
{
if (dst) {
int newrefcnt;
+ unsigned short nocache = dst->flags & DST_NOCACHE;
newrefcnt = atomic_dec_return(&dst->__refcnt);
if (unlikely(newrefcnt < 0))
net_warn_ratelimited("%s: dst:%p refcnt:%d\n",
__func__, dst, newrefcnt);
- if (!newrefcnt && unlikely(dst->flags & DST_NOCACHE))
+ if (!newrefcnt && unlikely(nocache))
call_rcu(&dst->rcu_head, dst_destroy_rcu);
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 308+ messages in thread
* Re: [PATCH 4.2.y-ckt 161/305] um: Fix get_signal() usage
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 161/305] um: Fix get_signal() usage Kamal Mostafa
@ 2016-01-16 20:44 ` Richard Weinberger
2016-01-19 16:05 ` Kamal Mostafa
0 siblings, 1 reply; 308+ messages in thread
From: Richard Weinberger @ 2016-01-16 20:44 UTC (permalink / raw)
To: Kamal Mostafa, linux-kernel, stable, kernel-team
Am 16.01.2016 um 00:59 schrieb Kamal Mostafa:
> 4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
>
> ---8<------------------------------------------------------------
>
> From: Richard Weinberger <richard@nod.at>
>
> commit db2f24dc240856fb1d78005307f1523b7b3c121b upstream.
>
> If get_signal() returns us a signal to post
> we must not call it again, otherwise the already
> posted signal will be overridden.
> Before commit a610d6e672d this was the case as we stopped
> the while after a successful handle_signal().
>
> Fixes: a610d6e672d ("pull clearing RESTORE_SIGMASK into block_sigmask()")
> Signed-off-by: Richard Weinberger <richard@nod.at>
> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> ---
> arch/um/kernel/signal.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/um/kernel/signal.c b/arch/um/kernel/signal.c
> index 4f60e4a..50b6e9f 100644
> --- a/arch/um/kernel/signal.c
> +++ b/arch/um/kernel/signal.c
> @@ -69,7 +69,7 @@ static int kern_do_signal(struct pt_regs *regs)
> struct ksignal ksig;
> int handled_sig = 0;
>
> - while (get_signal(&ksig)) {
> + if (get_signal(&ksig)) {
> handled_sig = 1;
> /* Whee! Actually deliver the signal. */
> handle_signal(&ksig, regs);
>
Please drop this patch, it will be reverted from Linus' tree soon.
Thanks,
//richard
^ permalink raw reply [flat|nested] 308+ messages in thread
* Re: [PATCH 4.2.y-ckt 161/305] um: Fix get_signal() usage
2016-01-16 20:44 ` Richard Weinberger
@ 2016-01-19 16:05 ` Kamal Mostafa
0 siblings, 0 replies; 308+ messages in thread
From: Kamal Mostafa @ 2016-01-19 16:05 UTC (permalink / raw)
To: Richard Weinberger; +Cc: linux-kernel, stable, kernel-team
On Sat, 2016-01-16 at 21:44 +0100, Richard Weinberger wrote:
> Am 16.01.2016 um 00:59 schrieb Kamal Mostafa:
> > 4.2.8-ckt2 -stable review patch. If anyone has any objections, please let me know.
> >
> > ---8<------------------------------------------------------------
> >
> > From: Richard Weinberger <richard@nod.at>
> >
> > commit db2f24dc240856fb1d78005307f1523b7b3c121b upstream.
> >
> > If get_signal() returns us a signal to post
> > we must not call it again, otherwise the already
> > posted signal will be overridden.
> > Before commit a610d6e672d this was the case as we stopped
> > the while after a successful handle_signal().
> >
> > Fixes: a610d6e672d ("pull clearing RESTORE_SIGMASK into block_sigmask()")
> > Signed-off-by: Richard Weinberger <richard@nod.at>
> > Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> > ---
> > arch/um/kernel/signal.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/um/kernel/signal.c b/arch/um/kernel/signal.c
> > index 4f60e4a..50b6e9f 100644
> > --- a/arch/um/kernel/signal.c
> > +++ b/arch/um/kernel/signal.c
> > @@ -69,7 +69,7 @@ static int kern_do_signal(struct pt_regs *regs)
> > struct ksignal ksig;
> > int handled_sig = 0;
> >
> > - while (get_signal(&ksig)) {
> > + if (get_signal(&ksig)) {
> > handled_sig = 1;
> > /* Whee! Actually deliver the signal. */
> > handle_signal(&ksig, regs);
> >
>
> Please drop this patch, it will be reverted from Linus' tree soon.
Dropped from 4.2-stable. Thanks Richard!
-Kamal
^ permalink raw reply [flat|nested] 308+ messages in thread
end of thread, other threads:[~2016-01-19 16:06 UTC | newest]
Thread overview: 308+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-15 23:56 [4.2.y-ckt stable] Linux 4.2.8-ckt2 stable review Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 001/305] tools: Add a "make all" rule Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 002/305] vf610_adc: Fix internal temperature calculation Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 003/305] iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 004/305] iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success Kamal Mostafa
2016-01-15 23:56 ` [PATCH 4.2.y-ckt 005/305] iio: ad5064: Fix ad5629/ad5669 shift Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 006/305] iio:ad7793: Fix ad7785 product ID Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 007/305] iio: adc: vf610_adc: Fix division by zero error Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 008/305] mmc: mmc: Improve reliability of mmc_select_hs200() Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 009/305] mmc: mmc: Fix HS setting in mmc_select_hs400() Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 010/305] mmc: mmc: Move mmc_switch_status() Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 011/305] mmc: mmc: Improve reliability of mmc_select_hs400() Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 012/305] crypto: qat - don't use userspace pointer Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 013/305] iio: si7020: Swap data byte order Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 014/305] iio: adc: xilinx: Fix VREFN scale Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 015/305] ipmi: Start the timer and thread on internal msgs Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 016/305] drm/i915: quirk backlight present on Macbook 4, 1 Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 017/305] drm/i915: get runtime PM reference around GEM set_caching IOCTL Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 018/305] drm/radeon: Disable uncacheable CPU mappings of GTT with RV6xx Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 019/305] drm/radeon: unconditionally set sysfs_initialized Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 020/305] drm/amdgpu: Fix default page access routing Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 021/305] USB: qcserial: Fix support for HP lt4112 LTE/HSPA+ Gobi 4G Modem Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 022/305] ext2, ext4: warn when mounting with dax enabled Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 023/305] arm64: mm: use correct mapping granularity under DEBUG_RODATA Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 024/305] drm/i915: Don't clobber the addfb2 ioctl params Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 025/305] arm64: kernel: pause/unpause function graph tracer in cpu_suspend() Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 026/305] usb: chipidea: debug: disable usb irq while role switch Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 027/305] xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 028/305] fat: fix fake_offset handling on error path Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 029/305] kernel/signal.c: unexport sigsuspend() Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 030/305] parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 031/305] mmc: remove bondage between REQ_META and reliable write Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 032/305] stmmac: avoid ipq806x constant overflow warning Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 033/305] perf symbols: Fix dso lookup by long name and missing buildids Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 034/305] net/mlx4_core: Avoid returning success in case of an error flow Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 035/305] mtd: nand: fix shutdown/reboot for multi-chip systems Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 036/305] FS-Cache: Add missing initialization of ret in cachefiles_write_page() Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 037/305] ipvlan: fix leak in ipvlan_rcv_frame Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 038/305] ipvlan: fix use after free of skb Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 039/305] macvlan: fix leak in macvlan_handle_frame Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 040/305] ALSA: hda - Fix noise on Dell Latitude E6440 Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 041/305] dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 042/305] ALSA: hda - Add fixup for Acer Aspire One Cloudbook 14 Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 043/305] dm crypt: fix a possible hang due to race condition on exit Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 044/305] mac: validate mac_partition is within sector Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 045/305] ALSA: hda - Apply HP headphone fixups more generically Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 046/305] blk-mq: fix calling unplug callbacks with preempt disabled Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 047/305] ARM: imx: add platform irq type setting in gpc Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 048/305] watchdog: omap_wdt: fix null pointer dereference Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 049/305] powerpc/tm: Block signal return setting invalid MSR state Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 050/305] powerpc/tm: Check for already reclaimed tasks Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 051/305] ARC: dw2 unwind: Remove falllback linear search thru FDE entries Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 052/305] dm thin: fix regression in advertised discard limits Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 053/305] fix sysvfs symlinks Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 054/305] vfs: Make sendfile(2) killable even better Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 055/305] vfs: Avoid softlockups with sendfile(2) Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 056/305] nfs4: limit callback decoding to received bytes Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 057/305] ALSA: hda - Fix headphone noise after Dell XPS 13 resume back from S3 Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 058/305] ARM: dts: vfxxx: Fix dspi[01] spi-num-chipselects Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 059/305] ARM/arm64: KVM: test properly for a PTE's uncachedness Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 060/305] arm64: KVM: Fix AArch32 to AArch64 register mapping Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 061/305] drm/radeon: make rv770_set_sw_state failures non-fatal Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 062/305] PCI: Prevent out of bounds access in numa_node override Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 063/305] ALSA: hda - Fix noise on Gigabyte Z170X mobo Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 064/305] ARM: dove: Fix legacy get_irqnr_and_base Kamal Mostafa
2016-01-15 23:57 ` [PATCH 4.2.y-ckt 065/305] ARM: orion5x: " Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 066/305] drm/radeon: make some dpm errors debug only Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 067/305] NFSv4.1/pNFS: Don't request a minimal read layout beyond the end of file Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 068/305] nfs4: resend LAYOUTGET when there is a race that changes the seqid Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 069/305] xen/gntdev: Grant maps should not be subject to NUMA balancing Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 070/305] iscsi-target: Fix rx_login_comp hang after login failure Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 071/305] target: Fix race for SCF_COMPARE_AND_WRITE_POST checking Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 072/305] target: fix COMPARE_AND_WRITE non zero SGL offset data corruption Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 073/305] thermal: fix thermal_zone_bind_cooling_device prototype Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 074/305] ARM: 8454/1: OF implies OF_FLATTREE Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 075/305] ARM: dts: Kirkwood: Fix QNAP TS219 power-off Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 076/305] ASoC: rsnd: fixup SCU_SYS_INT_EN1 address Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 077/305] Bluetooth: Fix l2cap_chan leak in SMP Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 078/305] crypto: nx - Fix timing leak in GCM and CCM decryption Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 079/305] crypto: talitos - Fix timing leak in ESP ICV verification Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 080/305] ASoC: wm8962: correct addresses for HPF_C_0/1 Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 081/305] rtlwifi: rtl8821ae: Fix lockups on boot Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 082/305] mac80211: mesh: fix call_rcu() usage Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 083/305] advansys: fix big-endian builds Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 084/305] mac80211: ensure we don't update tx power on a non-running sdata Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 085/305] drm/i915: Mark uneven memory banks on gen4 desktop as unknown swizzling Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 086/305] ring-buffer: Update read stamp with first real commit on page Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 087/305] drm/i915: Don't override output type for DDI HDMI Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 088/305] block: Always check queue limits for cloned requests Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 089/305] direct-io: Fix negative return from dio read beyond eof Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 090/305] drm/amdgpu: fix userptr flags check Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 091/305] virtio-gpu: use no-merge for fill-modes Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 092/305] Fix a memory leak in scsi_host_dev_release() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 093/305] wan/x25: Fix use-after-free in x25_asy_open_tty() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 094/305] mac80211: do not actively scan DFS channels Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 095/305] PM / Domains: Fix bad of_node_put() in failure paths of genpd_dev_pm_attach() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 096/305] drm: Fix an unwanted master inheritance v2 Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 097/305] sched/core: Clear the root_domain cpumasks in init_rootdomain() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 098/305] ARM/arm64: KVM: correct PTE uncachedness check Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 099/305] drm/amdgpu: partially revert "drm/amdgpu: fix VM_CONTEXT*_PAGE_TABLE_END_ADDR" v2 Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 100/305] x86/mpx: Fix instruction decoder condition Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 101/305] x86/signal: Fix restart_syscall number for x32 tasks Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 102/305] ovl: fix permission checking for setattr Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 103/305] Don't reset ->total_link_count on nested calls of vfs_path_lookup() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 104/305] net: mvneta: fix bit assignment in MVNETA_RXQ_CONFIG_REG Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 105/305] net: mvneta: fix bit assignment for RX packet irq enable Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 106/305] net: mvneta: add configuration for MBUS windows access protection Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 107/305] iwlwifi: mvm: don't overwrite the key indices in D3 entry Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 108/305] mac80211: fix off-channel mgmt-tx uninitialized variable usage Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 109/305] drm/rockchip: unset pgoff when mmap'ing gems Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 110/305] remoteproc: avoid stack overflow in debugfs file Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 111/305] sched/rt: Hide the push_irq_work_func() declaration Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 112/305] drm: imx: convert to drm_crtc_send_vblank_event() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 113/305] sched/wait: Fix signal handling in bit wait helpers Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 114/305] ACPI / property: fix compile error for acpi_node_get_property_reference() when CONFIG_ACPI=n Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 115/305] ipv4: igmp: Allow removing groups from a removed interface Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 116/305] isdn: Partially revert debug format string usage clean up Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 117/305] sched/core: Remove false-positive warning from wake_up_process() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 118/305] gpio: omap: drop omap1 mpuio specific irq_mask/unmask callbacks Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 119/305] SUNRPC: Fix callback channel Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 120/305] cuse: fix memory leak Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 121/305] fuse: break infinite loop in fuse_fill_write_pages() Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 122/305] usb: gadget: pxa27x: fix suspend callback Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 123/305] iio: fix some warning messages Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 124/305] iio: adc: spmi-vadc: add missing of_node_put Kamal Mostafa
2016-01-15 23:58 ` [PATCH 4.2.y-ckt 125/305] USB: cp210x: Remove CP2110 ID from compatibility list Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 126/305] USB: cdc_acm: Ignore Infineon Flash Loader utility Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 127/305] USB: serial: Another Infineon flash loader USB ID Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 128/305] ext4: Fix handling of extended tv_sec Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 129/305] jbd2: Fix unreclaimed pages after truncate in data=journal mode Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 130/305] drm/ttm: Fixed a read/write lock imbalance Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 131/305] ext4: fix an endianness bug in ext4_encrypted_zeroout() Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 132/305] ext4: fix an endianness bug in ext4_encrypted_follow_link() Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 133/305] AHCI: Fix softreset failed issue of Port Multiplier Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 134/305] sata_sil: disable trim Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 135/305] usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter JMicron Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 136/305] staging: lustre: echo_copy.._lsm() dereferences userland pointers directly Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 137/305] irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 138/305] usb: core : hub: Fix BOS 'NULL pointer' kernel panic Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 139/305] USB: whci-hcd: add check for dma mapping error Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 140/305] usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 141/305] dm btree: fix leak of bufio-backed block in btree_split_sibling error path Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 142/305] dm thin metadata: fix bug in dm_thin_remove_range() Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 143/305] SCSI: Fix NULL pointer dereference in runtime PM Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 144/305] perf: Fix PERF_EVENT_IOC_PERIOD deadlock Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 145/305] xhci: Fix memory leak in xhci_pme_acpi_rtd3_enable() Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 146/305] usb: xhci: fix config fail of FS hub behind a HS hub with MTT Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 147/305] jbd2: fix null committed data return in undo_access Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 148/305] block: detach bdev inode from its wb in __blkdev_put() Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 149/305] ALSA: rme96: Fix unexpected volume reset after rate changes Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 150/305] ALSA: hda - Add inverted dmic for Packard Bell DOTS Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 151/305] vhost: relax log address alignment Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 152/305] virtio: fix memory leak of virtio ida cache layers Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 153/305] IB/srp: Fix a memory leak Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 154/305] IB/srp: Fix possible send queue overflow Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 155/305] powerpc/opal-irqchip: Fix double endian conversion Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 156/305] cxl: Set endianess of kernel contexts Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 157/305] ALSA: hda - Fixing speaker noise on the two latest thinkpad models Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 158/305] of/fdt: Add mutex protection for calls to __unflatten_device_tree() Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 159/305] 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 160/305] fix the regression from "direct-io: Fix negative return from dio read beyond eof" Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 161/305] um: Fix get_signal() usage Kamal Mostafa
2016-01-16 20:44 ` Richard Weinberger
2016-01-19 16:05 ` Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 162/305] radeon/cik: Fix GFX IB test on Big-Endian Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 163/305] radeon: Fix VCE ring test for Big-Endian systems Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 164/305] radeon: Fix VCE IB test on " Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 165/305] ALSA: hda - Fix noise problems on Thinkpad T440s Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 166/305] ALSA: hda/ca0132 - quirk for Alienware 17 2015 Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 167/305] dm thin metadata: fix bug when taking a metadata snapshot Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 168/305] dm space map metadata: fix ref counting bug when bootstrapping a new space map Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 169/305] ipmi: move timer init to before irq is setup Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 170/305] dm btree: fix bufio buffer leaks in dm_btree_del() error path Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 171/305] vgaarb: fix signal handling in vga_get() Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 172/305] ARM: dts: vf610: use reset values for L2 cache latencies Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 173/305] xhci: fix usb2 resume timing and races Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 174/305] USB: add quirk for devices with broken LPM Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 175/305] parisc iommu: fix panic due to trying to allocate too large region Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 176/305] mm: hugetlb: fix hugepage memory leak caused by wrong reserve count Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 177/305] mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 178/305] mm: hugetlb: call huge_pte_alloc() only if ptep is null Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 179/305] drivers/base/memory.c: prohibit offlining of memory blocks with missing sections Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 180/305] ocfs2: fix SGID not inherited issue Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 181/305] sh64: fix __NR_fgetxattr Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 182/305] sched/wait: Fix the signal handling fix Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 183/305] sata/mvebu: use #ifdef around suspend/resume code Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 184/305] usb: musb: USB_TI_CPPI41_DMA requires dmaengine support Kamal Mostafa
2016-01-15 23:59 ` [PATCH 4.2.y-ckt 185/305] i2c: rk3x: populate correct variable for sda_falling_time Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 186/305] i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 187/305] xen/events/fifo: Consume unprocessed events when a CPU dies Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 188/305] ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 189/305] net: mvpp2: fix missing DMA region unmap in egress processing Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 190/305] net: mvpp2: fix buffers' DMA handling on RX path Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 191/305] net: mvpp2: fix refilling BM pools in " Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 192/305] dmaengine: at_xdmac: fix macro typo Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 193/305] video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 194/305] crypto: skcipher - Copy iv from desc even for 0-len walks Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 195/305] ASoC: es8328: Fix deemphasis values Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 196/305] KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 197/305] dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy() Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 198/305] rfkill: copy the name into the rfkill struct Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 199/305] ses: Fix problems with simple enclosures Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 200/305] Revert "SCSI: Fix NULL pointer dereference in runtime PM" Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 201/305] ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 202/305] ses: fix additional element traversal bug Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 203/305] powercap / RAPL: fix BIOS lock check Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 204/305] ARCv2: intc: Fix random perf irq disabling in SMP setup Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 205/305] i2c: designware: reverts "i2c: designware: Add support for AMD I2C controller" Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 206/305] i2c: designware: fix IO timeout issue for AMD controller Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 207/305] ASoC: wm8974: set cache type for regmap Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 208/305] n_tty: Fix poll() after buffer-limited eof push read Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 209/305] tty: Fix GPF in flush_to_ldisc() Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 210/305] ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 211/305] ALSA: usb-audio: Add sample rate inquiry " Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 212/305] drm: Don't overwrite UNVERFIED mode status to OK Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 213/305] ARM: dts: imx6: Fix Ethernet PHY mode on Ventana boards Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 214/305] ARM: 8471/1: need to save/restore arm register(r11) when it is corrupted Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 215/305] ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 216/305] ALSA: hda - Apply click noise workaround for Thinkpads generically Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 217/305] ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 218/305] ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 219/305] spi: fix parent-device reference leak Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 220/305] scripts: recordmcount: break hardlinks Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 221/305] dma-debug: Fix dma_debug_entry offset calculation Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 222/305] ftrace/scripts: Have recordmcount copy the object file Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 223/305] mtd: ubi: fixup error correction in do_sync_erase() Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 224/305] mtd: ubi: don't leak e if schedule_erase() fails Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 225/305] ARC: dw2 unwind: Reinstante unwinding out of modules Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 226/305] ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 227/305] powerpc/powernv: pr_warn_once on unsupported OPAL_MSG type Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 228/305] drm/nouveau/bios/fan: hardcode the fan mode to linear Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 229/305] md/raid10: fix data corruption and crash during resync Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 230/305] ALSA: hda - Set SKL+ hda controller power at freeze() and thaw() Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 231/305] s390/dis: Fix handling of format specifiers Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 232/305] xen: Add RING_COPY_REQUEST() Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 233/305] xen-netback: don't use last request to determine minimum Tx credit Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 234/305] xen-netback: use RING_COPY_REQUEST() throughout Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 235/305] xen-blkback: only read request operation from shared ring once Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 236/305] xen-blkback: read from indirect descriptors only once Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 237/305] xen-scsiback: safely copy requests Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 238/305] xen/pciback: Save xen_pci_op commands before processing it Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 239/305] xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 240/305] xen/pciback: Return error on XEN_PCI_OP_enable_msix " Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 241/305] xen/pciback: Do not install an IRQ handler for MSI interrupts Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 242/305] xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 243/305] xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 244/305] [media] Revert "[media] ivtv: avoid going past input/audio array" Kamal Mostafa
2016-01-16 0:00 ` [PATCH 4.2.y-ckt 245/305] [media] airspy: increase USB control message buffer size Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 246/305] USB: ipaq.c: fix a timeout loop Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 247/305] USB: fix invalid memory access in hub_activate() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 248/305] i2c: rcar: disable runtime PM correctly in slave mode Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 249/305] md: remove check for MD_RECOVERY_NEEDED in action_store Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 250/305] parisc: Fix syscall restarts Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 251/305] ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2) Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 252/305] MIPS: uaccess: Fix strlen_user with EVA Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 253/305] drm/i915: Break busywaiting for requests on pending signals Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 254/305] drm/i915: Limit the busy wait on requests to 5us not 10ms! Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 255/305] drm/i915: Only spin whilst waiting on the current request Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 256/305] MIPS: CPS: drop .set mips64r2 directives Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 257/305] KVM: MTRR: fix fixed MTRR segment look up Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 258/305] KVM: MTRR: observe maxphyaddr from guest CPUID, not host Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 259/305] KVM: MTRR: treat memory as writeback if MTRR is disabled in guest CPUID Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 260/305] [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 261/305] ocfs2: fix BUG when calculate new backup super Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 262/305] mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 263/305] net/mlx4_en: Remove dependency between timestamping capability and service_task Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 264/305] ipv6/addrlabel: fix ip6addrlbl_get() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 265/305] xfrm: add rcu protection to sk->sk_policy[] Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 266/305] amd-xgbe: fix a couple timeout loops Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 267/305] phy: sun9i-usb: add USB dependency Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 268/305] net/mlx4_en: Fix HW timestamp init issue upon system startup Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 269/305] sctp: convert sack_needed and sack_generation to bits Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 270/305] sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 271/305] serial: 8250_uniphier: fix dl_read and dl_write functions Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 272/305] net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 273/305] netfilter: nfnetlink_queue: Unregister pernet subsys in case of init failure Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 274/305] addrconf: always initialize sysctl table data Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 275/305] ser_gigaset: fix deallocation of platform device structure Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 276/305] pinctrl: bcm2835: Fix initial value for direction_output Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 277/305] mISDN: fix a loop count Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 278/305] sh_eth: fix TX buffer byte-swapping Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 279/305] qlcnic: fix a timeout loop Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 280/305] dmaengine: bcm2835-dma: Convert to use DMA pool Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 281/305] net: phy: mdio-mux: Check return value of mdiobus_alloc() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 282/305] include/linux/mmdebug.h: should include linux/bug.h Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 283/305] powerpc/opal-irqchip: Fix deadlock introduced by "Fix double endian conversion" Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 284/305] genirq: Prevent chip buslock deadlock Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 285/305] x86/mce: Ensure offline CPUs don't participate in rendezvous process Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 286/305] x86/paravirt: Prevent rtc_cmos platform device init on PV guests Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 287/305] ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 288/305] ALSA: hda - Add mic mute hotkey quirk for Lenovo ThinkCentre AIO Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 289/305] ALSA: hda - Add keycode map for alc input device Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 290/305] ftrace/scripts: Fix incorrect use of sprintf in recordmcount Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 291/305] tracing: Fix setting of start_index in find_next() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 292/305] tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 293/305] ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 294/305] ARM: versatile: fix MMC/SD interrupt assignment Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 295/305] async_tx: use GFP_NOWAIT rather than GFP_IO Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 296/305] dts: vt8500: Add SDHC node to DTS file for WM8650 Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 297/305] ftrace/module: Call clean up function when module init fails early Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 298/305] vmstat: allocate vmstat_wq before it is used Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 299/305] firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6 Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 300/305] kvm: x86: only channel 0 of the i8254 is linked to the HPET Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 301/305] ASoC: Use nested lock for snd_soc_dapm_mutex_lock Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 302/305] net: sched: fix missing free per cpu on qstats Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 303/305] net: filter: make JITs zero A for SKF_AD_ALU_XOR_X Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 304/305] sched/core: Reset task's lockless wake-queues on fork() Kamal Mostafa
2016-01-16 0:01 ` [PATCH 4.2.y-ckt 305/305] net: possible use after free in dst_release Kamal Mostafa
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).