linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 3.18 00/47] 3.18.51-stable review
@ 2017-04-28  8:32 Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 01/47] KEYS: Disallow keyrings beginning with . to be joined as session keyrings Greg Kroah-Hartman
                   ` (44 more replies)
  0 siblings, 45 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuahkh, patches,
	ben.hutchings, stable

This is the start of the stable review cycle for the 3.18.51 release.
There are 47 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Sun Apr 30 08:30:25 UTC 2017.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.51-rc1.gz
or in the git tree and branch at:
  git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 3.18.51-rc1

Eric Dumazet <edumazet@google.com>
    ping: implement proper locking

EunTaik Lee <eun.taik.lee@samsung.com>
    staging/android/ion : fix a race condition in the ion driver

Vlad Tsyrklevich <vlad@tsyrklevich.net>
    vfio/pci: Fix integer overflows, bitmask check

Mauro Carvalho Chehab <mchehab@osg.samsung.com>
    xc2028: avoid use after free

Stefan Agner <stefan@agner.ch>
    ARM: 8383/1: nommu: avoid deprecated source register on mov

Arnd Bergmann <arnd@arndb.de>
    kconfig: tinyconfig: provide whole choice blocks to avoid warnings

John Crispin <john@phrozen.org>
    MIPS: ralink: Cosmetic change to prom_init().

Hannes Reinecke <hare@suse.de>
    aic94xx: Skip reading user settings if flash is not found

Arnd Bergmann <arnd@arndb.de>
    ARM: 8296/1: cache-l2x0: clean up aurora cache handling

Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com>
    btrfs: fix state->private cast on 32 bit machines

Arnd Bergmann <arnd@arndb.de>
    gfs2: avoid uninitialized variable warning

Arnd Bergmann <arnd@arndb.de>
    mmc: sunxi: avoid invalid pointer calculation

Arnd Bergmann <arnd@arndb.de>
    net: tulip: turn compile-time warning into dev_warn()

Sergey Ryazanov <ryazanov.s.a@gmail.com>
    MIPS: MSP71xx: remove odd locking in PCI config space access code

Arnd Bergmann <arnd@arndb.de>
    hostap: avoid uninitialized variable use in hfa384x_get_rid

Richard Leitner <dev@g0hl1n.net>
    misc: ioc4: simplify wave period measurement in clock_calibrate

Arnd Bergmann <arnd@arndb.de>
    net: vxge: avoid unused function warnings

Arnd Bergmann <arnd@arndb.de>
    tty: nozomi: avoid a harmless gcc warning

Arnd Bergmann <arnd@arndb.de>
    brcmfmac: avoid gcc-5.1 warning

Kevin Cernekee <cernekee@gmail.com>
    Fix signed/unsigned pointer warning

Arnd Bergmann <arnd@arndb.de>
    nfsd: work around a gcc-5.1 warning

Markos Chandras <markos.chandras@imgtec.com>
    MIPS: asm: compiler: Add new macros to set ISA and arch asm annotations

Paul Burton <paul.burton@imgtec.com>
    net: ti: cpmac: Fix compiler warning due to type confusion

Oliver O'Halloran <oohall@gmail.com>
    mm/init: fix zone boundary creation

Alex Williamson <alex.williamson@redhat.com>
    iommu/vt-d: Remove unused variable

Andre Przywara <andre.przywara@arm.com>
    fs/nfs: fix new compiler warning about boolean in switch

Peter Zijlstra (Intel) <peterz@infradead.org>
    perf: Avoid horrible stack usage

Alban Bedel <albeu@free.fr>
    MIPS: Fix the build on jz4740 after removing the custom gpio.h

Arnd Bergmann <arnd@arndb.de>
    dm bufio: hide bogus warning

Arnd Bergmann <arnd@arndb.de>
    gadgetfs: fix uninitialized variable in error handling

Arnd Bergmann <arnd@arndb.de>
    clk: at91: usb: fix determine_rate prototype again

Mark Rutland <mark.rutland@arm.com>
    arm64: avoid returning from bad_mode

Suzuki K Poulose <suzuki.poulose@arm.com>
    kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd

Yazen Ghannam <yazen.ghannam@amd.com>
    x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs

Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
    powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction

Sebastian Siewior <bigeasy@linutronix.de>
    ubi/upd: Always flush after prepared for an update

Haibo Chen <haibo.chen@nxp.com>
    mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card

Arnd Bergmann <arnd@arndb.de>
    ACPI / power: Avoid maybe-uninitialized warning

Thorsten Leemhuis <linux@leemhuis.info>
    Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled

Christian Borntraeger <borntraeger@de.ibm.com>
    s390/mm: fix CMMA vs KSM vs others

Germano Percossi <germano.percossi@citrix.com>
    CIFS: remove bad_network_name flag

Sachin Prabhu <sprabhu@redhat.com>
    cifs: Do not send echoes before Negotiate is complete

Steven Rostedt (VMware) <rostedt@goodmis.org>
    ring-buffer: Have ring_buffer_iter_empty() return true when empty

Steven Rostedt (VMware) <rostedt@goodmis.org>
    tracing: Allocate the snapshot buffer before enabling probe

Eric Biggers <ebiggers@google.com>
    KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

David Howells <dhowells@redhat.com>
    KEYS: Change the name of the dead type to ".dead" to prevent user access

David Howells <dhowells@redhat.com>
    KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings


-------------

Diffstat:

 Makefile                                           |   4 +-
 arch/arm/kernel/head-nommu.S                       |  20 ++--
 arch/arm/kvm/mmu.c                                 |  12 +++
 arch/arm/mm/cache-l2x0.c                           | 111 +++++++--------------
 arch/arm64/kernel/entry.S                          |   4 +-
 arch/arm64/kernel/traps.c                          |  28 +++++-
 arch/mips/include/asm/compiler.h                   |  13 +++
 arch/mips/jz4740/board-qi_lb60.c                   |   1 +
 arch/mips/jz4740/gpio.c                            |   1 +
 arch/mips/pci/ops-pmcmsp.c                         |  12 ---
 arch/mips/ralink/prom.c                            |   9 +-
 arch/powerpc/kernel/entry_64.S                     |   6 +-
 arch/s390/include/asm/pgtable.h                    |   2 +
 arch/x86/configs/tiny.config                       |   2 +
 arch/x86/kernel/cpu/mcheck/mce_amd.c               |   2 +-
 drivers/acpi/power.c                               |   1 +
 drivers/clk/at91/clk-usb.c                         |   4 +-
 drivers/input/mouse/elantech.c                     |   8 ++
 drivers/iommu/intel-iommu.c                        |   1 -
 drivers/md/dm-bufio.c                              |   1 +
 drivers/media/tuners/tuner-xc2028.c                |   3 +-
 drivers/misc/ioc4.c                                |  31 +++---
 drivers/mmc/host/sdhci-esdhc-imx.c                 |   1 +
 drivers/mmc/host/sunxi-mmc.c                       |   5 +-
 drivers/mtd/ubi/upd.c                              |   8 +-
 drivers/net/ethernet/dec/tulip/tulip_core.c        |   9 +-
 drivers/net/ethernet/dec/tulip/winbond-840.c       |   2 +-
 drivers/net/ethernet/neterion/vxge/vxge-main.c     |  31 +++---
 drivers/net/ethernet/ti/cpmac.c                    |   5 +-
 drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c |   2 +-
 drivers/net/wireless/hostap/hostap_hw.c            |  15 ++-
 drivers/scsi/aic94xx/aic94xx_sds.c                 |   5 +-
 drivers/staging/android/ion/ion.c                  |  55 +++++++---
 drivers/tty/nozomi.c                               |   2 +-
 drivers/usb/gadget/legacy/inode.c                  |   1 +
 drivers/vfio/pci/vfio_pci.c                        |  33 +++---
 drivers/vfio/pci/vfio_pci_intrs.c                  |   2 +-
 fs/btrfs/extent_io.c                               |   2 +-
 fs/cifs/cifsglob.h                                 |   1 -
 fs/cifs/netmisc.c                                  |  12 ++-
 fs/cifs/smb1ops.c                                  |  10 ++
 fs/cifs/smb2pdu.c                                  |   5 -
 fs/gfs2/dir.c                                      |   4 +-
 fs/nfs/nfs4proc.c                                  |  11 +-
 fs/nfsd/nfs4state.c                                |   3 +-
 include/linux/ftrace_event.h                       |   2 +-
 include/linux/perf_event.h                         |  28 ++++--
 include/trace/ftrace.h                             |   7 +-
 kernel/configs/tiny.config                         |   8 ++
 kernel/events/core.c                               |  23 +++--
 kernel/sched/core.c                                |   2 +-
 kernel/trace/ring_buffer.c                         |  16 ++-
 kernel/trace/trace.c                               |   8 +-
 kernel/trace/trace_event_perf.c                    |   4 +-
 kernel/trace/trace_kprobe.c                        |   4 +-
 kernel/trace/trace_syscalls.c                      |   4 +-
 kernel/trace/trace_uprobe.c                        |   2 +-
 mm/page_alloc.c                                    |  17 ++--
 net/ipv4/ping.c                                    |   5 +-
 security/keys/gc.c                                 |   2 +-
 security/keys/keyctl.c                             |  20 ++--
 security/keys/process_keys.c                       |  44 ++++----
 62 files changed, 409 insertions(+), 287 deletions(-)

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 01/47] KEYS: Disallow keyrings beginning with . to be joined as session keyrings
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 02/47] KEYS: Change the name of the dead type to ".dead" to prevent user access Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, David Howells, Mimi Zohar, linux-ima-devel

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Howells <dhowells@redhat.com>

commit ee8f844e3c5a73b999edf733df1c529d6503ec2f upstream.

This fixes CVE-2016-9604.

Keyrings whose name begin with a '.' are special internal keyrings and so
userspace isn't allowed to create keyrings by this name to prevent
shadowing.  However, the patch that added the guard didn't fix
KEYCTL_JOIN_SESSION_KEYRING.  Not only can that create dot-named keyrings,
it can also subscribe to them as a session keyring if they grant SEARCH
permission to the user.

This, for example, allows a root process to set .builtin_trusted_keys as
its session keyring, at which point it has full access because now the
possessor permissions are added.  This permits root to add extra public
keys, thereby bypassing module verification.

This also affects kexec and IMA.

This can be tested by (as root):

	keyctl session .builtin_trusted_keys
	keyctl add user a a @s
	keyctl list @s

which on my test box gives me:

	2 keys in keyring:
	180010936: ---lswrv     0     0 asymmetric: Build time autogenerated kernel key: ae3d4a31b82daa8e1a75b49dc2bba949fd992a05
	801382539: --alswrv     0     0 user: a


Fix this by rejecting names beginning with a '.' in the keyctl.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: linux-ima-devel@lists.sourceforge.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/keys/keyctl.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -277,7 +277,8 @@ error:
  * Create and join an anonymous session keyring or join a named session
  * keyring, creating it if necessary.  A named session keyring must have Search
  * permission for it to be joined.  Session keyrings without this permit will
- * be skipped over.
+ * be skipped over.  It is not permitted for userspace to create or join
+ * keyrings whose name begin with a dot.
  *
  * If successful, the ID of the joined session keyring will be returned.
  */
@@ -294,12 +295,16 @@ long keyctl_join_session_keyring(const c
 			ret = PTR_ERR(name);
 			goto error;
 		}
+
+		ret = -EPERM;
+		if (name[0] == '.')
+			goto error_name;
 	}
 
 	/* join the session */
 	ret = join_session_keyring(name);
+error_name:
 	kfree(name);
-
 error:
 	return ret;
 }

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 02/47] KEYS: Change the name of the dead type to ".dead" to prevent user access
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 01/47] KEYS: Disallow keyrings beginning with . to be joined as session keyrings Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 03/47] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Howells

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Howells <dhowells@redhat.com>

commit c1644fe041ebaf6519f6809146a77c3ead9193af upstream.

This fixes CVE-2017-6951.

Userspace should not be able to do things with the "dead" key type as it
doesn't have some of the helper functions set upon it that the kernel
needs.  Attempting to use it may cause the kernel to crash.

Fix this by changing the name of the type to ".dead" so that it's rejected
up front on userspace syscalls by key_get_type_from_user().

Though this doesn't seem to affect recent kernels, it does affect older
ones, certainly those prior to:

	commit c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81
	Author: David Howells <dhowells@redhat.com>
	Date:   Tue Sep 16 17:36:06 2014 +0100
	KEYS: Remove key_type::match in favour of overriding default by match_preparse

which went in before 3.18-rc1.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/keys/gc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -46,7 +46,7 @@ static unsigned long key_gc_flags;
  * immediately unlinked.
  */
 struct key_type key_type_dead = {
-	.name = "dead",
+	.name = ".dead",
 };
 
 /*

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 03/47] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 01/47] KEYS: Disallow keyrings beginning with . to be joined as session keyrings Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 02/47] KEYS: Change the name of the dead type to ".dead" to prevent user access Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 04/47] tracing: Allocate the snapshot buffer before enabling probe Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers, David Howells

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Biggers <ebiggers@google.com>

commit c9f838d104fed6f2f61d68164712e3204bf5271b upstream.

This fixes CVE-2017-7472.

Running the following program as an unprivileged user exhausts kernel
memory by leaking thread keyrings:

	#include <keyutils.h>

	int main()
	{
		for (;;)
			keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING);
	}

Fix it by only creating a new thread keyring if there wasn't one before.
To make things more consistent, make install_thread_keyring_to_cred()
and install_process_keyring_to_cred() both return 0 if the corresponding
keyring is already present.

Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/keys/keyctl.c       |   11 +++-------
 security/keys/process_keys.c |   44 ++++++++++++++++++++++++++-----------------
 2 files changed, 31 insertions(+), 24 deletions(-)

--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1258,8 +1258,8 @@ error:
  * Read or set the default keyring in which request_key() will cache keys and
  * return the old setting.
  *
- * If a process keyring is specified then this will be created if it doesn't
- * yet exist.  The old setting will be returned if successful.
+ * If a thread or process keyring is specified then it will be created if it
+ * doesn't yet exist.  The old setting will be returned if successful.
  */
 long keyctl_set_reqkey_keyring(int reqkey_defl)
 {
@@ -1284,11 +1284,8 @@ long keyctl_set_reqkey_keyring(int reqke
 
 	case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 		ret = install_process_keyring_to_cred(new);
-		if (ret < 0) {
-			if (ret != -EEXIST)
-				goto error;
-			ret = 0;
-		}
+		if (ret < 0)
+			goto error;
 		goto set;
 
 	case KEY_REQKEY_DEFL_DEFAULT:
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -125,13 +125,18 @@ error:
 }
 
 /*
- * Install a fresh thread keyring directly to new credentials.  This keyring is
- * allowed to overrun the quota.
+ * Install a thread keyring to the given credentials struct if it didn't have
+ * one already.  This is allowed to overrun the quota.
+ *
+ * Return: 0 if a thread keyring is now present; -errno on failure.
  */
 int install_thread_keyring_to_cred(struct cred *new)
 {
 	struct key *keyring;
 
+	if (new->thread_keyring)
+		return 0;
+
 	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
 				KEY_POS_ALL | KEY_USR_VIEW,
 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
@@ -143,7 +148,9 @@ int install_thread_keyring_to_cred(struc
 }
 
 /*
- * Install a fresh thread keyring, discarding the old one.
+ * Install a thread keyring to the current task if it didn't have one already.
+ *
+ * Return: 0 if a thread keyring is now present; -errno on failure.
  */
 static int install_thread_keyring(void)
 {
@@ -154,8 +161,6 @@ static int install_thread_keyring(void)
 	if (!new)
 		return -ENOMEM;
 
-	BUG_ON(new->thread_keyring);
-
 	ret = install_thread_keyring_to_cred(new);
 	if (ret < 0) {
 		abort_creds(new);
@@ -166,17 +171,17 @@ static int install_thread_keyring(void)
 }
 
 /*
- * Install a process keyring directly to a credentials struct.
+ * Install a process keyring to the given credentials struct if it didn't have
+ * one already.  This is allowed to overrun the quota.
  *
- * Returns -EEXIST if there was already a process keyring, 0 if one installed,
- * and other value on any other error
+ * Return: 0 if a process keyring is now present; -errno on failure.
  */
 int install_process_keyring_to_cred(struct cred *new)
 {
 	struct key *keyring;
 
 	if (new->process_keyring)
-		return -EEXIST;
+		return 0;
 
 	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
 				KEY_POS_ALL | KEY_USR_VIEW,
@@ -189,11 +194,9 @@ int install_process_keyring_to_cred(stru
 }
 
 /*
- * Make sure a process keyring is installed for the current process.  The
- * existing process keyring is not replaced.
+ * Install a process keyring to the current task if it didn't have one already.
  *
- * Returns 0 if there is a process keyring by the end of this function, some
- * error otherwise.
+ * Return: 0 if a process keyring is now present; -errno on failure.
  */
 static int install_process_keyring(void)
 {
@@ -207,14 +210,18 @@ static int install_process_keyring(void)
 	ret = install_process_keyring_to_cred(new);
 	if (ret < 0) {
 		abort_creds(new);
-		return ret != -EEXIST ? ret : 0;
+		return ret;
 	}
 
 	return commit_creds(new);
 }
 
 /*
- * Install a session keyring directly to a credentials struct.
+ * Install the given keyring as the session keyring of the given credentials
+ * struct, replacing the existing one if any.  If the given keyring is NULL,
+ * then install a new anonymous session keyring.
+ *
+ * Return: 0 on success; -errno on failure.
  */
 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
 {
@@ -249,8 +256,11 @@ int install_session_keyring_to_cred(stru
 }
 
 /*
- * Install a session keyring, discarding the old one.  If a keyring is not
- * supplied, an empty one is invented.
+ * Install the given keyring as the session keyring of the current task,
+ * replacing the existing one if any.  If the given keyring is NULL, then
+ * install a new anonymous session keyring.
+ *
+ * Return: 0 on success; -errno on failure.
  */
 static int install_session_keyring(struct key *keyring)
 {

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 04/47] tracing: Allocate the snapshot buffer before enabling probe
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 03/47] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 05/47] ring-buffer: Have ring_buffer_iter_empty() return true when empty Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (VMware)

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steven Rostedt (VMware) <rostedt@goodmis.org>

commit df62db5be2e5f070ecd1a5ece5945b590ee112e0 upstream.

Currently the snapshot trigger enables the probe and then allocates the
snapshot. If the probe triggers before the allocation, it could cause the
snapshot to fail and turn tracing off. It's best to allocate the snapshot
buffer first, and then enable the trigger. If something goes wrong in the
enabling of the trigger, the snapshot buffer is still allocated, but it can
also be freed by the user by writting zero into the snapshot buffer file.

Also add a check of the return status of alloc_snapshot().

Fixes: 77fd5c15e3 ("tracing: Add snapshot trigger to function probes")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/trace/trace.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -5809,11 +5809,13 @@ ftrace_trace_snapshot_callback(struct ft
 		return ret;
 
  out_reg:
-	ret = register_ftrace_function_probe(glob, ops, count);
+	ret = alloc_snapshot(&global_trace);
+	if (ret < 0)
+		goto out;
 
-	if (ret >= 0)
-		alloc_snapshot(&global_trace);
+	ret = register_ftrace_function_probe(glob, ops, count);
 
+ out:
 	return ret < 0 ? ret : 0;
 }
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 05/47] ring-buffer: Have ring_buffer_iter_empty() return true when empty
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 04/47] tracing: Allocate the snapshot buffer before enabling probe Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 06/47] cifs: Do not send echoes before Negotiate is complete Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (VMware)

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steven Rostedt (VMware) <rostedt@goodmis.org>

commit 78f7a45dac2a2d2002f98a3a95f7979867868d73 upstream.

I noticed that reading the snapshot file when it is empty no longer gives a
status. It suppose to show the status of the snapshot buffer as well as how
to allocate and use it. For example:

 ># cat snapshot
 # tracer: nop
 #
 #
 # * Snapshot is allocated *
 #
 # Snapshot commands:
 # echo 0 > snapshot : Clears and frees snapshot buffer
 # echo 1 > snapshot : Allocates snapshot buffer, if not already allocated.
 #                      Takes a snapshot of the main buffer.
 # echo 2 > snapshot : Clears snapshot buffer (but does not allocate or free)
 #                      (Doesn't have to be '2' works with any number that
 #                       is not a '0' or '1')

But instead it just showed an empty buffer:

 ># cat snapshot
 # tracer: nop
 #
 # entries-in-buffer/entries-written: 0/0   #P:4
 #
 #                              _-----=> irqs-off
 #                             / _----=> need-resched
 #                            | / _---=> hardirq/softirq
 #                            || / _--=> preempt-depth
 #                            ||| /     delay
 #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
 #              | |       |   ||||       |         |

What happened was that it was using the ring_buffer_iter_empty() function to
see if it was empty, and if it was, it showed the status. But that function
was returning false when it was empty. The reason was that the iter header
page was on the reader page, and the reader page was empty, but so was the
buffer itself. The check only tested to see if the iter was on the commit
page, but the commit page was no longer pointing to the reader page, but as
all pages were empty, the buffer is also.

Fixes: 651e22f2701b ("ring-buffer: Always reset iterator to reader page")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/trace/ring_buffer.c |   16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -3451,11 +3451,23 @@ EXPORT_SYMBOL_GPL(ring_buffer_iter_reset
 int ring_buffer_iter_empty(struct ring_buffer_iter *iter)
 {
 	struct ring_buffer_per_cpu *cpu_buffer;
+	struct buffer_page *reader;
+	struct buffer_page *head_page;
+	struct buffer_page *commit_page;
+	unsigned commit;
 
 	cpu_buffer = iter->cpu_buffer;
 
-	return iter->head_page == cpu_buffer->commit_page &&
-		iter->head == rb_commit_index(cpu_buffer);
+	/* Remember, trace recording is off when iterator is in use */
+	reader = cpu_buffer->reader_page;
+	head_page = cpu_buffer->head_page;
+	commit_page = cpu_buffer->commit_page;
+	commit = rb_page_commit(commit_page);
+
+	return ((iter->head_page == commit_page && iter->head == commit) ||
+		(iter->head_page == reader && commit_page == head_page &&
+		 head_page->read == commit &&
+		 iter->head == rb_page_commit(cpu_buffer->reader_page)));
 }
 EXPORT_SYMBOL_GPL(ring_buffer_iter_empty);
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 06/47] cifs: Do not send echoes before Negotiate is complete
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 05/47] ring-buffer: Have ring_buffer_iter_empty() return true when empty Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 07/47] CIFS: remove bad_network_name flag Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sachin Prabhu, Jonathan Liu,
	Pavel Shilovsky, Steve French

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sachin Prabhu <sprabhu@redhat.com>

commit 62a6cfddcc0a5313e7da3e8311ba16226fe0ac10 upstream.

commit 4fcd1813e640 ("Fix reconnect to not defer smb3 session reconnect
long after socket reconnect") added support for Negotiate requests to
be initiated by echo calls.

To avoid delays in calling echo after a reconnect, I added the patch
introduced by the commit b8c600120fc8 ("Call echo service immediately
after socket reconnect").

This has however caused a regression with cifs shares which do not have
support for echo calls to trigger Negotiate requests. On connections
which need to call Negotiation, the echo calls trigger an error which
triggers a reconnect which in turn triggers another echo call. This
results in a loop which is only broken when an operation is performed on
the cifs share. For an idle share, it can DOS a server.

The patch uses the smb_operation can_echo() for cifs so that it is
called only if connection has been already been setup.

kernel bz: 194531

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Tested-by: Jonathan Liu <net147@gmail.com>
Acked-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/smb1ops.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
@@ -1014,6 +1014,15 @@ cifs_dir_needs_close(struct cifsFileInfo
 	return !cfile->srch_inf.endOfSearch && !cfile->invalidHandle;
 }
 
+static bool
+cifs_can_echo(struct TCP_Server_Info *server)
+{
+	if (server->tcpStatus == CifsGood)
+		return true;
+
+	return false;
+}
+
 struct smb_version_operations smb1_operations = {
 	.send_cancel = send_nt_cancel,
 	.compare_fids = cifs_compare_fids,
@@ -1048,6 +1057,7 @@ struct smb_version_operations smb1_opera
 	.get_dfs_refer = CIFSGetDFSRefer,
 	.qfs_tcon = cifs_qfs_tcon,
 	.is_path_accessible = cifs_is_path_accessible,
+	.can_echo = cifs_can_echo,
 	.query_path_info = cifs_query_path_info,
 	.query_file_info = cifs_query_file_info,
 	.get_srv_inum = cifs_get_srv_inum,

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 07/47] CIFS: remove bad_network_name flag
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 06/47] cifs: Do not send echoes before Negotiate is complete Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 08/47] s390/mm: fix CMMA vs KSM vs others Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Germano Percossi, Pavel Shilovsky,
	Steve French

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Germano Percossi <germano.percossi@citrix.com>

commit a0918f1ce6a43ac980b42b300ec443c154970979 upstream.

STATUS_BAD_NETWORK_NAME can be received during node failover,
causing the flag to be set and making the reconnect thread
always unsuccessful, thereafter.

Once the only place where it is set is removed, the remaining
bits are rendered moot.

Removing it does not prevent "mount" from failing when a non
existent share is passed.

What happens when the share really ceases to exist while the
share is mounted is undefined now as much as it was before.

Signed-off-by: Germano Percossi <germano.percossi@citrix.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/cifsglob.h |    1 -
 fs/cifs/smb2pdu.c  |    5 -----
 2 files changed, 6 deletions(-)

--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -891,7 +891,6 @@ struct cifs_tcon {
 	bool need_reconnect:1; /* connection reset, tid now invalid */
 #ifdef CONFIG_CIFS_SMB2
 	bool print:1;		/* set if connection to printer share */
-	bool bad_network_name:1; /* set if ret status STATUS_BAD_NETWORK_NAME */
 	__le32 capabilities;
 	__u32 share_flags;
 	__u32 maximal_access;
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -854,9 +854,6 @@ SMB2_tcon(const unsigned int xid, struct
 	else
 		return -EIO;
 
-	if (tcon && tcon->bad_network_name)
-		return -ENOENT;
-
 	unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
 	if (unc_path == NULL)
 		return -ENOMEM;
@@ -950,8 +947,6 @@ tcon_exit:
 tcon_error_exit:
 	if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) {
 		cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
-		if (tcon)
-			tcon->bad_network_name = true;
 	}
 	goto tcon_exit;
 }

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 08/47] s390/mm: fix CMMA vs KSM vs others
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 07/47] CIFS: remove bad_network_name flag Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 09/47] Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Martin Schwidefsky

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christian Borntraeger <borntraeger@de.ibm.com>

commit a8f60d1fadf7b8b54449fcc9d6b15248917478ba upstream.

On heavy paging with KSM I see guest data corruption. Turns out that
KSM will add pages to its tree, where the mapping return true for
pte_unused (or might become as such later).  KSM will unmap such pages
and reinstantiate with different attributes (e.g. write protected or
special, e.g. in replace_page or write_protect_page)). This uncovered
a bug in our pagetable handling: We must remove the unused flag as
soon as an entry becomes present again.

Signed-of-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 arch/s390/include/asm/pgtable.h |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/s390/include/asm/pgtable.h
+++ b/arch/s390/include/asm/pgtable.h
@@ -863,6 +863,8 @@ static inline void set_pte_at(struct mm_
 {
 	pgste_t pgste;
 
+	if (pte_present(entry))
+		pte_val(entry) &= ~_PAGE_UNUSED;
 	if (mm_has_pgste(mm)) {
 		pgste = pgste_get_lock(ptep);
 		pgste_val(pgste) &= ~_PGSTE_GPS_ZERO;

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 09/47] Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 08/47] s390/mm: fix CMMA vs KSM vs others Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 10/47] ACPI / power: Avoid maybe-uninitialized warning Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Thorsten Leemhuis, Ulrik De Bie,
	Dmitry Torokhov

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Thorsten Leemhuis <linux@leemhuis.info>

commit 704de489e0e3640a2ee2d0daf173e9f7375582ba upstream.

Temporary got a Lifebook E547 into my hands and noticed the touchpad
only works after running:

	echo "1" > /sys/devices/platform/i8042/serio2/crc_enabled

Add it to the list of machines that need this workaround.

Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>
Reviewed-by: Ulrik De Bie <ulrik.debie-os@e2big.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/input/mouse/elantech.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -1115,6 +1115,7 @@ static int elantech_get_resolution_v4(st
  * Asus UX32VD             0x361f02        00, 15, 0e      clickpad
  * Avatar AVIU-145A2       0x361f00        ?               clickpad
  * Fujitsu LIFEBOOK E544   0x470f00        d0, 12, 09      2 hw buttons
+ * Fujitsu LIFEBOOK E547   0x470f00        50, 12, 09      2 hw buttons
  * Fujitsu LIFEBOOK E554   0x570f01        40, 14, 0c      2 hw buttons
  * Fujitsu H730            0x570f00        c0, 14, 0c      3 hw buttons (**)
  * Gigabyte U2442          0x450f01        58, 17, 0c      2 hw buttons
@@ -1496,6 +1497,13 @@ static const struct dmi_system_id elante
 		},
 	},
 	{
+		/* Fujitsu LIFEBOOK E547 does not work with crc_enabled == 0 */
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
+			DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E547"),
+		},
+	},
+	{
 		/* Fujitsu LIFEBOOK E554  does not work with crc_enabled == 0 */
 		.matches = {
 			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 10/47] ACPI / power: Avoid maybe-uninitialized warning
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 09/47] Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 11/47] mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Rafael J. Wysocki

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit fe8c470ab87d90e4b5115902dd94eced7e3305c3 upstream.

gcc -O2 cannot always prove that the loop in acpi_power_get_inferred_state()
is enterered at least once, so it assumes that cur_state might not get
initialized:

drivers/acpi/power.c: In function 'acpi_power_get_inferred_state':
drivers/acpi/power.c:222:9: error: 'cur_state' may be used uninitialized in this function [-Werror=maybe-uninitialized]

This sets the variable to zero at the start of the loop, to ensure that
there is well-defined behavior even for an empty list. This gets rid of
the warning.

The warning first showed up when the -Os flag got removed in a bug fix
patch in linux-4.11-rc5.

I would suggest merging this addon patch on top of that bug fix to avoid
introducing a new warning in the stable kernels.

Fixes: 61b79e16c68d (ACPI: Fix incompatibility with mcount-based function graph tracing)
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/acpi/power.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/acpi/power.c
+++ b/drivers/acpi/power.c
@@ -201,6 +201,7 @@ static int acpi_power_get_list_state(str
 		return -EINVAL;
 
 	/* The state of the list is 'on' IFF all resources are 'on'. */
+	cur_state = 0;
 	list_for_each_entry(entry, list, node) {
 		struct acpi_power_resource *resource = entry->resource;
 		acpi_handle handle = resource->device.handle;

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 11/47] mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 10/47] ACPI / power: Avoid maybe-uninitialized warning Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 12/47] ubi/upd: Always flush after prepared for an update Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Haibo Chen, Dong Aisheng,
	Adrian Hunter, Ulf Hansson

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Haibo Chen <haibo.chen@nxp.com>

commit 9f327845358d3dd0d8a5a7a5436b0aa5c432e757 upstream.

Currently for DDR50 card, it need tuning in default. We meet tuning fail
issue for DDR50 card and some data CRC error when DDR50 sd card works.

This is because the default pad I/O drive strength can't make sure DDR50
card work stable. So increase the pad I/O drive strength for DDR50 card,
and use pins_100mhz.

This fixes DDR50 card support for IMX since DDR50 tuning was enabled from
commit 9faac7b95ea4 ("mmc: sdhci: enable tuning for DDR50")

Tested-and-reported-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Acked-by: Dong Aisheng <aisheng.dong@nxp.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/host/sdhci-esdhc-imx.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/mmc/host/sdhci-esdhc-imx.c
+++ b/drivers/mmc/host/sdhci-esdhc-imx.c
@@ -824,6 +824,7 @@ static int esdhc_change_pinstate(struct
 
 	switch (uhs) {
 	case MMC_TIMING_UHS_SDR50:
+	case MMC_TIMING_UHS_DDR50:
 		pinctrl = imx_data->pins_100mhz;
 		break;
 	case MMC_TIMING_UHS_SDR104:

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 12/47] ubi/upd: Always flush after prepared for an update
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 11/47] mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 13/47] powerpc/kprobe: Fix oops when kprobed on stdu instruction Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior,
	Richard Weinberger

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sebastian Siewior <bigeasy@linutronix.de>

commit 9cd9a21ce070be8a918ffd3381468315a7a76ba6 upstream.

In commit 6afaf8a484cb ("UBI: flush wl before clearing update marker") I
managed to trigger and fix a similar bug. Now here is another version of
which I assumed it wouldn't matter back then but it turns out UBI has a
check for it and will error out like this:

|ubi0 warning: validate_vid_hdr: inconsistent used_ebs
|ubi0 error: validate_vid_hdr: inconsistent VID header at PEB 592

All you need to trigger this is? "ubiupdatevol /dev/ubi0_0 file" + a
powercut in the middle of the operation.
ubi_start_update() sets the update-marker and puts all EBs on the erase
list. After that userland can proceed to write new data while the old EB
aren't erased completely. A powercut at this point is usually not that
much of a tragedy. UBI won't give read access to the static volume
because it has the update marker. It will most likely set the corrupted
flag because it misses some EBs.
So we are all good. Unless the size of the image that has been written
differs from the old image in the magnitude of at least one EB. In that
case UBI will find two different values for `used_ebs' and refuse to
attach the image with the error message mentioned above.

So in order not to get in the situation, the patch will ensure that we
wait until everything is removed before it tries to write any data.
The alternative would be to detect such a case and remove all EBs at the
attached time after we processed the volume-table and see the
update-marker set. The patch looks bigger and I doubt it is worth it
since usually the write() will wait from time to time for a new EB since
usually there not that many spare EB that can be used.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mtd/ubi/upd.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/mtd/ubi/upd.c
+++ b/drivers/mtd/ubi/upd.c
@@ -148,11 +148,11 @@ int ubi_start_update(struct ubi_device *
 			return err;
 	}
 
-	if (bytes == 0) {
-		err = ubi_wl_flush(ubi, UBI_ALL, UBI_ALL);
-		if (err)
-			return err;
+	err = ubi_wl_flush(ubi, UBI_ALL, UBI_ALL);
+	if (err)
+		return err;
 
+	if (bytes == 0) {
 		err = clear_update_marker(ubi, vol, 0);
 		if (err)
 			return err;

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 13/47] powerpc/kprobe: Fix oops when kprobed on stdu instruction
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 12/47] ubi/upd: Always flush after prepared for an update Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 14/47] x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ravi Bangoria, Naveen N. Rao,
	Ananth N Mavinakayanahalli, Michael Ellerman

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>

commit 9e1ba4f27f018742a1aa95d11e35106feba08ec1 upstream.

If we set a kprobe on a 'stdu' instruction on powerpc64, we see a kernel
OOPS:

  Bad kernel stack pointer cd93c840 at c000000000009868
  Oops: Bad kernel stack pointer, sig: 6 [#1]
  ...
  GPR00: c000001fcd93cb30 00000000cd93c840 c0000000015c5e00 00000000cd93c840
  ...
  NIP [c000000000009868] resume_kernel+0x2c/0x58
  LR [c000000000006208] program_check_common+0x108/0x180

On a 64-bit system when the user probes on a 'stdu' instruction, the kernel does
not emulate actual store in emulate_step() because it may corrupt the exception
frame. So the kernel does the actual store operation in exception return code
i.e. resume_kernel().

resume_kernel() loads the saved stack pointer from memory using lwz, which only
loads the low 32-bits of the address, causing the kernel crash.

Fix this by loading the 64-bit value instead.

Fixes: be96f63375a1 ("powerpc: Split out instruction analysis part of emulate_step()")
Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
Reviewed-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Reviewed-by: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
[mpe: Change log massage, add stable tag]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/kernel/entry_64.S |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -677,7 +677,7 @@ resume_kernel:
 
 	addi	r8,r1,INT_FRAME_SIZE	/* Get the kprobed function entry */
 
-	lwz	r3,GPR1(r1)
+	ld	r3,GPR1(r1)
 	subi	r3,r3,INT_FRAME_SIZE	/* dst: Allocate a trampoline exception frame */
 	mr	r4,r1			/* src:  current exception frame */
 	mr	r1,r3			/* Reroute the trampoline frame to r1 */
@@ -691,8 +691,8 @@ resume_kernel:
 	addi	r6,r6,8
 	bdnz	2b
 
-	/* Do real store operation to complete stwu */
-	lwz	r5,GPR1(r1)
+	/* Do real store operation to complete stdu */
+	ld	r5,GPR1(r1)
 	std	r8,0(r5)
 
 	/* Clear _TIF_EMULATE_STACK_STORE flag */

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 14/47] x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 13/47] powerpc/kprobe: Fix oops when kprobed on stdu instruction Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 15/47] kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yazen Ghannam, Borislav Petkov,
	Thomas Gleixner

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Yazen Ghannam <yazen.ghannam@amd.com>

commit 29f72ce3e4d18066ec75c79c857bee0618a3504b upstream.

MCA bank 3 is reserved on systems pre-Fam17h, so it didn't have a name.
However, MCA bank 3 is defined on Fam17h systems and can be accessed
using legacy MSRs. Without a name we get a stack trace on Fam17h systems
when trying to register sysfs files for bank 3 on kernels that don't
recognize Scalable MCA.

Call MCA bank 3 "decode_unit" since this is what it represents on
Fam17h. This will allow kernels without SMCA support to see this bank on
Fam17h+ and prevent the stack trace. This will not affect older systems
since this bank is reserved on them, i.e. it'll be ignored.

Tested on AMD Fam15h and Fam17h systems.

  WARNING: CPU: 26 PID: 1 at lib/kobject.c:210 kobject_add_internal
  kobject: (ffff88085bb256c0): attempted to be registered with empty name!
  ...
  Call Trace:
   kobject_add_internal
   kobject_add
   kobject_create_and_add
   threshold_create_device
   threshold_init_device

Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: http://lkml.kernel.org/r/1490102285-3659-1-git-send-email-Yazen.Ghannam@amd.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/cpu/mcheck/mce_amd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
@@ -51,7 +51,7 @@ static const char * const th_names[] = {
 	"load_store",
 	"insn_fetch",
 	"combined_unit",
-	"",
+	"decode_unit",
 	"northbridge",
 	"execution_unit",
 };

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 15/47] kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 14/47] x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 16/47] arm64: avoid returning from bad_mode Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paolo Bonzini, Marc Zyngier,
	Christoffer Dall, Mark Rutland, Suzuki K Poulose,
	Christoffer Dall

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 8b3405e345b5a098101b0c31b264c812bba045d9 upstream.

In kvm_free_stage2_pgd() we don't hold the kvm->mmu_lock while calling
unmap_stage2_range() on the entire memory range for the guest. This could
cause problems with other callers (e.g, munmap on a memslot) trying to
unmap a range. And since we have to unmap the entire Guest memory range
holding a spinlock, make sure we yield the lock if necessary, after we
unmap each PUD range.

Fixes: commit d5d8184d35c9 ("KVM: ARM: Memory virtualization setup")
Cc: Paolo Bonzini <pbonzin@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Christoffer Dall <christoffer.dall@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
[ Avoid vCPU starvation and lockup detector warnings ]
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/kvm/mmu.c |   12 ++++++++++++
 1 file changed, 12 insertions(+)

--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -256,6 +256,14 @@ static void unmap_range(struct kvm *kvm,
 		next = kvm_pgd_addr_end(addr, end);
 		if (!pgd_none(*pgd))
 			unmap_puds(kvm, pgd, addr, next);
+		/*
+		 * If we are dealing with a large range in
+		 * stage2 table, release the kvm->mmu_lock
+		 * to prevent starvation and lockup detector
+		 * warnings.
+		 */
+		if (kvm && (next != end))
+			cond_resched_lock(&kvm->mmu_lock);
 	} while (pgd++, addr = next, addr != end);
 }
 
@@ -693,6 +701,7 @@ int kvm_alloc_stage2_pgd(struct kvm *kvm
  */
 static void unmap_stage2_range(struct kvm *kvm, phys_addr_t start, u64 size)
 {
+	assert_spin_locked(&kvm->mmu_lock);
 	unmap_range(kvm, kvm->arch.pgd, start, size);
 }
 
@@ -777,7 +786,10 @@ void kvm_free_stage2_pgd(struct kvm *kvm
 	if (kvm->arch.pgd == NULL)
 		return;
 
+	spin_lock(&kvm->mmu_lock);
 	unmap_stage2_range(kvm, 0, KVM_PHYS_SIZE);
+	spin_unlock(&kvm->mmu_lock);
+
 	kvm_free_hwpgd(kvm_get_hwpgd(kvm));
 	if (KVM_PREALLOC_LEVEL > 0)
 		kfree(kvm->arch.pgd);

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 16/47] arm64: avoid returning from bad_mode
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 15/47] kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 17/47] clk: at91: usb: fix determine_rate prototype again Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mark Rutland, Mark Salter,
	Will Deacon, Catalin Marinas

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mark Rutland <mark.rutland@arm.com>

commit 7d9e8f71b989230bc613d121ca38507d34ada849 upstream.

Generally, taking an unexpected exception should be a fatal event, and
bad_mode is intended to cater for this. However, it should be possible
to contain unexpected synchronous exceptions from EL0 without bringing
the kernel down, by sending a SIGILL to the task.

We tried to apply this approach in commit 9955ac47f4ba1c95 ("arm64:
don't kill the kernel on a bad esr from el0"), by sending a signal for
any bad_mode call resulting from an EL0 exception.

However, this also applies to other unexpected exceptions, such as
SError and FIQ. The entry paths for these exceptions branch to bad_mode
without configuring the link register, and have no kernel_exit. Thus, if
we take one of these exceptions from EL0, bad_mode will eventually
return to the original user link register value.

This patch fixes this by introducing a new bad_el0_sync handler to cater
for the recoverable case, and restoring bad_mode to its original state,
whereby it calls panic() and never returns. The recoverable case
branches to bad_el0_sync with a bl, and returns to userspace via the
usual ret_to_user mechanism.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Fixes: 9955ac47f4ba1c95 ("arm64: don't kill the kernel on a bad esr from el0")
Reported-by: Mark Salter <msalter@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 arch/arm64/kernel/entry.S |    4 ++--
 arch/arm64/kernel/traps.c |   28 ++++++++++++++++++++++++----
 2 files changed, 26 insertions(+), 6 deletions(-)

--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -551,8 +551,8 @@ el0_inv:
 	mov	x0, sp
 	mov	x1, #BAD_SYNC
 	mrs	x2, esr_el1
-	adr	lr, ret_to_user
-	b	bad_mode
+	bl	bad_el0_sync
+	b	ret_to_user
 ENDPROC(el0_sync)
 
 	.align	6
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -308,16 +308,33 @@ asmlinkage long do_ni_syscall(struct pt_
 }
 
 /*
- * bad_mode handles the impossible case in the exception vector.
+ * bad_mode handles the impossible case in the exception vector. This is always
+ * fatal.
  */
 asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr)
 {
-	siginfo_t info;
-	void __user *pc = (void __user *)instruction_pointer(regs);
 	console_verbose();
 
 	pr_crit("Bad mode in %s handler detected, code 0x%08x\n",
 		handler[reason], esr);
+
+	die("Oops - bad mode", regs, 0);
+	local_irq_disable();
+	panic("bad mode");
+}
+
+/*
+ * bad_el0_sync handles unexpected, but potentially recoverable synchronous
+ * exceptions taken from EL0. Unlike bad_mode, this returns.
+ */
+asmlinkage void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr)
+{
+	siginfo_t info;
+	void __user *pc = (void __user *)instruction_pointer(regs);
+	console_verbose();
+
+	pr_crit("Bad EL0 synchronous exception detected on CPU%d, code 0x%08x\n",
+		smp_processor_id(), esr);
 	__show_regs(regs);
 
 	info.si_signo = SIGILL;
@@ -325,7 +342,10 @@ asmlinkage void bad_mode(struct pt_regs
 	info.si_code  = ILL_ILLOPC;
 	info.si_addr  = pc;
 
-	arm64_notify_die("Oops - bad mode", regs, &info, 0);
+	current->thread.fault_address = 0;
+	current->thread.fault_code = 0;
+
+	force_sig_info(info.si_signo, &info, current);
 }
 
 void __pte_error(const char *file, int line, unsigned long val)

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 17/47] clk: at91: usb: fix determine_rate prototype again
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 16/47] arm64: avoid returning from bad_mode Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 18/47] gadgetfs: fix uninitialized variable in error handling Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Boris Brezillon, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

We had an incorrect backport of
4591243102fa ("clk: at91: usb: propagate rate modification to the parent clk")
that was fixed incorrectly in linux-3.18.y by
76723e7ed589 ("clk: at91: usb: fix determine_rate prototype")

as shown by this warning:

drivers/clk/at91/clk-usb.c:155:20: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
drivers/clk/at91/clk-usb.c:193:20: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]

This should fix it properly.

Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/clk/at91/clk-usb.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/clk/at91/clk-usb.c
+++ b/drivers/clk/at91/clk-usb.c
@@ -59,7 +59,7 @@ static unsigned long at91sam9x5_clk_usb_
 static long at91sam9x5_clk_usb_determine_rate(struct clk_hw *hw,
 					      unsigned long rate,
 					      unsigned long *best_parent_rate,
-					      struct clk_hw **best_parent_hw)
+					      struct clk **best_parent_hw)
 {
 	struct clk *parent = NULL;
 	long best_rate = -EINVAL;
@@ -91,7 +91,7 @@ static long at91sam9x5_clk_usb_determine
 				best_rate = tmp_rate;
 				best_diff = tmp_diff;
 				*best_parent_rate = tmp_parent_rate;
-				*best_parent_hw = __clk_get_hw(parent);
+				*best_parent_hw = parent;
 			}
 
 			if (!best_diff || tmp_rate < rate)

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 18/47] gadgetfs: fix uninitialized variable in error handling
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 17/47] clk: at91: usb: fix determine_rate prototype again Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 19/47] dm bufio: hide bogus warning Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

gcc warns about a bug in 3.18.y:

drivers/usb/gadget/legacy/inode.c:648:10: warning: 'value' may be used

This is caused by the backport of f01d35a15fa0416 from 4.0 to 3.18:
c81fc59be42c6e0 gadgetfs: use-after-free in ->aio_read()

The backported patch was buggy, but the mainline code was rewritten
in a larger patch directly following this one in a way that fixed the
bug.

For stable, we should need only a one-line change to make sure we
return an proper error code. It is very unlikely that anybody ever
ran into the out-of-memory case here in practice, but the compiler
is right in theory.

Fixes: c81fc59be42c ("gadgetfs: use-after-free in ->aio_read()")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/gadget/legacy/inode.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -654,6 +654,7 @@ fail:
 				   GFP_KERNEL);
 		if (!priv->iv) {
 			kfree(priv);
+			value = -ENOMEM;
 			goto fail;
 		}
 	}

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 19/47] dm bufio: hide bogus warning
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 18/47] gadgetfs: fix uninitialized variable in error handling Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 20/47] MIPS: Fix the build on jz4740 after removing the custom gpio.h Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

mips-gcc-5.3 warns about correct code on linux-3.18 and earlier:

In file included from ../include/linux/blkdev.h:4:0,
                 from ../drivers/md/dm-bufio.h:12,
                 from ../drivers/md/dm-bufio.c:9:
../drivers/md/dm-bufio.c: In function 'alloc_buffer':
../include/linux/sched.h:1975:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized]
  current->flags = (current->flags & ~PF_MEMALLOC_NOIO) | flags;
                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
../drivers/md/dm-bufio.c:325:11: note: 'noio_flag' was declared here

The warning disappeared on later kernels with this commit: be0c37c985ed
("MIPS: Rearrange PTE bits into fixed positions.")  I assume this only
happened because it changed some inlining decisions.

On 3.18.y, we can shut up the warning by adding an extra initialization.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/md/dm-bufio.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/md/dm-bufio.c
+++ b/drivers/md/dm-bufio.c
@@ -349,6 +349,7 @@ static void *alloc_buffer_data(struct dm
 	 * as if GFP_NOIO was specified.
 	 */
 
+	noio_flag = 0;
 	if (gfp_mask & __GFP_NORETRY)
 		noio_flag = memalloc_noio_save();
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 20/47] MIPS: Fix the build on jz4740 after removing the custom gpio.h
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 19/47] dm bufio: hide bogus warning Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 21/47] perf: Avoid horrible stack usage Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alban Bedel, Paul Burton,
	Lars-Peter Clausen, Brian Norris, Thomas Gleixner, Linus Walleij,
	linux-mips, Ralf Baechle, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alban Bedel <albeu@free.fr>

commit 5b235dc2647e4977b17b5c41d959d0f455831c3f upstream.

Somehow the wrong version of the patch to remove the use of custom
gpio.h on mips has been merged. This patch add the missing fixes for a
build error on jz4740 because linux/gpio.h doesn't provide any machine
specfics definitions anymore.

Signed-off-by: Alban Bedel <albeu@free.fr>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Cc: Brian Norris <computersforpeace@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/11089/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/jz4740/board-qi_lb60.c |    1 +
 arch/mips/jz4740/gpio.c          |    1 +
 2 files changed, 2 insertions(+)

--- a/arch/mips/jz4740/board-qi_lb60.c
+++ b/arch/mips/jz4740/board-qi_lb60.c
@@ -26,6 +26,7 @@
 #include <linux/power/jz4740-battery.h>
 #include <linux/power/gpio-charger.h>
 
+#include <asm/mach-jz4740/gpio.h>
 #include <asm/mach-jz4740/jz4740_fb.h>
 #include <asm/mach-jz4740/jz4740_mmc.h>
 #include <asm/mach-jz4740/jz4740_nand.h>
--- a/arch/mips/jz4740/gpio.c
+++ b/arch/mips/jz4740/gpio.c
@@ -27,6 +27,7 @@
 #include <linux/seq_file.h>
 
 #include <asm/mach-jz4740/base.h>
+#include <asm/mach-jz4740/gpio.h>
 
 #include "irq.h"
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 21/47] perf: Avoid horrible stack usage
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 20/47] MIPS: Fix the build on jz4740 after removing the custom gpio.h Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 22/47] fs/nfs: fix new compiler warning about boolean in switch Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Steven Rostedt,
	Peter Zijlstra (Intel),
	Arnaldo Carvalho de Melo, Javi Merino, Mathieu Desnoyers,
	Oleg Nesterov, Paul Mackerras, Petr Mladek, Tom Zanussi,
	Vaibhav Nagarnaik, Ingo Molnar, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Peter Zijlstra (Intel) <peterz@infradead.org>

commit 86038c5ea81b519a8a1fcfcd5e4599aab0cdd119 upstream.

Both Linus (most recent) and Steve (a while ago) reported that perf
related callbacks have massive stack bloat.

The problem is that software events need a pt_regs in order to
properly report the event location and unwind stack. And because we
could not assume one was present we allocated one on stack and filled
it with minimal bits required for operation.

Now, pt_regs is quite large, so this is undesirable. Furthermore it
turns out that most sites actually have a pt_regs pointer available,
making this even more onerous, as the stack space is pointless waste.

This patch addresses the problem by observing that software events
have well defined nesting semantics, therefore we can use static
per-cpu storage instead of on-stack.

Linus made the further observation that all but the scheduler callers
of perf_sw_event() have a pt_regs available, so we change the regular
perf_sw_event() to require a valid pt_regs (where it used to be
optional) and add perf_sw_event_sched() for the scheduler.

We have a scheduler specific call instead of a more generic _noregs()
like construct because we can assume non-recursion from the scheduler
and thereby simplify the code further (_noregs would have to put the
recursion context call inline in order to assertain which __perf_regs
element to use).

One last note on the implementation of perf_trace_buf_prepare(); we
allow .regs = NULL for those cases where we already have a pt_regs
pointer available and do not need another.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Javi Merino <javi.merino@arm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Petr Mladek <pmladek@suse.cz>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: Vaibhav Nagarnaik <vnagarnaik@google.com>
Link: http://lkml.kernel.org/r/20141216115041.GW3337@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/ftrace_event.h    |    2 +-
 include/linux/perf_event.h      |   28 +++++++++++++++++++++-------
 include/trace/ftrace.h          |    7 ++++---
 kernel/events/core.c            |   23 +++++++++++++++++------
 kernel/sched/core.c             |    2 +-
 kernel/trace/trace_event_perf.c |    4 +++-
 kernel/trace/trace_kprobe.c     |    4 ++--
 kernel/trace/trace_syscalls.c   |    4 ++--
 kernel/trace/trace_uprobe.c     |    2 +-
 9 files changed, 52 insertions(+), 24 deletions(-)

--- a/include/linux/ftrace_event.h
+++ b/include/linux/ftrace_event.h
@@ -584,7 +584,7 @@ extern int  ftrace_profile_set_filter(st
 				     char *filter_str);
 extern void ftrace_profile_free_filter(struct perf_event *event);
 extern void *perf_trace_buf_prepare(int size, unsigned short type,
-				    struct pt_regs *regs, int *rctxp);
+				    struct pt_regs **regs, int *rctxp);
 
 static inline void
 perf_trace_buf_submit(void *raw_data, int size, int rctx, u64 addr,
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -660,6 +660,7 @@ static inline int is_software_event(stru
 
 extern struct static_key perf_swevent_enabled[PERF_COUNT_SW_MAX];
 
+extern void ___perf_sw_event(u32, u64, struct pt_regs *, u64);
 extern void __perf_sw_event(u32, u64, struct pt_regs *, u64);
 
 #ifndef perf_arch_fetch_caller_regs
@@ -684,14 +685,25 @@ static inline void perf_fetch_caller_reg
 static __always_inline void
 perf_sw_event(u32 event_id, u64 nr, struct pt_regs *regs, u64 addr)
 {
-	struct pt_regs hot_regs;
+	if (static_key_false(&perf_swevent_enabled[event_id]))
+		__perf_sw_event(event_id, nr, regs, addr);
+}
+
+DECLARE_PER_CPU(struct pt_regs, __perf_regs[4]);
 
+/*
+ * 'Special' version for the scheduler, it hard assumes no recursion,
+ * which is guaranteed by us not actually scheduling inside other swevents
+ * because those disable preemption.
+ */
+static __always_inline void
+perf_sw_event_sched(u32 event_id, u64 nr, u64 addr)
+{
 	if (static_key_false(&perf_swevent_enabled[event_id])) {
-		if (!regs) {
-			perf_fetch_caller_regs(&hot_regs);
-			regs = &hot_regs;
-		}
-		__perf_sw_event(event_id, nr, regs, addr);
+		struct pt_regs *regs = this_cpu_ptr(&__perf_regs[0]);
+
+		perf_fetch_caller_regs(regs);
+		___perf_sw_event(event_id, nr, regs, addr);
 	}
 }
 
@@ -707,7 +719,7 @@ static inline void perf_event_task_sched
 static inline void perf_event_task_sched_out(struct task_struct *prev,
 					     struct task_struct *next)
 {
-	perf_sw_event(PERF_COUNT_SW_CONTEXT_SWITCHES, 1, NULL, 0);
+	perf_sw_event_sched(PERF_COUNT_SW_CONTEXT_SWITCHES, 1, 0);
 
 	if (static_key_false(&perf_sched_events.key))
 		__perf_event_task_sched_out(prev, next);
@@ -818,6 +830,8 @@ static inline int perf_event_refresh(str
 static inline void
 perf_sw_event(u32 event_id, u64 nr, struct pt_regs *regs, u64 addr)	{ }
 static inline void
+perf_sw_event_sched(u32 event_id, u64 nr, u64 addr)			{ }
+static inline void
 perf_bp_event(struct perf_event *event, void *data)			{ }
 
 static inline int perf_register_guest_info_callbacks
--- a/include/trace/ftrace.h
+++ b/include/trace/ftrace.h
@@ -765,7 +765,7 @@ perf_trace_##call(void *__data, proto)
 	struct ftrace_event_call *event_call = __data;			\
 	struct ftrace_data_offsets_##call __maybe_unused __data_offsets;\
 	struct ftrace_raw_##call *entry;				\
-	struct pt_regs __regs;						\
+	struct pt_regs *__regs;						\
 	u64 __addr = 0, __count = 1;					\
 	struct task_struct *__task = NULL;				\
 	struct hlist_head *head;					\
@@ -784,18 +784,19 @@ perf_trace_##call(void *__data, proto)
 			     sizeof(u64));				\
 	__entry_size -= sizeof(u32);					\
 									\
-	perf_fetch_caller_regs(&__regs);				\
 	entry = perf_trace_buf_prepare(__entry_size,			\
 			event_call->event.type, &__regs, &rctx);	\
 	if (!entry)							\
 		return;							\
 									\
+	perf_fetch_caller_regs(__regs);					\
+									\
 	tstruct								\
 									\
 	{ assign; }							\
 									\
 	perf_trace_buf_submit(entry, __entry_size, rctx, __addr,	\
-		__count, &__regs, head, __task);			\
+		__count, __regs, head, __task);				\
 }
 
 /*
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5905,6 +5905,8 @@ end:
 	rcu_read_unlock();
 }
 
+DEFINE_PER_CPU(struct pt_regs, __perf_regs[4]);
+
 int perf_swevent_get_recursion_context(void)
 {
 	struct swevent_htable *swhash = this_cpu_ptr(&swevent_htable);
@@ -5920,21 +5922,30 @@ inline void perf_swevent_put_recursion_c
 	put_recursion_context(swhash->recursion, rctx);
 }
 
-void __perf_sw_event(u32 event_id, u64 nr, struct pt_regs *regs, u64 addr)
+void ___perf_sw_event(u32 event_id, u64 nr, struct pt_regs *regs, u64 addr)
 {
 	struct perf_sample_data data;
-	int rctx;
 
-	preempt_disable_notrace();
-	rctx = perf_swevent_get_recursion_context();
-	if (rctx < 0)
+	if (WARN_ON_ONCE(!regs))
 		return;
 
 	perf_sample_data_init(&data, addr, 0);
-
 	do_perf_sw_event(PERF_TYPE_SOFTWARE, event_id, nr, &data, regs);
+}
+
+void __perf_sw_event(u32 event_id, u64 nr, struct pt_regs *regs, u64 addr)
+{
+	int rctx;
+
+	preempt_disable_notrace();
+	rctx = perf_swevent_get_recursion_context();
+	if (unlikely(rctx < 0))
+		goto fail;
+
+	___perf_sw_event(event_id, nr, regs, addr);
 
 	perf_swevent_put_recursion_context(rctx);
+fail:
 	preempt_enable_notrace();
 }
 
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1083,7 +1083,7 @@ void set_task_cpu(struct task_struct *p,
 		if (p->sched_class->migrate_task_rq)
 			p->sched_class->migrate_task_rq(p, new_cpu);
 		p->se.nr_migrations++;
-		perf_sw_event(PERF_COUNT_SW_CPU_MIGRATIONS, 1, NULL, 0);
+		perf_sw_event_sched(PERF_COUNT_SW_CPU_MIGRATIONS, 1, 0);
 	}
 
 	__set_task_cpu(p, new_cpu);
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -261,7 +261,7 @@ void perf_trace_del(struct perf_event *p
 }
 
 void *perf_trace_buf_prepare(int size, unsigned short type,
-			     struct pt_regs *regs, int *rctxp)
+			     struct pt_regs **regs, int *rctxp)
 {
 	struct trace_entry *entry;
 	unsigned long flags;
@@ -280,6 +280,8 @@ void *perf_trace_buf_prepare(int size, u
 	if (*rctxp < 0)
 		return NULL;
 
+	if (regs)
+		*regs = this_cpu_ptr(&__perf_regs[*rctxp]);
 	raw_data = this_cpu_ptr(perf_trace_buf[*rctxp]);
 
 	/* zero the dead bytes from align to not leak stack to user */
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -1158,7 +1158,7 @@ kprobe_perf_func(struct trace_kprobe *tk
 	size = ALIGN(__size + sizeof(u32), sizeof(u64));
 	size -= sizeof(u32);
 
-	entry = perf_trace_buf_prepare(size, call->event.type, regs, &rctx);
+	entry = perf_trace_buf_prepare(size, call->event.type, NULL, &rctx);
 	if (!entry)
 		return;
 
@@ -1189,7 +1189,7 @@ kretprobe_perf_func(struct trace_kprobe
 	size = ALIGN(__size + sizeof(u32), sizeof(u64));
 	size -= sizeof(u32);
 
-	entry = perf_trace_buf_prepare(size, call->event.type, regs, &rctx);
+	entry = perf_trace_buf_prepare(size, call->event.type, NULL, &rctx);
 	if (!entry)
 		return;
 
--- a/kernel/trace/trace_syscalls.c
+++ b/kernel/trace/trace_syscalls.c
@@ -586,7 +586,7 @@ static void perf_syscall_enter(void *ign
 	size -= sizeof(u32);
 
 	rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
-				sys_data->enter_event->event.type, regs, &rctx);
+				sys_data->enter_event->event.type, NULL, &rctx);
 	if (!rec)
 		return;
 
@@ -659,7 +659,7 @@ static void perf_syscall_exit(void *igno
 	size -= sizeof(u32);
 
 	rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
-				sys_data->exit_event->event.type, regs, &rctx);
+				sys_data->exit_event->event.type, NULL, &rctx);
 	if (!rec)
 		return;
 
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -1115,7 +1115,7 @@ static void __uprobe_perf_func(struct tr
 	if (hlist_empty(head))
 		goto out;
 
-	entry = perf_trace_buf_prepare(size, call->event.type, regs, &rctx);
+	entry = perf_trace_buf_prepare(size, call->event.type, NULL, &rctx);
 	if (!entry)
 		goto out;
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 22/47] fs/nfs: fix new compiler warning about boolean in switch
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 21/47] perf: Avoid horrible stack usage Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 23/47] iommu/vt-d: Remove unused variable Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andre Przywara, Trond Myklebust,
	Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Andre Przywara <andre.przywara@arm.com>

commit c7757074839f2cd440521482d76ea180d0d4bdac upstream.

The brand new GCC 5.1.0 warns by default on using a boolean in the
switch condition. This results in the following warning:

fs/nfs/nfs4proc.c: In function 'nfs4_proc_get_rootfh':
fs/nfs/nfs4proc.c:3100:10: warning: switch condition has boolean value [-Wswitch-bool]
  switch (auth_probe) {
          ^

This code was obviously using switch to make use of the fall-through
semantics (without the usual comment, though).
Rewrite that code using if statements to avoid the warning and make
the code a bit more readable on the way.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/nfs4proc.c |   11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3057,16 +3057,13 @@ int nfs4_proc_get_rootfh(struct nfs_serv
 			 struct nfs_fsinfo *info,
 			 bool auth_probe)
 {
-	int status;
+	int status = 0;
 
-	switch (auth_probe) {
-	case false:
+	if (!auth_probe)
 		status = nfs4_lookup_root(server, fhandle, info);
-		if (status != -NFS4ERR_WRONGSEC)
-			break;
-	default:
+
+	if (auth_probe || status == NFS4ERR_WRONGSEC)
 		status = nfs4_do_find_root_sec(server, fhandle, info);
-	}
 
 	if (status == 0)
 		status = nfs4_server_capabilities(server, fhandle);

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 23/47] iommu/vt-d: Remove unused variable
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 22/47] fs/nfs: fix new compiler warning about boolean in switch Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 24/47] mm/init: fix zone boundary creation Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alex Williamson, Joerg Roedel, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alex Williamson <alex.williamson@redhat.com>

commit 509fca899d5682a6eee3d1fb70bba7c89439034b upstream.

Unused after commit 71684406905f ("iommu/vt-d: Detach domain *only*
from attached iommus").  Reported by 0-day builder.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/iommu/intel-iommu.c |    1 -
 1 file changed, 1 deletion(-)

--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -1759,7 +1759,6 @@ static int domain_init(struct dmar_domai
 
 static void domain_exit(struct dmar_domain *domain)
 {
-	struct dmar_drhd_unit *drhd;
 	struct page *freelist = NULL;
 	int i;
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 24/47] mm/init: fix zone boundary creation
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 23/47] iommu/vt-d: Remove unused variable Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 25/47] net: ti: cpmac: Fix compiler warning due to type confusion Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Oliver OHalloran, Anton Blanchard,
	Benjamin Herrenschmidt, Paul Mackerras, Mel Gorman,
	Andrew Morton, Linus Torvalds, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Oliver O'Halloran <oohall@gmail.com>

commit 90cae1fe1c3540f791d5b8e025985fa5e699b2bb upstream.

As a part of memory initialisation the architecture passes an array to
free_area_init_nodes() which specifies the max PFN of each memory zone.
This array is not necessarily monotonic (due to unused zones) so this
array is parsed to build monotonic lists of the min and max PFN for each
zone.  ZONE_MOVABLE is special cased here as its limits are managed by
the mm subsystem rather than the architecture.  Unfortunately, this
special casing is broken when ZONE_MOVABLE is the not the last zone in
the zone list.  The core of the issue is:

	if (i == ZONE_MOVABLE)
		continue;
	arch_zone_lowest_possible_pfn[i] =
		arch_zone_highest_possible_pfn[i-1];

As ZONE_MOVABLE is skipped the lowest_possible_pfn of the next zone will
be set to zero.  This patch fixes this bug by adding explicitly tracking
where the next zone should start rather than relying on the contents
arch_zone_highest_possible_pfn[].

Thie is low priority.  To get bitten by this you need to enable a zone
that appears after ZONE_MOVABLE in the zone_type enum.  As far as I can
tell this means running a kernel with ZONE_DEVICE or ZONE_CMA enabled,
so I can't see this affecting too many people.

I only noticed this because I've been fiddling with ZONE_DEVICE on
powerpc and 4.6 broke my test kernel.  This bug, in conjunction with the
changes in Taku Izumi's kernelcore=mirror patch (d91749c1dda71) and
powerpc being the odd architecture which initialises max_zone_pfn[] to
~0ul instead of 0 caused all of system memory to be placed into
ZONE_DEVICE at boot, followed a panic since device memory cannot be used
for kernel allocations.  I've already submitted a patch to fix the
powerpc specific bits, but I figured this should be fixed too.

Link: http://lkml.kernel.org/r/1462435033-15601-1-git-send-email-oohall@gmail.com
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Cc: Anton Blanchard <anton@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 mm/page_alloc.c |   17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -5337,15 +5337,18 @@ void __init free_area_init_nodes(unsigne
 				sizeof(arch_zone_lowest_possible_pfn));
 	memset(arch_zone_highest_possible_pfn, 0,
 				sizeof(arch_zone_highest_possible_pfn));
-	arch_zone_lowest_possible_pfn[0] = find_min_pfn_with_active_regions();
-	arch_zone_highest_possible_pfn[0] = max_zone_pfn[0];
-	for (i = 1; i < MAX_NR_ZONES; i++) {
+
+	start_pfn = find_min_pfn_with_active_regions();
+
+	for (i = 0; i < MAX_NR_ZONES; i++) {
 		if (i == ZONE_MOVABLE)
 			continue;
-		arch_zone_lowest_possible_pfn[i] =
-			arch_zone_highest_possible_pfn[i-1];
-		arch_zone_highest_possible_pfn[i] =
-			max(max_zone_pfn[i], arch_zone_lowest_possible_pfn[i]);
+
+		end_pfn = max(max_zone_pfn[i], start_pfn);
+		arch_zone_lowest_possible_pfn[i] = start_pfn;
+		arch_zone_highest_possible_pfn[i] = end_pfn;
+
+		start_pfn = end_pfn;
 	}
 	arch_zone_lowest_possible_pfn[ZONE_MOVABLE] = 0;
 	arch_zone_highest_possible_pfn[ZONE_MOVABLE] = 0;

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 25/47] net: ti: cpmac: Fix compiler warning due to type confusion
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 24/47] mm/init: fix zone boundary creation Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 26/47] MIPS: asm: compiler: Add new macros to set ISA and arch asm annotations Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paul Burton, David S. Miller, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Paul Burton <paul.burton@imgtec.com>

commit 2f5281ba2a8feaf6f0aee93356f350855bb530fc upstream.

cpmac_start_xmit() used the max() macro on skb->len (an unsigned int)
and ETH_ZLEN (a signed int literal). This led to the following compiler
warning:

  In file included from include/linux/list.h:8:0,
                   from include/linux/module.h:9,
                   from drivers/net/ethernet/ti/cpmac.c:19:
  drivers/net/ethernet/ti/cpmac.c: In function 'cpmac_start_xmit':
  include/linux/kernel.h:748:17: warning: comparison of distinct pointer
  types lacks a cast
    (void) (&_max1 == &_max2);  \
                   ^
  drivers/net/ethernet/ti/cpmac.c:560:8: note: in expansion of macro 'max'
    len = max(skb->len, ETH_ZLEN);
          ^

On top of this, it assigned the result of the max() macro to a signed
integer whilst all further uses of it result in it being cast to varying
widths of unsigned integer.

Fix this up by using max_t to ensure the comparison is performed as
unsigned integers, and for consistency change the type of the len
variable to unsigned int.

Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/ethernet/ti/cpmac.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/net/ethernet/ti/cpmac.c
+++ b/drivers/net/ethernet/ti/cpmac.c
@@ -547,7 +547,8 @@ fatal_error:
 
 static int cpmac_start_xmit(struct sk_buff *skb, struct net_device *dev)
 {
-	int queue, len;
+	int queue;
+	unsigned int len;
 	struct cpmac_desc *desc;
 	struct cpmac_priv *priv = netdev_priv(dev);
 
@@ -557,7 +558,7 @@ static int cpmac_start_xmit(struct sk_bu
 	if (unlikely(skb_padto(skb, ETH_ZLEN)))
 		return NETDEV_TX_OK;
 
-	len = max(skb->len, ETH_ZLEN);
+	len = max_t(unsigned int, skb->len, ETH_ZLEN);
 	queue = skb_get_queue_mapping(skb);
 	netif_stop_subqueue(dev, queue);
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 26/47] MIPS: asm: compiler: Add new macros to set ISA and arch asm annotations
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 25/47] net: ti: cpmac: Fix compiler warning due to type confusion Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 27/47] nfsd: work around a gcc-5.1 warning Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Markos Chandras, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Markos Chandras <markos.chandras@imgtec.com>

commit be5136988e25ae0dc8379fcb937efc63d87aba9e upstream.

There are certain places where the code uses .set mips32 or .set mips64
or .set arch=r4000. In preparation of MIPS R6 support, and in order to
use as less #ifdefs as possible, we define new macros to set similar
annotations for MIPS R6.

Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/include/asm/compiler.h |   13 +++++++++++++
 1 file changed, 13 insertions(+)

--- a/arch/mips/include/asm/compiler.h
+++ b/arch/mips/include/asm/compiler.h
@@ -16,4 +16,17 @@
 #define GCC_REG_ACCUM "accum"
 #endif
 
+#ifdef CONFIG_CPU_MIPSR6
+#define MIPS_ISA_LEVEL "mips64r6"
+#define MIPS_ISA_ARCH_LEVEL MIPS_ISA_LEVEL
+#define MIPS_ISA_LEVEL_RAW mips64r6
+#define MIPS_ISA_ARCH_LEVEL_RAW MIPS_ISA_LEVEL_RAW
+#else
+/* MIPS64 is a superset of MIPS32 */
+#define MIPS_ISA_LEVEL "mips64r2"
+#define MIPS_ISA_ARCH_LEVEL "arch=r4000"
+#define MIPS_ISA_LEVEL_RAW mips64r2
+#define MIPS_ISA_ARCH_LEVEL_RAW MIPS_ISA_LEVEL_RAW
+#endif /* CONFIG_CPU_MIPSR6 */
+
 #endif /* _ASM_COMPILER_H */

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 27/47] nfsd: work around a gcc-5.1 warning
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 26/47] MIPS: asm: compiler: Add new macros to set ISA and arch asm annotations Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 29/47] brcmfmac: avoid " Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, J. Bruce Fields

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 6ac75368e1a658903cf57b2bbf66e60d34f55558 upstream.

gcc-5.0 warns about a potential uninitialized variable use in nfsd:

fs/nfsd/nfs4state.c: In function 'nfsd4_process_open2':
fs/nfsd/nfs4state.c:3781:3: warning: 'old_deny_bmap' may be used uninitialized in this function [-Wmaybe-uninitialized]
   reset_union_bmap_deny(old_deny_bmap, stp);
   ^
fs/nfsd/nfs4state.c:3760:16: note: 'old_deny_bmap' was declared here
  unsigned char old_deny_bmap;
                ^

This is a false positive, the code path that is warned about cannot
actually be reached.

This adds an initialization for the variable to make the warning go
away.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfsd/nfs4state.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3757,7 +3757,7 @@ static __be32
 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, struct nfsd4_open *open)
 {
 	__be32 status;
-	unsigned char old_deny_bmap;
+	unsigned char old_deny_bmap = stp->st_deny_bmap;
 
 	if (!test_access(open->op_share_access, stp))
 		return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open);
@@ -3766,7 +3766,6 @@ nfs4_upgrade_open(struct svc_rqst *rqstp
 	spin_lock(&fp->fi_lock);
 	status = nfs4_file_check_deny(fp, open->op_share_deny);
 	if (status == nfs_ok) {
-		old_deny_bmap = stp->st_deny_bmap;
 		set_deny(open->op_share_deny, stp);
 		fp->fi_share_deny |=
 				(open->op_share_deny & NFS4_SHARE_DENY_BOTH);

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 29/47] brcmfmac: avoid gcc-5.1 warning
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 27/47] nfsd: work around a gcc-5.1 warning Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 30/47] tty: nozomi: avoid a harmless gcc warning Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Kalle Valo

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 22f44150aad7a1d6b074ab6cf59abee61c7187c6 upstream.

gcc-5.0 gained a new warning in the fwsignal portion of the brcmfmac
driver:

drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c: In function 'brcmf_fws_txs_process':
drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c:1478:8: warning: 'skb' may be used uninitialized in this function [-Wmaybe-uninitialized]

This is a false positive, and marking the brcmf_fws_hanger_poppkt function
as 'static inline' makes the warning go away. I have checked the object
file output and while a little code gets moved around, the size of
the binary remains identical.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c
@@ -635,7 +635,7 @@ static int brcmf_fws_hanger_pushpkt(stru
 	return 0;
 }
 
-static int brcmf_fws_hanger_poppkt(struct brcmf_fws_hanger *h,
+static inline int brcmf_fws_hanger_poppkt(struct brcmf_fws_hanger *h,
 					  u32 slot_id, struct sk_buff **pktout,
 					  bool remove_item)
 {

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 30/47] tty: nozomi: avoid a harmless gcc warning
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 29/47] brcmfmac: avoid " Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 31/47] net: vxge: avoid unused function warnings Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit a4f642a8a3c2838ad09fe8313d45db46600e1478 upstream.

The nozomi wireless data driver has its own helper function to
transfer data from a FIFO, doing an extra byte swap on big-endian
architectures, presumably to bring the data back into byte-serial
order after readw() or readl() perform their implicit byteswap.

This helper function is used in the receive_data() function to
first read the length into a 32-bit variable, which causes
a compile-time warning:

drivers/tty/nozomi.c: In function 'receive_data':
drivers/tty/nozomi.c:857:9: warning: 'size' may be used uninitialized in this function [-Wmaybe-uninitialized]

The problem is that gcc is unsure whether the data was actually
read or not. We know that it is at this point, so we can replace
it with a single readl() to shut up that warning.

I am leaving the byteswap in there, to preserve the existing
behavior, even though this seems fishy: Reading the length of
the data into a cpu-endian variable should normally not use
a second byteswap on big-endian systems, unless the hardware
is aware of the CPU endianess.

There appears to be a lot more confusion about endianess in this
driver, so it probably has not worked on big-endian systems in
a long time, if ever, and I have no way to test it. It's well
possible that this driver has not been used by anyone in a while,
the last patch that looks like it was tested on the hardware is
from 2008.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/nozomi.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/tty/nozomi.c
+++ b/drivers/tty/nozomi.c
@@ -823,7 +823,7 @@ static int receive_data(enum port_type i
 	struct tty_struct *tty = tty_port_tty_get(&port->port);
 	int i, ret;
 
-	read_mem32((u32 *) &size, addr, 4);
+	size = __le32_to_cpu(readl(addr));
 	/*  DBG1( "%d bytes port: %d", size, index); */
 
 	if (tty && test_bit(TTY_THROTTLED, &tty->flags)) {

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 31/47] net: vxge: avoid unused function warnings
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 30/47] tty: nozomi: avoid a harmless gcc warning Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 33/47] hostap: avoid uninitialized variable use in hfa384x_get_rid Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, David S. Miller

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 57e7c8cef224af166b8ec932b5e383641418c005 upstream.

When CONFIG_PCI_MSI is disabled, we get warnings about unused functions
in the vxge driver:

drivers/net/ethernet/neterion/vxge/vxge-main.c:2121:13: warning: 'adaptive_coalesce_tx_interrupts' defined but not used [-Wunused-function]
drivers/net/ethernet/neterion/vxge/vxge-main.c:2149:13: warning: 'adaptive_coalesce_rx_interrupts' defined but not used [-Wunused-function]

We could add another #ifdef here, but it's nicer to avoid those warnings
for good by converting the existing #ifdef to if(IS_ENABLED()), which has
the same effect but provides better compile-time coverage in general,
and lets the compiler understand better when the function is intentionally
unused.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/ethernet/neterion/vxge/vxge-main.c |   31 +++++++++----------------
 1 file changed, 12 insertions(+), 19 deletions(-)

--- a/drivers/net/ethernet/neterion/vxge/vxge-main.c
+++ b/drivers/net/ethernet/neterion/vxge/vxge-main.c
@@ -2223,8 +2223,6 @@ static irqreturn_t vxge_isr_napi(int irq
 	return IRQ_NONE;
 }
 
-#ifdef CONFIG_PCI_MSI
-
 static irqreturn_t vxge_tx_msix_handle(int irq, void *dev_id)
 {
 	struct vxge_fifo *fifo = (struct vxge_fifo *)dev_id;
@@ -2442,16 +2440,13 @@ static void vxge_rem_msix_isr(struct vxg
 	if (vdev->config.intr_type == MSI_X)
 		pci_disable_msix(vdev->pdev);
 }
-#endif
 
 static void vxge_rem_isr(struct vxgedev *vdev)
 {
-#ifdef CONFIG_PCI_MSI
-	if (vdev->config.intr_type == MSI_X) {
+	if (IS_ENABLED(CONFIG_PCI_MSI) &&
+	    vdev->config.intr_type == MSI_X) {
 		vxge_rem_msix_isr(vdev);
-	} else
-#endif
-	if (vdev->config.intr_type == INTA) {
+	} else if (vdev->config.intr_type == INTA) {
 			synchronize_irq(vdev->pdev->irq);
 			free_irq(vdev->pdev->irq, vdev);
 	}
@@ -2460,11 +2455,10 @@ static void vxge_rem_isr(struct vxgedev
 static int vxge_add_isr(struct vxgedev *vdev)
 {
 	int ret = 0;
-#ifdef CONFIG_PCI_MSI
 	int vp_idx = 0, intr_idx = 0, intr_cnt = 0, msix_idx = 0, irq_req = 0;
 	int pci_fun = PCI_FUNC(vdev->pdev->devfn);
 
-	if (vdev->config.intr_type == MSI_X)
+	if (IS_ENABLED(CONFIG_PCI_MSI) && vdev->config.intr_type == MSI_X)
 		ret = vxge_enable_msix(vdev);
 
 	if (ret) {
@@ -2475,7 +2469,7 @@ static int vxge_add_isr(struct vxgedev *
 		vdev->config.intr_type = INTA;
 	}
 
-	if (vdev->config.intr_type == MSI_X) {
+	if (IS_ENABLED(CONFIG_PCI_MSI) && vdev->config.intr_type == MSI_X) {
 		for (intr_idx = 0;
 		     intr_idx < (vdev->no_of_vpath *
 			VXGE_HW_VPATH_MSIX_ACTIVE); intr_idx++) {
@@ -2576,9 +2570,8 @@ static int vxge_add_isr(struct vxgedev *
 		vdev->vxge_entries[intr_cnt].in_use = 1;
 		vdev->vxge_entries[intr_cnt].arg = &vdev->vpaths[0];
 	}
-INTA_MODE:
-#endif
 
+INTA_MODE:
 	if (vdev->config.intr_type == INTA) {
 		snprintf(vdev->desc[0], VXGE_INTR_STRLEN,
 			"%s:vxge:INTA", vdev->ndev->name);
@@ -3889,12 +3882,12 @@ static void vxge_device_config_init(stru
 	if (max_mac_vpath > VXGE_MAX_MAC_ADDR_COUNT)
 		max_mac_vpath = VXGE_MAX_MAC_ADDR_COUNT;
 
-#ifndef CONFIG_PCI_MSI
-	vxge_debug_init(VXGE_ERR,
-		"%s: This Kernel does not support "
-		"MSI-X. Defaulting to INTA", VXGE_DRIVER_NAME);
-	*intr_type = INTA;
-#endif
+	if (!IS_ENABLED(CONFIG_PCI_MSI)) {
+		vxge_debug_init(VXGE_ERR,
+			"%s: This Kernel does not support "
+			"MSI-X. Defaulting to INTA", VXGE_DRIVER_NAME);
+		*intr_type = INTA;
+	}
 
 	/* Configure whether MSI-X or IRQL. */
 	switch (*intr_type) {

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 33/47] hostap: avoid uninitialized variable use in hfa384x_get_rid
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 31/47] net: vxge: avoid unused function warnings Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 34/47] MIPS: MSP71xx: remove odd locking in PCI config space access code Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Kalle Valo

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 48dc5fb3ba53b20418de8514700f63d88c5de3a3 upstream.

The driver reads a value from hfa384x_from_bap(), which may fail,
and then assigns the value to a local variable. gcc detects that
in in the failure case, the 'rlen' variable now contains
uninitialized data:

In file included from ../drivers/net/wireless/intersil/hostap/hostap_pci.c:220:0:
drivers/net/wireless/intersil/hostap/hostap_hw.c: In function 'hfa384x_get_rid':
drivers/net/wireless/intersil/hostap/hostap_hw.c:842:5: warning: 'rec' may be used uninitialized in this function [-Wmaybe-uninitialized]
  if (le16_to_cpu(rec.len) == 0) {

This restructures the function as suggested by Russell King, to
make it more readable and get more reliable error handling, by
handling each failure mode using a goto.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/hostap/hostap_hw.c |   15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

--- a/drivers/net/wireless/hostap/hostap_hw.c
+++ b/drivers/net/wireless/hostap/hostap_hw.c
@@ -836,25 +836,30 @@ static int hfa384x_get_rid(struct net_de
 	spin_lock_bh(&local->baplock);
 
 	res = hfa384x_setup_bap(dev, BAP0, rid, 0);
-	if (!res)
-		res = hfa384x_from_bap(dev, BAP0, &rec, sizeof(rec));
+	if (res)
+		goto unlock;
+
+	res = hfa384x_from_bap(dev, BAP0, &rec, sizeof(rec));
+	if (res)
+		goto unlock;
 
 	if (le16_to_cpu(rec.len) == 0) {
 		/* RID not available */
 		res = -ENODATA;
+		goto unlock;
 	}
 
 	rlen = (le16_to_cpu(rec.len) - 1) * 2;
-	if (!res && exact_len && rlen != len) {
+	if (exact_len && rlen != len) {
 		printk(KERN_DEBUG "%s: hfa384x_get_rid - RID len mismatch: "
 		       "rid=0x%04x, len=%d (expected %d)\n",
 		       dev->name, rid, rlen, len);
 		res = -ENODATA;
 	}
 
-	if (!res)
-		res = hfa384x_from_bap(dev, BAP0, buf, len);
+	res = hfa384x_from_bap(dev, BAP0, buf, len);
 
+unlock:
 	spin_unlock_bh(&local->baplock);
 	mutex_unlock(&local->rid_bap_mtx);
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 34/47] MIPS: MSP71xx: remove odd locking in PCI config space access code
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 33/47] hostap: avoid uninitialized variable use in hfa384x_get_rid Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 35/47] net: tulip: turn compile-time warning into dev_warn() Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sergey Ryazanov, Linux MIPS,
	Ralf Baechle, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sergey Ryazanov <ryazanov.s.a@gmail.com>

commit c4a305374bbf36414515d2ae00d588c67051e67d upstream.

Caller (generic PCI code) already do proper locking so no need to add
another one here.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Cc: Linux MIPS <linux-mips@linux-mips.org>
Patchwork: https://patchwork.linux-mips.org/patch/7601/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/pci/ops-pmcmsp.c |   12 ------------
 1 file changed, 12 deletions(-)

--- a/arch/mips/pci/ops-pmcmsp.c
+++ b/arch/mips/pci/ops-pmcmsp.c
@@ -193,8 +193,6 @@ static void pci_proc_init(void)
 }
 #endif /* CONFIG_PROC_FS && PCI_COUNTERS */
 
-static DEFINE_SPINLOCK(bpci_lock);
-
 /*****************************************************************************
  *
  *  STRUCT: pci_io_resource
@@ -368,7 +366,6 @@ int msp_pcibios_config_access(unsigned c
 	struct msp_pci_regs *preg = (void *)PCI_BASE_REG;
 	unsigned char bus_num = bus->number;
 	unsigned char dev_fn = (unsigned char)devfn;
-	unsigned long flags;
 	unsigned long intr;
 	unsigned long value;
 	static char pciirqflag;
@@ -401,10 +398,7 @@ int msp_pcibios_config_access(unsigned c
 	}
 
 #if defined(CONFIG_PMC_MSP7120_GW) || defined(CONFIG_PMC_MSP7120_EVAL)
-	local_irq_save(flags);
 	vpe_status = dvpe();
-#else
-	spin_lock_irqsave(&bpci_lock, flags);
 #endif
 
 	/*
@@ -457,9 +451,6 @@ int msp_pcibios_config_access(unsigned c
 
 #if defined(CONFIG_PMC_MSP7120_GW) || defined(CONFIG_PMC_MSP7120_EVAL)
 		evpe(vpe_status);
-		local_irq_restore(flags);
-#else
-		spin_unlock_irqrestore(&bpci_lock, flags);
 #endif
 
 		return -1;
@@ -467,9 +458,6 @@ int msp_pcibios_config_access(unsigned c
 
 #if defined(CONFIG_PMC_MSP7120_GW) || defined(CONFIG_PMC_MSP7120_EVAL)
 	evpe(vpe_status);
-	local_irq_restore(flags);
-#else
-	spin_unlock_irqrestore(&bpci_lock, flags);
 #endif
 
 	return PCIBIOS_SUCCESSFUL;

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 35/47] net: tulip: turn compile-time warning into dev_warn()
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 34/47] MIPS: MSP71xx: remove odd locking in PCI config space access code Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 37/47] gfs2: avoid uninitialized variable warning Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Grant Grundler,
	David S. Miller

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit de92718883ddbcd11b738d36ffcf57617b97fa12 upstream.

The tulip driver causes annoying build-time warnings for allmodconfig
builds for all recent architectures:

dec/tulip/winbond-840.c:910:2: warning: #warning Processor architecture undefined
dec/tulip/tulip_core.c:101:2: warning: #warning Processor architecture undefined!

This is the last remaining warning for arm64, and I'd like to get rid of
it. We don't really know the cache line size, architecturally it would
be at least 16 bytes, but all implementations I found have 64 or 128
bytes. Configuring tulip for 32-byte lines as we do on ARM32 seems to
be the safe but slow default, and nobody who cares about performance these
days would use a tulip chip anyway, so we can just use that.

To save the next person the job of trying to find out what this is for
and picking a default for their architecture just to kill off the warning,
I'm now removing the preprocessor #warning and turning it into a pr_warn
or dev_warn that prints the equivalent information when the driver gets
loaded.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Grant Grundler <grundler@parisc-linux.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/ethernet/dec/tulip/tulip_core.c  |    9 +++++++--
 drivers/net/ethernet/dec/tulip/winbond-840.c |    2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

--- a/drivers/net/ethernet/dec/tulip/tulip_core.c
+++ b/drivers/net/ethernet/dec/tulip/tulip_core.c
@@ -98,8 +98,7 @@ static int csr0 = 0x01A00000 | 0x4800;
 #elif defined(__mips__)
 static int csr0 = 0x00200000 | 0x4000;
 #else
-#warning Processor architecture undefined!
-static int csr0 = 0x00A00000 | 0x4800;
+static int csr0;
 #endif
 
 /* Operational parameters that usually are not changed. */
@@ -1982,6 +1981,12 @@ static int __init tulip_init (void)
 	pr_info("%s", version);
 #endif
 
+	if (!csr0) {
+		pr_warn("tulip: unknown CPU architecture, using default csr0\n");
+		/* default to 8 longword cache line alignment */
+		csr0 = 0x00A00000 | 0x4800;
+	}
+
 	/* copy module parms into globals */
 	tulip_rx_copybreak = rx_copybreak;
 	tulip_max_interrupt_work = max_interrupt_work;
--- a/drivers/net/ethernet/dec/tulip/winbond-840.c
+++ b/drivers/net/ethernet/dec/tulip/winbond-840.c
@@ -907,7 +907,7 @@ static void init_registers(struct net_de
 #elif defined(CONFIG_SPARC) || defined (CONFIG_PARISC)
 	i |= 0x4800;
 #else
-#warning Processor architecture undefined
+	dev_warn(&dev->dev, "unknown CPU architecture, using default csr0 setting\n");
 	i |= 0x4800;
 #endif
 	iowrite32(i, ioaddr + PCIBusCfg);

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 37/47] gfs2: avoid uninitialized variable warning
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 35/47] net: tulip: turn compile-time warning into dev_warn() Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 39/47] ARM: 8296/1: cache-l2x0: clean up aurora cache handling Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Bob Peterson

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 67893f12e5374bbcaaffbc6e570acbc2714ea884 upstream.

We get a bogus warning about a potential uninitialized variable
use in gfs2, because the compiler does not figure out that we
never use the leaf number if get_leaf_nr() returns an error:

fs/gfs2/dir.c: In function 'get_first_leaf':
fs/gfs2/dir.c:802:9: warning: 'leaf_no' may be used uninitialized in this function [-Wmaybe-uninitialized]
fs/gfs2/dir.c: In function 'dir_split_leaf':
fs/gfs2/dir.c:1021:8: warning: 'leaf_no' may be used uninitialized in this function [-Wmaybe-uninitialized]

Changing the 'if (!error)' to 'if (!IS_ERR_VALUE(error))' is
sufficient to let gcc understand that this is exactly the same
condition as in IS_ERR() so it can optimize the code path enough
to understand it.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/gfs2/dir.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/fs/gfs2/dir.c
+++ b/fs/gfs2/dir.c
@@ -764,7 +764,7 @@ static int get_first_leaf(struct gfs2_in
 	int error;
 
 	error = get_leaf_nr(dip, index, &leaf_no);
-	if (!error)
+	if (!IS_ERR_VALUE(error))
 		error = get_leaf(dip, leaf_no, bh_out);
 
 	return error;
@@ -980,7 +980,7 @@ static int dir_split_leaf(struct inode *
 
 	index = name->hash >> (32 - dip->i_depth);
 	error = get_leaf_nr(dip, index, &leaf_no);
-	if (error)
+	if (IS_ERR_VALUE(error))
 		return error;
 
 	/*  Get the old leaf block  */

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 39/47] ARM: 8296/1: cache-l2x0: clean up aurora cache handling
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 37/47] gfs2: avoid uninitialized variable warning Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 40/47] aic94xx: Skip reading user settings if flash is not found Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Thomas Petazzoni, Arnd Bergmann,
	Russell King

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 20e783e39e55c2615fb61d1b3d139ee9edcf6772 upstream.

The aurora cache controller is the only remaining user of a couple
of functions in this file and are completely unused when that is
disabled, leading to build warnings:

arch/arm/mm/cache-l2x0.c:167:13: warning: 'l2x0_cache_sync' defined but not used [-Wunused-function]
arch/arm/mm/cache-l2x0.c:184:13: warning: 'l2x0_flush_all' defined but not used [-Wunused-function]
arch/arm/mm/cache-l2x0.c:194:13: warning: 'l2x0_disable' defined but not used [-Wunused-function]

With the knowledge that the code is now aurora-specific, we can
simplify it noticeably:

- The pl310 errata workarounds are not needed on aurora and can be removed
- As confirmed by Thomas Petazzoni from the data sheet, the cache_wait()
  macro is never needed.
- No need to hold the lock across atomic cache sync
- We can load the l2x0_base into a local variable across operations

There should be no functional change in this patch, but readability
and the generated object code improves, along with avoiding the
warnings.

 (on Armada 370 RD and Armada XP GP, boot tested, plus a little bit of
 DMA traffic by reading data from a SD card)

Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mm/cache-l2x0.c |  111 ++++++++++++++++-------------------------------
 1 file changed, 38 insertions(+), 73 deletions(-)

--- a/arch/arm/mm/cache-l2x0.c
+++ b/arch/arm/mm/cache-l2x0.c
@@ -136,73 +136,6 @@ static void l2c_disable(void)
 	dsb(st);
 }
 
-#ifdef CONFIG_CACHE_PL310
-static inline void cache_wait(void __iomem *reg, unsigned long mask)
-{
-	/* cache operations by line are atomic on PL310 */
-}
-#else
-#define cache_wait	l2c_wait_mask
-#endif
-
-static inline void cache_sync(void)
-{
-	void __iomem *base = l2x0_base;
-
-	writel_relaxed(0, base + sync_reg_offset);
-	cache_wait(base + L2X0_CACHE_SYNC, 1);
-}
-
-#if defined(CONFIG_PL310_ERRATA_588369) || defined(CONFIG_PL310_ERRATA_727915)
-static inline void debug_writel(unsigned long val)
-{
-	l2c_set_debug(l2x0_base, val);
-}
-#else
-/* Optimised out for non-errata case */
-static inline void debug_writel(unsigned long val)
-{
-}
-#endif
-
-static void l2x0_cache_sync(void)
-{
-	unsigned long flags;
-
-	raw_spin_lock_irqsave(&l2x0_lock, flags);
-	cache_sync();
-	raw_spin_unlock_irqrestore(&l2x0_lock, flags);
-}
-
-static void __l2x0_flush_all(void)
-{
-	debug_writel(0x03);
-	__l2c_op_way(l2x0_base + L2X0_CLEAN_INV_WAY);
-	cache_sync();
-	debug_writel(0x00);
-}
-
-static void l2x0_flush_all(void)
-{
-	unsigned long flags;
-
-	/* clean all ways */
-	raw_spin_lock_irqsave(&l2x0_lock, flags);
-	__l2x0_flush_all();
-	raw_spin_unlock_irqrestore(&l2x0_lock, flags);
-}
-
-static void l2x0_disable(void)
-{
-	unsigned long flags;
-
-	raw_spin_lock_irqsave(&l2x0_lock, flags);
-	__l2x0_flush_all();
-	l2c_write_sec(0, l2x0_base, L2X0_CTRL);
-	dsb(st);
-	raw_spin_unlock_irqrestore(&l2x0_lock, flags);
-}
-
 static void l2c_save(void __iomem *base)
 {
 	l2x0_saved_regs.aux_ctrl = readl_relaxed(l2x0_base + L2X0_AUX_CTRL);
@@ -1257,14 +1190,15 @@ static unsigned long calc_range_end(unsi
 static void aurora_pa_range(unsigned long start, unsigned long end,
 			unsigned long offset)
 {
+	void __iomem *base = l2x0_base;
 	unsigned long flags;
 
 	raw_spin_lock_irqsave(&l2x0_lock, flags);
-	writel_relaxed(start, l2x0_base + AURORA_RANGE_BASE_ADDR_REG);
-	writel_relaxed(end, l2x0_base + offset);
+	writel_relaxed(start, base + AURORA_RANGE_BASE_ADDR_REG);
+	writel_relaxed(end, base + offset);
 	raw_spin_unlock_irqrestore(&l2x0_lock, flags);
 
-	cache_sync();
+	writel_relaxed(0, base + AURORA_SYNC_REG);
 }
 
 static void aurora_inv_range(unsigned long start, unsigned long end)
@@ -1324,6 +1258,37 @@ static void aurora_flush_range(unsigned
 	}
 }
 
+static void aurora_flush_all(void)
+{
+	void __iomem *base = l2x0_base;
+	unsigned long flags;
+
+	/* clean all ways */
+	raw_spin_lock_irqsave(&l2x0_lock, flags);
+	__l2c_op_way(base + L2X0_CLEAN_INV_WAY);
+	raw_spin_unlock_irqrestore(&l2x0_lock, flags);
+
+	writel_relaxed(0, base + AURORA_SYNC_REG);
+}
+
+static void aurora_cache_sync(void)
+{
+	writel_relaxed(0, l2x0_base + AURORA_SYNC_REG);
+}
+
+static void aurora_disable(void)
+{
+	void __iomem *base = l2x0_base;
+	unsigned long flags;
+
+	raw_spin_lock_irqsave(&l2x0_lock, flags);
+	__l2c_op_way(base + L2X0_CLEAN_INV_WAY);
+	writel_relaxed(0, base + AURORA_SYNC_REG);
+	l2c_write_sec(0, base, L2X0_CTRL);
+	dsb(st);
+	raw_spin_unlock_irqrestore(&l2x0_lock, flags);
+}
+
 static void aurora_save(void __iomem *base)
 {
 	l2x0_saved_regs.ctrl = readl_relaxed(base + L2X0_CTRL);
@@ -1398,9 +1363,9 @@ static const struct l2c_init_data of_aur
 		.inv_range   = aurora_inv_range,
 		.clean_range = aurora_clean_range,
 		.flush_range = aurora_flush_range,
-		.flush_all   = l2x0_flush_all,
-		.disable     = l2x0_disable,
-		.sync        = l2x0_cache_sync,
+		.flush_all   = aurora_flush_all,
+		.disable     = aurora_disable,
+		.sync	     = aurora_cache_sync,
 		.resume      = aurora_resume,
 	},
 };

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 40/47] aic94xx: Skip reading user settings if flash is not found
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 39/47] ARM: 8296/1: cache-l2x0: clean up aurora cache handling Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 41/47] MIPS: ralink: Cosmetic change to prom_init() Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hannes Reinecke, Christoph Hellwig,
	James Bottomley, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hannes Reinecke <hare@suse.de>

commit 36dd5acd196574d41de3e81d8264df475bbb7123 upstream.

If no user settings are found it's pointless trying to
read them from flash. So skip that step.
This also fixes a compilation warning about uninitialized variables in
aic94xx.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/scsi/aic94xx/aic94xx_sds.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/scsi/aic94xx/aic94xx_sds.c
+++ b/drivers/scsi/aic94xx/aic94xx_sds.c
@@ -983,7 +983,7 @@ static int asd_process_ctrl_a_user(struc
 {
 	int err, i;
 	u32 offs, size;
-	struct asd_ll_el *el;
+	struct asd_ll_el *el = NULL;
 	struct asd_ctrla_phy_settings *ps;
 	struct asd_ctrla_phy_settings dflt_ps;
 
@@ -1004,6 +1004,7 @@ static int asd_process_ctrl_a_user(struc
 
 		size = sizeof(struct asd_ctrla_phy_settings);
 		ps = &dflt_ps;
+		goto out_process;
 	}
 
 	if (size == 0)
@@ -1028,7 +1029,7 @@ static int asd_process_ctrl_a_user(struc
 		ASD_DPRINTK("couldn't find ctrla phy settings struct\n");
 		goto out2;
 	}
-
+out_process:
 	err = asd_process_ctrla_phy_settings(asd_ha, ps);
 	if (err) {
 		ASD_DPRINTK("couldn't process ctrla phy settings\n");

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 41/47] MIPS: ralink: Cosmetic change to prom_init().
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 40/47] aic94xx: Skip reading user settings if flash is not found Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 42/47] kconfig: tinyconfig: provide whole choice blocks to avoid warnings Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, John Crispin, linux-mips,
	Ralf Baechle, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: John Crispin <john@phrozen.org>

commit 9c48568b3692f1a56cbf1935e4eea835e6b185b1 upstream.

Over the years the code has been changed various times leading to
argc/argv being defined in a different function to where we actually
use the variables. Clean this up by moving them to prom_init_cmdline().

Signed-off-by: John Crispin <john@phrozen.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/14902/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/ralink/prom.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

--- a/arch/mips/ralink/prom.c
+++ b/arch/mips/ralink/prom.c
@@ -24,8 +24,10 @@ const char *get_system_type(void)
 	return soc_info.sys_type;
 }
 
-static __init void prom_init_cmdline(int argc, char **argv)
+static __init void prom_init_cmdline(void)
 {
+	int argc;
+	char **argv;
 	int i;
 
 	pr_debug("prom: fw_arg0=%08x fw_arg1=%08x fw_arg2=%08x fw_arg3=%08x\n",
@@ -54,14 +56,11 @@ static __init void prom_init_cmdline(int
 
 void __init prom_init(void)
 {
-	int argc;
-	char **argv;
-
 	prom_soc_init(&soc_info);
 
 	pr_info("SoC Type: %s\n", get_system_type());
 
-	prom_init_cmdline(argc, argv);
+	prom_init_cmdline();
 }
 
 void __init prom_free_prom_memory(void)

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 42/47] kconfig: tinyconfig: provide whole choice blocks to avoid warnings
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 41/47] MIPS: ralink: Cosmetic change to prom_init() Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 43/47] ARM: 8383/1: nommu: avoid deprecated source register on mov Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Josh Triplett,
	Masahiro Yamada, Ingo Molnar, Andrew Morton, Linus Torvalds

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 236dec051078a8691950f56949612b4b74107e48 upstream.

Using "make tinyconfig" produces a couple of annoying warnings that show
up for build test machines all the time:

    .config:966:warning: override: NOHIGHMEM changes choice state
    .config:965:warning: override: SLOB changes choice state
    .config:963:warning: override: KERNEL_XZ changes choice state
    .config:962:warning: override: CC_OPTIMIZE_FOR_SIZE changes choice state
    .config:933:warning: override: SLOB changes choice state
    .config:930:warning: override: CC_OPTIMIZE_FOR_SIZE changes choice state
    .config:870:warning: override: SLOB changes choice state
    .config:868:warning: override: KERNEL_XZ changes choice state
    .config:867:warning: override: CC_OPTIMIZE_FOR_SIZE changes choice state

I've made a previous attempt at fixing them and we discussed a number of
alternatives.

I tried changing the Makefile to use "merge_config.sh -n
$(fragment-list)" but couldn't get that to work properly.

This is yet another approach, based on the observation that we do want
to see a warning for conflicting 'choice' options, and that we can
simply make them non-conflicting by listing all other options as
disabled.  This is a trivial patch that we can apply independent of
plans for other changes.

Link: http://lkml.kernel.org/r/20160829214952.1334674-2-arnd@arndb.de
Link: https://storage.kernelci.org/mainline/v4.7-rc6/x86-tinyconfig/build.log
https://patchwork.kernel.org/patch/9212749/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Reviewed-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/configs/tiny.config |    2 ++
 kernel/configs/tiny.config   |    8 ++++++++
 2 files changed, 10 insertions(+)

--- a/arch/x86/configs/tiny.config
+++ b/arch/x86/configs/tiny.config
@@ -1 +1,3 @@
 CONFIG_NOHIGHMEM=y
+# CONFIG_HIGHMEM4G is not set
+# CONFIG_HIGHMEM64G is not set
--- a/kernel/configs/tiny.config
+++ b/kernel/configs/tiny.config
@@ -1,4 +1,12 @@
+# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+# CONFIG_KERNEL_GZIP is not set
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
 CONFIG_KERNEL_XZ=y
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
 CONFIG_OPTIMIZE_INLINING=y
+# CONFIG_SLAB is not set
+# CONFIG_SLUB is not set
 CONFIG_SLOB=y

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 43/47] ARM: 8383/1: nommu: avoid deprecated source register on mov
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 42/47] kconfig: tinyconfig: provide whole choice blocks to avoid warnings Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 44/47] [media] xc2028: avoid use after free Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Maxime Coquelin, Stefan Agner,
	Russell King, Arnd Bergmann

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Stefan Agner <stefan@agner.ch>

commit 970d96f9a81b0dd83ddd8bce0e5e1ba31881c5f5 upstream.

In Thumb2 mode, the stack register r13 is deprecated if the
destination register is the program counter (r15). Similar to
head.S, head-nommu.S uses r13 to store the return address used
after configuring the CPU's CP15 register. However, since we do
not enable a MMU, there will be no address switch and it is
possible to use branch with link instruction to call
__after_proc_init.

Avoid using r13 completely by using bl to call __after_proc_init
and get rid of __secondary_switched.

Beside removing unnecessary complexity, this also fixes a
compiler warning when compiling a !MMU kernel:
Warning: Use of r13 as a source register is deprecated when r15
is the destination register.

Tested-by: Maxime Coquelin <mcoquelin.stm32@gmail.com>
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/kernel/head-nommu.S |   20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

--- a/arch/arm/kernel/head-nommu.S
+++ b/arch/arm/kernel/head-nommu.S
@@ -77,13 +77,12 @@ ENTRY(stext)
 	orr	r6, r6, #(1 << MPU_RSR_EN)	@ Set region enabled bit
 	bl	__setup_mpu
 #endif
-	ldr	r13, =__mmap_switched		@ address to jump to after
-						@ initialising sctlr
 	adr	lr, BSYM(1f)			@ return (PIC) address
  ARM(	add	pc, r10, #PROCINFO_INITFUNC	)
  THUMB(	add	r12, r10, #PROCINFO_INITFUNC	)
  THUMB(	ret	r12				)
- 1:	b	__after_proc_init
+1:	bl	__after_proc_init
+	b	__mmap_switched
 ENDPROC(stext)
 
 #ifdef CONFIG_SMP
@@ -106,8 +105,7 @@ ENTRY(secondary_startup)
 	movs	r10, r5				@ invalid processor?
 	beq	__error_p			@ yes, error 'p'
 
-	adr	r4, __secondary_data
-	ldmia	r4, {r7, r12}
+	ldr	r7, __secondary_data
 
 #ifdef CONFIG_ARM_MPU
 	/* Use MPU region info supplied by __cpu_up */
@@ -115,23 +113,19 @@ ENTRY(secondary_startup)
 	bl      __setup_mpu			@ Initialize the MPU
 #endif
 
-	adr	lr, BSYM(__after_proc_init)	@ return address
-	mov	r13, r12			@ __secondary_switched address
+	adr	lr, BSYM(1f)			@ return (PIC) address
  ARM(	add	pc, r10, #PROCINFO_INITFUNC	)
  THUMB(	add	r12, r10, #PROCINFO_INITFUNC	)
  THUMB(	ret	r12				)
-ENDPROC(secondary_startup)
-
-ENTRY(__secondary_switched)
+1:	bl	__after_proc_init
 	ldr	sp, [r7, #8]			@ set up the stack pointer
 	mov	fp, #0
 	b	secondary_start_kernel
-ENDPROC(__secondary_switched)
+ENDPROC(secondary_startup)
 
 	.type	__secondary_data, %object
 __secondary_data:
 	.long	secondary_data
-	.long	__secondary_switched
 #endif /* CONFIG_SMP */
 
 /*
@@ -164,7 +158,7 @@ __after_proc_init:
 #endif
 	mcr	p15, 0, r0, c1, c0, 0		@ write control reg
 #endif /* CONFIG_CPU_CP15 */
-	ret	r13
+	ret	lr
 ENDPROC(__after_proc_init)
 	.ltorg
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 44/47] [media] xc2028: avoid use after free
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 43/47] ARM: 8383/1: nommu: avoid deprecated source register on mov Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 45/47] vfio/pci: Fix integer overflows, bitmask check Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab, Ben Hutchings

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mauro Carvalho Chehab <mchehab@osg.samsung.com>

commit 8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 upstream.

If struct xc2028_config is passed without a firmware name,
the following trouble may happen:

[11009.907205] xc2028 5-0061: type set to XCeive xc2028/xc3028 tuner
[11009.907491] ==================================================================
[11009.907750] BUG: KASAN: use-after-free in strcmp+0x96/0xb0 at addr ffff8803bd78ab40
[11009.907992] Read of size 1 by task modprobe/28992
[11009.907994] =============================================================================
[11009.907997] BUG kmalloc-16 (Tainted: G        W      ): kasan: bad access detected
[11009.907999] -----------------------------------------------------------------------------

[11009.908008] INFO: Allocated in xhci_urb_enqueue+0x214/0x14c0 [xhci_hcd] age=0 cpu=3 pid=28992
[11009.908012] 	___slab_alloc+0x581/0x5b0
[11009.908014] 	__slab_alloc+0x51/0x90
[11009.908017] 	__kmalloc+0x27b/0x350
[11009.908022] 	xhci_urb_enqueue+0x214/0x14c0 [xhci_hcd]
[11009.908026] 	usb_hcd_submit_urb+0x1e8/0x1c60
[11009.908029] 	usb_submit_urb+0xb0e/0x1200
[11009.908032] 	usb_serial_generic_write_start+0xb6/0x4c0
[11009.908035] 	usb_serial_generic_write+0x92/0xc0
[11009.908039] 	usb_console_write+0x38a/0x560
[11009.908045] 	call_console_drivers.constprop.14+0x1ee/0x2c0
[11009.908051] 	console_unlock+0x40d/0x900
[11009.908056] 	vprintk_emit+0x4b4/0x830
[11009.908061] 	vprintk_default+0x1f/0x30
[11009.908064] 	printk+0x99/0xb5
[11009.908067] 	kasan_report_error+0x10a/0x550
[11009.908070] 	__asan_report_load1_noabort+0x43/0x50
[11009.908074] INFO: Freed in xc2028_set_config+0x90/0x630 [tuner_xc2028] age=1 cpu=3 pid=28992
[11009.908077] 	__slab_free+0x2ec/0x460
[11009.908080] 	kfree+0x266/0x280
[11009.908083] 	xc2028_set_config+0x90/0x630 [tuner_xc2028]
[11009.908086] 	xc2028_attach+0x310/0x8a0 [tuner_xc2028]
[11009.908090] 	em28xx_attach_xc3028.constprop.7+0x1f9/0x30d [em28xx_dvb]
[11009.908094] 	em28xx_dvb_init.part.3+0x8e4/0x5cf4 [em28xx_dvb]
[11009.908098] 	em28xx_dvb_init+0x81/0x8a [em28xx_dvb]
[11009.908101] 	em28xx_register_extension+0xd9/0x190 [em28xx]
[11009.908105] 	em28xx_dvb_register+0x10/0x1000 [em28xx_dvb]
[11009.908108] 	do_one_initcall+0x141/0x300
[11009.908111] 	do_init_module+0x1d0/0x5ad
[11009.908114] 	load_module+0x6666/0x9ba0
[11009.908117] 	SyS_finit_module+0x108/0x130
[11009.908120] 	entry_SYSCALL_64_fastpath+0x16/0x76
[11009.908123] INFO: Slab 0xffffea000ef5e280 objects=25 used=25 fp=0x          (null) flags=0x2ffff8000004080
[11009.908126] INFO: Object 0xffff8803bd78ab40 @offset=2880 fp=0x0000000000000001

[11009.908130] Bytes b4 ffff8803bd78ab30: 01 00 00 00 2a 07 00 00 9d 28 00 00 01 00 00 00  ....*....(......
[11009.908133] Object ffff8803bd78ab40: 01 00 00 00 00 00 00 00 b0 1d c3 6a 00 88 ff ff  ...........j....
[11009.908137] CPU: 3 PID: 28992 Comm: modprobe Tainted: G    B   W       4.5.0-rc1+ #43
[11009.908140] Hardware name:                  /NUC5i7RYB, BIOS RYBDWi35.86A.0350.2015.0812.1722 08/12/2015
[11009.908142]  ffff8803bd78a000 ffff8802c273f1b8 ffffffff81932007 ffff8803c6407a80
[11009.908148]  ffff8802c273f1e8 ffffffff81556759 ffff8803c6407a80 ffffea000ef5e280
[11009.908153]  ffff8803bd78ab40 dffffc0000000000 ffff8802c273f210 ffffffff8155ccb4
[11009.908158] Call Trace:
[11009.908162]  [<ffffffff81932007>] dump_stack+0x4b/0x64
[11009.908165]  [<ffffffff81556759>] print_trailer+0xf9/0x150
[11009.908168]  [<ffffffff8155ccb4>] object_err+0x34/0x40
[11009.908171]  [<ffffffff8155f260>] kasan_report_error+0x230/0x550
[11009.908175]  [<ffffffff81237d71>] ? trace_hardirqs_off_caller+0x21/0x290
[11009.908179]  [<ffffffff8155e926>] ? kasan_unpoison_shadow+0x36/0x50
[11009.908182]  [<ffffffff8155f5c3>] __asan_report_load1_noabort+0x43/0x50
[11009.908185]  [<ffffffff8155ea00>] ? __asan_register_globals+0x50/0xa0
[11009.908189]  [<ffffffff8194cea6>] ? strcmp+0x96/0xb0
[11009.908192]  [<ffffffff8194cea6>] strcmp+0x96/0xb0
[11009.908196]  [<ffffffffa13ba4ac>] xc2028_set_config+0x15c/0x630 [tuner_xc2028]
[11009.908200]  [<ffffffffa13bac90>] xc2028_attach+0x310/0x8a0 [tuner_xc2028]
[11009.908203]  [<ffffffff8155ea78>] ? memset+0x28/0x30
[11009.908206]  [<ffffffffa13ba980>] ? xc2028_set_config+0x630/0x630 [tuner_xc2028]
[11009.908211]  [<ffffffffa157a59a>] em28xx_attach_xc3028.constprop.7+0x1f9/0x30d [em28xx_dvb]
[11009.908215]  [<ffffffffa157aa2a>] ? em28xx_dvb_init.part.3+0x37c/0x5cf4 [em28xx_dvb]
[11009.908219]  [<ffffffffa157a3a1>] ? hauppauge_hvr930c_init+0x487/0x487 [em28xx_dvb]
[11009.908222]  [<ffffffffa01795ac>] ? lgdt330x_attach+0x1cc/0x370 [lgdt330x]
[11009.908226]  [<ffffffffa01793e0>] ? i2c_read_demod_bytes.isra.2+0x210/0x210 [lgdt330x]
[11009.908230]  [<ffffffff812e87d0>] ? ref_module.part.15+0x10/0x10
[11009.908233]  [<ffffffff812e56e0>] ? module_assert_mutex_or_preempt+0x80/0x80
[11009.908238]  [<ffffffffa157af92>] em28xx_dvb_init.part.3+0x8e4/0x5cf4 [em28xx_dvb]
[11009.908242]  [<ffffffffa157a6ae>] ? em28xx_attach_xc3028.constprop.7+0x30d/0x30d [em28xx_dvb]
[11009.908245]  [<ffffffff8195222d>] ? string+0x14d/0x1f0
[11009.908249]  [<ffffffff8195381f>] ? symbol_string+0xff/0x1a0
[11009.908253]  [<ffffffff81953720>] ? uuid_string+0x6f0/0x6f0
[11009.908257]  [<ffffffff811a775e>] ? __kernel_text_address+0x7e/0xa0
[11009.908260]  [<ffffffff8104b02f>] ? print_context_stack+0x7f/0xf0
[11009.908264]  [<ffffffff812e9846>] ? __module_address+0xb6/0x360
[11009.908268]  [<ffffffff8137fdc9>] ? is_ftrace_trampoline+0x99/0xe0
[11009.908271]  [<ffffffff811a775e>] ? __kernel_text_address+0x7e/0xa0
[11009.908275]  [<ffffffff81240a70>] ? debug_check_no_locks_freed+0x290/0x290
[11009.908278]  [<ffffffff8104a24b>] ? dump_trace+0x11b/0x300
[11009.908282]  [<ffffffffa13e8143>] ? em28xx_register_extension+0x23/0x190 [em28xx]
[11009.908285]  [<ffffffff81237d71>] ? trace_hardirqs_off_caller+0x21/0x290
[11009.908289]  [<ffffffff8123ff56>] ? trace_hardirqs_on_caller+0x16/0x590
[11009.908292]  [<ffffffff812404dd>] ? trace_hardirqs_on+0xd/0x10
[11009.908296]  [<ffffffffa13e8143>] ? em28xx_register_extension+0x23/0x190 [em28xx]
[11009.908299]  [<ffffffff822dcbb0>] ? mutex_trylock+0x400/0x400
[11009.908302]  [<ffffffff810021a1>] ? do_one_initcall+0x131/0x300
[11009.908306]  [<ffffffff81296dc7>] ? call_rcu_sched+0x17/0x20
[11009.908309]  [<ffffffff8159e708>] ? put_object+0x48/0x70
[11009.908314]  [<ffffffffa1579f11>] em28xx_dvb_init+0x81/0x8a [em28xx_dvb]
[11009.908317]  [<ffffffffa13e81f9>] em28xx_register_extension+0xd9/0x190 [em28xx]
[11009.908320]  [<ffffffffa0150000>] ? 0xffffffffa0150000
[11009.908324]  [<ffffffffa0150010>] em28xx_dvb_register+0x10/0x1000 [em28xx_dvb]
[11009.908327]  [<ffffffff810021b1>] do_one_initcall+0x141/0x300
[11009.908330]  [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
[11009.908333]  [<ffffffff8123ff56>] ? trace_hardirqs_on_caller+0x16/0x590
[11009.908337]  [<ffffffff8155e926>] ? kasan_unpoison_shadow+0x36/0x50
[11009.908340]  [<ffffffff8155e926>] ? kasan_unpoison_shadow+0x36/0x50
[11009.908343]  [<ffffffff8155e926>] ? kasan_unpoison_shadow+0x36/0x50
[11009.908346]  [<ffffffff8155ea37>] ? __asan_register_globals+0x87/0xa0
[11009.908350]  [<ffffffff8144da7b>] do_init_module+0x1d0/0x5ad
[11009.908353]  [<ffffffff812f2626>] load_module+0x6666/0x9ba0
[11009.908356]  [<ffffffff812e9c90>] ? symbol_put_addr+0x50/0x50
[11009.908361]  [<ffffffffa1580037>] ? em28xx_dvb_init.part.3+0x5989/0x5cf4 [em28xx_dvb]
[11009.908366]  [<ffffffff812ebfc0>] ? module_frob_arch_sections+0x20/0x20
[11009.908369]  [<ffffffff815bc940>] ? open_exec+0x50/0x50
[11009.908374]  [<ffffffff811671bb>] ? ns_capable+0x5b/0xd0
[11009.908377]  [<ffffffff812f5e58>] SyS_finit_module+0x108/0x130
[11009.908379]  [<ffffffff812f5d50>] ? SyS_init_module+0x1f0/0x1f0
[11009.908383]  [<ffffffff81004044>] ? lockdep_sys_exit_thunk+0x12/0x14
[11009.908394]  [<ffffffff822e6936>] entry_SYSCALL_64_fastpath+0x16/0x76
[11009.908396] Memory state around the buggy address:
[11009.908398]  ffff8803bd78aa00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[11009.908401]  ffff8803bd78aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[11009.908403] >ffff8803bd78ab00: fc fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
[11009.908405]                                            ^
[11009.908407]  ffff8803bd78ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[11009.908409]  ffff8803bd78ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[11009.908411] ==================================================================

In order to avoid it, let's set the cached value of the firmware
name to NULL after freeing it. While here, return an error if
the memory allocation fails.

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/tuners/tuner-xc2028.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/media/tuners/tuner-xc2028.c
+++ b/drivers/media/tuners/tuner-xc2028.c
@@ -1403,11 +1403,12 @@ static int xc2028_set_config(struct dvb_
 	 * in order to avoid troubles during device release.
 	 */
 	kfree(priv->ctrl.fname);
+	priv->ctrl.fname = NULL;
 	memcpy(&priv->ctrl, p, sizeof(priv->ctrl));
 	if (p->fname) {
 		priv->ctrl.fname = kstrdup(p->fname, GFP_KERNEL);
 		if (priv->ctrl.fname == NULL)
-			rc = -ENOMEM;
+			return -ENOMEM;
 	}
 
 	/*

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 45/47] vfio/pci: Fix integer overflows, bitmask check
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 44/47] [media] xc2028: avoid use after free Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:32 ` [PATCH 3.18 46/47] staging/android/ion : fix a race condition in the ion driver Greg Kroah-Hartman
                   ` (3 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vlad Tsyrklevich, Alex Williamson,
	Ben Hutchings

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vlad Tsyrklevich <vlad@tsyrklevich.net>

commit 05692d7005a364add85c6e25a6c4447ce08f913a upstream.

The VFIO_DEVICE_SET_IRQS ioctl did not sufficiently sanitize
user-supplied integers, potentially allowing memory corruption. This
patch adds appropriate integer overflow checks, checks the range bounds
for VFIO_IRQ_SET_DATA_NONE, and also verifies that only single element
in the VFIO_IRQ_SET_DATA_TYPE_MASK bitmask is set.
VFIO_IRQ_SET_ACTION_TYPE_MASK is already correctly checked later in
vfio_pci_set_irqs_ioctl().

Furthermore, a kzalloc is changed to a kcalloc because the use of a
kzalloc with an integer multiplication allowed an integer overflow
condition to be reached without this patch. kcalloc checks for overflow
and should prevent a similar occurrence.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/vfio/pci/vfio_pci.c       |   35 ++++++++++++++++++++++-------------
 drivers/vfio/pci/vfio_pci_intrs.c |    2 +-
 2 files changed, 23 insertions(+), 14 deletions(-)

--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -489,8 +489,9 @@ static long vfio_pci_ioctl(void *device_
 
 	} else if (cmd == VFIO_DEVICE_SET_IRQS) {
 		struct vfio_irq_set hdr;
+		size_t size;
 		u8 *data = NULL;
-		int ret = 0;
+		int max, ret = 0;
 
 		minsz = offsetofend(struct vfio_irq_set, count);
 
@@ -498,23 +499,31 @@ static long vfio_pci_ioctl(void *device_
 			return -EFAULT;
 
 		if (hdr.argsz < minsz || hdr.index >= VFIO_PCI_NUM_IRQS ||
+		    hdr.count >= (U32_MAX - hdr.start) ||
 		    hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK |
 				  VFIO_IRQ_SET_ACTION_TYPE_MASK))
 			return -EINVAL;
 
-		if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) {
-			size_t size;
-			int max = vfio_pci_get_irq_count(vdev, hdr.index);
-
-			if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL)
-				size = sizeof(uint8_t);
-			else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD)
-				size = sizeof(int32_t);
-			else
-				return -EINVAL;
+		max = vfio_pci_get_irq_count(vdev, hdr.index);
+		if (hdr.start >= max || hdr.start + hdr.count > max)
+			return -EINVAL;
+
+		switch (hdr.flags & VFIO_IRQ_SET_DATA_TYPE_MASK) {
+		case VFIO_IRQ_SET_DATA_NONE:
+			size = 0;
+			break;
+		case VFIO_IRQ_SET_DATA_BOOL:
+			size = sizeof(uint8_t);
+			break;
+		case VFIO_IRQ_SET_DATA_EVENTFD:
+			size = sizeof(int32_t);
+			break;
+		default:
+			return -EINVAL;
+		}
 
-			if (hdr.argsz - minsz < hdr.count * size ||
-			    hdr.start >= max || hdr.start + hdr.count > max)
+		if (size) {
+			if (hdr.argsz - minsz < hdr.count * size)
 				return -EINVAL;
 
 			data = memdup_user((void __user *)(arg + minsz),
--- a/drivers/vfio/pci/vfio_pci_intrs.c
+++ b/drivers/vfio/pci/vfio_pci_intrs.c
@@ -466,7 +466,7 @@ static int vfio_msi_enable(struct vfio_p
 	if (!is_irq_none(vdev))
 		return -EINVAL;
 
-	vdev->ctx = kzalloc(nvec * sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL);
+	vdev->ctx = kcalloc(nvec, sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL);
 	if (!vdev->ctx)
 		return -ENOMEM;
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 46/47] staging/android/ion : fix a race condition in the ion driver
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 45/47] vfio/pci: Fix integer overflows, bitmask check Greg Kroah-Hartman
@ 2017-04-28  8:32 ` Greg Kroah-Hartman
  2017-04-28  8:33 ` [PATCH 3.18 47/47] ping: implement proper locking Greg Kroah-Hartman
                   ` (2 subsequent siblings)
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eun Taik Lee, Laura Abbott, Ben Hutchings

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: EunTaik Lee <eun.taik.lee@samsung.com>

commit 9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 upstream.

There is a use-after-free problem in the ion driver.
This is caused by a race condition in the ion_ioctl()
function.

A handle has ref count of 1 and two tasks on different
cpus calls ION_IOC_FREE simultaneously.

cpu 0                                   cpu 1
-------------------------------------------------------
ion_handle_get_by_id()
(ref == 2)
                            ion_handle_get_by_id()
                            (ref == 3)

ion_free()
(ref == 2)

ion_handle_put()
(ref == 1)

                            ion_free()
                            (ref == 0 so ion_handle_destroy() is
                            called
                            and the handle is freed.)

                            ion_handle_put() is called and it
                            decreases the slub's next free pointer

The problem is detected as an unaligned access in the
spin lock functions since it uses load exclusive
 instruction. In some cases it corrupts the slub's
free pointer which causes a mis-aligned access to the
next free pointer.(kmalloc returns a pointer like
ffffc0745b4580aa). And it causes lots of other
hard-to-debug problems.

This symptom is caused since the first member in the
ion_handle structure is the reference count and the
ion driver decrements the reference after it has been
freed.

To fix this problem client->lock mutex is extended
to protect all the codes that uses the handle.

Signed-off-by: Eun Taik Lee <eun.taik.lee@samsung.com>
Reviewed-by: Laura Abbott <labbott@redhat.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

index 7ff2a7ec871f..33b390e7ea31
---
 drivers/staging/android/ion/ion.c |   55 +++++++++++++++++++++++++++++---------
 1 file changed, 42 insertions(+), 13 deletions(-)

--- a/drivers/staging/android/ion/ion.c
+++ b/drivers/staging/android/ion/ion.c
@@ -389,13 +389,22 @@ static void ion_handle_get(struct ion_ha
 	kref_get(&handle->ref);
 }
 
-static int ion_handle_put(struct ion_handle *handle)
+static int ion_handle_put_nolock(struct ion_handle *handle)
+{
+	int ret;
+
+	ret = kref_put(&handle->ref, ion_handle_destroy);
+
+	return ret;
+}
+
+int ion_handle_put(struct ion_handle *handle)
 {
 	struct ion_client *client = handle->client;
 	int ret;
 
 	mutex_lock(&client->lock);
-	ret = kref_put(&handle->ref, ion_handle_destroy);
+	ret = ion_handle_put_nolock(handle);
 	mutex_unlock(&client->lock);
 
 	return ret;
@@ -419,20 +428,30 @@ static struct ion_handle *ion_handle_loo
 	return ERR_PTR(-EINVAL);
 }
 
-static struct ion_handle *ion_handle_get_by_id(struct ion_client *client,
+static struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client,
 						int id)
 {
 	struct ion_handle *handle;
 
-	mutex_lock(&client->lock);
 	handle = idr_find(&client->idr, id);
 	if (handle)
 		ion_handle_get(handle);
-	mutex_unlock(&client->lock);
 
 	return handle ? handle : ERR_PTR(-EINVAL);
 }
 
+struct ion_handle *ion_handle_get_by_id(struct ion_client *client,
+						int id)
+{
+	struct ion_handle *handle;
+
+	mutex_lock(&client->lock);
+	handle = ion_handle_get_by_id_nolock(client, id);
+	mutex_unlock(&client->lock);
+
+	return handle;
+}
+
 static bool ion_handle_validate(struct ion_client *client,
 				struct ion_handle *handle)
 {
@@ -534,22 +553,28 @@ struct ion_handle *ion_alloc(struct ion_
 }
 EXPORT_SYMBOL(ion_alloc);
 
-void ion_free(struct ion_client *client, struct ion_handle *handle)
+static void ion_free_nolock(struct ion_client *client, struct ion_handle *handle)
 {
 	bool valid_handle;
 
 	BUG_ON(client != handle->client);
 
-	mutex_lock(&client->lock);
 	valid_handle = ion_handle_validate(client, handle);
 
 	if (!valid_handle) {
 		WARN(1, "%s: invalid handle passed to free.\n", __func__);
-		mutex_unlock(&client->lock);
 		return;
 	}
+	ion_handle_put_nolock(handle);
+}
+
+void ion_free(struct ion_client *client, struct ion_handle *handle)
+{
+	BUG_ON(client != handle->client);
+
+	mutex_lock(&client->lock);
+	ion_free_nolock(client, handle);
 	mutex_unlock(&client->lock);
-	ion_handle_put(handle);
 }
 EXPORT_SYMBOL(ion_free);
 
@@ -1278,11 +1303,15 @@ static long ion_ioctl(struct file *filp,
 	{
 		struct ion_handle *handle;
 
-		handle = ion_handle_get_by_id(client, data.handle.handle);
-		if (IS_ERR(handle))
+		mutex_lock(&client->lock);
+		handle = ion_handle_get_by_id_nolock(client, data.handle.handle);
+		if (IS_ERR(handle)) {
+			mutex_unlock(&client->lock);
 			return PTR_ERR(handle);
-		ion_free(client, handle);
-		ion_handle_put(handle);
+		}
+		ion_free_nolock(client, handle);
+		ion_handle_put_nolock(handle);
+		mutex_unlock(&client->lock);
 		break;
 	}
 	case ION_IOC_SHARE:

^ permalink raw reply	[flat|nested] 46+ messages in thread

* [PATCH 3.18 47/47] ping: implement proper locking
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2017-04-28  8:32 ` [PATCH 3.18 46/47] staging/android/ion : fix a race condition in the ion driver Greg Kroah-Hartman
@ 2017-04-28  8:33 ` Greg Kroah-Hartman
  2017-04-28 18:12 ` [PATCH 3.18 00/47] 3.18.51-stable review Guenter Roeck
  2017-04-28 19:19 ` Shuah Khan
  44 siblings, 0 replies; 46+ messages in thread
From: Greg Kroah-Hartman @ 2017-04-28  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Daniel Jiang,
	Solar Designer, Andrey Konovalov, David S. Miller, Ben Hutchings

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

commit 43a6684519ab0a6c52024b5e25322476cabad893 upstream.

We got a report of yet another bug in ping

http://www.openwall.com/lists/oss-security/2017/03/24/6

->disconnect() is not called with socket lock held.

Fix this by acquiring ping rwlock earlier.

Thanks to Daniel, Alexander and Andrey for letting us know this problem.

Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Daniel Jiang <danieljiang0415@gmail.com>
Reported-by: Solar Designer <solar@openwall.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/ipv4/ping.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -154,17 +154,18 @@ void ping_hash(struct sock *sk)
 void ping_unhash(struct sock *sk)
 {
 	struct inet_sock *isk = inet_sk(sk);
+
 	pr_debug("ping_unhash(isk=%p,isk->num=%u)\n", isk, isk->inet_num);
+	write_lock_bh(&ping_table.lock);
 	if (sk_hashed(sk)) {
-		write_lock_bh(&ping_table.lock);
 		hlist_nulls_del(&sk->sk_nulls_node);
 		sk_nulls_node_init(&sk->sk_nulls_node);
 		sock_put(sk);
 		isk->inet_num = 0;
 		isk->inet_sport = 0;
 		sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
-		write_unlock_bh(&ping_table.lock);
 	}
+	write_unlock_bh(&ping_table.lock);
 }
 EXPORT_SYMBOL_GPL(ping_unhash);
 

^ permalink raw reply	[flat|nested] 46+ messages in thread

* Re: [PATCH 3.18 00/47] 3.18.51-stable review
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2017-04-28  8:33 ` [PATCH 3.18 47/47] ping: implement proper locking Greg Kroah-Hartman
@ 2017-04-28 18:12 ` Guenter Roeck
  2017-04-28 19:19 ` Shuah Khan
  44 siblings, 0 replies; 46+ messages in thread
From: Guenter Roeck @ 2017-04-28 18:12 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuahkh, patches, ben.hutchings, stable

On Fri, Apr 28, 2017 at 10:32:13AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.18.51 release.
> There are 47 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun Apr 30 08:30:25 UTC 2017.
> Anything received after that time might be too late.
> 

Build results:
	total: 143 pass: 143 fail: 0
Qemu test results:
	total: 111 pass: 111 fail: 0

Details are available at http://kerneltests.org/builders.

Guenter

^ permalink raw reply	[flat|nested] 46+ messages in thread

* Re: [PATCH 3.18 00/47] 3.18.51-stable review
  2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2017-04-28 18:12 ` [PATCH 3.18 00/47] 3.18.51-stable review Guenter Roeck
@ 2017-04-28 19:19 ` Shuah Khan
  44 siblings, 0 replies; 46+ messages in thread
From: Shuah Khan @ 2017-04-28 19:19 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, stable, Shuah Khan

On 04/28/2017 02:32 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.18.51 release.
> There are 47 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun Apr 30 08:30:25 UTC 2017.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.51-rc1.gz
> or in the git tree and branch at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 46+ messages in thread

end of thread, other threads:[~2017-04-28 19:19 UTC | newest]

Thread overview: 46+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-28  8:32 [PATCH 3.18 00/47] 3.18.51-stable review Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 01/47] KEYS: Disallow keyrings beginning with . to be joined as session keyrings Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 02/47] KEYS: Change the name of the dead type to ".dead" to prevent user access Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 03/47] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 04/47] tracing: Allocate the snapshot buffer before enabling probe Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 05/47] ring-buffer: Have ring_buffer_iter_empty() return true when empty Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 06/47] cifs: Do not send echoes before Negotiate is complete Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 07/47] CIFS: remove bad_network_name flag Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 08/47] s390/mm: fix CMMA vs KSM vs others Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 09/47] Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 10/47] ACPI / power: Avoid maybe-uninitialized warning Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 11/47] mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 12/47] ubi/upd: Always flush after prepared for an update Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 13/47] powerpc/kprobe: Fix oops when kprobed on stdu instruction Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 14/47] x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 15/47] kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 16/47] arm64: avoid returning from bad_mode Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 17/47] clk: at91: usb: fix determine_rate prototype again Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 18/47] gadgetfs: fix uninitialized variable in error handling Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 19/47] dm bufio: hide bogus warning Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 20/47] MIPS: Fix the build on jz4740 after removing the custom gpio.h Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 21/47] perf: Avoid horrible stack usage Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 22/47] fs/nfs: fix new compiler warning about boolean in switch Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 23/47] iommu/vt-d: Remove unused variable Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 24/47] mm/init: fix zone boundary creation Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 25/47] net: ti: cpmac: Fix compiler warning due to type confusion Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 26/47] MIPS: asm: compiler: Add new macros to set ISA and arch asm annotations Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 27/47] nfsd: work around a gcc-5.1 warning Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 29/47] brcmfmac: avoid " Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 30/47] tty: nozomi: avoid a harmless gcc warning Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 31/47] net: vxge: avoid unused function warnings Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 33/47] hostap: avoid uninitialized variable use in hfa384x_get_rid Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 34/47] MIPS: MSP71xx: remove odd locking in PCI config space access code Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 35/47] net: tulip: turn compile-time warning into dev_warn() Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 37/47] gfs2: avoid uninitialized variable warning Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 39/47] ARM: 8296/1: cache-l2x0: clean up aurora cache handling Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 40/47] aic94xx: Skip reading user settings if flash is not found Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 41/47] MIPS: ralink: Cosmetic change to prom_init() Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 42/47] kconfig: tinyconfig: provide whole choice blocks to avoid warnings Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 43/47] ARM: 8383/1: nommu: avoid deprecated source register on mov Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 44/47] [media] xc2028: avoid use after free Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 45/47] vfio/pci: Fix integer overflows, bitmask check Greg Kroah-Hartman
2017-04-28  8:32 ` [PATCH 3.18 46/47] staging/android/ion : fix a race condition in the ion driver Greg Kroah-Hartman
2017-04-28  8:33 ` [PATCH 3.18 47/47] ping: implement proper locking Greg Kroah-Hartman
2017-04-28 18:12 ` [PATCH 3.18 00/47] 3.18.51-stable review Guenter Roeck
2017-04-28 19:19 ` Shuah Khan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).