Kirill A. Shutemov [Thu, 16 Jun 2016 21:26:15 +0000 (23:26 +0200)]
UBIFS: Implement ->migratepage()
During page migrations UBIFS might get confused
and the following assert triggers:
[ 213.480000] UBIFS assert failed in ubifs_set_page_dirty at 1451 (pid 436)
[ 213.490000] CPU: 0 PID: 436 Comm: drm-stress-test Not tainted 4.4.4-00176-geaa802524636-dirty #1008
[ 213.490000] Hardware name: Allwinner sun4i/sun5i Families
[ 213.490000] [<
c0015e70>] (unwind_backtrace) from [<
c0012cdc>] (show_stack+0x10/0x14)
[ 213.490000] [<
c0012cdc>] (show_stack) from [<
c02ad834>] (dump_stack+0x8c/0xa0)
[ 213.490000] [<
c02ad834>] (dump_stack) from [<
c0236ee8>] (ubifs_set_page_dirty+0x44/0x50)
[ 213.490000] [<
c0236ee8>] (ubifs_set_page_dirty) from [<
c00fa0bc>] (try_to_unmap_one+0x10c/0x3a8)
[ 213.490000] [<
c00fa0bc>] (try_to_unmap_one) from [<
c00fadb4>] (rmap_walk+0xb4/0x290)
[ 213.490000] [<
c00fadb4>] (rmap_walk) from [<
c00fb1bc>] (try_to_unmap+0x64/0x80)
[ 213.490000] [<
c00fb1bc>] (try_to_unmap) from [<
c010dc28>] (migrate_pages+0x328/0x7a0)
[ 213.490000] [<
c010dc28>] (migrate_pages) from [<
c00d0cb0>] (alloc_contig_range+0x168/0x2f4)
[ 213.490000] [<
c00d0cb0>] (alloc_contig_range) from [<
c010ec00>] (cma_alloc+0x170/0x2c0)
[ 213.490000] [<
c010ec00>] (cma_alloc) from [<
c001a958>] (__alloc_from_contiguous+0x38/0xd8)
[ 213.490000] [<
c001a958>] (__alloc_from_contiguous) from [<
c001ad44>] (__dma_alloc+0x23c/0x274)
[ 213.490000] [<
c001ad44>] (__dma_alloc) from [<
c001ae08>] (arm_dma_alloc+0x54/0x5c)
[ 213.490000] [<
c001ae08>] (arm_dma_alloc) from [<
c035cecc>] (drm_gem_cma_create+0xb8/0xf0)
[ 213.490000] [<
c035cecc>] (drm_gem_cma_create) from [<
c035cf20>] (drm_gem_cma_create_with_handle+0x1c/0xe8)
[ 213.490000] [<
c035cf20>] (drm_gem_cma_create_with_handle) from [<
c035d088>] (drm_gem_cma_dumb_create+0x3c/0x48)
[ 213.490000] [<
c035d088>] (drm_gem_cma_dumb_create) from [<
c0341ed8>] (drm_ioctl+0x12c/0x444)
[ 213.490000] [<
c0341ed8>] (drm_ioctl) from [<
c0121adc>] (do_vfs_ioctl+0x3f4/0x614)
[ 213.490000] [<
c0121adc>] (do_vfs_ioctl) from [<
c0121d30>] (SyS_ioctl+0x34/0x5c)
[ 213.490000] [<
c0121d30>] (SyS_ioctl) from [<
c000f2c0>] (ret_fast_syscall+0x0/0x34)
UBIFS is using PagePrivate() which can have different meanings across
filesystems. Therefore the generic page migration code cannot handle this
case correctly.
We have to implement our own migration function which basically does a
plain copy but also duplicates the page private flag.
UBIFS is not a block device filesystem and cannot use buffer_migrate_page().
Cc: stable@vger.kernel.org
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[rw: Massaged changelog, build fixes, etc...]
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Christoph Hellwig <hch@lst.de>
Richard Weinberger [Thu, 16 Jun 2016 21:26:14 +0000 (23:26 +0200)]
mm: Export migrate_page_move_mapping and migrate_page_copy
Export these symbols such that UBIFS can implement
->migratepage.
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Christoph Hellwig <hch@lst.de>
Richard Weinberger [Mon, 20 Jun 2016 22:31:50 +0000 (00:31 +0200)]
ubi: Make recover_peb power cut aware
recover_peb() was never power cut aware,
if a power cut happened right after writing the VID header
upon next attach UBI would blindly use the new partial written
PEB and all data from the old PEB is lost.
In order to make recover_peb() power cut aware, write the new
VID with a proper crc and copy_flag set such that the UBI attach
process will detect whether the new PEB is completely written
or not.
We cannot directly use ubi_eba_atomic_leb_change() since we'd
have to unlock the LEB which is facing a write error.
Cc: stable@vger.kernel.org
Reported-by: Jörg Pfähler <pfaehler@isse.de>
Reviewed-by: Jörg Pfähler <pfaehler@isse.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Linus Walleij [Thu, 16 Jun 2016 09:55:55 +0000 (11:55 +0200)]
gpio: make library immune to error pointers
Most functions that take a GPIO descriptor in need to check the
descriptor for IS_ERR(). We do this mostly in the VALIDATE_DESC()
macro except for the gpiod_to_irq() function which needs special
handling.
Cc: stable@vger.kernel.org
Reported-by: Grygorii Strashko <grygorii.strashko@ti.com>
Reviewed-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Linus Walleij [Wed, 15 Jun 2016 20:57:38 +0000 (22:57 +0200)]
gpio: make sure gpiod_to_irq() returns negative on NULL desc
commit
54d77198fdfbc4f0fe11b4252c1d9c97d51a3264
("gpio: bail out silently on NULL descriptors")
doesn't work for gpiod_to_irq(): drivers assume that NULL
descriptors will give negative IRQ numbers in return.
It has been pointed out that returning 0 is NO_IRQ and that
drivers should be amended to treat this as an error, but that
is for the longer term: now let us repair the semantics.
Cc: Maxime Ripard <maxime.ripard@free-electrons.com>
Reported-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Axel Lin [Mon, 13 Jun 2016 05:48:53 +0000 (13:48 +0800)]
gpio: 104-idi-48: Fix missing spin_lock_init for ack_lock
Fixes:
9ae482104cb9 ("gpio: 104-idi-48: Clear pending interrupt once in IRQ handler")
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Linus Torvalds [Mon, 20 Jun 2016 17:41:51 +0000 (10:41 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
"A couple more of d_walk()/d_subdirs reordering fixes (stable fodder;
ought to solve that crap for good) and a fix for a brown paperbag bug
in d_alloc_parallel() (this cycle)"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix idiotic braino in d_alloc_parallel()
autofs races
much milder d_walk() race
Linus Torvalds [Mon, 20 Jun 2016 17:35:48 +0000 (10:35 -0700)]
Merge tag 'trace-v4.7-rc3' of git://git./linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"Two fixes for the tracing system:
- When trace_printk() is used with a non constant format descriptor,
it adds a NULL pointer into the trace format section, and the code
isn't prepared to deal with it. This bug appeared by a change that
was added in v3.5.
- The ftracetest (selftests section) can't handle testing histograms
when histograms are not configured. Currently it shows that they
fail the test, when they should state that they are unsupported.
This bug was added in the 4.7 merge window with the addition of the
historgram code"
* tag 'trace-v4.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ftracetest: Fix hist unsupported result in hist selftests
tracing: Handle NULL formats in hold_module_trace_bprintk_format()
Linus Torvalds [Mon, 20 Jun 2016 17:18:58 +0000 (10:18 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
"Two more bugs fixes for 4.7:
- a KVM regression introduced with the pgtable.c code split
- a perf issue with two hardware PMUs using a shared event context"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/cpum_cf: use perf software context for hardware counters
KVM: s390/mm: Fix CMMA reset during reboot
Linus Torvalds [Mon, 20 Jun 2016 17:04:12 +0000 (10:04 -0700)]
Merge tag 'hwmon-for-linus-v4.7-rc4' of git://git./linux/kernel/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
"Two stability fixes plus a security fix for the dell-smm driver"
* tag 'hwmon-for-linus-v4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (dell-smm) Disallow fan_type() calls on broken machines
hwmon: (dell-smm) Restrict fan control and serial number to CAP_SYS_ADMIN by default
hwmon: (dell-smm) Fail in ioctl I8K_BIOS_VERSION when bios version is not a number
Al Viro [Mon, 20 Jun 2016 05:35:59 +0000 (01:35 -0400)]
fix idiotic braino in d_alloc_parallel()
Check for d_unhashed() while searching in in-lookup hash was absolutely
wrong. Worse, it masked a deadlock on dget() done under bitlock that
nests inside ->d_lock. Thanks to J. R. Okajima for spotting it.
Spotted-by: "J. R. Okajima" <hooanon05g@gmail.com>
Wearing-brown-paperbag: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Steven Rostedt (Red Hat) [Mon, 23 May 2016 19:06:30 +0000 (15:06 -0400)]
ftracetest: Fix hist unsupported result in hist selftests
When histograms are not configured in the kernel, the ftracetest histogram
selftests should return "unsupported" and not "Failed". To detect this, the
test scripts have:
FEATURE=`grep hist events/sched/sched_process_fork/trigger`
if [ -z "$FEATURE" ]; then
echo "hist trigger is not supported"
exit_unsupported
fi
The problem is that '-e' is in effect and any error will cause the program
to terminate. The grep for 'hist' fails, because it is not compiled it (thus
unsupported), but because grep has an error code for failing to find the
string, it causes the program to terminate, and is marked as a failed test.
Namhyung Kim recommended to test for the "hist" file located in
events/sched/sched_process_fork/hist instead, as it is more inline with the
other checks. As the hist file is only created if the histogram feature is
enabled, that is a valid check.
Link: http://lkml.kernel.org/r/20160523151538.4ea9ce0c@gandalf.local.home
Suggested-by: Namhyung Kim <namhyung@kernel.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Fixes:
76929ab51f0ee ("kselftests/ftrace: Add hist trigger testcases")
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Steven Rostedt (Red Hat) [Fri, 17 Jun 2016 20:10:42 +0000 (16:10 -0400)]
tracing: Handle NULL formats in hold_module_trace_bprintk_format()
If a task uses a non constant string for the format parameter in
trace_printk(), then the trace_printk_fmt variable is set to NULL. This
variable is then saved in the __trace_printk_fmt section.
The function hold_module_trace_bprintk_format() checks to see if duplicate
formats are used by modules, and reuses them if so (saves them to the list
if it is new). But this function calls lookup_format() that does a strcmp()
to the value (which is now NULL) and can cause a kernel oops.
This wasn't an issue till
3debb0a9ddb ("tracing: Fix trace_printk() to print
when not using bprintk()") which added "__used" to the trace_printk_fmt
variable, and before that, the kernel simply optimized it out (no NULL value
was saved).
The fix is simply to handle the NULL pointer in lookup_format() and have the
caller ignore the value if it was NULL.
Link: http://lkml.kernel.org/r/1464769870-18344-1-git-send-email-zhengjun.xing@intel.com
Reported-by: xingzhen <zhengjun.xing@intel.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Fixes:
3debb0a9ddb ("tracing: Fix trace_printk() to print when not using bprintk()")
Cc: stable@vger.kernel.org # v3.5+
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Linus Torvalds [Mon, 20 Jun 2016 04:30:02 +0000 (21:30 -0700)]
Linux 4.7-rc4
Linus Torvalds [Sun, 19 Jun 2016 17:05:14 +0000 (07:05 -1000)]
Merge branch 'for_linus' of git://git./linux/kernel/git/jack/linux-fs
Pull UDF fixes and a reiserfs fix from Jan Kara:
"A couple of udf fixes (most notably a bug in parsing UDF partitions
which led to inability to mount recent Windows installation media) and
a reiserfs fix for handling kstrdup failure"
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
reiserfs: check kstrdup failure
udf: Use correct partition reference number for metadata
udf: Use IS_ERR when loading metadata mirror file entry
udf: Don't BUG on missing metadata partition descriptor
Linus Torvalds [Sun, 19 Jun 2016 16:52:20 +0000 (06:52 -1000)]
Merge tag 'dmaengine-fix-4.7-rc4' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"Some fixes has piled up, so time to send them upstream.
These fixes include:
- at_xdmac fixes for residue and other stuff
- update MAINTAINERS for dma dt bindings
- mv_xor fix for incorrect offset"
* tag 'dmaengine-fix-4.7-rc4' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: mv_xor: Fix incorrect offset in dma_map_page()
dmaengine: at_xdmac: double FIFO flush needed to compute residue
dmaengine: at_xdmac: fix residue corruption
dmaengine: at_xdmac: align descriptors on 64 bits
MAINTAINERS: Add file patterns for dma device tree bindings
Linus Torvalds [Sun, 19 Jun 2016 06:36:17 +0000 (20:36 -1000)]
Merge tag 'armsoc-fixes' of git://git./linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"Another batch of fixes for ARM SoC platforms. Most are smaller fixes.
Two areas that are worth pointing out are:
- OMAP had a handful of changes to voltage specs that caused a bit of
churn, most of volume of change in this branch is due to this.
- There are a couple of _rcuidle fixes from Paul that touch common
code and came in through the OMAP tree since they were the ones who
saw the problems.
The rest is smaller changes across a handful of platforms"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (36 commits)
ARM: dts: STi: stih407-family: Disable reserved-memory co-processor nodes
ARM: dts: am437x-sk-evm: Reduce i2c0 bus speed for tps65218
ARM: OMAP2+: timer: add probe for clocksources
ARM: OMAP1: fix ams-delta FIQ handler to work with sparse IRQ
memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing
arm: Use _rcuidle for smp_cross_call() tracepoints
MAINTAINERS: Add myself as reviewer of ARM FSL/NXP
ARM: OMAP: DRA7: powerdomain data: Remove unused pwrsts_mem_ret
ARM: OMAP: DRA7: powerdomain data: Remove unused pwrsts_logic_ret
ARM: OMAP: DRA7: powerdomain data: Set L3init and L4per to ON
ARM: imx6ul: Fix Micrel PHY mask
ARM: OMAP2+: Select OMAP_INTERCONNECT for SOC_AM43XX
ARM: dts: DRA74x: fix DSS PLL2 addresses
ARM: OMAP2: Enable Errata 430973 for OMAP3
ARM: dts: socfpga: Add missing PHY phandle
ARM: dts: exynos: Fix port nodes names for Exynos5420 Peach Pit board
ARM: dts: exynos: Fix port nodes names for Exynos5250 Snow board
ARM: dts: sun6i: yones-toptech-bs1078-v2: Drop constraints on dc1sw regulator
ARM: dts: sun6i: primo81: Drop constraints on dc1sw regulator
ARM: dts: sunxi: Add OLinuXino Lime2 eMMC to the Makefile
...
Olof Johansson [Sun, 19 Jun 2016 05:59:07 +0000 (22:59 -0700)]
Merge tag 'gpmc-omap-fixes-for-v4.7' of https://github.com/rogerq/linux into fixes
OMAP-GPMC: Fixes for for v4.7-rc cycle:
- Fix omap gpmc EXTRADELAY timing. The DT provided timings
were wrongly used causing devices requiring extra delay timing
to fail.
* tag 'gpmc-omap-fixes-for-v4.7' of https://github.com/rogerq/linux:
memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing
+ Linux 4.7-rc3
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Sun, 19 Jun 2016 05:57:48 +0000 (22:57 -0700)]
Merge tag 'omap-for-v4.7/fixes-powedomain' of git://git./linux/kernel/git/tmlind/linux-omap into fixes
Fixes for omaps for v4.7-rc cycle:
- Fix dra7 for hardware issues limiting L4Per and L3init power domains
to on state. Without this the devices may not work correctly after
some time of use because of asymmetric aging. And related to this,
let's also remove the unusable states.
- Always select omap interconnect for am43x as otherwise the am43x
only configurations will not boot properly. This can happen easily
for any product kernels that leave out other SoCs to save memory.
- Fix DSS PLL2 addresses that have gone unused for now
- Select erratum 430973 for omap3, this is now safe to do and can
save quite a bit of debugging time for people who may have left
it out.
* tag 'omap-for-v4.7/fixes-powedomain' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: OMAP: DRA7: powerdomain data: Remove unused pwrsts_mem_ret
ARM: OMAP: DRA7: powerdomain data: Remove unused pwrsts_logic_ret
ARM: OMAP: DRA7: powerdomain data: Set L3init and L4per to ON
ARM: OMAP2+: Select OMAP_INTERCONNECT for SOC_AM43XX
ARM: dts: DRA74x: fix DSS PLL2 addresses
ARM: OMAP2: Enable Errata 430973 for OMAP3
+ Linux 4.7-rc2
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Sun, 19 Jun 2016 05:21:52 +0000 (22:21 -0700)]
Merge tag 'fixes-rcu-fiq-signed' of git://git./linux/kernel/git/tmlind/linux-omap into fixes
Fixes for omaps for v4.7-rc cycle:
- Two boot warning fixes from the RCU tree that should have gotten
merged several weeks ago already but did not because of issues
with who merges them. Paul has now split the RCU warning fixes into
sets for various maintainers.
- Fix ams-delta FIQ regression caused by omap1 sparse IRQ changes
- Fix PM for omap3 boards using timer12 and gptimer, like the
original beagleboard
- Fix hangs on am437x-sk-evm by lowering the I2C bus speed
* tag 'fixes-rcu-fiq-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: dts: am437x-sk-evm: Reduce i2c0 bus speed for tps65218
ARM: OMAP2+: timer: add probe for clocksources
ARM: OMAP1: fix ams-delta FIQ handler to work with sparse IRQ
arm: Use _rcuidle for smp_cross_call() tracepoints
arm: Use _rcuidle tracepoint to allow use from idle
Signed-off-by: Olof Johansson <olof@lixom.net>
Lee Jones [Fri, 17 Jun 2016 11:44:18 +0000 (13:44 +0200)]
ARM: dts: STi: stih407-family: Disable reserved-memory co-processor nodes
This patch fixes a non-booting issue in Mainline.
When booting with a compressed kernel, we need to be careful how we
populate memory close to DDR start. AUTO_ZRELADDR is enabled by default
in multi-arch enabled configurations, which place some restrictions on
where the kernel is placed and where it will be uncompressed to on boot.
AUTO_ZRELADDR takes the decompressor code's start address and masks out
the bottom 28 bits to obtain an address to uncompress the kernel to
(thus a load address of 0x42000000 means that the kernel will be
uncompressed to 0x40000000 i.e. DDR START on this platform).
Even changing the load address to after the co-processor's shared memory
won't render a booting platform, since the AUTO_ZRELADDR algorithm still
ensures the kernel is uncompressed into memory shared with the first
co-processor (0x40000000).
Another option would be to move loading to 0x4A000000, since this will
mean the decompressor will decompress the kernel to 0x48000000. However,
this would mean a large chunk (0x44000000 => 0x48000000 (64MB)) of
memory would essentially be wasted for no good reason.
Until we can work with ST to find a suitable memory location to
relocate co-processor shared memory, let's disable the shared memory
nodes. This will ensure a working platform in the mean time.
NB: The more observant of you will notice that we're leaving the DMU
shared memory node enabled; this is because a) it is the only one in
active use at the time of this writing and b) it is not affected by
the current default behaviour which is causing issues.
Fixes: fe135c6 (ARM: dts: STiH407: Move over to using the 'reserved-memory' API for obtaining DMA memory)
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Reviewed-by Peter Griffin <peter.griffin@linaro.org>
Signed-off-by: Maxime Coquelin <maxime.coquelin@st.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Sun, 19 Jun 2016 05:18:45 +0000 (22:18 -0700)]
Merge tag 'imx-fixes-4.7' of git://git./linux/kernel/git/shawnguo/linux into fixes
The i.MX fixes for 4.7:
- Correct Micrel PHY mask to fix the issue that i.MX6UL ethernet works
in U-Boot but not in kernel.
* tag 'imx-fixes-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: imx6ul: Fix Micrel PHY mask
Signed-off-by: Olof Johansson <olof@lixom.net>
Linus Torvalds [Sun, 19 Jun 2016 01:20:15 +0000 (15:20 -1000)]
Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
"A couple of fixes for pmd_mknotpresent()/pmd_present() for LPAE
systems"
* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: 8579/1: mm: Fix definition of pmd_mknotpresent
ARM: 8578/1: mm: ensure pmd_present only checks the valid bit
Pali Rohár [Fri, 17 Jun 2016 22:54:46 +0000 (00:54 +0200)]
hwmon: (dell-smm) Disallow fan_type() calls on broken machines
Some Dell machines have especially broken SMM or BIOS which cause that once
fan_type() is called then CPU fan speed going randomly up and down. And for
fixing this behaviour reboot is required.
So this patch creates fan_type blacklist of affected Dell machines and
disallow fan_type() call on them to prevent that erratic behaviour.
Old blacklist which disabled loading driver on some machines added in
commits
a4b45b25f18d ("hwmon: (dell-smm) Blacklist Dell Studio XPS 8100")
and
6220f4ebd7b4 ("hwmon: (dell-smm) Blacklist Dell Studio XPS 8000") were
moved to FAN_TYPE blacklist.
Reported-by: Jan C Peters <jcpeters89@gmail.com>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=100121
Cc: stable@vger.kernel.org # v4.0+, will need backport
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Pali Rohár [Fri, 17 Jun 2016 22:54:45 +0000 (00:54 +0200)]
hwmon: (dell-smm) Restrict fan control and serial number to CAP_SYS_ADMIN by default
For security reasons ordinary user must not be able to control fan speed
via /proc/i8k by default. Some malicious software running under "nobody"
user could be able to turn fan off and cause HW problems. So this patch
changes default value of "restricted" parameter to 1.
Also restrict reading of DMI_PRODUCT_SERIAL from /proc/i8k via "restricted"
parameter. It is because non root user cannot read DMI_PRODUCT_SERIAL from
sysfs file /sys/class/dmi/id/product_serial.
Old non secure behaviour of file /proc/i8k can be achieved by loading this
module with "restricted" parameter set to 0.
Note that this patch has effects only for kernels compiled with CONFIG_I8K
and only for file /proc/i8k. Hwmon interface provided by this driver was
not changed and root access for setting fan speed was needed also before.
Reported-by: Mario Limonciello <Mario_Limonciello@dell.com>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Cc: stable@vger.kernel.org # will need backport
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Pali Rohár [Fri, 17 Jun 2016 22:54:44 +0000 (00:54 +0200)]
hwmon: (dell-smm) Fail in ioctl I8K_BIOS_VERSION when bios version is not a number
ABI of I8K_BIOS_VERSION ioctl can return only number. But new BIOS versions
contain also other characters, which does not fit into that ABI. So in case
of non digit values return -EINVAL.
Reported-by: Mario Limonciello <Mario_Limonciello@dell.com>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Linus Torvalds [Sat, 18 Jun 2016 16:06:49 +0000 (06:06 -1000)]
Merge tag 'usb-4.7-rc4' of git://git./linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a bunch (65) of USB fixes for 4.7-rc4. Sorry about the
quantity, I've been slow in getting these out.
The majority are the "normal" gadget, musb, and xhci fixes, that we
all are used to. There are also a few other tiny fixes resolving a
number of reported issues that showed up in 4.7-rc1.
All of these have been in linux-next"
* tag 'usb-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (65 commits)
usbip: rate limit get_frame_number message
usb: musb: sunxi: Remove bogus "Frees glue" comment
usb: musb: sunxi: Fix NULL ptr deref when gadget is registered before musb
usb: echi-hcd: Add ehci_setup check before echi_shutdown
usb: host: ehci-msm: Conditionally call ehci suspend/resume
MAINTAINERS: Add file patterns for usb device tree bindings
usb: host: ehci-tegra: Avoid getting the same reset twice
usb: host: ehci-tegra: Grab the correct UTMI pads reset
USB: mos7720: delete parport
USB: OHCI: Don't mark EDs as ED_OPER if scheduling fails
phy: ti-pipe3: Program the DPLL even if it was already locked
usb: musb: Stop bulk endpoint while queue is rotated
usb: musb: Ensure rx reinit occurs for shared_fifo endpoints
usb: musb: host: correct cppi dma channel for isoch transfer
usb: musb: only restore devctl when session was set in backup
usb: phy: Check initial state for twl6030
usb: musb: Use normal module_init for 2430 glue
usb: musb: Remove pm_runtime_set_irq_safe
usb: musb: Remove extra PM runtime calls from 2430 glue layer
usb: musb: Return error value from musb_mailbox
...
Linus Torvalds [Sat, 18 Jun 2016 16:05:28 +0000 (06:05 -1000)]
Merge tag 'staging-4.7-rc4' of git://git./linux/kernel/git/gregkh/staging
Pull IIO and staging fixes from Greg KH:
"Here are a number of IIO and staging bugfixes for 4.7-rc4.
Nothing huge, the normal amount of iio driver fixes, and some small
staging driver bugfixes for some reported problems (2 are reverts of
patches that went into 4.7-rc1). All have been in linux-next with no
reported issues"
* tag 'staging-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (24 commits)
Revert "Staging: rtl8188eu: rtw_efuse: Use sizeof type *pointer instead of sizeof type."
Revert "Staging: drivers: rtl8188eu: use sizeof(*ptr) instead of sizeof(struct)"
staging: lustre: lnet: Don't access NULL NI on failure path
iio: hudmidity: hdc100x: fix incorrect shifting and scaling
iio: light apds9960: Add the missing dev.parent
iio: Fix error handling in iio_trigger_attach_poll_func
iio: st_sensors: Disable DRDY at init time
iio: st_sensors: Init trigger before irq request
iio: st_sensors: switch to a threaded interrupt
iio: light: bh1780: assign a static name
iio: bh1780: dereference the client properly
iio: humidity: hdc100x: fix IIO_TEMP channel reporting
iio:st_pressure: fix sampling gains (bring inline with ABI)
iio: proximity: as3935: fix buffer stack trashing
iio: proximity: as3935: remove triggered buffer processing
iio: proximity: as3935: correct IIO_CHAN_INFO_RAW output
max44000: Remove scale from proximity
iio: humidity: am2315: Remove a stray unlock
iio: humidity: hdc100x: correct humidity integration time mask
iio: pressure: bmp280: fix error message for wrong chip id
...
Linus Torvalds [Sat, 18 Jun 2016 16:04:01 +0000 (06:04 -1000)]
Merge tag 'driver-core-4.7-rc4' of git://git./linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are a small number of debugfs, ISA, and one driver core fix for
4.7-rc4.
All of these resolve reported issues. The ISA ones have spent the
least amount of time in linux-next, sorry about that, I didn't realize
they were regressions that needed to get in now (thanks to Thorsten
for the prodding!) but they do all pass the 0-day bot tests. The
others have been in linux-next for a while now.
Full details about them are in the shortlog below"
* tag 'driver-core-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
isa: Dummy isa_register_driver should return error code
isa: Call isa_bus_init before dependent ISA bus drivers register
watchdog: ebc-c384_wdt: Allow build for X86_64
iio: stx104: Allow build for X86_64
gpio: Allow PC/104 devices on X86_64
isa: Allow ISA-style drivers on modern systems
base: make module_create_drivers_dir race-free
debugfs: open_proxy_open(): avoid double fops release
debugfs: full_proxy_open(): free proxy on ->open() failure
kernel/kcov: unproxify debugfs file's fops
Linus Torvalds [Sat, 18 Jun 2016 16:02:37 +0000 (06:02 -1000)]
Merge tag 'char-misc-4.7-rc4' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are a small number of char and misc driver fixes for 4.7-rc4.
They resolve some minor issues that have been reported, and have all
been in linux-next"
* tag 'char-misc-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
coresight: Handle build path error
coresight: Fix erroneous memset in tmc_read_unprepare_etr
coresight: Fix tmc_read_unprepare_etr
coresight: Fix NULL pointer dereference in _coresight_build_path
extcon: palmas: Fix boot up state of VBUS when using GPIO detection
mcb: Acquire reference to carrier module in core
mcb: Acquire reference to device in probe
mei: don't use wake_up_interruptible for wr_ctrl
Linus Torvalds [Sat, 18 Jun 2016 15:57:59 +0000 (05:57 -1000)]
Merge branch 'for-linus-4.7' of git://git./linux/kernel/git/mason/linux-btrfs
Pull btrfs fixes from Chris Mason:
"The most user visible change here is a fix for our recent superblock
validation checks that were causing problems on non-4k pagesized
systems"
* 'for-linus-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
Btrfs: btrfs_check_super_valid: Allow 4096 as stripesize
btrfs: remove build fixup for qgroup_account_snapshot
btrfs: use new error message helper in qgroup_account_snapshot
btrfs: avoid blocking open_ctree from cleaner_kthread
Btrfs: don't BUG_ON() in btrfs_orphan_add
btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
Btrfs: check if extent buffer is aligned to sectorsize
btrfs: Use correct format specifier
Linus Torvalds [Sat, 18 Jun 2016 06:22:37 +0000 (20:22 -1000)]
Merge tag 'acpi-4.7-rc4' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Revert a recent ACPICA commit that introduced a suspend-to-RAM
regression on one system due to incorrect information in its ACPI
tables that had not been taken into consideration at all before (and
everything worked), but the commit in question started to use it"
* tag 'acpi-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Revert "ACPICA: ACPI 2.0, Hardware: Add access_width/bit_offset support for acpi_hw_write()"
Linus Torvalds [Sat, 18 Jun 2016 06:08:00 +0000 (20:08 -1000)]
Merge tag 'pm-4.7-rc4' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"Fixes for two recent regressions that may lead to degraded performance
(operating performance points framework, intel_pstate).
Specifics:
- Fix a recent regression in the intel_pstate driver that may lead to
degraded performance on some systems due to missing turbo state
entry in the table returned by the ACPI _PSS object (Srinivas
Pandruvada).
- Fix a recent regression in the OPP (operating performance points)
framework that may lead to degraded performance on some systems
where the OPP table is created too early (Viresh Kumar)"
* tag 'pm-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / OPP: Add 'UNKNOWN' status for shared_opp in struct opp_table
cpufreq: intel_pstate: Adjust _PSS[0] freqeuency if needed
Linus Torvalds [Sat, 18 Jun 2016 05:27:12 +0000 (19:27 -1000)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jikos/hid
Pull HID subsystem fixes from Jiri Kosina:
- kernel panic fix in hid-elo from Oliver Neukum
- Surface Pro 3 device quirk from Benjamin Tissoires
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: multitouch: Add MT_QUIRK_NOT_SEEN_MEANS_UP to Surface Pro 3
HID: elo: kill not flush the work
William Breathitt Gray [Mon, 9 May 2016 13:39:50 +0000 (09:39 -0400)]
isa: Dummy isa_register_driver should return error code
The inline isa_register_driver stub simply allows compilation on systems
with CONFIG_ISA disabled; the dummy isa_register_driver does not
register an isa_driver at all. The inline isa_register_driver should
return -ENODEV to indicate lack of support when attempting to register
an isa_driver on such a system with CONFIG_ISA disabled.
Cc: Matthew Wilcox <matthew@wil.cx>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Tested-by: Ye Xiaolong
Signed-off-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
William Breathitt Gray [Wed, 11 May 2016 21:01:40 +0000 (17:01 -0400)]
isa: Call isa_bus_init before dependent ISA bus drivers register
The isa_bus_init function must be called before drivers which utilize
the ISA bus driver are registered. A race condition for initilization
exists if device_initcall is used (the isa_bus_init callback is placed
in the same initcall level as dependent drivers which use module_init).
This patch ensures that isa_bus_init is called first by utilizing
postcore_initcall in favor of device_initcall.
Fixes:
a5117ba7da37 ("[PATCH] Driver model: add ISA bus")
Cc: Rene Herman <rene.herman@keyaccess.nl>
Signed-off-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
William Breathitt Gray [Fri, 27 May 2016 22:09:27 +0000 (18:09 -0400)]
watchdog: ebc-c384_wdt: Allow build for X86_64
With the introduction of the ISA_BUS_API Kconfig option, ISA-style
drivers may be built for X86_64 architectures. This patch changes the
ISA Kconfig option dependency of the WinSystems EBC-C384 watchdog timer
driver to ISA_BUS_API, thus allowing it to build for X86_64 as it is
expected to.
Cc: Wim Van Sebroeck <wim@iguana.be>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
William Breathitt Gray [Fri, 27 May 2016 22:09:08 +0000 (18:09 -0400)]
iio: stx104: Allow build for X86_64
With the introduction of the ISA_BUS_API Kconfig option, ISA-style
drivers may be built for X86_64 architectures. This patch changes the
ISA Kconfig option dependency of the Apex Embedded Systems STX104 DAC
driver to ISA_BUS_API, thus allowing it to build for X86_64 as it is
expected to.
Cc: Hartmut Knaack <knaack.h@gmx.de>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Cc: Peter Meerwald-Stadler <pmeerw@pmeerw.net>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Acked-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
William Breathitt Gray [Fri, 27 May 2016 22:08:56 +0000 (18:08 -0400)]
gpio: Allow PC/104 devices on X86_64
With the introduction of the ISA_BUS_API Kconfig option, ISA-style
drivers may be built for X86_64 architectures. This patch changes the
ISA Kconfig option dependency of the PC/104 drivers to ISA_BUS_API, thus
allowing them to build for X86_64 as they are expected to.
Cc: Alexandre Courbot <gnurou@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
William Breathitt Gray [Fri, 27 May 2016 22:08:27 +0000 (18:08 -0400)]
isa: Allow ISA-style drivers on modern systems
Several modern devices, such as PC/104 cards, are expected to run on
modern systems via an ISA bus interface. Since ISA is a legacy interface
for most modern architectures, ISA support should remain disabled in
general. Support for ISA-style drivers should be enabled on a per driver
basis.
To allow ISA-style drivers on modern systems, this patch introduces the
ISA_BUS_API and ISA_BUS Kconfig options. The ISA bus driver will now
build conditionally on the ISA_BUS_API Kconfig option, which defaults to
the legacy ISA Kconfig option. The ISA_BUS Kconfig option allows the
ISA_BUS_API Kconfig option to be selected on architectures which do not
enable ISA (e.g. X86_64).
The ISA_BUS Kconfig option is currently only implemented for X86
architectures. Other architectures may have their own ISA_BUS Kconfig
options added as required.
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Tue, 14 Jun 2016 20:41:07 +0000 (13:41 -0700)]
usbip: rate limit get_frame_number message
It's annoying to constantly see the same "Not yet implemented" message
over and over with nothing able to be done about it, so rate limit it
for now to keep user's logs "clean".
Reported-by: Lars Täuber <lars.taeuber@web.de>
Tested-by: Lars Täuber <lars.taeuber@web.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rafael J. Wysocki [Fri, 17 Jun 2016 23:55:55 +0000 (01:55 +0200)]
Merge branch 'acpica-fixes'
* acpica-fixes:
Revert "ACPICA: ACPI 2.0, Hardware: Add access_width/bit_offset support for acpi_hw_write()"
Rafael J. Wysocki [Fri, 17 Jun 2016 23:55:13 +0000 (01:55 +0200)]
Merge branches 'pm-opp' and 'pm-cpufreq-fixes'
* pm-opp:
PM / OPP: Add 'UNKNOWN' status for shared_opp in struct opp_table
* pm-cpufreq-fixes:
cpufreq: intel_pstate: Adjust _PSS[0] freqeuency if needed
Hans de Goede [Sun, 5 Jun 2016 19:01:19 +0000 (21:01 +0200)]
Revert "Staging: rtl8188eu: rtw_efuse: Use sizeof type *pointer instead of sizeof type."
This reverts commit
b5e12ec38331 ("Staging: rtl8188eu: rtw_efuse: Use
sizeof type *pointer instead of sizeof type.").
This commit is wrong, the rtw_malloc2d helper function takes the size of
the array elements as its 3th argument, whereas sizeof(*eFuseWord)
gives the size of a pointer instead of the size of a u16.
Since sizeof(void *) > sizeof(u16) this has no adverse effects, but it
is still wrong.
Cc: Sandhya Bankar <bankarsandhya512@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hans de Goede [Sun, 5 Jun 2016 19:01:18 +0000 (21:01 +0200)]
Revert "Staging: drivers: rtl8188eu: use sizeof(*ptr) instead of sizeof(struct)"
This reverts commit
99aded71b52c ("Staging: drivers: rtl8188eu: use
sizeof(*ptr) instead of sizeof(struct)").
This commit is wrong, as adapt->HalData has a type of "void *", so
now we are allocating a much to small struct, which causes the driver
to overwrite random memory which leads to a non working driver and
various system crashes.
Cc: Jacky Boen <aqiank@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Fri, 17 Jun 2016 17:19:13 +0000 (07:19 -1000)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"The main things are getting kgdb up and running with upstream GDB
after a protocol change was reverted and fixing our spin_unlock_wait
and spin_is_locked implementations after doing some similar work with
PeterZ on the qspinlock code last week. Whilst we haven't seen any
failures in practice, it's still worth getting this fixed.
Summary:
- Plug the ongoing spin_unlock_wait/spin_is_locked mess
- KGDB protocol fix to sync w/ GDB
- Fix MIDR-based PMU probing for old 32-bit SMP systems
(OMAP4/Realview)
- Minor tweaks to the fault handling path"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: kgdb: Match pstate size with gdbserver protocol
arm64: spinlock: Ensure forward-progress in spin_unlock_wait
arm64: spinlock: fix spin_unlock_wait for LSE atomics
arm64: spinlock: order spin_{is_locked,unlock_wait} against local locks
arm: pmu: Fix non-devicetree probing
arm64: mm: mark fault_info table const
arm64: fix dump_instr when PAN and UAO are in use
Linus Torvalds [Fri, 17 Jun 2016 17:15:43 +0000 (07:15 -1000)]
Merge tag 'iommu-fixes-v4.7-rc3' of git://git./linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
"Three patches queued up:
- Fix for ARM-SMMU to add a missing iommu-ops callback which is
required by common iommu code
- Fix for the rockchip iommu where the wrong MMUs got the commands
- A regression fix for the Intel VT-d driver. The regression only
showed up on X58 chipsets with more than one iommu. These chipsets
seem to require that QI is enabled on all IOMMUs before it can be
used"
* tag 'iommu-fixes-v4.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/vt-d: Enable QI on all IOMMUs before setting root entry
iommu/rockchip: Fix zap cache during device attach
iommu/arm-smmu: Wire up map_sg for arm-smmu-v3
Linus Torvalds [Fri, 17 Jun 2016 17:06:57 +0000 (07:06 -1000)]
Merge tag 'for-4.7-rc4' of git://git./linux/kernel/git/j.anaszewski/linux-leds
Pull LED fixes from Jacek Anaszewski:
- Fix brightness setting upon hardware blinking enabled
- Handle suspend/resume in heartbeat trigger
* tag 'for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
leds: handle suspend/resume in heartbeat trigger
leds: core: Fix brightness setting upon hardware blinking enabled
Chris Mason [Fri, 17 Jun 2016 17:04:57 +0000 (10:04 -0700)]
Merge branch 'for-chris' of git://git./linux/kernel/git/kdave/linux into for-linus-4.7
Chandan Rajendra [Thu, 16 Jun 2016 16:37:58 +0000 (22:07 +0530)]
Btrfs: btrfs_check_super_valid: Allow 4096 as stripesize
Older btrfs-progs/mkfs.btrfs sets 4096 as the stripesize. Hence
restricting stripesize to be equal to sectorsize would cause super block
validation to return an error on architectures where PAGE_SIZE is not
equal to 4096.
Hence as a workaround, this commit allows stripesize to be set to 4096
bytes.
Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Signed-off-by: David Sterba <dsterba@suse.com>
David Sterba [Thu, 16 Jun 2016 15:34:28 +0000 (17:34 +0200)]
btrfs: remove build fixup for qgroup_account_snapshot
Introduced in
2c1984f244838477aab ("btrfs: build fixup for
qgroup_account_snapshot") as temporary bisectability build fixup.
Signed-off-by: David Sterba <dsterba@suse.com>
David Sterba [Fri, 17 Jun 2016 16:15:25 +0000 (18:15 +0200)]
btrfs: use new error message helper in qgroup_account_snapshot
We've renamed btrfs_std_error, this one is left from last merge.
Signed-off-by: David Sterba <dsterba@suse.com>
Zygo Blaxell [Mon, 13 Jun 2016 03:39:58 +0000 (23:39 -0400)]
btrfs: avoid blocking open_ctree from cleaner_kthread
This fixes a problem introduced in commit
2f3165ecf103599f82bf0ea254039db335fb5005
"btrfs: don't force mounts to wait for cleaner_kthread to delete one or more subvolumes".
open_ctree eventually calls btrfs_replay_log which in turn calls
btrfs_commit_super which tries to lock the cleaner_mutex, causing a
recursive mutex deadlock during mount.
Instead of playing whack-a-mole trying to keep up with all the
functions that may want to lock cleaner_mutex, put all the cleaner_mutex
lockers back where they were, and attack the problem more directly:
keep cleaner_kthread asleep until the filesystem is mounted.
When filesystems are mounted read-only and later remounted read-write,
open_ctree did not set fs_info->open and neither does anything else.
Set this flag in btrfs_remount so that neither btrfs_delete_unused_bgs
nor cleaner_kthread get confused by the common case of "/" filesystem
read-only mount followed by read-write remount.
Signed-off-by: Zygo Blaxell <ce3g8jdj@umail.furryterror.org>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Fri, 27 May 2016 17:03:04 +0000 (13:03 -0400)]
Btrfs: don't BUG_ON() in btrfs_orphan_add
This is just a screwup for developers, so change it to an ASSERT() so developers
notice when things go wrong and deal with the error appropriately if ASSERT()
isn't enabled. Thanks,
Signed-off-by: Josef Bacik <jbacik@fb.com>
Reviewed-by: Mark Fasheh <mfasheh@suse.de>
Signed-off-by: David Sterba <dsterba@suse.com>
Jeff Mahoney [Wed, 8 Jun 2016 04:36:38 +0000 (00:36 -0400)]
btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
The test for !trans->blocks_used in btrfs_abort_transaction is
insufficient to determine whether it's safe to drop the transaction
handle on the floor. btrfs_cow_block, informed by should_cow_block,
can return blocks that have already been CoW'd in the current
transaction. trans->blocks_used is only incremented for new block
allocations. If an operation overlaps the blocks in the current
transaction entirely and must abort the transaction, we'll happily
let it clean up the trans handle even though it may have modified
the blocks and will commit an incomplete operation.
In the long-term, I'd like to do closer tracking of when the fs
is actually modified so we can still recover as gracefully as possible,
but that approach will need some discussion. In the short term,
since this is the only code using trans->blocks_used, let's just
switch it to a bool indicating whether any blocks were used and set
it when should_cow_block returns false.
Cc: stable@vger.kernel.org # 3.4+
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Liu Bo [Mon, 6 Jun 2016 19:01:23 +0000 (12:01 -0700)]
Btrfs: check if extent buffer is aligned to sectorsize
Thanks to fuzz testing, we can pass an invalid bytenr to extent buffer
via alloc_extent_buffer(). An unaligned eb can have more pages than it
should have, which ends up extent buffer's leak or some corrupted content
in extent buffer.
This adds a warning to let us quickly know what was happening.
Now that alloc_extent_buffer() no more returns NULL, this changes its
caller and callers of its caller to match with the new error
handling.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Heinrich Schuchardt [Sat, 11 Jun 2016 16:11:10 +0000 (18:11 +0200)]
btrfs: Use correct format specifier
Component mirror_num of struct btrfsic_block is defined
as unsigned int. Use %u as format specifier.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Dave Gerlach [Wed, 15 Jun 2016 06:15:28 +0000 (11:45 +0530)]
ARM: dts: am437x-sk-evm: Reduce i2c0 bus speed for tps65218
Based on the latest timing specifications for the TPS65218 from the data
sheet, http://www.ti.com/lit/ds/symlink/tps65218.pdf, document SLDS206
from November 2014, we must change the i2c bus speed to better fit within
the minimum high SCL time required for proper i2c transfer.
When running at 400khz, measurements show that SCL spends
0.8125 uS/1.666 uS high/low which violates the requirement for minimum
high period of SCL provided in datasheet Table 7.6 which is 1 uS.
Switching to 100khz gives us 5 uS/5 uS high/low which both fall above
the minimum given values for 100 khz, 4.0 uS/4.7 uS high/low.
Without this patch occasionally a voltage set operation from the kernel
will appear to have worked but the actual voltage reflected on the PMIC
will not have updated, causing problems especially with cpufreq that may
update to a higher OPP without actually raising the voltage on DCDC2,
leading to a hang.
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com>
Signed-off-by: Aparna Balasubramanian <aparnab@ti.com>
Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Tero Kristo [Thu, 16 Jun 2016 12:25:18 +0000 (15:25 +0300)]
ARM: OMAP2+: timer: add probe for clocksources
A few platforms are currently missing clocksource_probe() completely
in their time_init functionality. On OMAP3430 for example, this is
causing cpuidle to be pretty much dead, as the counter32k is not
going to be registered and instead a gptimer is used as a clocksource.
This will tick in periodic mode, preventing any deeper idle states.
While here, also drop one unnecessary check for populated DT before
existing clocksource_probe() call.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Janusz Krzysztofik [Thu, 16 Jun 2016 19:56:30 +0000 (21:56 +0200)]
ARM: OMAP1: fix ams-delta FIQ handler to work with sparse IRQ
After OMAP1 IRQ definitions have been changed by commit
685e2d08c54b
("ARM: OMAP1: Change interrupt numbering for sparse IRQ") introduced
in v4.2, ams-delta FIQ handler which depends on them no longer works
as expected. Fix it.
Created and tested on Amstrad Delta against Linux-4.7-rc3
Signed-off-by: Janusz Krzysztofik <jmkrzyszt@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Joerg Roedel [Fri, 17 Jun 2016 09:29:48 +0000 (11:29 +0200)]
iommu/vt-d: Enable QI on all IOMMUs before setting root entry
This seems to be required on some X58 chipsets on systems
with more than one IOMMU. QI does not work until it is
enabled on all IOMMUs in the system.
Reported-by: Dheeraj CVR <cvr.dheeraj@gmail.com>
Tested-by: Dheeraj CVR <cvr.dheeraj@gmail.com>
Fixes:
5f0a7f7614a9 ('iommu/vt-d: Make root entry visible for hardware right after allocation')
Cc: stable@vger.kernel.org
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Linus Torvalds [Fri, 17 Jun 2016 03:33:51 +0000 (17:33 -1000)]
Merge tag 'pwm/for-4.7-rc4' of git://git./linux/kernel/git/thierry.reding/linux-pwm
Pull pwm fixes from Thierry Reding:
"These changes fix a bit of fallout from the introduction of the atomic
API"
* tag 'pwm/for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
pwm: atmel-hlcdc: Fix default PWM polarity
pwm: sysfs: Get return value from pwm_apply_state()
pwm: Improve args checking in pwm_apply_state()
Linus Torvalds [Fri, 17 Jun 2016 03:29:53 +0000 (17:29 -1000)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
- miscellaneous fixes for MIPS and s390
- one new kvm_stat for s390
- correctly disable VT-d posted interrupts with the rest of posted
interrupts
- "make randconfig" fix for x86 AMD
- off-by-one in irq route check (the "good" kind that errors out a bit
too early!)
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: vmx: check apicv is active before using VT-d posted interrupt
kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
kvm: svm: Do not support AVIC if not CONFIG_X86_LOCAL_APIC
kvm: svm: Fix implicit declaration for __default_cpu_present_to_apicid()
MIPS: KVM: Fix CACHE triggered exception emulation
MIPS: KVM: Don't unwind PC when emulating CACHE
MIPS: KVM: Include bit 31 in segment matches
MIPS: KVM: Fix modular KVM under QEMU
KVM: s390: Add stats for PEI events
KVM: s390: ignore IBC if zero
Linus Torvalds [Fri, 17 Jun 2016 03:25:52 +0000 (17:25 -1000)]
Merge tag 'nfsd-4.7-1' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfixes from Bruce Fields:
"Oleg Drokin found and fixed races in the nfsd4 state code that go back
to the big nfs4_lock_state removal around 3.17 (but that were also
probably hard to reproduce before client changes in 3.20 allowed the
client to perform parallel opens).
Also fix a 4.1 backchannel crash due to rpc multipath changes in 4.6.
Trond acked the client-side rpc fixes going through my tree"
* tag 'nfsd-4.7-1' of git://linux-nfs.org/~bfields/linux:
nfsd: Make init_open_stateid() a bit more whole
nfsd: Extend the mutex holding region around in nfsd4_process_open2()
nfsd: Always lock state exclusively.
rpc: share one xps between all backchannels
nfsd4/rpc: move backchannel create logic into rpc code
SUNRPC: fix xprt leak on xps allocation failure
nfsd: Fix NFSD_MDS_PR_KEY on 32-bit by adding ULL postfix
Linus Torvalds [Fri, 17 Jun 2016 03:16:56 +0000 (17:16 -1000)]
Merge branch 'overlayfs-linus' of git://git./linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
"This contains two regression fixes: one for the xattr API update and
one for using the mounter's creds in file creation in overlayfs.
There's also a fix for a bug in handling hard linked AF_UNIX sockets
that's been there from day one. This fix is overlayfs only despite
the fact that it touches code outside the overlay filesystem: d_real()
is an identity function for all except overlay dentries"
* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: fix uid/gid when creating over whiteout
ovl: xattr filter fix
af_unix: fix hard linked sockets on overlay
vfs: add d_real_inode() helper
Dan Carpenter [Thu, 16 Jun 2016 14:48:57 +0000 (15:48 +0100)]
KEYS: potential uninitialized variable
If __key_link_begin() failed then "edit" would be uninitialized. I've
added a check to fix that.
This allows a random user to crash the kernel, though it's quite
difficult to achieve. There are three ways it can be done as the user
would have to cause an error to occur in __key_link():
(1) Cause the kernel to run out of memory. In practice, this is difficult
to achieve without ENOMEM cropping up elsewhere and aborting the
attempt.
(2) Revoke the destination keyring between the keyring ID being looked up
and it being tested for revocation. In practice, this is difficult to
time correctly because the KEYCTL_REJECT function can only be used
from the request-key upcall process. Further, users can only make use
of what's in /sbin/request-key.conf, though this does including a
rejection debugging test - which means that the destination keyring
has to be the caller's session keyring in practice.
(3) Have just enough key quota available to create a key, a new session
keyring for the upcall and a link in the session keyring, but not then
sufficient quota to create a link in the nominated destination keyring
so that it fails with EDQUOT.
The bug can be triggered using option (3) above using something like the
following:
echo 80 >/proc/sys/kernel/keys/root_maxbytes
keyctl request2 user debug:fred negate @t
The above sets the quota to something much lower (80) to make the bug
easier to trigger, but this is dependent on the system. Note also that
the name of the keyring created contains a random number that may be
between 1 and 10 characters in size, so may throw the test off by
changing the amount of quota used.
Assuming the failure occurs, something like the following will be seen:
kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
------------[ cut here ]------------
kernel BUG at ../mm/slab.c:2821!
...
RIP: 0010:[<
ffffffff811600f9>] kfree_debugcheck+0x20/0x25
RSP: 0018:
ffff8804014a7de8 EFLAGS:
00010092
RAX:
0000000000000034 RBX:
6b6b6b6b6b6b6b68 RCX:
0000000000000000
RDX:
0000000000040001 RSI:
00000000000000f6 RDI:
0000000000000300
RBP:
ffff8804014a7df0 R08:
0000000000000001 R09:
0000000000000000
R10:
ffff8804014a7e68 R11:
0000000000000054 R12:
0000000000000202
R13:
ffffffff81318a66 R14:
0000000000000000 R15:
0000000000000001
...
Call Trace:
kfree+0xde/0x1bc
assoc_array_cancel_edit+0x1f/0x36
__key_link_end+0x55/0x63
key_reject_and_link+0x124/0x155
keyctl_reject_key+0xb6/0xe0
keyctl_negate_key+0x10/0x12
SyS_keyctl+0x9f/0xe7
do_syscall_64+0x63/0x13a
entry_SYSCALL64_slow_path+0x25/0x25
Fixes:
f70e2e06196a ('KEYS: Do preallocation for __key_link()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Daniel Thompson [Thu, 16 Jun 2016 15:51:52 +0000 (16:51 +0100)]
arm64: kgdb: Match pstate size with gdbserver protocol
Current versions of gdb do not interoperate cleanly with kgdb on arm64
systems because gdb and kgdb do not use the same register description.
This patch modifies kgdb to work with recent releases of gdb (>= 7.8.1).
Compatibility with gdb (after the patch is applied) is as follows:
gdb-7.6 and earlier Ok
gdb-7.7 series Works if user provides custom target description
gdb-7.8(.0) Works if user provides custom target description
gdb-7.8.1 and later Ok
When commit
44679a4f142b ("arm64: KGDB: Add step debugging support") was
introduced it was paired with a gdb patch that made an incompatible
change to the gdbserver protocol. This patch was eventually merged into
the gdb sources:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=
a4d9ba85ec5597a6a556afe26b712e878374b9dd
The change to the protocol was mostly made to simplify big-endian support
inside the kernel gdb stub. Unfortunately the gdb project released
gdb-7.7.x and gdb-7.8.0 before the protocol incompatibility was identified
and reversed:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=
bdc144174bcb11e808b4e73089b850cf9620a7ee
This leaves us in a position where kgdb still uses the no-longer-used
protocol; gdb-7.8.1, which restored the original behaviour, was
released on 2014-10-29.
I don't believe it is possible to detect/correct the protocol
incompatiblity which means the kernel must take a view about which
version of the gdb remote protocol is "correct". This patch takes the
view that the original/current version of the protocol is correct
and that version found in gdb-7.7.x and gdb-7.8.0 is anomalous.
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Viresh Kumar [Thu, 16 Jun 2016 13:33:11 +0000 (19:03 +0530)]
PM / OPP: Add 'UNKNOWN' status for shared_opp in struct opp_table
dev_pm_opp_get_sharing_cpus() returns 0 even in the case when the OPP
core doesn't know whether or not the table is shared. It works on the
majority of platforms, where the OPP table is never created before
invoking the function and then -ENODEV is returned by it.
But in the case of one platform (Jetson TK1) at least, the situation
is a bit different. The OPP table has been created (somehow) before
dev_pm_opp_get_sharing_cpus() is called and it returns 0. Its caller
treats that as 'the CPUs don't share OPPs' and that leads to degraded
performance.
Fix this by converting 'shared_opp' in struct opp_table to an enum
and making dev_pm_opp_get_sharing_cpus() return -EINVAL in case when
the value of that field is "access unknown", so that the caller can
handle it accordingly (cpufreq-dt considers that as 'all CPUs share
the table', for example).
Fixes:
6f707daa3833 "PM / OPP: Add dev_pm_opp_get_sharing_cpus()"
Reported-and-tested-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
[ rjw : Subject & changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Hendrik Brueckner [Thu, 9 Jun 2016 10:28:13 +0000 (12:28 +0200)]
s390/cpum_cf: use perf software context for hardware counters
On s390, there are two different hardware PMUs for counting and
sampling. Previously, both PMUs have shared the perf_hw_context
which is not correct and, recently, results in this warning:
------------[ cut here ]------------
WARNING: CPU: 5 PID: 1 at kernel/events/core.c:8485 perf_pmu_register+0x420/0x428
Modules linked in:
CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc1+ #2
task:
00000009c5240000 ti:
00000009c5234000 task.ti:
00000009c5234000
Krnl PSW :
0704c00180000000 0000000000220c50 (perf_pmu_register+0x420/0x428)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
Krnl GPRS:
ffffffffffffffff 0000000000b15ac6 0000000000000000 00000009cb440000
000000000022087a 0000000000000000 0000000000b78fa0 0000000000000000
0000000000a9aa90 0000000000000084 0000000000000005 000000000088a97a
0000000000000004 0000000000749dd0 000000000022087a 00000009c5237cc0
Krnl Code:
0000000000220c44:
a7f4ff54 brc 15,220aec
0000000000220c48:
92011000 mvi 0(%r1),1
#
0000000000220c4c:
a7f40001 brc 15,220c4e
>
0000000000220c50:
a7f4ff12 brc 15,220a74
0000000000220c54: 0707 bcr 0,%r7
0000000000220c56: 0707 bcr 0,%r7
0000000000220c58:
ebdff0800024 stmg %r13,%r15,128(%r15)
0000000000220c5e:
a7f13fe0 tmll %r15,16352
Call Trace:
([<
000000000022087a>] perf_pmu_register+0x4a/0x428)
([<
0000000000b2c25c>] init_cpum_sampling_pmu+0x14c/0x1f8)
([<
0000000000100248>] do_one_initcall+0x48/0x140)
([<
0000000000b25d26>] kernel_init_freeable+0x1e6/0x2a0)
([<
000000000072bda4>] kernel_init+0x24/0x138)
([<
000000000073495e>] kernel_thread_starter+0x6/0xc)
([<
0000000000734958>] kernel_thread_starter+0x0/0xc)
Last Breaking-Event-Address:
[<
0000000000220c4c>] perf_pmu_register+0x41c/0x428
---[ end trace
0c6ef9f5b771ad97 ]---
Using the perf_sw_context is an option because the cpum_cf PMU does
not use interrupts. To make this more clear, initialize the
capabilities in the PMU structure.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Ocquidant, Sebastien [Wed, 15 Jun 2016 11:47:35 +0000 (13:47 +0200)]
memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing
In the omap gpmc driver it can be noticed that GPMC_CONFIG4_OEEXTRADELAY
is overwritten by the WEEXTRADELAY value from the device tree and
GPMC_CONFIG4_WEEXTRADELAY is not updated by the value from the device
tree.
As a consequence, the memory accesses cannot be configured properly when
the extra delay are needed for OE and WE.
Fix the update of GPMC_CONFIG4_WEEXTRADELAY with the value from the
device tree file and prevents GPMC_CONFIG4_OEXTRADELAY
being overwritten by the WEXTRADELAY value from the device tree.
Cc: stable@vger.kernel.org
Signed-off-by: Ocquidant, Sebastien <sebastienocquidant@eaton.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
Yang Zhang [Mon, 13 Jun 2016 01:56:56 +0000 (09:56 +0800)]
kvm: vmx: check apicv is active before using VT-d posted interrupt
VT-d posted interrupt is relying on the CPU side's posted interrupt.
Need to check whether VCPU's APICv is active before enabing VT-d
posted interrupt.
Fixes:
d62caabb41f33d96333f9ef15e09cd26e1c12760
Cc: stable@vger.kernel.org
Signed-off-by: Yang Zhang <yang.zhang.wz@gmail.com>
Signed-off-by: Shengge Ding <shengge.dsg@alibaba-inc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Xiubo Li [Wed, 15 Jun 2016 10:00:33 +0000 (18:00 +0800)]
kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
These days, we experienced one guest crash with 8 cores and 3 disks,
with qemu error logs as bellow:
qemu-system-x86_64: /build/qemu-2.0.0/kvm-all.c:984:
kvm_irqchip_commit_routes: Assertion `ret == 0' failed.
And then we found one patch(
bdf026317d) in qemu tree, which said
could fix this bug.
Execute the following script will reproduce the BUG quickly:
irq_affinity.sh
========================================================================
vda_irq_num=25
vdb_irq_num=27
while [ 1 ]
do
for irq in {1,2,4,8,10,20,40,80}
do
echo $irq > /proc/irq/$vda_irq_num/smp_affinity
echo $irq > /proc/irq/$vdb_irq_num/smp_affinity
dd if=/dev/vda of=/dev/zero bs=4K count=100 iflag=direct
dd if=/dev/vdb of=/dev/zero bs=4K count=100 iflag=direct
done
done
========================================================================
The following qemu log is added in the qemu code and is displayed when
this bug reproduced:
kvm_irqchip_commit_routes: max gsi: 1008, nr_allocated_irq_routes: 1024,
irq_routes->nr: 1024, gsi_count: 1024.
That's to say when irq_routes->nr == 1024, there are 1024 routing entries,
but in the kernel code when routes->nr >= 1024, will just return -EINVAL;
The nr is the number of the routing entries which is in of
[1 ~ KVM_MAX_IRQ_ROUTES], not the index in [0 ~ KVM_MAX_IRQ_ROUTES - 1].
This patch fix the BUG above.
Cc: stable@vger.kernel.org
Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
Signed-off-by: Wei Tang <tangwei@cmss.chinamobile.com>
Signed-off-by: Zhang Zhuoyu <zhangzhuoyu@cmss.chinamobile.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Suzuki K Poulose [Fri, 6 May 2016 14:35:50 +0000 (15:35 +0100)]
coresight: Handle build path error
Enabling a component via sysfs (echo 1 > enable_source), would
trigger building a path from the enabled sources to the sink.
If there is an error in the process (e.g, sink not enabled or
the device (CPU corresponding to ETM) is not online), we never report
failure, except for leaving a message in the dmesg.
Do proper error checking for the build path and return the error.
Before:
$ echo 0 > /sys/devices/system/cpu/cpu2/online
$ echo 1 > /sys/devices/cs_etm/cpu2/enable_source
$ echo $?
0
After:
$ echo 0 > /sys/devices/system/cpu/cpu2/online
$ echo 1 > /sys/devices/cs_etm/cpu2/enable_source
-bash: echo: write error: No such device or address
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Acked-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Suzuki K Poulose [Tue, 14 Jun 2016 17:17:14 +0000 (11:17 -0600)]
coresight: Fix erroneous memset in tmc_read_unprepare_etr
At the end of a trace collection, we try to clear the entire buffer
and enable the ETR back if it was already enabled. But, we would have
adjusted the drvdata->buf to point to the beginning of the trace data
in the trace buffer @drvdata->vaddr. So, the following code which
clears the buffer is dangerous and can cause crashes, like below :
memset(drvdata->buf, 0, drvdata->size);
Unable to handle kernel paging request at virtual address
ffffff800a145000
pgd =
ffffffc974726000
*pgd=
00000009f3e91003, *pud=
00000009f3e91003, *pmd=
0000000000000000
PREEMPT SMP
Modules linked in:
CPU: 4 PID: 1692 Comm: dd Not tainted 4.7.0-rc2+ #1721
Hardware name: ARM Juno development board (r0) (DT)
task:
ffffffc9734a0080 ti:
ffffffc974460000 task.ti:
ffffffc974460000
PC is at __memset+0x1ac/0x200
LR is at tmc_read_unprepare_etr+0x144/0x1bc
pc : [<
ffffff80083a05ac>] lr : [<
ffffff800859c984>] pstate:
200001c5
...
[<
ffffff80083a05ac>] __memset+0x1ac/0x200
[<
ffffff800859b2e4>] tmc_release+0x90/0x94
[<
ffffff8008202f58>] __fput+0xa8/0x1ec
[<
ffffff80082030f4>] ____fput+0xc/0x14
[<
ffffff80080c3ef8>] task_work_run+0xb0/0xe4
[<
ffffff8008088bf4>] do_notify_resume+0x64/0x6c
[<
ffffff8008084d5c>] work_pending+0x10/0x14
Code:
91010108 54ffff4a 8b040108 cb050042 (
d50b7428)
Since we clear the buffer anyway in the following call to
tmc_etr_enable_hw(), remove the erroneous memset().
Fixes: commit
de5461970b3e9e1 ("coresight: tmc: allocating memory when needed")
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Suzuki K Poulose [Tue, 14 Jun 2016 17:17:13 +0000 (11:17 -0600)]
coresight: Fix tmc_read_unprepare_etr
At the end of the trace capture, we free the allocated memory,
resetting the drvdata->buf to NULL, to indicate that trace data
was collected and the next trace session should allocate the
memory in tmc_enable_etr_sink_sysfs.
The tmc_enable_etr_sink_sysfs, we only allocate memory if drvdata->vaddr
is not NULL (which is not performed at the end of previous session).
This can cause, drvdata->vaddr getting assigned NULL and later we do
memset() which causes a crash as below :
Unable to handle kernel NULL pointer dereference at virtual
address
00000000
pgd =
ffffffc9747f0000
[
00000000] *pgd=
00000009f402e003, *pud=
00000009f402e003,
*pmd=
0000000000000000
Internal error: Oops:
96000046 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 1592 Comm: bash Not tainted 4.7.0-rc1+ #1712
Hardware name: ARM Juno development board (r0) (DT)
task:
ffffffc078fe0080 ti:
ffffffc974178000 task.ti:
ffffffc974178000
PC is at __memset+0x1ac/0x200
LR is at tmc_enable_etr_sink+0xf8/0x304
pc : [<
ffffff80083a002c>] lr : [<
ffffff800859be44>] pstate:
400001c5
sp :
ffffffc97417bc00
x29:
ffffffc97417bc00 x28:
ffffffc974178000
Call trace:
Exception stack(0xffffffc97417ba40 to 0xffffffc97417bb60)
ba40:
0000000000000001 ffffffc974a5d098 ffffffc97417bc00 ffffff80083a002c
ba60:
ffffffc974a5d118 0000000000000000 0000000000000000 0000000000000000
ba80:
0000000000000001 0000000000000000 ffffff800859bdec 0000000000000040
baa0:
ffffff8008b45b58 00000000000001c0 ffffffc97417baf0 ffffff80080eddb4
bac0:
0000000000000003 ffffffc078fe0080 ffffffc078fe0960 ffffffc078fe0940
bae0:
0000000000000000 0000000000000000 00000000007fffc0 0000000000000004
bb00:
0000000000000000 0000000000000040 000000000000003f 0000000000000000
bb20:
0000000000000000 0000000000000000 0000000000000000 0000000000000001
bb40:
ffffffc078fe0960 0000000000000018 ffffffffffffffff 0008669628000000
[<
ffffff80083a002c>] __memset+0x1ac/0x200
[<
ffffff8008599814>] coresight_enable_path+0xa8/0x1dc
[<
ffffff8008599b10>] coresight_enable+0x88/0x1b8
[<
ffffff8008599d88>] enable_source_store+0x3c/0x6c
[<
ffffff800845eaf4>] dev_attr_store+0x18/0x28
[<
ffffff80082829e8>] sysfs_kf_write+0x54/0x64
[<
ffffff8008281c30>] kernfs_fop_write+0x148/0x1d8
[<
ffffff8008200128>] __vfs_write+0x28/0x110
[<
ffffff8008200e88>] vfs_write+0xa0/0x198
[<
ffffff80082021b0>] SyS_write+0x44/0xa0
[<
ffffff8008084e70>] el0_svc_naked+0x24/0x28
Code:
91010108 54ffff4a 8b040108 cb050042 (
d50b7428)
This patch fixes the issue by clearing the drvdata->vaddr while we free
the allocated buffer at the end of a session, so that we allocate the
memory again.
Cc: mathieu.poirier@linaro.org
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Suzuki K Poulose [Tue, 14 Jun 2016 17:17:12 +0000 (11:17 -0600)]
coresight: Fix NULL pointer dereference in _coresight_build_path
_coresight_build_path assumes that all the connections of a csdev
has the child_dev initialised. This may not be true if the particular
component is not supported by the kernel config(e.g TPIU) but is
present in the DT. In which case, building a path can cause a crash like this :
Unable to handle kernel NULL pointer dereference at virtual address
00000010
pgd =
ffffffc9750dd000
[
00000010] *pgd=
00000009f5e90003, *pud=
00000009f5e90003, *pmd=
0000000000000000
Internal error: Oops:
96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 4 PID: 1348 Comm: bash Not tainted 4.6.0-next-
20160517 #1646
Hardware name: ARM Juno development board (r0) (DT)
task:
ffffffc97517a280 ti:
ffffffc9762c4000 task.ti:
ffffffc9762c4000
PC is at _coresight_build_path+0x18/0xe4
LR is at _coresight_build_path+0xc0/0xe4
pc : [<
ffffff80083d5130>] lr : [<
ffffff80083d51d8>] pstate:
20000145
sp :
ffffffc9762c7ba0
[<
ffffff80083d5130>] _coresight_build_path+0x18/0xe4
[<
ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<
ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<
ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<
ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<
ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<
ffffff80083d5cdc>] coresight_build_path+0x40/0x68
[<
ffffff80083d5e14>] coresight_enable+0x74/0x1bc
[<
ffffff80083d60a0>] enable_source_store+0x3c/0x6c
[<
ffffff800830b17c>] dev_attr_store+0x18/0x28
[<
ffffff80081ca9c4>] sysfs_kf_write+0x40/0x50
[<
ffffff80081c9e38>] kernfs_fop_write+0x140/0x1cc
[<
ffffff8008163ec8>] __vfs_write+0x28/0x110
[<
ffffff8008164bf0>] vfs_write+0xa0/0x174
[<
ffffff8008165d18>] SyS_write+0x44/0xa0
[<
ffffff8008084e70>] el0_svc_naked+0x24/0x28
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Thu, 16 Jun 2016 07:10:27 +0000 (00:10 -0700)]
Merge tag 'extcon-fixes-for-4.7-rc4' of git://git./linux/kernel/git/chanwoo/extcon into char-misc-linus
Chanwoo writes:
Update extcon for v4.7-rc4
This patch fixes the following issue:
- In the extcon-palmas.c, fix the state of VBUS when using GPIO detection.
If probe funticon don't check the state during probe, the extcon client
driver cannot get the state of VBUS gpio until the user detach the connector
and attach the connector again.
Linus Torvalds [Thu, 16 Jun 2016 05:54:52 +0000 (19:54 -1000)]
Merge tag 'drm-fixes-for-v4.7-rc4' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"The main drm fixes pull for rc4: one regression fix in the connector
refcounting, and an MST fix.
There rest is nouveau, amdkfd, i915, etnaviv, and radeon/amdgpu fixes,
mostly regression or black screen fixes"
* tag 'drm-fixes-for-v4.7-rc4' of git://people.freedesktop.org/~airlied/linux: (23 commits)
drm/etnaviv: initialize iommu domain page size
drm/nouveau/iccsense: fix memory leak
drm/nouveau/Revert "drm/nouveau/device/pci: set as non-CPU-coherent on ARM64"
drm/amd/powerplay: select samu dpm 0 as boot level on polaris.
drm/amd/powerplay: update powerplay table parsing
drm/dp/mst: Always clear proposed vcpi table for port.
drm/crtc: only store the necessary data for set_config rollback
drm/crtc: fix connector reference counting mismatch in drm_crtc_helper_set_config
drm/i915/ilk: Don't disable SSC source if it's in use
Revert "drm/amdgpu: add pipeline sync while vmid switch in same ctx"
drm/amdgpu/gfx7: fix broken condition check
drm/radeon: fix asic initialization for virtualized environments
amdgpu: fix asic initialization for virtualized environments (v2)
drm/radeon: don't use fractional dividers on RS[78]80 if SS is enabled
drm/radeon: do not hard reset GPU while freezing on r600/r700 family
drm/i915: Extract physical display dimensions from VBT
drm/i915: Check VBT for port presence in addition to the strap on VLV/CHV
drm/i915: Only ignore eDP ports that are connected
drm/i915: Silence "unexpected child device config size" for VBT on 845g
drm/i915: Fix NULL pointer deference when out of PLLs in IVB
...
Linus Torvalds [Thu, 16 Jun 2016 05:42:19 +0000 (19:42 -1000)]
Merge tag 'platform-drivers-x86-v4.7-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
Pull x86 platform driver fixes from Darren Hart:
"Minor kconfig dependency cleanup, trivial mic mute hotkey for ideapad,
and a needed improvement in adaptive keyboard detection for thinkpad:
platform/x86:
- Drop duplicate dependencies on X86
thinkpad_acpi:
- Add support for HKEY version 0x200
ideapad_laptop:
- Add an event for mic mute hotkey"
* tag 'platform-drivers-x86-v4.7-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
platform/x86: Drop duplicate dependencies on X86
thinkpad_acpi: Add support for HKEY version 0x200
ideapad_laptop: Add an event for mic mute hotkey
Linus Torvalds [Thu, 16 Jun 2016 02:23:38 +0000 (16:23 -1000)]
Merge tag 'upstream-4.7-rc4' of git://git.infradead.org/linux-ubifs
Pull UBI fixes from Richard Weinberger:
"This contains fixes for a regression introduced in rc1"
* tag 'upstream-4.7-rc4' of git://git.infradead.org/linux-ubifs:
ubi: Don't bypass ->getattr()
Revert "mtd: switch open_mtd_by_chdev() to use of vfs_stat()"
Revert "mtd: switch ubi_open_volume_path() to vfs_stat()"
Jiri Slaby [Fri, 10 Jun 2016 08:54:32 +0000 (10:54 +0200)]
base: make module_create_drivers_dir race-free
Modules which register drivers via standard path (driver_register) in
parallel can cause a warning:
WARNING: CPU: 2 PID: 3492 at ../fs/sysfs/dir.c:31 sysfs_warn_dup+0x62/0x80
sysfs: cannot create duplicate filename '/module/saa7146/drivers'
Modules linked in: hexium_gemini(+) mxb(+) ...
...
Call Trace:
...
[<
ffffffff812e63a2>] sysfs_warn_dup+0x62/0x80
[<
ffffffff812e6487>] sysfs_create_dir_ns+0x77/0x90
[<
ffffffff8140f2c4>] kobject_add_internal+0xb4/0x340
[<
ffffffff8140f5b8>] kobject_add+0x68/0xb0
[<
ffffffff8140f631>] kobject_create_and_add+0x31/0x70
[<
ffffffff8157a703>] module_add_driver+0xc3/0xd0
[<
ffffffff8155e5d4>] bus_add_driver+0x154/0x280
[<
ffffffff815604c0>] driver_register+0x60/0xe0
[<
ffffffff8145bed0>] __pci_register_driver+0x60/0x70
[<
ffffffffa0273e14>] saa7146_register_extension+0x64/0x90 [saa7146]
[<
ffffffffa0033011>] hexium_init_module+0x11/0x1000 [hexium_gemini]
...
As can be (mostly) seen, driver_register causes this call sequence:
-> bus_add_driver
-> module_add_driver
-> module_create_drivers_dir
The last one creates "drivers" directory in /sys/module/<...>. When
this is done in parallel, the directory is attempted to be created
twice at the same time.
This can be easily reproduced by loading mxb and hexium_gemini in
parallel:
while :; do
modprobe mxb &
modprobe hexium_gemini
wait
rmmod mxb hexium_gemini saa7146_vv saa7146
done
saa7146 calls pci_register_driver for both mxb and hexium_gemini,
which means /sys/module/saa7146/drivers is to be created for both of
them.
Fix this by a new mutex in module_create_drivers_dir which makes the
test-and-create "drivers" dir atomic.
I inverted the condition and removed 'return' to avoid multiple
unlocks or a goto.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Fixes:
fe480a2675ed (Modules: only add drivers/ direcory if needed)
Cc: v2.6.21+ <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Thu, 16 Jun 2016 02:08:31 +0000 (16:08 -1000)]
Merge tag 'for-linus-4.7-2' of git://git.code.sf.net/p/openipmi/linux-ipmi
Pull ipmi bugfix from Corey Minyard:
"Fix a fairly significant ipmi list bug
This bug could cause lists to be corrupted"
* tag 'for-linus-4.7-2' of git://git.code.sf.net/p/openipmi/linux-ipmi:
ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg()
Oleg Drokin [Wed, 15 Jun 2016 03:28:06 +0000 (23:28 -0400)]
nfsd: Make init_open_stateid() a bit more whole
Move the state selection logic inside from the caller,
always making it return correct stp to use.
Signed-off-by: J . Bruce Fields <bfields@fieldses.org>
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Oleg Drokin [Wed, 15 Jun 2016 03:28:05 +0000 (23:28 -0400)]
nfsd: Extend the mutex holding region around in nfsd4_process_open2()
To avoid racing entry into nfs4_get_vfs_file().
Make init_open_stateid() return with locked stateid to be unlocked
by the caller.
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Oleg Drokin [Wed, 15 Jun 2016 03:28:04 +0000 (23:28 -0400)]
nfsd: Always lock state exclusively.
It used to be the case that state had an rwlock that was locked for write
by downgrades, but for read for upgrades (opens). Well, the problem is
if there are two competing opens for the same state, they step on
each other toes potentially leading to leaking file descriptors
from the state structure, since access mode is a bitmap only set once.
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Linus Torvalds [Thu, 16 Jun 2016 01:55:49 +0000 (15:55 -1000)]
Merge tag 'for_linus' of git://git./linux/kernel/git/mst/vhost
Pull virtio docs and tests from Michael Tsirkin:
"This merely has some documentation and a new test, seems safe to
merge"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
tools/virtio: add noring tool
tools/virtio/ringtest: fix run-on-all.sh to work without /dev/cpu
tools/virtio/ringtest: add usage example to README
MAINTAINERS: Add file patterns for virtio device tree bindings
Shuah Khan [Tue, 14 Jun 2016 22:30:27 +0000 (16:30 -0600)]
Update email addresses in MAINTAINERS and .mailmap
Updating email addresses in MAINTAINERS and .mailmap files.
Cc: stable@vger.kernel.org
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mauro Carvalho Chehab [Tue, 14 Jun 2016 18:17:40 +0000 (15:17 -0300)]
Update my main e-mails at the Kernel tree
For the third time in three years, I'm changing my e-mail at Samsung.
That's bad, as it may stop communications with me for a while. So, this
time, I'll also add the mchehab@kernel.org e-mail, as it remains stable
since ever.
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dave Airlie [Thu, 16 Jun 2016 00:24:13 +0000 (10:24 +1000)]
Merge branch 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
radeon and amdgpu fixes for 4.7. Highlights:
- fixes for GPU VM passthrough
- fixes for powerplay on Polaris GPUs
- pll fixes for rs780/880
* 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux:
drm/amd/powerplay: select samu dpm 0 as boot level on polaris.
drm/amd/powerplay: update powerplay table parsing
Revert "drm/amdgpu: add pipeline sync while vmid switch in same ctx"
drm/amdgpu/gfx7: fix broken condition check
drm/radeon: fix asic initialization for virtualized environments
amdgpu: fix asic initialization for virtualized environments (v2)
drm/radeon: don't use fractional dividers on RS[78]80 if SS is enabled
drm/radeon: do not hard reset GPU while freezing on r600/r700 family
Suravee Suthikulpanit [Wed, 15 Jun 2016 22:24:36 +0000 (17:24 -0500)]
kvm: svm: Do not support AVIC if not CONFIG_X86_LOCAL_APIC
Add logic to disable AVIC #ifndef CONFIG_X86_LOCAL_APIC.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Suravee Suthikulpanit [Wed, 15 Jun 2016 22:23:45 +0000 (17:23 -0500)]
kvm: svm: Fix implicit declaration for __default_cpu_present_to_apicid()
The commit
8221c1370056 ("svm: Manage vcpu load/unload when enable AVIC")
introduces a build error due to implicit function declaration
when #ifdef CONFIG_X86_32 and #ifndef CONFIG_X86_LOCAL_APIC
(as reported by Kbuild test robot i386-randconfig-x0-
06121009).
So, this patch introduces kvm_cpu_get_apicid() wrapper
around __default_cpu_present_to_apicid() with additional
handling if CONFIG_X86_LOCAL_APIC is not defined.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Fixes: commit
8221c1370056 ("svm: Manage vcpu load/unload when enable AVIC")
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Dave Airlie [Wed, 15 Jun 2016 20:27:05 +0000 (06:27 +1000)]
Merge branch 'drm-etnaviv-fixes' of git://git.pengutronix.de/git/lst/linux into drm-fixes
just a single fix for a regression introduced by IOMMU API changes in
v4.7.
* 'drm-etnaviv-fixes' of git://git.pengutronix.de/git/lst/linux:
drm/etnaviv: initialize iommu domain page size
J. Bruce Fields [Tue, 17 May 2016 16:38:21 +0000 (12:38 -0400)]
rpc: share one xps between all backchannels
The spec allows backchannels for multiple clients to share the same tcp
connection. When that happens, we need to use the same xprt for all of
them. Similarly, we need the same xps.
This fixes list corruption introduced by the multipath code.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Trond Myklebust <trondmy@primarydata.com>
J. Bruce Fields [Mon, 16 May 2016 21:03:42 +0000 (17:03 -0400)]
nfsd4/rpc: move backchannel create logic into rpc code
Also simplify the logic a bit.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Trond Myklebust <trondmy@primarydata.com>
J. Bruce Fields [Fri, 20 May 2016 21:07:17 +0000 (17:07 -0400)]
SUNRPC: fix xprt leak on xps allocation failure
Callers of rpc_create_xprt expect it to put the xprt on success and
failure.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Trond Myklebust <trondmy@primarydata.com>
Miklos Szeredi [Wed, 15 Jun 2016 12:18:59 +0000 (14:18 +0200)]
ovl: fix uid/gid when creating over whiteout
Fix a regression when creating a file over a whiteout. The new
file/directory needs to use the current fsuid/fsgid, not the ones from the
mounter's credentials.
The refcounting is a bit tricky: prepare_creds() sets an original refcount,
override_creds() gets one more, which revert_cred() drops. So
1) we need to expicitly put the mounter's credentials when overriding
with the updated one
2) we need to put the original ref to the updated creds (and this can
safely be done before revert_creds(), since we'll still have the ref
from override_creds()).
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Fixes:
3fe6e52f0626 ("ovl: override creds with the ones from the superblock mounter")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Nicolai Stange [Tue, 24 May 2016 11:08:54 +0000 (13:08 +0200)]
debugfs: open_proxy_open(): avoid double fops release
Debugfs' open_proxy_open(), the ->open() installed at all inodes created
through debugfs_create_file_unsafe(),
- grabs a reference to the original file_operations instance passed to
debugfs_create_file_unsafe() via fops_get(),
- installs it at the file's ->f_op by means of replace_fops()
- and calls fops_put() on it.
Since the semantics of replace_fops() are such that the reference's
ownership is transferred, the subsequent fops_put() will result in a double
release when the file is eventually closed.
Currently, this is not an issue since fops_put() basically does a
module_put() on the file_operations' ->owner only and there don't exist any
modules calling debugfs_create_file_unsafe() yet. This is expected to
change in the future though, c.f. commit
c64688081490 ("debugfs: add
support for self-protecting attribute file fops").
Remove the call to fops_put() from open_proxy_open().
Fixes:
9fd4dcece43a ("debugfs: prevent access to possibly dead
file_operations at file open")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nicolai Stange [Tue, 24 May 2016 11:08:53 +0000 (13:08 +0200)]
debugfs: full_proxy_open(): free proxy on ->open() failure
Debugfs' full_proxy_open(), the ->open() installed at all inodes created
through debugfs_create_file(),
- grabs a reference to the original struct file_operations instance passed
to debugfs_create_file(),
- dynamically allocates a proxy struct file_operations instance wrapping
the original
- and installs this at the file's ->f_op.
Afterwards, it calls the original ->open() and passes its return value back
to the VFS layer.
Now, if that return value indicates failure, the VFS layer won't ever call
->release() and thus, neither the reference to the original file_operations
nor the memory for the proxy file_operations will get released, i.e. both
are leaked.
Upon failure of the original fops' ->open(), undo the proxy installation.
That is:
- Set the struct file ->f_op to what it had been when full_proxy_open()
was entered.
- Drop the reference to the original file_operations.
- Free the memory holding the proxy file_operations.
Fixes:
49d200deaa68 ("debugfs: prevent access to removed files' private
data")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nicolai Stange [Tue, 24 May 2016 12:05:05 +0000 (14:05 +0200)]
kernel/kcov: unproxify debugfs file's fops
Since commit
49d200deaa68 ("debugfs: prevent access to removed files'
private data"), a debugfs file's file_operations methods get proxied
through lifetime aware wrappers.
However, only a certain subset of the file_operations members is supported
by debugfs and ->mmap isn't among them -- it appears to be NULL from the
VFS layer's perspective.
This behaviour breaks the /sys/kernel/debug/kcov file introduced
concurrently with commit
5c9a8750a640 ("kernel: add kcov code coverage").
Since that file never gets removed, there is no file removal race and thus,
a lifetime checking proxy isn't needed.
Avoid the proxying for /sys/kernel/debug/kcov by creating it via
debugfs_create_file_unsafe() rather than debugfs_create_file().
Fixes:
49d200deaa68 ("debugfs: prevent access to removed files' private data")
Fixes:
5c9a8750a640 ("kernel: add kcov code coverage")
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Will Deacon [Thu, 2 Jun 2016 17:40:07 +0000 (18:40 +0100)]
arm64: spinlock: Ensure forward-progress in spin_unlock_wait
Rather than wait until we observe the lock being free (which might never
happen), we can also return from spin_unlock_wait if we observe that the
lock is now held by somebody else, which implies that it was unlocked
but we just missed seeing it in that state.
Furthermore, in such a scenario there is no longer a need to write back
the value that we loaded, since we know that there has been a lock
hand-off, which is sufficient to publish any stores prior to the
unlock_wait because the ARm architecture ensures that a Store-Release
instruction is multi-copy atomic when observed by a Load-Acquire
instruction.
The litmus test is something like:
AArch64
{
0:X1=x; 0:X3=y;
1:X1=y;
2:X1=y; 2:X3=x;
}
P0 | P1 | P2 ;
MOV W0,#1 | MOV W0,#1 | LDAR W0,[X1] ;
STR W0,[X1] | STLR W0,[X1] | LDR W2,[X3] ;
DMB SY | | ;
LDR W2,[X3] | | ;
exists
(0:X2=0 /\ 2:X0=1 /\ 2:X2=0)
where P0 is doing spin_unlock_wait, P1 is doing spin_unlock and P2 is
doing spin_lock.
Signed-off-by: Will Deacon <will.deacon@arm.com>